RFID Experts Discuss Passports, Smartcards, Identity issues
"Radio Frequency in Document Identification: "Roundtable Discussion on Passports, Real IDs, and Other Digital Devices"
RFID Roundtable: A project of the Advisory Committee to the Congressional Internet Caucus Dec. 14, 2006 U.S. Capitol Building
Roger Cochetti of CompTIA opened the meeting saying that Congress will be "consumed by RFID issues" for the next several years. The meeting was then divided into three issues, 1) the ePassport, 2) the Western Hemisphere Travel Initiative, and 3) Real ID.
The State Department's Deputy Assistant Secretary for Passport Services Frank Moss spoke about the newest ePassport, noting that most likely by next March, all passports issued by the US Government will contain an RFID chip. However, three new security measures have been implemented. First, in order to combat skimming, new ePassports have a metal film built into the passport cover, wrapping around both sides and blocking the RFID chip from any stimulation from and unwelcome contact from outside radio frequency readers. Additionally, the information on the RFID chip, which is the same information printed on your current passport including a detailed digital photograph, is essentially locked by a key code called Basic Access Control. Therefore, though the information on the chip is not encrypted, it cannot be communicated until it is. The third security measure taken by the State Department is the usage of a Random Unique ID Number, in which the computational power of the chip runs an algorithm that generates a new number each time it is read, so that one passport cannot be tracked from one location to the next. As the reason for choosing radio frequency technology for use in the new passports Moss cited the need for a "globally interoperable system". RFID was seen as the technology that would be most easily adopted by other countries and standardized for global usage. Moss, however, stopped before pushing to include biometric information on the embedded RFID passport chip. He claimed that it would be "hard to keep fingerprints secure on a passport". I wonder why personal information is easier to keep secure on a passport than biometric information?
While there are many ways to skin a cat, Jim Harper of the Cato Institute and Privacilla.org asks the question, "Is it okay to kill a cat in the first place?" Harper calls WHTI a product of terrorist success, in that because of events of the past, we are harming ourselves now. Harper sat on DHS's Privacy and Integrity Advisory Committee, in which no one proved that RFID technology would alleviate traffic jams at border crossings. "The government is adopting a technology that's immature, and it's not optional," says Harper. He notes other practical problems with the passport card as well. Like, for instance, when information is transmitted to the computer screen of a border guard, how will the car know which car it belongs to if the RFID chip has a 20 foot read-range? Which lane is the car even in?
There was a discussion on the International Civil Avaition Organization (ICAO) and their role in acting as a facilitator to the radio frequency adoption in travel documents. The ICAO argued that after looking at all alternatives, it was decided that RF technology was the best tool to use. It called, but did not rule, on all nations to adopt RF technolgy in the new manufacturing of new ID documents.
The last part of the meeting was dedicated to the Real ID, an Act that could standardize driver's licenses by 2008 if the legislation passes. CompTIA's Roger Cochetti noted that many question surround the prospect of this national ID card. What is the time table? How much will it cost? Who will pay for it? (The National Council of State Legislatures estimates the cost to be $11 billion). Others ask what the cost of NOT having a Real ID card is.
Overall it was a great discussion, and all agreed on at least one thing - that RFID education is vital to industry groups, manufacturers, end-users, policy makers, and to all citizens.
Use RFID Shield to Prevent unwanted reading of RFID stored data
Information about the RFID Shield is at:
http://smarttools.home.att.net/rfshield.htm
Subject: Allay RFID privacy concerns by letting the end user decide when it
transmits
There is a concern that RFID tags embedded in credit cards may make the presence of such cards detectable by anyone with an RFID reader.
To answer that concern, we have an easy way to make RFID tagged cards normally invisible, but active when you want them to be.
Background: RFID tags are appearing everywhere. They can be embedded in plastic cards such as credit cards, id cards, passports and other places. There are privacy concerns about these tags being read without the owners knowledge.
Solution: "RFID Shield" lets you choose when your tags are readable.
Information about the RFID Shield is at:
http://smarttools.home.att.net/rfshield.htm
Smart Tools
Send comments, suggestions to: smarttools@att.net
Byron Siu
Smart Tools
650 967 3875
smarttools@att.net
