It is a little alarming if passports are to be
readable and unencrypted at a distance without the holder knowing. There
are all sorts of criminal opportunities. A scan of outgoing passengers
could be made to produce a list of burglary targets.
Just knowing where people are going must be good for
espionage, marital infidelity investigation, papparazzi hassles etc. A
little bit of advance information would be good to set up mugging
opportunities or tourist scams etc.
From The Economist
At America's insistence, passports are about to get
their biggest overhaul since they were introduced. They are to be fitted
with computer chips that have been loaded with digital photographs of
the bearer (so that the process of comparing
the face on the passport with the face on the person can
be automated), digitised fingerprints and even scans of the bearer's
irises, which are as unique to people as their fingerprints.
A sensible precaution in a dangerous world, perhaps. But
there is cause for concern. For one thing, the data on these chips will
be readable remotely, without the bearer knowing. And—again at America's
insistence—those data will
not be encrypted, so anybody with a suitable reader, be
they official, commercial, criminal or terrorist, will be able to check a
passport holder's details. To make matters worse, biometric
technology—as systems capable of recognising
fingerprints, irises and faces are known—is still less
than reliable, and so when it is supposed to work, at airports for
example, it may not. Finally, its introduction has been terribly rushed,
risking further mishaps. The United Sates
want the thing to start running by October, at least in
those countries for whose nationals it does not demand visas.
The idea is similar to that of the radio-frequency
identification (RFID) tags that are coming into use by retailers, to
identify their stock, and mass-transit systems, to charge their
passengers. Dig deeper, though, and problems start to surface.
One is interoperability. In mass-transit RFID cards, the
chips and readers are designed and sold as a package, and even in the
case of retailing they are carefully designed to be interoperable. In
the case of passports, they will merely be designed
to a vague common standard. Each country will pick its
own manufacturers, in the hope that its chips will be readable by other
people's machines, and vice versa.
That may not happen in practice. In a trial conducted in
December at Baltimore International Airport, three of the passport
readers could manage to read the chips accurately only 58%, 43% and 31%
of the time, according to confidential figures
reported in Card Technology magazine, which covers the
chip-embedded card industry. (An official at America's Department of
Homeland Security confirmed that “there were problems”.)
A second difficulty is the reliability of biometric
technology. Facial-recognition systems work only if the photograph is
taken with proper lighting and an especially bland expression on the
face. Even then, the error rate for facial-recognition
software has proved to be as high as 10% in tests. If
that were translated into reality, one person in ten would need to be
pulled aside for extra screening. Fingerprint and iris-recognition
technology have significant error rates, too. So,
despite the belief that biometrics will make crossing a
border more efficient and secure, it could well have the opposite
effect, as false alarms become the norm.
The third, and scariest problem, however, is one that is
deliberately built into the technology, rather than being an accident of
its present inefficiency. This is the remote-readability of the chip,
combined with the lack of encryption of the
data held on it. Passport chips are deliberately designed
for clandestine remote reading. The ICAO specification refers quite
openly to the idea of a “walk-through” inspection with the person
concerned “possibly being unaware
of the operation”. The lack of encryption is also
deliberate—both to promote international interoperability and to
encourage airlines, hotels and banks to join in. Big Brother, then,
really will be watching you. And others, too,
may be tempted to set up clandestine “walk-through
inspections where the person is possibly unaware of the operation”.
Criminals will have a useful tool for identity theft. Terrorists will be
able to know the nationality of those
Belatedly, the authorities have recognised this problem,
and are trying to do something about it. The irony is that this involves
eliminating the remote readability that was envisaged to be such a
crucial feature of the system in the first place.
One approach is to imprison the chip in a Faraday cage.
This is a contraption for blocking radio waves which is named after one
of the 19th-century pioneers of electrical technology. It consists of a
box made of closely spaced metal bars. In
practice, an aluminium sheath would be woven into the
cover of the passport. This would stop energy from the reader reaching
the chip while the passport is closed.
Another approach, which has just been endorsed by the
European Union, is an electronic lock on the chip. The passport would
then have to be swiped through a special reader in order to unlock the
chip so that it could be read. How the European
approach will interoperate with other countries' passport
controls still needs to be worked out. Those countries may need special
equipment or software to read an EU passport, which undermines the
ideal of a global, interoperable standard.
Sceptics might suggest that these last-minute
countermeasures call into doubt the reason for a radio-chip device in
the first place. Frank Moss, of America's State Department, disagrees.
As he puts it, “I don't think it questions the standard.
I think what it does is it requires us to come up with
measures that mitigate the risks.” However, a number of executives at
the firms who are trying to build the devices appear to disagree. They
acknowledge the difficulties caused by
choosing radio-frequency chips instead of a system where
direct contact must be made with the reader. But as one of them, who
preferred not to be named, put it: “We simply supply all the
technology—the choice is not up to us. If
it's good enough for the US, it's good enough for us.”
Whether it actually is good enough for the United States,
or for any other country, remains to be seen. So far, only Belgium has
met America's deadline. It introduced passports based on the new
technology in November. However, hints from the
American government suggest that the October deadline may
be allowed to slip again (it has already been put back once) since the
Americans themselves will not be ready by then. It is awkward to hold
foreigners to higher standards than you impose
on yourself. Perhaps it is time to go back to the drawing