Agency urges anti-cloning feature for passport cards
- By Alice Lipowicz
- Nov 12, 2008
To protect against unauthorized cloning, the Homeland Security Department is recommending adding a unique identifier number to the U.S. Passport Card it produces with the State Department, officials said today.
More than 400,000 passport cards have been produced to prepare for the Western Hemisphere Travel Initiative due to go into effect in June 2009. Then, only a select number of official documents, including U.S. passports and U.S. Passport Cards, will be acceptable for U.S. citizens and legal residents to cross the country's borders.
The passport cards include a radio frequency identification tag that is to be scanned by readers from up to 30 feet away in lanes at land borders. Unique identifier numbers can be put on those RFID tags by the manufacturer.
Recent studies have shown that RFID tags put on the passport card and on state-produced enhanced drivers licenses are susceptible to cloning. At a press conference today, U.S. Customs and Border Protection officials said any cloned cards would be intercepted at the border, and other security features of the identification card system would make it difficult or impossible to use a cloned card.
“The likelihood of a clone is so remote,” said Paul Hunter, deputy director of the western hemisphere initiative at CBP.
As an additional protection against cloning, CBP has recognized a need for a Unique Tag Identifier number to be associated, in manufacturing, with each RFID tag for the border-crossing cards, Hunter said.
The tag identifier would function in a similar fashion to a vehicle identification number on a vehicle, Hunter said. If a duplicate RFID tag with an identifier were read at the border, it would be immediately recognized as a duplicate, he said.
CBP has recommended that the State Department add the unique identifier to the passport cards, Hunter added.
“We are looking into it,” John Brennan, State Department senior advisor for consular affairs, said at the press conference. The unique tag identifier was not part of the requirement for the passport card production contract, he added.
In January 2008, General Dynamics Corp. won a contract to produce the passport cards, but negotiations over terms broke down. L-1 Identity Solutions Inc. was awarded the $107 million card production contract in March 2008
CBP also has recommended the unique tag identifier to New York State for addition to its enhanced driver’s license, which also has an RFID tag, Hunter said. New York’s drivers licenses now include the unique identifier, he added.
In a related development, Thomas Winkowski, assistant commissioner for field operations at CBP, said the agency is on track to install RFID tag readers to read the passport cards and enhanced licenses at the 39 largest border ports by June 1, 2009. Those ports handle 95 percent of the land border traffic. The goal of the RFID tags is to smooth traffic flow and enable ease of processing through the ports, Winkowski said.
“RFID is an integral part of the Western Hemisphere Travel Initiative,” Winkowski said. The technology has enabled the agency to create standards for travel documents. In the past, Americans, Canadians and Mexicans could offer thousands of types of documents to cross the land borders.
However, a recent study suggests that the U.S. passport card may be cloned, may be scanned at up to 150 feet, and may be susceptible to being disabled. The study was released last month by RSA Laboratories and the University of Washington.
The resulting vulnerabilities create risks of impersonations and identity theft, cyber attacks that can destroy the cards, and tracking of individuals through unauthorized readings, the study said.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.