Rule will make passport cards scannable from several feet away
State Department officials have decided to offer passport cards for travel between the United States, Mexico, Canada and the Caribbean that U.S. border guards can access from 20 feet away while travelers wait in line. The cards differ from the new e-passports, which guards must swipe to unlock electronically stored personal data.
The decision to use “vicinity read” radio frequency identification technology, which lets border guards access the unique identifying number stored in the passport cards while travelers are waiting in line to cross the border, has drawn criticism from privacy advocates who say the technology is less secure than the “proximity read” RFID technology contained in U.S. e-passports.
Many of the more than 4,000 comments submitted about the rule for the passport cards, which was published in the Federal Register Dec. 31, 2007, oppose the choice of vicinity read technology because of security and privacy concerns. Some privacy advocates worry that the longer transmission distance makes the document more susceptible to identity theft.
State and Homeland Security Department officials insist, however, that the unique identifying number that is transmitted from the passport card to the Customs and Border Protection agent is of use only to an official with access to the database where the traveler’s data is stored. Furthermore, the cards contain none of the personally identifiable information that passports contain.
Officials say that much of the criticism of the decision to use vicinity read technology reflects a misunderstanding of how the technology will be implemented and of the Western Hemisphere Travel Initiative’s (WHTI) business model generally.
The technology to be used in the passport card has been used successfully in trusted-traveler programs since 1995, a CBP spokeswoman said.
But that does not eliminate the security and privacy concerns that the technology raises, said Ari Schwartz, deputy director of the Center for Democracy and Technology. On its Web site, the center said the design is “inherently insecure and poses threats to personal privacy, including identity theft, location tracking by government and commercial entities outside the border control context, and other forms of mission creep.”
“I think there’s the possibility that critics like us do understand the business process, and we just think they are making a bad choice,” Schwartz said. “The amount of time that they are going to save at the border…is not equal to the privacy and security concerns.”
The government says, however, that in addition to saving time at the border, the new cards—which are optional—will also make the border more secure.
“The point here is that you have three points of reference,” said Derwood Staeben, WHTI’s program manager at State. “You have the person in front of you, you have the card and the data on the screen…to verify the identity of the person.”
But Schwartz said State officials should not discount the fact that lawmakers, privacy advocates and technology associations all expressed concerns over the technology choice.
Mark Roberti, editor of RFID Journal, said that if used correctly, the sleeve that each carrier of the passport card will be issued by the government solves security concerns about unauthorized people gaining access to the identifying number when not in line at a border.
The new passport cards are designed to satisfy legislation that requires DHS and State to develop a plan to ensure everyone entering the United States is documented and create a U.S. passport card to facilitate travel between the U.S., Canada, Mexico, the Caribbean and Bermuda.
Officials hope the passport cards will be in use this spring. The new rule takes effect Feb. 1.
Ben Bain is a reporter for Federal Computer Week.