Smart Card Alliance Says No To Long-Range RFID
The U.S. Department of Homeland Security (DHS) and several states including Arizona, Vermont and Washington, have recently announced programs to develop and issue enhanced state driver’s licenses that could be used as acceptable alternative documents for crossing the United States’ land and sea borders. The Smart Card Alliance has serious privacy and security concerns for U.S. citizens participating in these programs based on the direction DHS has been recommending for the enhanced driver’s license technology.
The Smart Card Alliance applauds state efforts to boost security at borders while facilitating trade and tourism; however, the Alliance also believes that ensuring the privacy and security of U.S. citizens is a primary requirement and that the technology choice for an enhanced driver’s license must also address this critical requirement.
The Smart Card Alliance, a not-for-profit, multi-industry association, is in a position to be objective on the merits of different technologies under consideration for border crossing cards because its members provide both the technology favored by DHS, long-range radio frequency identification (RFID) products, and the more secure and privacy-sensitive products the Alliance recommend for enhanced driver’s license programs, secure RF contactless smart cards. Even as manufacturers of RFID, the Alliance attests to the fact that long-range RFID, the most likely technology to be selected by DHS, is an inappropriate technology for human identity documents.
Within the WHTI specification and in the Washington and Arizona enhanced driver’s license projects, DHS has proposed a long-range vicinity-read RFID technology solution. This proposal raised serious privacy, security, and operational functionality issues among industry experts in responses to the Department of State’s Federal Register Notice for the WHTI passport card. Industry concerns include:
* The lack of strong cryptographic features in long-range RFID-based cards, making it easy for criminals to read the unprotected, static citizen identifiers from the cards and create fraudulent documents.
* The reliance on real-time access to central databases and networks in order to verify every individual’s identity, leading to vulnerabilities to infrastructure failures and attacks or to network and system security breaches.
* The challenges of reliably reading large numbers of long-range RFID tags at crowded border crossing points, making it unlikely that desired operational efficiencies will be achieved.
* The ability for criminals to use inexpensive long-range RFID readers to detect the citizen’s electronic identity from a distance, putting U.S. citizens carrying the enhanced driver’s license at risk of having their movements tracked.
In addition, recent U.S. Government Accountability Office (GAO) reports have identified both performance and security issues with the DHS implementation of the US-VISIT program, which uses the same long-range RFID technology and architecture that has been proposed for WHTI-compliant documents.
* In the report “Border Security: US-VISIT Program Faces Strategic, Operational and Technological Challenges at Land Ports of Entry” (GAO-07-248), GAO reviewed DHS’ use of long-range vicinity-read RFID technology in the US-VISIT program. The report stated: “US-VISIT’s initial testing and analysis of this has identified numerous performance and reliability problems, such as the failure of RFID readers to detect a majority of travelers’ tags during testing.” In US-VISIT program tests at five ports of entry, successful read rates were low at four of the five (in one instance as low as 14 percent).
* In the report “Homeland Security Needs to Immediately Address Significant Weaknesses in Systems Supporting the US-VISIT Program” (GAO-07-870), GAO points out many flaws in the DHS implementation of the US-VISIT program’s use of databases to manage sensitive, personally identifiable information. The GAO report stated: “These weaknesses collectively increase the risk that unauthorized individuals could read, copy, delete, add, and modify sensitive information, including personally identifiable information, and disrupt the operations of the US-VISIT program. They make it possible for intruders, as well as government and contractor employees, to bypass or disable computer access controls and undertake a wide variety of inappropriate or malicious acts. These risks are not confined to US-VISIT information. The CBP mainframe and network resources that support US-VISIT also support other programs and systems. As a result, the vulnerabilities identified in this report could expose the information and information systems of the other programs to the same increased risks.”
These reports illustrate the risks that state programs will face if DHS proposes to use the same technology and architecture for the enhanced driver’s license.
The Smart Card Alliance is committed to advocating technologies that are appropriate for different identity applications. RFID technology was designed for automating the tracking of products and pallets through a supply chain, not for validating human identities. The Alliance urges states that are considering enhanced driver’s licenses programs to challenge the DHS-selected technology and consider contactless smart card technology to achieve a faster, more secure means for citizens to cross our borders from land and sea, while still protecting their security and privacy.