Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

DHS Privacy Committee Finalizes Report on RFID IDs

DHS Secretary Michael Chertoff will soon receive the 15-page advisory report, which the coauthors hope will impact the U.S. government's approach to incorporating RFID technology in identification documents.
By Mary Catherine O'Connor
The reports also differ in describing the possible risks to personal privacy presented by the use of RFID technology in identity documents. The original version of the report says, "The use of RFID for human identification may create a number of risks that are not found in conventional and non-radio identification processes. Individuals will likely be subject to greater surveillance in RFID identification. They will be less aware of being identified and what information is transferred during identification, concerns that necessitate transparency in the design of RFID identification systems." In contrast, the revised report focuses on the personal-privacy risks created by any digital information system, over a manual system. "Digital identification systems pose privacy risks," the revised report states. "In a visual ID-check environment, a person may be briefly identified but then forgotten, rendering them anonymous for practical purposes. In a digital (RF-based) identity-check environment, by contrast, a person's entry into a particular area can be recorded and the information stored for some period of time. If not properly protected, this information could also be repeatedly shared or used for secondary purposes, even potentially used for broader surveillance."

Harper says he hopes members of the DHS and representatives from the RFID and smart-card industry will take the report to heart, giving credence to the best practices and privacy-focused safeguards it recommends.

The DHS and the U.S. Department of State (DOS) are already beginning to embed RFID inlays in U.S. passports, so the final publication of the privacy report comes too late for use by those agencies in that regard. Still, Harper maintains, the report could still hold value to decision makers in other countries who are considering deploying electronic passports. The guidelines the United States and other nations are following for deploying RFID in passports, Harper says, were devised by the International Civil Aviation Organization (ICAO), do not require as many privacy safeguards as they should (see United States Sets Date for E-Passports).

The DHS and DOS also plan to RFID-enable the PASS card, a travel document that will be issued in lieu of a U.S. passport to identify U.S. citizens who travel to Mexico, Canada, the Caribbean or Bermuda (see New U.S. ID for Border Crossing to Use RFID). The agencies originally set a deadline of Dec. 18 for the public to submit comments on their plans to add RFID to the card (see DHS Proposes Vicinity RFID Technology for PASSport Card ). That deadline has now been extended to Jan. 8, and Harper says the Data Privacy and Integrity Advisory Committee hopes the agencies consider the report along with the public comments they are currently receiving, as they develop the PASS program.

For both electronic passports and the PASS card, the government wants to use RFID technology to increase document security and streamline documentation-verification procedures at checkpoints. While high-frequency (HF) inlays have a read range of just a few centimeters and are being deployed in passports with data-encryption capabilities, the agencies' plans for the PASS card call for the use of ultrahigh-frequency (UHF) inlays, which have a much longer read range and have not been made available with data-encryption capabilities. As a result, the Smart Card Alliance—an industry group made up of companies that manufacture HF-based ID and payment cards—is protesting the current PASS plans and calling for the DHS and DOS to use HF inlays compliant with the ISO 14443 standard instead. The latter, the Alliance says, include data-encryption tools, whereas UHF tags do not.

Randy Vanderhoof, executive director of the Smart Card Alliance, says UHF has not been utilized within identity documents. Although the State Department seeks creative solutions to security from UHF technology vendors in its PASS-card proposal document, Vanderhoof adds, there are no such solutions on the market today. "We are concerned that the PASS card is being designed without good review of the privacy protections that are required," he says, "and that this won't happen until it's too late. That would be a mistake."

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations