U.S. to offer RFID-equipped passport cards
The goal of the passport card is to serve as an alternative to the traditional passport and reduce the wait at land and sea border checkpoints.
An electronic device simultaneously reads multiple cards’ RFID signals from a distance of about 20 feet, checking travelers against terrorist and criminal watch lists while they wait. As people approach a port of inspection, they show the card to the reader, and by the time they get to the inspector the information on the card will have been verified and they will pass through the checkpoint.
The $45 card will be optional and cannot be used for air travel.
The card is part of the Western Hemisphere Travel Initiative (WHTI) that aims to strengthen border security while easing entry for citizens and legitimate visitors with standard identity documents.
The cards offer convenience to travelers but raise security and privacy concerns about the possibility of data being intercepted.
The government says that to protect the data against copying or theft, the chip will contain a unique identifying number linked to information in a secure government database but not to names, Social Security numbers or other personal information. It also will come with a protective sleeve to guard against hackers trying to skim data wirelessly (called digital pickpocketing).
Privacy and security experts say the new passport cards that transmit information over longer distances are much less secure. The RFID chip is passive and can be read only when a reader pings it. However, a reader with a strong battery can detect the chip’s signal from as far as 40 feet away.
Experts also warn that the chip could be cloned, posing the risk that a hacker could make a duplicate card to fool a border agent.
Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make an RFID chip that can be read only up close, and he is critical of the passport card’s technology. It offers no way to check whether the card is valid or a duplicate, he says, so a hacker could alter the number on the chip using the same techniques used in cloning. “Because there’s no security in the numbering system, a person who obtains a passport card and is later placed on a watch list could easily alter the number on the passport card to someone else’s who’s not on the watch list,” Vanderhoof says.
Travelers can opt for a more secure, but costlier, e-passport. It costs $97 and contains a radio frequency chip that can be read only at a distance of three inches.