The Departments of State and Homeland Security want to create a passport card — intended to be a cheaper and more efficient alternative to the passport book — for Americans returning to the U.S. from Canada, Mexico or the Caribbean by land or sea. The departments have proposed to put a Radio Frequency Identification (RFID) tag in the passport card that can be read from several yards away. CDT submitted comments on Jan. 7 explaining that the passport card proposal raises a host of privacy and security concerns.

CDT explained that the RFID technology proposed for the passport card is inappropriate for human identification and proof of citizenship. It is an inherently insecure technology originally designed to increase the efficiency of the supply chain by permitting fast, unhindered long-range wireless communication between product tags and computerized readers. CDT highlighted the Departments’ failure to explain how cardholders’ privacy will be protected — in particular, how the RFID-enabled passport card will not be used to track individuals, or be used as another unique identifier (like the Social Security Number) to link to vast amounts of personal information unrelated to border management. Furthermore, CDT noted that if the passport card were made properly secure, the purported benefits of the chosen RFID technology (i.e., lower cost and increased efficiency) would disappear – thus calling into question the desirability of the entire passport card program.

We submitted follow-up comments on January 23 related to a nuanced but important technical issue. We had asserted that the RFID protocol chosen for the passport card calls for a 32-bit password that controls access to a tag’s unique number. We argued, however, that the password is discoverable, thus enabling the discovery of the tag’s unique number and creating a significant privacy risk for the cardholder. After we submitted our initial comments, we learned that although an earlier iteration of the RIFD protocol did provide for a password to control access to a tag’s unique number, the current version does not include such a password. In our follow up comments, we urged the Departments to clarify whether the RFID-enabled passport card will use a password as a security mechanism, and what privacy risks exist both with and without a password.

This entry was posted on Wednesday, January 24th, 2007 at 4:33 pm and is filed under Security & Freedom. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.