The US government will require nearly all of the passports it issues to have a computer chip containing the passport holder's personal information by October 2006, according to regulations published this week.
Starting in early 2006, the US Department of State will begin issuing passports with 64KB RFID (radio frequency identification) chips containing the name, nationality, gender, date of birth, place of birth, and digitised photograph of the passport holder.
The chip would match the data on the paper portion of the passport and improve passport security by making it more difficult for criminals to tamper with passports, backers say. The US government began looking at ways to make passports harder to forge in response to the terrorist attacks on the US on September 11 2001.
After the State Department proposed RFID chips for passports in February, privacy groups such as American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EFF) expressed concerns. Some RFID chips can be remotely scanned, allowing for criminals to covertly scan groups of passport holders at airports, the EFF said in April. The RFID passport could act as "terrorist beacons" because they could indiscriminately expose US residents' personal information to strangers.
In a letter commenting on the State Department proposal, the EFF argued that the agency lacked congressional authority to require RFID chips in passports.
"RFID in passports is a terrible idea, period," says EFF Senior Attorney Lee Tien, in a posting on the EFF's Web site. "But on top of that, the State Department is acting without the appropriate authority and without conducting any form of credible cost-benefit analysis. It's asking Americans to sacrifice their safety and privacy 'up front' for a dangerous experiment that it hasn't even bothered to justify."
The State Department received 2,335 public comments on its February proposal to introduce electronic passports. More than 98% of the comments were negative, the State Department says, with most raising concerns about security and privacy.
In the passport rules released Tuesday, the State Department said it was taking several security precautions. The RFID chips will use encrypted digital signatures to prevent tampering and they will employ so-called passive RFID chips that do not broadcast personal information unless within inches of an RFID reader machine. The e-passports will protect against data leaks by putting an "antiskimming" material to block radio waves on the passport's back and spine, the State Department notice says.
The new passports would comply with an International Civil Aviation Organization specification on e-passports, the State Department says.
Although the State Department changed its earlier proposal of a self-powered RFID chip to a passive one that relies on a reader machine's power, privacy concerns remain, says Barry Steinhardt, director of the ACLU's Technology and Liberty Programme. Steinhardt called the State Department's security measures a "step forward," but he said bar codes could be used to match electronic data with paper data on passports.
"It still raises the question whether or not this is an appropriate technology," Steinhardt says. "There are still some essential concerns about whether this is secure or not."
But Neville Pattinson, director of technology and Government affairs for Texas RFID card vendor Axalto, praised the State Department's changes, including the passive chips and anti-skimming materials. "This is a fine example of the government listening to public opinion and adopting technology that protects citizen’s privacy,” he says. "With the changes, information cannot be extracted from it."
State Department officials were unavailable for comment on this story.