State Department Promises to Prevent 'Skimming' of Passport Data

Despite ACLU criticism, State Department official promises his agency is taking measures to protect data on proposed U.S. electronic passports

If ePassports became commonly used for identification when shopping, the way we now use driver's licenses for a multitude of authentications that have nothing to do with automobiles, the ACLU warned, information on people's daily habits could be drawn into that ultra-database.

Moss said the skimming issue definitely would be addressed, even if it hadn't been part of the first RFP.

"We will only go into passport production when the issue of skimming is resolved -- and not just because the ACLU brought it up." He said recognition of the problem was converging with what appear to be viable means of addressing the problem, such as embedding fibers in the passport that physically block the chip's transmission unless it's in very close proximity with a reader.

Privacy experts say the incorporation of a mechanical blocking element in the wrapper of U.S. passports would help a lot - as long as you're a U.S. citizen.

"Providing a foil envelope or some sort of protection into the cover doesn't address the adoption of such strategies worldwide," said Beth Givens, executive director of the Privacy Rights Clearinghouse, an international privacy advocacy.

Givens and others say that the U.S. hasn't demonstrated why contactless technology is better than a method that requires physical contact between chip and reader, such as the magnetic strip used on today's passports or smart cards that must be inserted into readers.

"The State Department should answer the question of whether there are there any alternative technologies that could produce the same results as RFID with less potential risk to privacy and civil liberties," Givens said.

Many of the electronic privacy and security advocates contacted by said they could think of only one reason why the U.S. preferred a contactless chip that can be read from a distance: surveillance.

Said security expert Schneier, "The only reason I can think of for using contactless chips is that they want surreptitious access themselves. It's the only thing that makes sense."