"Using long range RFID technology is a major step backwards for government-issued identity credentials," said Randy Vanderhoof, executive director of the Smart Card Alliance. "These RFID tags simply don't have the security features necessary to protect the border and also maintain citizen privacy.
"The stated goal of the passport card program is to help secure the border without compromising citizen privacy or efficiency at the border crossing. The only proven technology that meets all of these objectives is the contactless smart card technology that is used in the ePassport. This would achieve the objective of a faster, more secure means for tens of millions of citizens to cross back into our borders from land and sea, while still protecting the security and privacy of individuals," concluded Vanderhoof.
Part of the Western Hemisphere Travel Initiative (WHTI), the proposed passport card is an option that can be used instead of a regular passport book when U.S. citizens are re-entering the United States from Mexico, Canada and the Caribbean at land and sea entry points. Today, only about 25 percent of U.S. citizens carry passports. The State Department has announced that the proposed passport card will use long range RFID technology that conforms to ISO/IEC 18000-6, Type C, "Radio frequency identification for item management -- Part 6." According to the State Department Federal Register notice, machines at border crossings would read information on the RFID tag and link the passport card to a secure U.S. government database containing biographical data and a photograph. While the RFID tag in the card itself would not hold any personal information, each card will transmit a unique reference number that can be read from up to 20 feet away.
"The vicinity read RFID technology proposed for the passport card does not support the necessary security safeguards to allow border officials to verify that the passport card is authentic, nor does it prevent the citizen's unique reference number from being tracked when it is outside of its protective sleeve," said Vanderhoof.
Additionally, this proposal for the passport card program means that the government will be relying on secure databases and networks to communicate the cardholder's personal information to the border crossing point in real-time during the identity verification process. "The government does not have a good track record when it comes to managing and protecting databases, as evidenced by recent data breaches at the Department of Veteran's Affairs," said Vanderhoof.
"These border entry points are being equipped to begin accepting the new electronic passports. By adding a different technology for reading the passport card, the DHS will now have to handle both types of documents, creating inefficiencies in the border crossing process and increasing costs to tax payers," said Vanderhoof.
The Smart Card Alliance and its members worked closely with the Department of State to define, develop, test and implement secure contactless smart card technology in ePassports. Since the announcement of the proposed passport card program in April, industry leaders from the Alliance have requested to meet with DHS officials directing this program to share knowledge of both the RF vicinity read technology and contactless smart card technologies. The Alliance also suggested side-by-side trials to validate DHS benefit statements regarding EPC Gen 2 RFID technology. So far, the DHS has not met with smart card industry technology providers.
"If this proposal is accepted, citizens will have no choice but to pay for a passport if they want to have their privacy protected and ensure that their unique identifier isn't being tracked or used by someone with a cloned RFID card," he said.
