This article was originally published by RFID Update.
October 27, 2005—The U.S. State Department this week officially announced that it is moving forward with the “electronic passport” initiative which will see all U.S. passports issued after October 2006 include embedded RFID tags. The tags will include the personal information currently found on the data page of existing passports: name, nationality, gender, date and place of birth, and a digitized photo. In addition, the passport type, number, and issue and expiration dates will also be stored. According to the announcement, “the chip will not contain home addresses, social security numbers, or other information that might facilitate identity theft.” Before rolling out the new passports next October, the department will run a pilot beginning this December on the subset of U.S. citizens that use “Official” or “Diplomatic” passports.
To ensure global interoperability, the RFID data will be encoded according to specifications decided by the International Civil Aviation Organization (ICAO). However, despite the ICAO specification calling for a 32-kilobyte storage minimum, the RFID tags in the new U.S. passports will have storage capacity of 64 kilobytes “to permit adequate storage room in case additional data, or biometric indicators such as fingerprints or iris scans, are included in the future.”
There will be a number of security features to the new passports. The ICAO specification calls for public key infrastructure and digital signatures, which protect the tag data from tampering. Additionally, the front cover and spine will be protected by anti-skimming material “that will mitigate the threat of skimming … as long as the passport book is closed or nearly closed.” A technique called Basic Access Control (BAC) will also be employed, whereby the information transmitted from the RFID chip must be deciphered using a key code printed on the passport itself. This helps ensure that only an individual with physical possession of the document can “unlock” and see its contents, frustrating efforts by would-be eavesdroppers and hackers to effectively intercept transmitted data.
The electronic passport initiative has been a controversial one, with groups like the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation (EFF) speaking out against it. Also, 2,335 responses were received to the department’s request for comments, with an incredible 98.5% being against the initiative. (All the responses are uploaded and categorized here for public perusal.) The primary concerns expressed in the comments were:
- The potential exploitation of the new passports by terrorists to surreptitiously identify U.S. citizens.
- Identity theft facilitation.
- The abusive potential for the U.S. government to track or otherwise infringe on the freedoms of passport-holders.
The State Department announcement acknowledges this public pushback, but argues that the aforementioned security precautions of the new passport design are sufficient. Given the seeming finality of the announcement, those concerns are now moot anyway. For better or for worse, they will be tested by the traveling American public beginning in October of next year.
Read the full announcement in the Federal Register