To Whom It May Concern:
We came across this information in the trades and thought it would be of
interest to this newsgroup as well.
Happy sailing,
John Sisker, SHIP-TO-SHORE CRUISE AGENCY®
(714) 536-3850 or toll free at (800) 724-6644 & (pagoo ID: 714.536.3850)
www.shiptoshorecruise.com
A new generation of United States passports, equipped with short-range radio
tags, are arriving in mailboxes across the country. More than 15 million
Americans are expected to apply for and receive the high-tech document in
the next year. Within a decade, every US passport will contain an RFID
(radio frequency identification) chip.
But privacy advocates are voicing concerns that the passport makes Americans
more vulnerable to attacks from thieves and terrorists - and perhaps will
allow the government to snoop on them as well.
"It clearly is not a secure document," says Barry Steinhardt, director of
the technology and liberty project at the American Civil Liberties Union.
The new "e-passports," he says, provide "one-stop shopping for terrorists
who want to single out Americans for kidnapping or worse."
The State Department, which issues US passports, insists that these kinds of
concerns are groundless.
"It's the most secure passport we've ever issued," says Ann Barrett, acting
deputy assistant secretary for passport services at the State Department.
"It has the next generation of security features."
In August, Denver became the first regional passport office to issue the new
passports. Other regional offices will switch over in stages in the weeks
ahead. By February or March, all new passports will contain the RFID
feature, Ms. Barrett estimates.
The tiny chip, embedded in the back cover of the passport, contains in
digital form the same information printed on the biographical page of the
passport: the person's name, date of birth, gender, place of birth, issue
and expiration dates, and the person's passport photo. When the e-passport
is opened and placed within a few inches of a passport "reader" at a US
Customs station, it reveals its information.
By displaying the personal data in two forms, print and digitally, an
e-passport should be much harder to alter or forge. The digital file is
"locked" and unable to be changed even if accessed, the State Department
says. Metallic shielding material in the cover and spine make the chip
impossible to read illegally, or "skim," unless the passport is opened, and
then only from a few inches away.
But not all privacy advocates and security experts have been won over. At a
security conference in August, a German hacker showed how he could copy and
transfer information from a German e-passport that employs similar RFID
technology. And tests made by the American security company Flexilis show
how the RFID signal can be read even if the e-passport is opened only a
fraction of an inch, such as might happen while it was being carried in a
purse or briefcase.
As part of an international agreement, more than two-dozen countries are
converting to similar chip-bearing passports - an effort that has been
pushed along by the US, Mr. Steinhardt says. All citizens of so-called "visa
waiver" countries - those, who in most cases don't need visas to visit the
US - must carry e-passports by Oct. 26. The Department of Homeland Security
is in the process of installing e-passport RFID readers at airport security
checks around the country.
Even though a thief might not be able to decipher the contents of an
encrypted RFID chip, simply being able to learn that a person is carrying a
passport constitutes a security breach, a Flexilis report says. It also may
be possible to identify a unique property of the RFID signal that would
indicate it came from an American passport. What if over the 10-year life of
the passport, critics ask, remote RFID readers become more powerful and
hackers become more expert at breaking in? A proposed worst-case scenario
imagines using an American e-passport to set off a hidden bomb as it passes
in close proximity.
"The security experts out there and the academic community that studies RFID
have raised, I think, some very serious and legitimate questions about
whether it's a good idea to have this information accessible in this way,"
says Katherine Albrecht, coauthor of "Spychips: How Major Corporations and
Governments Plan to Track Your Every Purchase and Watch Your Every Move."
Unfortunately, she says, the State Department has gone ahead with the
e-passport program despite receiving public comments that were more than 98
percent negative.
The proposal didn't receive the kind of open, public discussion that "I
think would have led to more acceptance," says Ms. Albrecht, a privacy
expert who has tracked how businesses and government use RFID tags for
several years.
The apparel company United Colors of Benetton decided it was going to ship
its clothing laced with RFID tags a few years ago, but changed its mind
after a consumer boycott began.
"If it's a company, you can choose not to buy their products," Albrecht
says. But if you need a passport, you'll have to carry the electronic
version, like it or not. "You can't boycott the State Department," she says.
"It's not like it's a free market where there's somewhere else to go if you
don't like the policy."
As an extra layer of security, the e-passports first have to be touched to a
conventional bar code-type scanner, the same kind used at grocery stores and
on current passports, before the RFID chip can be read. This Basic Access
Control "acts like a PIN number" to guard the chip, Barrett says.
But Steinhardt wonders, then, why bother with the contactless RFID scan? The
State Department says the chip can contain more information than a bar code
can, such as a digital photo. Some have speculated that it eventually may
contain a fingerprint image, an iris scan, or other data as well.
Or does the chip have a more sinister purpose?
The State Department reneged on a promise to the ACLU that it could bring in
independent experts to take a close look at the e-passport before it was
issued, Steinhardt says. "There's clearly something else that they have in
mind here, and we believe that they want the ability to track people without
their knowledge," Steinhardt says. "That's the only explanation for why an
RFID chip is in this passport."
Others who are familiar with RFID technology say the scenarios cooked up by
e-passport opponents are far-fetched.
"A lot of these concerns, when you think about them in the real world, they
start to become really silly," says Mark Roberti, editor of the RFID
Journal. "Are there some scenarios where you could possibly skim some data?
Well, yes, maybe. Anything's possible. But, logically, what's the real
threat here?"
Terrorists, he says, have much easier ways to identify and attack Americans
abroad than to try to employ e-passports. If they're close enough to skim
the chip, they're close enough to read "United States of America" on the
passport cover, he says.
"There's a lot of misinformation out there," Barrett says. "There are a lot
of different RFID technologies, and we're certainly not using Wal-Mart
inventory-tracking technology. It's a whole different technology."
For example, when read, the e-passport generates a random ID number. If
someone is trying to track the movement of a passport by repeatedly scanning
a chip, they'd get a different ID number each time.
"So they really wouldn't know it was you again," she says. "We really have
put a lot of safeguards in place to protect the information that's on that
... chip."
If a government were to misuse the passport chip, say, to identify someone
who had attended an antigovernment protest, Mr. Roberti concedes that "I
think that is a legitimate concern."
The State Department's handling of the e-passport introduction has been
"less than ideal and a negative for the RFID industry," he adds.
But the situation also been instructive. Companies that plan to use RFID
tags to carry sensitive information need "to think about what data is on the
tag, how it could be abused ... and then address those issues," Roberti
says.
By Gregory M. Lamb
The Christian Science Monitor
via eTN eTurbo News
Global Travel Industry News
|