 |
 |
 |
 |
January 2007 • Volume 12 Number 1
|
 |
|
Feature of the Month The Right Choice for Secure U.S. Border Access and Citizen Privacy: Contactless Smart Card Technology As part of the Western Hemisphere Travel Initiative (WHTI), a new passport card has been proposed as an option that can be used instead of a regular passport book when U.S. citizens are re-entering the United States at land and sea entry points from Mexico, Canada and the Caribbean. Today, only about 25 percent of U.S. citizens carry passports. Starting no later than June 2009, all Americans will need to provide proof of citizenship and identity when re-entering the U.S. The Department of State and Department of Homeland Security have announced that the proposed passport card will use vicinity read RFID technology that conforms to ISO/IEC 18000-6, Type C, "Radio frequency identification for item management -- Part 6.” This standard, published by the International Organization for Standardization (ISO) in July 2006, is based on the EPC Gen 2 Class 1 UHF standard developed by EPCglobal. EPCglobal is the organization working to develop standards for the Electronic Product Code™ (EPC), a new system that uses RFID for the automatic identification of consumer products. According to the State Department Federal Register notice, machines at border crossings would read information on the RFID tag, connect to a secure U.S. government database containing biographical data and a photograph, and display that information to the Customs and Border Protection (CBP) official. While the RFID tag in the card itself would not hold any personal information, each card will transmit a unique reference number that can be read from up to 20 feet away when interrogated by a reader. The Smart Card Alliance has submitted input to the Department of State stating that the vicinity read RFID technology that has been proposed for use in the passport card program is the wrong technology to implement a secure identification card. The ONLY proven technology existing today that meets all of the WHTI objectives of increased border security, citizen privacy and efficient border crossing is contactless smart card technology -- the technology that is being used for ePassport. Using contactless smart card technology would achieve the objective of a faster, more secure means for tens of millions of citizens to cross back into our borders from land and sea, while still protecting the security and privacy of individuals. Secure Borders Are the Priority. Contactless smart card technology is the ONLY technology that uses cryptographic techniques to ensure the identity document (the passport card) is authentic thus preventing tampering and forgeries. The contactless smart card includes a secure microcontroller and internal memory and has unique security attributes such as the ability to securely manage, store and provide access to data on the card, perform complex functions (for example, encryption and mutual authentication) and interact intelligently via RF with a contactless reader. Personal Privacy Is Critical. Citizen trust of the identity document and process is essential to the adoption of new technology. Contactless smart card technology is the ONLY technology able to provide both security for personal information and protection of personal privacy by controlling access to personal information. The vicinity read RFID technology proposed for the passport card, in combination with its weak cryptographic protections, will feed citizen distrust of the passport card program due to the undeniable observation by some technologists that the citizen’s unique reference number could be obtained and used to track the citizen whenever the card is outside of its protective sleeve. Smart Cards Leverage the Existing Identity Infrastructure to Provide an Efficient and Cost Effective Solution. A passport card based on contactless smart card technology can leverage the infrastructure that is being put in place by DHS and the Department of State to support the new ePassport, the internationally recognized secure travel document soon to be issued to more than 10 million U.S. citizens each year. Using the same secure contactless technology for the passport card and ePassport could well decrease the implementation time and cost of the program while increasing public acceptance of the program. In contrast, using vicinity read RFID tags for the passport card adds another type of technology in identity documents and requires another infrastructure investment in readers and networks at land and sea borders and in central databases and support systems to implement the program. People Shouldn’t Be Tracked Like Cargo or Livestock. RFID technology was designed to automate the tracking of products and pallets through a supply chain, not to identify people. RFID is effective for managing the product data used to inventory items on retail store shelves, an application that has little or no need for security. RFID technology does not use government-approved encryption algorithms and does not include strong protection against unauthorized reading, cloning or counterfeiting, making it inappropriate for human identity verification applications. Contactless smart card technology is being used by the U.S. Department of State and more than 50 other countries for the new ePassport because it is the ONLY way to provide secure access to borders, while protecting the citizen's personal information. The U.S. government selection of vicinity read RFID technology for the proposed passport card puts border crossing throughput as the primary goal, at the expense of information security and citizen privacy and while not actually materially improving throughput if border security is to be improved. The only proven technology existing today that meets all of the WHTI objectives is contactless smart card technology -- the technology that is being used for ePassport. The Smart Card Alliance, whose members provide both ISO/IEC 14443-based contactless smart card and RFID products, is urging the Department of State and DHS to reconsider the technology choice and to select contactless smart card technology. Contactless smart card technology is already being used in ePassports and has been proven to be effective and secure for human identity applications. The full Smart Card Alliance response to the proposed WHTI passport card can be found at http://www.smartcardalliance.org/pages/publications-whti-passport-card. About this Article
|
|
