Princeton Junction, NJ, June 8, 2006 - Contactless smart card technology best meets the objectives set forth by the Department of Homeland Security (DHS) for high throughput and the protection of individual privacy at the nation's border crossings for its People Access Security Service (PASS) card program supporting legislation directed by the Western Hemisphere Travel Initiative (WHTI). PASS cards would be required by 2008 for all U.S. citizens who cross the northern and southern borders of the United States without passports. The Smart Card Alliance makes its case for DHS using secure contactless chip technology vs. RFID in a new white paper from its Identity Council.
In the paper, "Western Hemisphere Travel Initiative PASS Card: Recommendations for Using Secure Contactless Technology vs. RFID," the Alliance disagrees with the current DHS technology choice of EPC Gen 2, a type of radio frequency identification (RFID) technology based on the Electronic Product Code Generation 2 (EPC Gen 2) specification. This technology allows cards to be read at a distance of up to 30 feet, which raises security and privacy concerns for the Alliance members as well as other organizations.
To back up this position, the Alliance report presents alternative operational scenarios and concludes that contactless smart card technology best meets the objectives of the PASS card program, which are to secure our borders without compromising personal privacy or impeding the flow of people crossing the border.
Contactless smart card technology is different from radio frequency identification (RFID) technology. Contactless smart cards are designed for secure applications such as payment and secure identification of people.
They contain a small but fully functioning microcomputer that can deliver the highest levels of security, and include built-in features that protect the contactless smart chip from a wide variety of attacks. In contrast, RFID technology is used in applications such as identifying animals, tracking goods through the supply chain, tracking assets such as gas bottles and beer kegs, and controlling access into buildings. RFID tags include a chip that typically stores only a static number (an ID) and an antenna that enables the chip to transmit the stored number to a reader. There is little to no security on the RFID tag or during communication with the reader.
"RFID chips are not designed for human identity applications, but are optimized for supply chain and other applications that need low-cost, electronic identifiers that serve as a replacement for barcodes. In contrast, contactless smart card technology is widely used in secure identification cards and travel documents, supporting the level of security functionality required for protecting individual privacy," said Randy Vanderhoof, executive director of the Smart Card Alliance.
There are many advantages to using contactless smart card technology for the WHTI PASS card program, including the ability to support electronic verification of authenticity to prevent counterfeiting and to use secure, encrypted communications to thwart eavesdropping and replay attacks, and ensure privacy protection for cardholders. A WHTI PASS card based on contactless smart chip technology can also leverage the infrastructure that is being put in place by DHS and the Department of State to support the new ePassport. Using the same secure contactless technology for the PASS card and ePassport could potentially decrease the implementation time and lower the cost of the program.
The report strongly recommends a technology trial to evaluate the performance of ISO/IEC 14443-based contactless technology-the same technology used in the new ePassport-versus the EPC Gen 2 RFID technology being considered by DHS, before the final implementation decision for the WHTI PASS card program.
"This white paper is part of our ongoing efforts to educate the industry about the differences between secure smart chip technology and RFID, as well as other technologies like barcode, optical stripe and magnetic stripe," said Vanderhoof. "Our organization examines appropriate uses of technology for identification and strongly advocates the use of smart card technology in a way that protects privacy and enhances data security and integrity."
The Smart Card Alliance includes as its members a wide range of identity technology providers and end users from all industry segments. Organizations contributing to this new white paper include: Anteon, Fargo Electronics, Gemalto, Integrated Engineering, Philips Semiconductors, Saflink, Texas Instruments, and Visa Canada. The paper is available free of charge and may be accessed from the Smart Card Alliance web site: www.smartcardalliance.org
As part of the Intelligence Reform and Terrorism Prevention Act of 2004, the Western Hemisphere Travel Initiative imposes new requirements for admission to the United States. Starting in January 2008, everyone, including U.S. citizens returning from Canada, Mexico, Panama, the Caribbean and Bermuda, must present secure travel documents establishing their identity and nationality to enter the United States. The Department of State and the Department of Homeland Security (DHS) plan to produce a less expensive, secure biometric ID card, called the People Access Security Service (PASS) card, as an alternative for U.S. citizens subject to this requirement who do not wish to use a passport.
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America.