American travelers returning from Canada, Mexico, Bermuda and the Caribbean by land and sea borders will be required to show U.S. border guards a valid passport, an RFID-enabled passport or so-called enhanced driver’s license (EDL) starting June 1. Canadians have about two years to go before the government’s ePassport program rolls out
The new travel requirements under the so-called Western Hemisphere Travel Initiative (WHTI) go into effect over concerns that the radio frequency ID-tagged passports are vulnerable to snooping.
Passport Canada’s own RFID passport program is slated for rollout in 2011.The ePassport standard is stipulated under the International Civil Aviation Organization and is one of the steps designed to deter terrorist threats. The new passports will enable customs officers to verify passport information with the use of RFID readers, according to Leslie Crone, director of international programs for Passport Canada.
Currently, U.S. citizens can re-enter the country from these four regions with a driver’s license and proof of citizenship, such as a birth or naturalization certificate.
The passport cards, about 1 million of which have been issued so far, are designed to be a secure but cheaper alternative to regular passports. The card costs $45 for those 16 and older and $35 for those under 16. In contrast, a regular passport costs $100 for those over 16 and $85 for minors.
The credit card-size passport cards have a vicinity-read radio frequency identification tag that allow Customs and border protection officials to read the cards from 20 to 30 feet away. The goal is to reduce wait times by allowing officials to access an individual’s information even before the traveler reaches the border. (The Customs Department provides details on how to use the card for U.S. land border entry on its Web site.)
Critics of the passport card maintain that those features that makes the card convenient to use also pose security and privacy risks. Organizations including the Center for Democracy and Technology (CDT) and the Electronic Privacy Information Center (EPIC) have noted that the use of vicinity-read or long-range RFID tags heightens the risk of data being skimmed by those with unauthorized card readers because the data is unencrypted as it travels over the air.
Cardholders could unknowingly broadcast their identity information while traveling, opening up the possibility for the data to be stolen and the cards cloned, these groups say.
The CDT said the RFID passports are less secure than U.S. electronic passports, which also use a chip to store a digital image of the passport holder and all of the same data that is visually displayed on the first page of the passport. However, the chips used on electronic passports are proximity-read and the encrypted information on it can only be accessed by swiping the card through a reader at the border crossing. The chip is also embedded into the back cover of the passport and shielded from snooping. No such protections are available with the passport cards, the CDT has noted.
But RFID chips have been cracked in the past.
Underscoring such concerns, security researcher Chris Paget earlier this year demonstrated at a security conference how he had been able to clone RFID passport cards using a $250 card reader purchased off eBay. Paget posted a video of himself driving around San Francisco reading RFID tags from passports and other identity documents using the reader and antenna.
Paget’s experiment was based on earlier research at the University of Washington and RSA Labs that showed how the publicly readable data on passport cards could be cloned after a single read.
The researchers also showed how the passport cards and RFID-tagged enhanced driver’s licenses issued in Washington state could be read at a distance of up to 50 meters. Even credentials in wallets and in protective sleeves could be clandestinely read but at much closer distances, the research showed.
With only days remaining for WHTI to go into full effect, none of these longstanding issues appear to have been addressed, said Ari Schwartz, a policy analyst at the CDT.
“Our concerns have not been answered. We still have the same concerns that we had,” since plans to used RFID technology in passport cards were first announced, Schwartz said. It is a major concern that the same Electronic Product Code (EPC) tags used by retail establishments to track products are being used in identity credentials, with no additional security protections, he added.
David Williams, vice president of policy at Citizens Against Government Waste (CAGW) noted that “it will be interesting to see what kind of issues arise after June 1.”
Like other organizations, CAGW has urged the government to reconsider the use of RFID-enabled passport cards and driver’s licenses for identity verification at the border. “We are keeping our fingers crossed that we don’t see stories coming out in the next six to 12 months” about security incidents involving passport cards, he said.
The State Department did not immediately respond to a request for comment. However, in the past, officials at the agency and at the U.S. Department of Homeland Security have said that concerns about the card reflect “an improper understanding” of the WHTI’s business model.
The department also noted that the RFID tags will not carry any personal identifying information. Instead, the card stores a unique identifying number that can be used to access a cardholder’s identifying information, which is stored separately on a secure Customs and Border Patrol system. It has also said that passport cards will be issued with special radio-opaque envelopes that help prevent unwanted scanning when travelers are carrying them.
The State Department acknowledged similar concerns when it announced plans for electronic passports in 2005, said Bruce Schneier, chief security technology officer at BT Group PLC. These concerns prompted the department to shield the chip in the cover of the passport, Schneier said.
“There are all sorts of weird attacks that are possible” on RFID-enabled credentials without similar protections, he said.
Security concerns over these passports are overblown, conference speakers at a seminar on radio frequency held in March by The Information Technology Association of Canada in Toronto.
Catherine Johnson, president and CEO of ACT Canada, showed a Youtube video on RFID security during her presentation on RFID privacy.
In the video, a British hacker claims he can clone American passports using a Motorola Symbol XR400 RFID Reader, connected to a laptop in the front seat of his car. He shows the RFID tags the reader can see, and claims three were passport cards, though one is the cards actually belongs to his boss.
The hacker said we should not have any identification documents with RFID in them, and his goal is to “see the entire Western hemisphere travel initiative just .. be scrapped.”
Johnson stressed the RFID that companies use to scan pallets is not the same as the RFID used for ePassports. She added enhanced drivers licenses (EDLs) are a concern because they can be read from 100 feet.
By contrast, Crone or Passport Canada said, the ePassport chips must be read within 10 centimetres, which “makes eavesdropping practically impossible.”
(With files from Greg Meckbach)