Department of State Offers Update on Development of Electronic Passport

Oct. 26, 2005
New rules apply to recording data on passport chip and reading data from that chip

   EFFECTIVE DATE: This rule is effective October 25, 2005.

   FOR FURTHER INFORMATION CONTACT: Sharon Palmer-Royston, Office of Passport Policy, Planning and Advisory Services, Bureau of Consular Affairs on 202-663-2662.

   SUPPLEMENTARY INFORMATION: This rule was originally published in the Federal Register on February 18, 2005 (70 FR 8305) as a proposed rule that included changes to the passport regulations needed due to the pending introduction of the electronic passport, as well as changes related to passport amendments, replacement passports, and unpaid fees that did not relate exclusively to electronic passports. Because of the volume of comments, we separated the proposed rule into two final rules. The first rule, RIN 1400-AC11, incorporated the provisions of the proposed rule on passport amendments, replacement passports, and unpaid fees. We received only two comments on those provisions. The second, and instant, rule focuses on electronic passports.

Analysis of Comments

   We received a total of 2,335 comments on the introduction of the electronic passport. All comments have been read, sorted, and tabulated according to primary concerns. Comments opposing the proposed rule primarily focus on security and/or privacy, the adequacy of Radio Frequency Identification (RFID), technology, and religious concerns. Specifically, concerns focused as follows: 2019 comments listed security and/or privacy; 171 listed general objections to use of the data chip and/or the use of RFID; 85 listed general objections to use of the electronic passport; 52 listed general technology concerns; and 8 listed religious concerns. Overall, approximately 1% of the comments were positive, 98.5% were negative, and .5% were neither negative nor positive.

   The comments are available for review at http://www.travel.state.gov/, under the passport section, or at the Department of State (Department) reading room.

Security and Privacy

   Passports must be globally interoperable--that is, they must function the same way at every nation's border when they are presented. To that end, the International Civil Aviation Organization (ICAO) has developed international specifications for electronic passports that will ensure their security and global interoperability. These specifications prescribe use of contactless smartcard chips and the format for data carried on the chips. They also specify the use of a form of Public Key Infrastructure (PKI) that will permit digital signatures to protect the data from tampering. The United States (U.S.) will follow these international specifications to ensure its electronic passport is globally interoperable.

   The Department intends to begin the electronic passport program in December 2005. The first stage will be a pilot program in which the electronic passports will be issued to U.S. Government employees who use Official or Diplomatic passports for government travel. This pilot program will permit a limited number of passports to be issued and field tested prior to the first issuance to the American traveling public, slated for early 2006. By October 2006, all U.S. passports, with the exception of a small number of emergency passports issued by U.S. embassies or consulates, will be electronic passports.

   The ICAO specification for use of contactless chip technology requires a minimum capacity of 32 kilobytes (KB). The U.S. has decided to use a 64KB chip to permit adequate storage room in case additional data, or biometric indicators such as fingerprints or iris scans, are included in the future. Before modifying the definition of "electronic passport" to add a new or additional biometric identifier other than a digitized photograph, we will seek public comment through a new rule making process.

   The contactless smart chip that is being used in the electronic passport is a "passive chip" that derives its power from the reader that communicates with it. It cannot broadcast personal information because it does not have its own source of power. Readers that are on the open market, designed to read Type A or Type B contactless chips complying with International Standards Organization (ISO) 14443 and ISO 7816 specifications, will be able to communicate with the chip. This is necessary to permit nations to procure readers from a variety of vendors, facilitate global interoperability and ensure that the electronic passports are readable at all ports of entry.

   The proximity chip technology utilized in the electronic passport is designed to be read with chip readers at ports of entry only when the document is placed within inches of such readers. It uses RFID technology. The ISO 14443 RFID specification permits chips to be read when the electronic passport is placed within approximately ten centimeters of the reader. The reader provides the power to the chip and then an electronic communication between the chip and reader occurs via a transmission of radio waves. The technology is not the same as the vicinity chip RFID technology used for inventory tracking of items from distances at retail stores and warehouses. It will not permit "tracking" of individuals. It will only permit governmental authorities to know that an individual has arrived at a port of entry--which governmental authorities already know from presentation of non-electronic passports--with greater assurance that the person who presents the passport is the legitimate holder of the passport.

   The personal information that will be contained in the chip is the information on the data page of the passport--the name, nationality, sex, date of birth, place of birth, and digitized photograph of the passport holder. The chip will also contain information about the passport itself--the passport number, issue date, expiration date, and type of passport. Finally, the chip will contain coding to prevent any digital data from being altered or removed as well as the chip's unique ID number. This coding will be in the form of a high strength digital signature. The contents of the data page of the traditional passport have been established by international usage and by ICAO. The chip will not contain home addresses, social security numbers, or other information that might facilitate identity theft.

   In terms of the comments received in response to our proposed rule, a small minority of comments welcomed the rule because of the enhancements to passport security the electronic passport will provide, including better authentication of the document, proof of its link to the bearer and protection against data alteration than is provided by the current, traditional non-electronic passports. The vast majority of comments, however, opposed the introduction of the electronic passport on security and privacy grounds, specifically concerns that skimming or eavesdropping would permit surreptitious reading of the data contained in the passport chip. Skimming is the act of creating an unauthorized connection with a readable chip in order to gain access to the data contained therein. Eavesdropping is the interception of the electronic communication session between a passport chip and an authorized reader.

