COMMENTARY
New U.S. passport technology a bad idea
By Raphael Eredita
Most people are already familiar with Radio Frequency Identification technology, which was successfully test-marketed in large superstores such as Wal-Mart worldwide for tracking inventory. Now the U.S. State Department is considering embedding RFID chips in U.S. passports, beginning in 2006.
Although officially the State Department says its reason for the new technology is to prevent passport forgery, anyone familiar with RFID technology and its tracking applications knows it also will be possible to inventory and track the movements of U.S. passport holders by persons equipped with commercially available RFID scanners.
RFID tags are those thick metallic stickers used in the retail industry to tag products such as DVD movies, electronics, clothing and even books, from the warehouse, across the store and past the checkout counter. RFID tags contain a miniature coiled antenna with a broadcasting chip inside that broadcasts a product's details wherever it goes.
RFID signal ranges can vary, designed to facilitate "walk-by" inventory controls by store stockers equipped with handheld RFID scanners. The same RFID tags also can be used to check out items purchased, as well as security devices that trigger store alarm systems when not properly deactivated at the checkout lines. Because of its many purposes, RFID technology has been offering huge returns on investment and is spreading to other industries with similar needs worldwide.
Unfortunately, the potential for misuse can make it a much bigger threat than a convenience. After a few isolated stalking incidents in retail stores, privacy groups noticed the dangers posed when anyone, armed with a handheld RFID scanner, decides to track a shopper's movements from the superstore to the shopper's home as RFID tags continue to emit signals from shopping bags when not properly deactivated. This is the part that makes the technology controversial.
In the case of the new U.S. passports, what's at stake is digitized personal information on these chips such as names, nationality, gender, date of birth, place of birth and even passport pictures, all broadcast out in the open, without the passport holder's ability to even opt-out, consenting or not.
In the right hands, RFID technology can be used to search for U.S. travelers by tracking their movements — similar to tracking parcels — to see if they passed various checkpoints such as U.S. consulates, airports and hotels, with safe arrival at their destinations.
But in the wrong hands, an instant "inventory" or "snapshot" of U.S. travelers can be taken at any given airport, hotel, bus or other public place — at a time when terrorists have publicly sworn to hunt down U.S. civilians worldwide.
To prevent such dangers, the State Department is embedding anti-skimming material inside the new passports' back and spine to restrict broadcast ranges and reduce data leaks. This would require close proximity scans, which would be accomplished at much lesser cost and risk with already available smart chip technology, direct smart chip card readers and card-size passports. This would remove the threat of data broadcasts.
The State Department is already prepared for implementation and says it also will encrypt the RFID passport signals. Unfortunately, technology-savvy criminals have been known to crack just about any length of encryption, especially when deemed worthwhile.
The State Department's choice to use an already controversial technology in U.S. passports for any stated reasons is just a very bad idea.
Raphael Eredita is a Honolulu resident and an information assurance (information systems security) professor at Hawai'i Pacific University.