No Encryption For E-Passports
Security experts are concerned that the suggested upgrading of Americans’ passports with radio frequency identification (RFID) chips containing data such as the bearer’s name, date of birth, and digital photo could actually compromise travelers’ security, because recently proposed rules forbid encryption.
This measure would supposedly encourage worldwide adoption of e-passports and expedite entry and exits at customs, but privacy advocates and security researchers claim a lack of encryption makes the passports susceptible to “skimming” in which the sensitive data is accessed by unauthorized RFID tag readers without the bearer’s knowledge.
The State Department acknowledges the skimming danger, but argues that the chips in the passports have limited read range and will be protected by a shielding mechanism, while the suspiciousness of eavesdropping at border stations will further deter hackers.
Electronic Frontier Foundation attorney Lee Tien counters that properly equipped eavesdroppers can retrieve e-passport information from up to 30 feet away, and dismisses the State Department’s solution as “the equivalent of duct tape and baling wire as far [as] protecting peoples’ information from being read.”
Counterpane Internet Security co-founder Bruce Schneier also doubts that shielding could be effective in places such as Europe, where travelers are frequently asked to show their passports. He thinks contact chips, which are immune to skimming, are a much better solution than remotely readable chips.
Meanwhile, the State Department has postponed the rollout of e-passports in response to criticism, and has enlisted more companies to supply prototypes.
Abstracted by the National Law Enforcement and Corrections Technology Center(NLECTC) from the Wired News (02/24/05); Singel, Ryan .