e-passport


e-passport

by Roger Yu, USA TODAY

The U.S. passport is joining the digital age. After three years of research and discussion, the State Department has finalized most of the technical and logistical details of new, supposedly tamper-proof passports embedded with a "smart-card" chip.

A contactless smart chip and antenna is flexible enough to embed in the cover of a standard passport booklet.

If current plans hold, they'll become standard issue for U.S. travelers as soon as February.

Proponents say the chip, which will contain the holder's personal data and digital photo, should allow speedier entry at borders for most travelers.

Because the chip's data can't be altered, proponents say, forging passports will be virtually impossible. That, they say, gives authorities a potent new anti-terrorism weapon.

When swiped across an electronic reader, the chip in the passport wirelessly transmits data to a customs officer's computer screen. The e-passport relies on radio frequency identification technology (RFID).

E-passport development


May 2002: The Enhanced Border Security and Visa Entry Reform Act requires the USA and other countries whose citizens don't need visas for entering the USA to develop electronic passports.
The act sets a deadline of October 2004.
March 2004: The Bush administration asks Congress to delay the deadline to October 2006 to allow participating countries more time to address technical issues. Congress agrees.

April 2005: The State Department closes comment period, begins to firm up plans for the new e-passport.

December 2005: State Department plans to test the new passport with diplomats and select government officials.

February 2006: State Department expects to make e-passports available to U.S. travelers.

Source: The State Department

The new passport looks much like the traditional type. But the smart-card chip, embedded in the back page, makes it slightly thicker. If the chip is broken or malfunctions, the holder can continue to use the passport as a non-electronic passport, or buy a new one.

Once the new version is available, it would take up to a year for all new passports to be issued in the new format. Americans with valid traditional passports won't have to replace them until they expire.

The new passport will cost $97, or $12 more than the traditional version.

Initially, U.S. diplomats will use the e-passport as a test, probably starting in December, says Frank Moss, deputy assistant secretary of State. If successful, the new passport will be available to the public next year, possibly as early as February, Moss says.

Calls for better border security


The Sept. 11 terrorist attacks prompted calls for improved border security. The new e-passport is perhaps the most visible aspect of the government's foray into digital technology for border control.

The e-passport has raised concerns among critics who say it lacks adequate privacy safeguards. Wireless transmission of data compromises security, and important personal data could fall into the wrong hands, they say. With proper equipment, someone could remotely intercept personal data, they say.

Wireless transmission could lead to what's called "skimming" or "eavesdropping," says Cedric Laurant of the Electronic Privacy Information Center, a Washington, D.C.-based advocacy group.

In skimming, an intruder secretly uses a device to read the chip's data from as far away as several feet.

Electronic Passports


The new U.S. electronic passport will look like its predecessor in size and shape, although it will be slightly thicker. Photos of owners will still be included. How the new electronic features will be used:
What happens at passport control

(1) The officer swipes the data page through a special reader to read the two lines of printed characters on the bottom of the data page. This provides a key that's unique to the passport and lets the process proceed.

(2) When the passport is held over the reader (no contact is necessary), a radio field from the reader wakes up the chip, and the encrypted data are transferred to the reader, allowing the officer to conduct a visual check.

(3) The officer holds your open passport over another reader, then checks a view of you, with the photo in your passport, and all the data from your passport (including your photo) on the monitor. The data on the monitor also verify that your passport was issued by a legitimate authority, and that it has not been altered.

Security details


A chip is embedded into the back cover. It contains data that cannot be read without the security key as shown in step 1 above.

Privacy protection


A thin radio shield can be sandwiched between the front cover and the first page. Whenever the passport is closed for instance, in your pocket or briefcase the digital information in the chip cannot be read. The shield will not set off airport metal detectors.

Source: Axalto

Americans walking with their passports could be essentially broadcasting their nationality and other personal information, Laurant says.

Eavesdropping could occur at border checkpoints if someone intercepts the information as it's being transmitted from the chip to a reader.

Moss says those concern are outdated. The agency has made technical adjustments to address them. The State Department has added a metallic anti-skimming material to the passport's cover and spine. It limits retrieval of the data to within an inch of the passport, Moss says.

