A U.S. State Department proposal to include wireless data chips in U.S. passports has been met with a wave of criticism and concern from privacy activists and security experts who fail to see any value in the wireless technology for passports. The chips could only serve to compromise personal data and put U.S. citizens at risk, they argue.
U.S. officials with the Department of Homeland Security have tried to deflect the privacy and security concerns that have dogged radio frequency identification (RFID), calling the proposed passport technology a “contactless chip” or “contactless integrated circuit” that differs from RFID.
Avi Rubin, director of the Johns Hopkins Information Security Institute, told TechNewsWorld that there are several technologies — such as close-proximity passes and radio bar codes — that are all termed RFID despite significant differences.
However, Rubin, whose Johns Hopkins research team found major security gaps in common RFID systems earlier this year, indicated the passport technology proposed by the U.S. is fraught with danger to the carriers of the high-tech documents.
“I don’t think changing the name is going to change any of the privacy concerns,” he said. “Whatever you call them, something with radio frequency in passports is a terrible idea. I can’t see the need for wireless. I can only see negatives. I can’t see any positives. I only see disadvantages to this.”
The U.S. State Department and DHS, however, are pursuing use of the technology in passports and in identification cards for DHS employees. Last month, the State Department proposed passports and some other identification documents would be required to use RFID tags with personal data and even biometric information made available to customs officials with scanners.
Electronic Privacy Information Center (EPIC) policy counsel Cedric Laurant told TechNewsWorld the passport tags, which, unlike the DHS employee cards, would not be protected by encryption, would allow anyone with access to an inexpensive scanner to wirelessly identify and gather information on Americans without them knowing it.
“It’s not at all the technology to use for passports,” Laurant said. “It doesn’t make sense to use it for that.”
Laurant, who said the U.S. is pushing for the same passport technology to be adopted by other nations as well, claimed the only reason for the technology was for surreptitious surveillance of U.S. citizens by the government.
“There is no other explainable motive for deploying that technology,” he said, adding that the wireless access could be leveraged by criminals or terrorists to identify nationalities and sensitive information. Laurant said EPIC is filing comments in opposition of the passport proposal in the next few days.
Rubin — whose research team has started a company, Independent Security Evaluators to crack RFID systems so their makers can better secure them — said he was actually approached by DHS regarding the passport wireless technology last year, but the department did not follow up.
Rubin said he could see the need for RFID in a shipping or delivery business such as UPS, but did not see the point of the wireless technology when citizens are passing their documents over the counter to officials when traveling.
Blinded By Technology
Officials with the DHS and State Department were not immediately available for comment on the proposed passport technology. Bill Scannell, a privacy advocate who has started the Web site www.rfidkills.com, said despite efforts to find a motive, it is unclear why the U.S. is pushing the issue.
He echoed Rubin in stating that the government appeared to be using technology for the sake of using technology and not for cost or efficiency gains.
“I think they’re blinded by technology,” Scannell told TechNewsWorld.
He added that the plan has been met with such strong resistance “because people see the inherent dangers in this technology.”