More RFID Journal Sites: RFID Journal Espanol RFID Journal Brasil RFID Journal Events RFID Journal Awards
RFID NEWS
Text size:
T
T
T
DHS Privacy Committee Finalizes Report on RFID IDs
The reports also differ in describing the possible risks to personal privacy presented by the use of RFID technology in identity documents. The original version of the report says, "The use of RFID for human identification may create a number of risks that are not found in conventional and non-radio identification processes. Individuals will likely be subject to greater surveillance in RFID identification. They will be less aware of being identified and what information is transferred during identification, concerns that necessitate transparency in the design of RFID identification systems." In contrast, the revised report focuses on the personal-privacy risks created by any digital information system, over a manual system. "Digital identification systems pose privacy risks," the revised report states. "In a visual ID-check environment, a person may be briefly identified but then forgotten, rendering them anonymous for practical purposes. In a digital (RF-based) identity-check environment, by contrast, a person's entry into a particular area can be recorded and the information stored for some period of time. If not properly protected, this information could also be repeatedly shared or used for secondary purposes, even potentially used for broader surveillance."
Harper says he hopes members of the DHS and representatives from the RFID and smart-card industry will take the report to heart, giving credence to the best practices and privacy-focused safeguards it recommends.
The DHS and the U.S. Department of State (DOS) are already beginning to embed RFID inlays in U.S. passports, so the final publication of the privacy report comes too late for use by those agencies in that regard. Still, Harper maintains, the report could still hold value to decision makers in other countries who are considering deploying electronic passports. The guidelines the United States and other nations are following for deploying RFID in passports, Harper says, were devised by the International Civil Aviation Organization (ICAO), do not require as many privacy safeguards as they should (see United States Sets Date for E-Passports).
The DHS and DOS also plan to RFID-enable the PASS card, a travel document that will be issued in lieu of a U.S. passport to identify U.S. citizens who travel to Mexico, Canada, the Caribbean or Bermuda (see New U.S. ID for Border Crossing to Use RFID). The agencies originally set a deadline of Dec. 18 for the public to submit comments on their plans to add RFID to the card (see DHS Proposes Vicinity RFID Technology for PASSport Card ). That deadline has now been extended to Jan. 8, and Harper says the Data Privacy and Integrity Advisory Committee hopes the agencies consider the report along with the public comments they are currently receiving, as they develop the PASS program.
For both electronic passports and the PASS card, the government wants to use RFID technology to increase document security and streamline documentation-verification procedures at checkpoints. While high-frequency (HF) inlays have a read range of just a few centimeters and are being deployed in passports with data-encryption capabilities, the agencies' plans for the PASS card call for the use of ultrahigh-frequency (UHF) inlays, which have a much longer read range and have not been made available with data-encryption capabilities. As a result, the Smart Card Alliance—an industry group made up of companies that manufacture HF-based ID and payment cards—is protesting the current PASS plans and calling for the DHS and DOS to use HF inlays compliant with the ISO 14443 standard instead. The latter, the Alliance says, include data-encryption tools, whereas UHF tags do not.
Randy Vanderhoof, executive director of the Smart Card Alliance, says UHF has not been utilized within identity documents. Although the State Department seeks creative solutions to security from UHF technology vendors in its PASS-card proposal document, Vanderhoof adds, there are no such solutions on the market today. "We are concerned that the PASS card is being designed without good review of the privacy protections that are required," he says, "and that this won't happen until it's too late. That would be a mistake."
Harper says he hopes members of the DHS and representatives from the RFID and smart-card industry will take the report to heart, giving credence to the best practices and privacy-focused safeguards it recommends.
The DHS and the U.S. Department of State (DOS) are already beginning to embed RFID inlays in U.S. passports, so the final publication of the privacy report comes too late for use by those agencies in that regard. Still, Harper maintains, the report could still hold value to decision makers in other countries who are considering deploying electronic passports. The guidelines the United States and other nations are following for deploying RFID in passports, Harper says, were devised by the International Civil Aviation Organization (ICAO), do not require as many privacy safeguards as they should (see United States Sets Date for E-Passports).
The DHS and DOS also plan to RFID-enable the PASS card, a travel document that will be issued in lieu of a U.S. passport to identify U.S. citizens who travel to Mexico, Canada, the Caribbean or Bermuda (see New U.S. ID for Border Crossing to Use RFID). The agencies originally set a deadline of Dec. 18 for the public to submit comments on their plans to add RFID to the card (see DHS Proposes Vicinity RFID Technology for PASSport Card ). That deadline has now been extended to Jan. 8, and Harper says the Data Privacy and Integrity Advisory Committee hopes the agencies consider the report along with the public comments they are currently receiving, as they develop the PASS program.
Randy Vanderhoof, executive director of the Smart Card Alliance, says UHF has not been utilized within identity documents. Although the State Department seeks creative solutions to security from UHF technology vendors in its PASS-card proposal document, Vanderhoof adds, there are no such solutions on the market today. "We are concerned that the PASS card is being designed without good review of the privacy protections that are required," he says, "and that this won't happen until it's too late. That would be a mistake."