The State Department is also considering adding a layer of protection by encrypting the information so it can be read only by authorized devices, Moss says.

Bernard Bailey, CEO of software developer Viisage, which is working with the State Department, says e-passport's technology is sound. It will improve national security while safeguarding traveler privacy, he says.

E-passport roots


Bill Connors, executive director of corporate-travel advocate the National Business Travel Association, says the government has adequately addressed the privacy concerns of his organization.

"We feel that the passports are much more secure now," Connors says.

The e-passport initiative has its roots in legislation passed by Congress in May 2002 to improve border security. It called for 27 countries whose citizens don't need visas for entry into the USA to convert to electronic passports by October 2004. Congress has since delayed the deadline until October 2006.

The International Civil Aviation Organization, an international agency, created the technical specifications for e-passports worldwide, and that has helped to enhance international cooperation, says Paul Beverly of smart-card-maker Axalto.

All e-passports will have the same underlying technology and will work with other countries' readers, Beverly says.

If the U.S. meets its target dates for the e-passport introduction, it will be one of the first countries to use it, he says.

Beverly says he's consulted with 20 governments about the chip technology and hasn't witnessed backlash from U.S. demands for a system of electronic passports.

"There were some concerns about the very aggressive schedule, but that objection has largely gone away," he says.


Security State Department Unveils Trial Of Electronic Passports

by Danielle Belopotosky

The State Department on Friday announced it has started issuing electronic passports on a trial basis.

     Diplomats received the first e-passports containing radio frequency "contactless chips" and face recognition technology in late December. The e-passport contains a chip, which is embedded into the cover of the document and includes a digital image of the traveler, as well as their name, date and place of birth, gender, passport number and dates of passport issuance and expiration.

     Contactless chips "interact intelligently via RF with a contactless reader," according to the Smart Card Alliance's Web site. The chips used in the e-passports can be read "at a close distance," according to the department.

     But privacy advocates have raised concerns over the possibility of someone in close proximity to the passport-holder who could use a chip reader to "skim," or steal, personal information from passports.

     "The dangers of 'skimming' already have been the subject of serious public concern," the American Civil Liberties Union wrote in April 2005 comments to State over its proposal to use radio frequency identification chips in e-passports.
     Low-frequency RFID chips be read from up to 20 feet, but the department has maintained e-passports would include chips that only can be read from "approximately four inches" away from the source.

     To eschew concerns over privacy and safety, the department said the front covers of e-passports have a built-in anti-skimming device. It is akin to "wrapping them in tin foil to prevent the radio frequency signal from getting through," said Jay Stanley, communications director at the ACLU's Technology and Liberty Program.

     The e-passports also are equipped with an encryption feature to prevent the interception of information by a third party, or what the department calls eavesdropping.

     "It is certainly an improvement" over State's initial e-passport proposal, Stanley said. But the use of radio frequency technologies still creates a potential problem of security and identity theft. Questions remain over whether the chips still can be read without other people's knowledge and if the technology can be used as unique identifier even if it is encrypted, he said.
 
     Another concern is how much the new passports will cost the consumer. The estimated cost for the government to produce e-passports would increase from the current $2.40 to more than $10 each, according to documents obtained by the ACLU. The figures were disclosed during a speech by Frank Moss, State's deputy assistant secretary for passport services.

     Applicant fees for new paper-based passports currently total $97 each. When e-passports are issued to all later this year, the passport fees for first time applicants will remain the same, according to the State Department.

     The United States began testing e-passports at the San Francisco International Airport for citizens of Australia and New Zealand, as well as airline crew members from Singapore. The tests aim to determine whether the e-passport systems comply with standards developed by the International Civil Aviation Organization.

     The nationwide rollout of e-passports is slated for the end of 2006. But, "the devil is in the details," said Stanley. The implementation still "needs to be scrutinized by the tech community."


AP Business Writer

by Dan Caterinicchia

August 12, 2006

WASHINGTON (AP) -- Despite ongoing privacy concerns and legal disputes involving companies bidding on the project, the U.S. State Department plans to begin issuing smart chip-embedded passports to Americans as planned Monday.