   Comments reflected a concern that the data in the electronic chip could easily be read by portable devices available on the open market. Many of these comments expressed a belief that the information could be read at distances in excess of ten feet. The majority of the comments were concerned that terrorists could identify and target them as U.S. citizens. Identity theft was of grave concern, focusing on the potential for criminal activity resulting directly from identity theft. Some comments expressed fears that criminals could acquire and use the personal information included in the passport to target them for theft, con artist schemes and/or kidnapping. Still others expressed fears that the U.S. Government or other governments would use the chip to track and censor, intimidate or otherwise control or harm them. Some comments called for the inclusion of a fail-safe anti-skimming device.

   The Department is sensitive to the security and privacy concerns raised by the comments. To address these concerns, the Department and the Government Printing Office (GPO) have worked with the National Institute of Standards and Technology (NIST) to evaluate the passport's vulnerability to skimming and to test physical devices that can be put in a passport to reduce its likelihood.

   Based on that testing, the Department, in cooperation with the GPO, will include an anti-skimming material in the front cover and spine of the electronic passport that will mitigate the threat of skimming from distances beyond the ten centimeters prescribed by the ISO 14443 technology, as long as the passport book is closed or nearly closed.

   The Department will also implement Basic Access Control (BAC) to mitigate further any potential threat of skimming or eavesdropping. BAC recently has been adopted as a best practice by the ICAO New Technologies Working Group and will soon be formally added to the ICAO specifications. BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is visibly printed on the passport data page. The BAC also results in the communication between the chip and the reader being encrypted, providing further protection.

   Shielding the reader or other measures associated with the chip reader can also minimize the possibility of eavesdropping. The Department of Homeland Security (DHS) is responsible for border inspections of travelers, and the provision and use of the equipment at U.S. ports of entry that will read the electronic passports. The DHS is working with NIST on reader security and communications issues.

   We believe that the measures described in this rule adequately address the concerns raised by comments regarding security and privacy.

Objections to the Use of the RFID Technology

   Some comments discussed a belief that the RFID technology is too faulty or otherwise inadequate to be used in passports. In particular, some comments asserted that the RFID technology could easily be hacked into or counterfeited, which would defeat its usefulness as a security measure. The Department is taking every measure to ensure that the RFID chips it uses are resistant to hacking and counterfeiting. The devices used in the U.S. electronic passport must be Evaluation Assurance Level 4+ certified or better. This third party certification is commonly used with other government smartcard initiatives and it provides assurance that the manufacturing process is auditable and secure.

   Additionally, the government conducts regular security audits of its vendor partners and their processes to maintain the security of its travel documents. Finally, the contactless smartcard chip used in the electronic passport will be securely inserted into a highly tamper proof, newly redesigned travel document. The new passport document is itself highly tamper resistant.

   According to certain comments, use of a contact chip would be preferable. However, contact chip technology was assessed and specifically excluded by the ICAO subcommittees during the development of their electronic passport specifications. Contact chip technology is primarily used in card formats, and does not easily adapt to fabrication in book-type formats. Contact technology requires the use of exposed contacts that need to make precise contact when inserted in a reader. Fabricating this technology in a book format in a way that facilitates reliable reading is problematic. Passports must be durable over their ten-year life. Passports using contact technology where a part of the passport book must be inserted into a reader would lead to enhanced wear and tear on the passport, thereby fostering unreliable passport book reading.

   Other comments suggested that the passport data should be encrypted. The passport data on the chip does not require encryption in order to be secure and protected. It is the same data that is visually displayed on the passport data page. Instead of encrypting data, BAC will permit an encrypted communication session with the reader that will provide a similar protection while not requiring administrative key control issues.

   Consequently, we have decided not to change the basic characteristics of the chip that we will use in the electronic passport or the data that it will contain. We will, as explained above, incorporate additional technology, including the anti-skimming material and BAC, to address concerns about skimming and eavesdropping. This will not require any change in the general definition of "electronic passport" contained in the proposed regulation. In this final rule, we have made a technical change to the language of the proposed definition to state that the chip will digitally carry information from the data page, a biometric version of the bearer's photo and coding protections.

   Again, we believe that the measures described in this rule adequately address the concerns raised by comments regarding RFID technology.

Religious Objections

   A small number of comments objected to the electronic passport due to religious beliefs. Without in any way passing judgment upon their beliefs, we do not consider these objections a basis for not proceeding with the proposed rule.

General Objections To Use of the Electronic Chip and Passport

   Some comments stated that they objected to use of the electronic chip and passport, but did not give specific reasons for their objections. As a result, the Department is unable to formulate a useful response to their objections.

Regulatory Findings

Administrative Procedure Act

   The Department is publishing this rule as a final rule, after publishing a proposed rule, allowing a 45-day provision for public comments, and consideration of all comments received. The Department provided for a shorter comment period than the 60 days suggested by Section 6(a) of E.O.

** NOTE: This story has been truncated from its original size in order to facilitate transmission. If you need more information about this story, please contact NewsEdge Corporation at 1-800-766-4224. **

<>

News stories provided by third parties are not edited by "Site Publication" staff. For suggestions and comments, please click the Contact link at the bottom of this page.