Economist: "Hi-tech Passports Are Not Working"

[David Farber <dave () farber net>]

------ Forwarded Message
From: Marc Rotenberg <rotenberg () epic org>
Date: Sat, 19 Feb 2005 17:22:25 -0500
To: EPIC All <epic_all () mailman epic org>, <epic_iDOF () mailman epic org>
Subject: [EPIC_IDOF] Economist: "Hi-tech Passports Are Not Working"


[This article is worth a close read. Marc.]

http://www.economist.com/science/displaystory.cfm?story_id=3666171

Border controls

New-look passports

Feb 17th 2005
 From The Economist print edition

High-tech passports are not working


IN OLDEN days (before the first world war, that is) the traveller
simply pulled his boots on and went. The idea that he might need a
piece of paper to prove to foreigners who he was would not have
crossed his mind. Alas, things have changed. In the name of security
(spies then, terrorists now), travellers have to put up with all
sorts of inconvenience when they cross borders. The purpose of that
inconvenience is to prove that the passport's bearer is who he says
he is.

The original technology for doing this was photography. It proved
adequate for many years. But apparently it is no longer enough. At
America's insistence, passports are about to get their biggest
overhaul since they were introduced. They are to be fitted with
computer chips that have been loaded with digital photographs of the
bearer (so that the process of comparing the face on the passport
with the face on the person can be automated), digitised
fingerprints and even scans of the bearer's irises, which are as
unique to people as their fingerprints.

A sensible precaution in a dangerous world, perhaps. But there is
cause for concern. For one thing, the data on these chips will be
readable remotely, without the bearer knowing. And‹again at
America's insistence‹those data will not be encrypted, so anybody
with a suitable reader, be they official, commercial, criminal or
terrorist, will be able to check a passport holder's details. To
make matters worse, biometric technology‹as systems capable of
recognising fingerprints, irises and faces are known‹is still less
than reliable, and so when it is supposed to work, at airports for
example, it may not. Finally, its introduction has been terribly
rushed, risking further mishaps. The United Sates want the thing to
start running by October, at least in those countries for whose
nationals it does not demand visas.

Your non-papers, please

In theory, the technology is straightforward. In 2003, the
International Civil Aviation Organisation (ICAO), a UN agency,
issued technical specifications for passports to contain a
paper-thin integrated circuit‹basically, a tiny computer. This
computer has no internal power supply, but when a specially designed
reader sends out a radio signal, a tiny antenna draws power from the
wave and uses it to wake the computer up. The computer then
broadcasts back the data that are stored in it.

The idea, therefore, is similar to that of the radio-frequency
identification (RFID) tags that are coming into use by retailers, to
identify their stock, and mass-transit systems, to charge their
passengers. Dig deeper, though, and problems start to surface. One
is interoperability. In mass-transit RFID cards, the chips and
readers are designed and sold as a package, and even in the case of
retailing they are carefully designed to be interoperable. In the
case of passports, they will merely be designed to a vague common
standard. Each country will pick its own manufacturers, in the hope
that its chips will be readable by other people's machines, and vice
versa.

That may not happen in practice. In a trial conducted in December at
Baltimore International Airport, three of the passport readers could
manage to read the chips accurately only 58%, 43% and 31% of the
time, according to confidential figures reported in Card Technology
magazine, which covers the chip-embedded card industry. (An official
at America's Department of Homeland Security confirmed that ³there
were problems².)

A second difficulty is the reliability of biometric technology.
Facial-recognition systems work only if the photograph is taken with
proper lighting and an especially bland expression on the face. Even
then, the error rate for facial-recognition software has proved to
be as high as 10% in tests. If that were translated into reality,
one person in ten would need to be pulled aside for extra screening.
Fingerprint and iris-recognition technology have significant error
rates, too. So, despite the belief that biometrics will make
crossing a border more efficient and secure, it could well have the
opposite effect, as false alarms become the norm.

The third, and scariest problem, however, is one that is
deliberately built into the technology, rather than being an
accident of its present inefficiency. This is the remote-readability
of the chip, combined with the lack of encryption of the data held
on it. Passport chips are deliberately designed for clandestine
remote reading. The ICAO specification refers quite openly to the
idea of a ³walk-through² inspection with the person concerned
³possibly being unaware of the operation². The lack of encryption is
also deliberate‹both to promote international interoperability and
to encourage airlines, hotels and banks to join in. Big Brother,
then, really will be watching you. And others, too, may be tempted
to set up clandestine ³walk-through inspections where the person is
possibly unaware of the operation². Criminals will have a useful
tool for identity theft. Terrorists will be able to know the
nationality of those they attack.

Belatedly, the authorities have recognised this problem, and are
trying to do something about it. The irony is that this involves
eliminating the remote readability that was envisaged to be such a
crucial feature of the system in the first place.

One approach is to imprison the chip in a Faraday cage. This is a
contraption for blocking radio waves which is named after one of the
19th-century pioneers of electrical technology. It consists of a box
made of closely spaced metal bars. In practice, an aluminium sheath
would be woven into the cover of the passport. This would stop
energy from the reader reaching the chip while the passport is
closed.

Another approach, which has just been endorsed by the European
Union, is an electronic lock on the chip. The passport would then
have to be swiped through a special reader in order to unlock the
chip so that it could be read. How the European approach will
interoperate with other countries' passport controls still needs to
be worked out. Those countries may need special equipment or
software to read an EU passport, which undermines the ideal of a
global, interoperable standard.

Sceptics might suggest that these last-minute countermeasures call
into doubt the reason for a radio-chip device in the first place.
Frank Moss, of America's State Department, disagrees. As he puts it,
³I don't think it questions the standard. I think what it does is it
requires us to come up with measures that mitigate the risks.²
However, a number of executives at the firms who are trying to build
the devices appear to disagree. They acknowledge the difficulties
caused by choosing radio-frequency chips instead of a system where
direct contact must be made with the reader. But as one of them, who
preferred not to be named, put it: ³We simply supply all the
technology‹the choice is not up to us. If it's good enough for the
US, it's good enough for us.²

Whether it actually is good enough for the United States, or for any
other country, remains to be seen. So far, only Belgium has met
America's deadline. It introduced passports based on the new
technology in November. However, hints from the American government
suggest that the October deadline may be allowed to slip again (it
has already been put back once) since the Americans themselves will
not be ready by then. It is awkward to hold foreigners to higher
standards than you impose on yourself. Perhaps it is time to go back
to the drawing board.

_______________________________________________
EPIC_IDOF mailing list
EPIC_IDOF () mailman epic org
https://mailman.epic.org/cgi-bin/mailman/listinfo/epic_idof

------ End of Forwarded Message


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/