Report: DHS Should Soothe RFID Passport FearsBy Renee Boucher Ferguson | Posted 2006-07-25 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
News Analysis: The upcoming U.S. e-passports are still giving rise to privacy concerns; ABI Research recommends that the government speak up about the technology.There is a lot of miscommunication regarding the security and privacy of the U.S. government's new RFID-based e-passports, according to ABI Research Analyst Sarah Shah.
ABI Research released a report July 25 that suggests that the Department of Homeland Security, which will issue the e-passports in conjunction with the State Department starting in August, should speak out to reassure the public about the safety of contactless technologies.
The U.S. government plans to implement contactless technology, which is essentially data transmission that is activated by waving a reader over an RFID (radio-frequency identification) chip that has a tiny embedded antenna, in all electronic passports by the end of 2006.
"There are uneducated claims being made by some privacy advocates," said Shah, in Oyster Bay, N.Y. "They make claims such as, 'If you have a contactless chip in your passport [the government] can track you everywhere and they'll know everything about you.' This is simply not true, and the DHS should publicly explain what the technology is capable of, and why it's secure."
Since the State Department announced in 2005 that it would issue RFID-chipped passports by the end of 2006 to all passport agencies, security and privacy advocates have been up in arms.
The concern is that the data stored on the chipsincluding name, address, nationality and date of birthwill be accessible not only to customs agents, but to anyone with the wherewithal to hook up a reader and go scanning (or skimming, as the case may be) for information. The tiny silicon-based RFID chips that will be embedded in the passports themselves contain embedded antennas, which transmit data once a specially designed RFID reader is waved in front of it. One issue is the range at which the readers can access data.
"Our concerns extend beyond the passports," said privacy advocate Katherine Albrecht, co-author of "Spychips: How Major Corporations and Government Plan to Track Your Every Move with RFID," during a May 26 interview with eWEEK. "At a recent conference calling for RFID tags in identity documents [some speakers] were talking about the tags being read from 20 to 30 feet away. We were actually quite stunned by that."
Kevin Ashton, the co-founder of MIT's Auto ID-Labs, the research center that essentially founded a global RFID network and standard that has since become EPCglobal, is against the idea of using RFID chips in passports.
"The idea of storing all this sensitive data [in passports] is horrible. You can take the chip off one passport and stick it on another. No one will know the difference," said Ashton, now vice president of marketing at ThingMagic, in Cambridge, Mass., and a professor teaching RFID classes at MIT. "My big issue is it is truly a stupid idea to store any information on an RFID tag other than a unique number. Otherwise there is always the risk of data change."
Read the full story on eWEEK.com: Report: DHS Should Soothe RFID Passport Fears