UPDATED: Beaming across the border

Editor's note: A clarification to the sidebar to this story was added at 1:30 p.m. April 24, 2006.

The Homeland Security Department’s insistence on speeding citizens through land border ports of entry could jeopardize travelers’ security and privacy, technology vendors said last week.

Attendees at the Smart Card Alliance conference in Arlington, Va., learned about the People Access Security Service (PASS) card, a proposed alternative to a passport as a secure identity document for U.S. citizens traveling to or from Canada or Mexico.

The State and Homeland Security departments, which would oversee the PASS system, disagree on which radio frequency technology the cards should use to transmit travelers’ information.

State wants to use contactless smart cards that follow the International Organization for Standardization 14443 standard, the same one used in the new e-passports, said Frank Moss, deputy assistant secretary of State for passport services. The smart cards contain a small microprocessor that establishes an encrypted channel with a card reader to transmit encrypted data on the users’ cards. Users must place the card within 5 inches of the reader.

U.S. Customs and Border Protection (CBP) agency wants border inspectors to be able to read PASS cards from as far as 30 feet away, said Jim Williams, director of the U.S. Visitor and Immigrant Status Indicator Technology program, which screens for terrorists among foreign travelers. That would require radio frequency identification tags embedded in the cards.

The ability to read cards from a farther distance would allow the PASS system to automatically screen cardbearers against criminal watch lists and display that information on the border guard’s computer by the time the vehicle arrives at the station, Williams said. It could also help speed people through border crossings, he said.

The RFID model is similar to the Generation 2 standard used by commercial enterprises to track merchandise pallets. A tag transmits a 96-digit unique identification number that refers to personal information stored in a secure, central database.

CBP has performed many trials of RFID during the past several months to ensure it meets security, privacy and performance requirements, Williams said. RFID vendors have data to support their argument that the Gen 2 standard protects privacy and security better than smart cards, said Jack Grasso, a spokesman at EPCglobal, an industry group for RFID vendors. The Gen 2 standard has provisions for encrypting and locking data to prevent tampering and duplication, he said.

But the widespread perception in the smart card industry is that DHS is recklessly moving forward in adopting RFID, said Randy Vanderhoof, executive director of the Smart Card Alliance. DHS has a strong bias toward speeding people through borders and reading the PASS cards from a distance, without considering that smart cards have more built-in security and privacy protections, he said.

Neville Pattinson, director of technology and government affairs at Axalto, said, “I think there’s a lot of pressure on them for not entangling people at the border,” which provides many government credentials.

State and DHS have to work out their differences in the next few weeks because State wants to issue a request for proposals in the next few months, Moss said. Millions of cards are supposed to be in production by the year’s end.

Marc-Anthony Signorino, director and counsel for technology and environmental policy at AeA, formerly the American Electronics Association, said DHS’ decision will affect public perception of RFID and should not be hasty.