Privacy Experts Scoff at Government's Plans to Secure E-Passports

eweek.com
Privacy Experts Scoff at Government's Plans to Secure E-Passports
By Lisa Vaas

Security experts and civil libertarians reacted with skepticism to the government's recent decision to reconsider data protection measures for new RFID passports. The "e-passports," as they've been nicknamed, were originally slated for spring release in the Los Angeles Passport Agency but are now planned for issuance in August beginning with diplomatic passports, according to a spokeswoman for the Bureau of Consular Affairs.

Frank Moss, deputy assistant secretary for passport services at the U.S. State Department, on Monday told news outlets that the rollout of proposed radio frequency identification technology for passports will be delayed until RFID's privacy and security vulnerabilities are resolved.

The State Department has previously claimed that the data on the 64-bit RFID tags—name, date of birth, place of birth (a datum that the ACLU claims is a key to identity theft), a digital photograph and a digital face recognition template—can only be read at a distance of 10 centimeters. That has been disproved by a demonstration in April at the Computers, Freedom and Privacy conference in Seattle and by studies that prove that the radio tags' readable distance is as far away as 30 feet.

The question, privacy advocates say, is why the RFID technology is needed at all.

"Why do they feel they need to use an RFID chip?" asked Ari Schwartz, an associate director at the Center for Democracy and Technology, in Washington. "They're saying [e-passports] can be read 3 to 4 inches away. To me, why be 3 to 4 inches away? When you could just have [a chip that required reader] contact?"

The State Department is now considering two means of protecting data: encryption and metal threads in the passport booklet cover that would hamper data reading unless the booklet were to be opened. Data would be encrypted as it's transmitted from the radio chip to a reader. In addition, the reader would be required to provide a key or password before being enabled to read data on the RFID chip.

In other words, privacy advocates said, the government is opting to render hand's-free radio technology into hand's-on technology.

"Whereas before they had this wonderful dream of people being able to walk along and ping people as they walked along through airports and other areas and suck information off passports—which would be fine and wonderful, [because that's] what RFID is for; it's radio frequency—now they've moved away, and they're putting little tin cover hats on the covers of passports and encrypting the data on the chip," said Bill Scannell, a publicist, freelance privacy activist and former government intelligence officer who recently launched an Internet campaign called RFID Kills to stop the government from deploying RFID in passports.

"In order to get access, they'll scan the [machine readable code on the passport cover], which is what they do now, and take off a number, and beam that at the chip, and it would dump information back to you," he said.

"What's bad about this?" Scannell said. "It's a completely inappropriate use of the technology. The purpose of RFID is you don't have to touch or have contact with anything. Now you have to have contact. You're adding more time to the procedure, to make it do stuff it's not meant to do."

At issue is the potential for data skimming, where identity thieves carry scanners in, for example, briefcases, passing close by travelers and snatching their personal information.

Some security experts scoff at the idea of thieves wasting their time fishing for personal data in airports when there are bigger payloads available in databases.

"I'm not that worried about RFID," said Pete Lindstrom, research director of Spire Security LLC. "You're at the wrong end of the spectrum. It's on the read end. If someone's going to do a [big data theft], they'll go to the database and do a massive snag."

But privacy advocates classify such thinking as naïve: If it can be done, it will be done, they say. And as far as the government's acquiescence to look at data encryption, such a security practice won't help for most of the problem, said Bruce Schneier, founder and chief technology officer of Counterpane Internet Security Inc., since RFID tags require anti-collision protocols and a unique identification number.

The unique ID would still be broadcast and couldn't be encrypted, lest yammering tags all talk at once and say the same thing. "The problem we worry about is tracking," Schneier said. "It's still a unique number. You can still track people but you can't identify someone."

What's wrong with that, if the unique identifier doesn't reveal personal information? They would create, in effect, a global identification number.

"People get worried about national ID numbers," Scannell said. "What about an international number? Your own, unique identification number. That's what you'd end up with in the machine-readable part of the passport. A hash of the crypto that's unique and becomes a national identifier number. That would be scanned and beamed to the chip.

"I think that's truly frightening," he said. "For the first time in history, together with some 40 other countries, we'd have a unique identification number. You don't have to go into the mark of the beast world to find this awful."