Not even the foiled terror plot that heightened security checks at airports nationwide threatens to delay the rollout, the agency said. Any hitches in getting the technology to work properly could add even longer waits to travelers already facing lengthy security lines at airports.

The new U.S. passports will include a chip that contains all the data contained in the paper version -- name, birthdate, gender, for example -- and can be read by electronic scanners at equipped airports. The State Department says they will speed up going through customs and help enhance border security.

Citizens who get new passports can expect to pay a lot more. New ones issued under this program will cost $97, which includes a $12 security surcharge added last year. Not all new passports will contain the technology until it's fully rolled out -- a process expected to take a year. Existing passports without the electronic chips will remain valid until their normal expiration date.

Privacy groups continue to raise concerns about the security of the electronic information and a German computer security expert earlier this month demonstrated in Las Vegas how personal information stored on the documents could be copied and transferred to another device.

But electronic cloning does not constitute a threat because the information on the chips, including the photograph, is encrypted and cannot be changed, according to the Smart Card Alliance, a New Jersey-based not-for-profit made up of government agencies and industry players.

"It's no different than someone stealing your passport and trying to use it," Randy Vanderhoof, executive director of the alliance, said in a statement. "No one else can use it because your photo is on the chip and they're not you."

Hacker threat?


Yet the ability to clone the information on the chips may not be the sole threat, privacy advocates argue. A major concern is that hackers could pick up the electronic signal when the passport is being scanned, said Sherwin Siy, staff counsel at the Washington-based Electronic Privacy Information Center, a leading privacy group.

"Many of the advantages the industry is touting are eliminated by security concerns," Siy said.

After testing the passports in a pilot project over the past year, the government insists they're safe.

Numerous companies competed the last two years to provide the technology. One winner was San Jose-based Infineon Technologies North America Corp., a subsidiary of Germany's Infineon AG. Another was French firm Gemalto, which earlier this month announced that it had received its first production order from the Government Printing Office. It is producing the passports for the State Department, using the Infineon technology.

The rollout that begins Monday will use technology built up during the pilot project.

Neville Pattinson, director of technology and government affairs for Gemalto in Austin, Texas, would not discuss financial terms of the contract. He acknowledged the economic potential is massive, noting that the State Department issued 10 million passports in 2005 and expects that to increase to 13 million this year.


State to issue notice on passport cards

by Dibya Sarkar
Published on Oct. 19, 2006

State Department officials will be issuing a Notice of Proposed Rule Making next week that lays out the architecture of a smart card that would be used under the Western Hemisphere Travel Initiative (WHTI).

Frank Moss, the department's deputy assistant secretary for passport services, said the intent is to create wallet-sized, secure People Access Security Services (PASS) cards - also known as passport cards - that would include radio frequency vicinity-read technology. He said such read technology is being used in other programs, such as Nexus, a joint U.S./Canadian traveler program to simplify border crossings for frequent travelers between the two countries.

The only data written on the PASS card would be a pointer number that would refer an agent to a cardholder's personal data in a database, he said. Rather than using a passport, American citizens, who frequently travel to Canada, Mexico, South America, the Caribbean and Bermuda, could use the card to verify their identities and citizenship.

Under the proposal, a first-time adult applicant would pay $45 for a PASS card, which would be renewable every 10 years for $20, Moss said. For children, he said, the cost would be less but he didn't specify the price. Children must renew their cards every five years.

Moss, who was speaking at an Information Technology Association of America conference on identity management in McLean, Va., said State is seeking comments on this proposal until Dec. 18. He said the department hopes to issue a final rule early next year.

He said State hoped to start production of PASS cards by summer 2007.

Congressional lawmakers approved this summer an amendment that requires the technology implemented for the PASS cards meet certain security standards. The amendment also delayed implementation of the WHTI for 17 months, until June 1, 2009.

Controversy exists about whether the joint State/Homeland Security Department program should use contactless smart card technology that requires readers to read cards from a short distance or radio frequency identification technology, which can read cards from farther away.