UPDATED: Beaming across the border

DHS and State disagree on which security technology to use for border protection

Editor's note: A clarification to the sidebar to this story was added at 1:30 p.m. April 24, 2006.

The Homeland Security Department’s insistence on speeding citizens through land border ports of entry could jeopardize travelers’ security and privacy, technology vendors said last week.

Attendees at the Smart Card Alliance conference in Arlington, Va., learned about the People Access Security Service (PASS) card, a proposed alternative to a passport as a secure identity document for U.S. citizens traveling to or from Canada or Mexico.

The State and Homeland Security departments, which would oversee the PASS system, disagree on which radio frequency technology the cards should use to transmit travelers’ information.

State wants to use contactless smart cards that follow the International Organization for Standardization 14443 standard, the same one used in the new e-passports, said Frank Moss, deputy assistant secretary of State for passport services. The smart cards contain a small microprocessor that establishes an encrypted channel with a card reader to transmit encrypted data on the users’ cards. Users must place the card within 5 inches of the reader.

U.S. Customs and Border Protection (CBP) agency wants border inspectors to be able to read PASS cards from as far as 30 feet away, said Jim Williams, director of the U.S. Visitor and Immigrant Status Indicator Technology program, which screens for terrorists among foreign travelers. That would require radio frequency identification tags embedded in the cards.

The ability to read cards from a farther distance would allow the PASS system to automatically screen cardbearers against criminal watch lists and display that information on the border guard’s computer by the time the vehicle arrives at the station, Williams said. It could also help speed people through border crossings, he said.

The RFID model is similar to the Generation 2 standard used by commercial enterprises to track merchandise pallets. A tag transmits a 96-digit unique identification number that refers to personal information stored in a secure, central database.

CBP has performed many trials of RFID during the past several months to ensure it meets security, privacy and performance requirements, Williams said. RFID vendors have data to support their argument that the Gen 2 standard protects privacy and security better than smart cards, said Jack Grasso, a spokesman at EPCglobal, an industry group for RFID vendors. The Gen 2 standard has provisions for encrypting and locking data to prevent tampering and duplication, he said.

But the widespread perception in the smart card industry is that DHS is recklessly moving forward in adopting RFID, said Randy Vanderhoof, executive director of the Smart Card Alliance. DHS has a strong bias toward speeding people through borders and reading the PASS cards from a distance, without considering that smart cards have more built-in security and privacy protections, he said.

Neville Pattinson, director of technology and government affairs at Axalto, said, “I think there’s a lot of pressure on them for not entangling people at the border,” which provides many government credentials.

State and DHS have to work out their differences in the next few weeks because State wants to issue a request for proposals in the next few months, Moss said. Millions of cards are supposed to be in production by the year’s end.

Marc-Anthony Signorino, director and counsel for technology and environmental policy at AeA, formerly the American Electronics Association, said DHS’ decision will affect public perception of RFID and should not be hasty.

RFID vendors question RFID useSome radio frequency identification vendors think using the technology for People Access Security Service cards is a bad idea, said Marc-Anthony Signorino, director and counsel for technology and environmental policy at AeA, formerly the American Electronics Association, a nonprofit technology trade association. AeA members that sell smart cards and RFID technology are concerned that the Homeland Security Department wants to use RFID even though anybody can read and copy the tags, which poses a security risk, he said.

They prefer smart cards as a more secure option, he said.

“If it doesn’t keep the bad guys out, if it’s easily spoofed, then what good is it?” Signorino asked.

— Michael Arnone

The 2015 Federal 100

Meet 100 women and men who are doing great things in federal IT.

Featured

  • Shutterstock image (by venimo): e-learning concept image, digital content and online webinar icons.

    Can MOOCs make the grade for federal training?

    Massive open online courses can offer specialized IT instruction on a flexible schedule and on the cheap. That may not always mesh with government's preference for structure and certification, however.

  • Shutterstock image (by edel): graduation cap and diploma.

    Cybersecurity: 6 schools with the right stuff

    The federal government craves more cybersecurity professionals. These six schools are helping meet that demand.

  • Rick Holgate

    Holgate to depart ATF

    Former ACT president will take a job with Gartner, follow his spouse to Vienna, Austria.

  • Are VA techies slacking off on Yammer?

    A new IG report cites security and productivity concerns associated with employees' use of the popular online collaboration tool.

  • Shutterstock image: digital fingerprint, cyber crime.

    Exclusive: The OPM breach details you haven't seen

    An official timeline of the Office of Personnel Management breach obtained by FCW pinpoints the hackers’ calibrated extraction of data, and the government's step-by-step response.

  • Stephen Warren

    Deputy CIO Warren exits VA

    The onetime acting CIO at Veterans Affairs will be taking over CIO duties at the Office of the Comptroller of the Currency.

  • Shutterstock image: monitoring factors of healthcare.

    DOD awards massive health records contract

    Leidos, Accenture and Cerner pull off an unexpected win of the multi-billion-dollar Defense Healthcare Management System Modernization contract, beating out the presumptive health-records leader.

  • Sweating the OPM data breach -- Illustration by Dragutin Cvijanovic

    Sweating the stolen data

    Millions of background-check records were compromised, OPM now says. Here's the jaw-dropping range of personal data that was exposed.

  • FCW magazine

    Let's talk about Alliant 2

    The General Services Administration is going to great lengths to gather feedback on its IT services GWAC. Will it make for a better acquisition vehicle?

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above