Passports to get RFID chip implants

All U.S. passports will be implanted with remotely readable computer chips starting in October 2006, the Bush administration has announced.

Sweeping new State Department regulations issued Tuesday say that passports issued after that time will have tiny radio frequency ID (RFID) chips that can transmit personal information including the name, nationality, sex, date of birth, place of birth and digitized photograph of the passport holder. Eventually, the government contemplates adding additional digitized data such as "fingerprints or iris scans."

Over the last year, opposition to the idea of implanting RFID chips in passports has grown amidst worries that identity thieves could snatch personal information out of the air simply by aiming a high-powered antenna at a person or a vehicle carrying a passport. Out of the 2,335 comments on the plan that were received by the State Department this year, 98.5 percent were negative. The objections mostly focused on security and privacy concerns.

But the Bush administration chose to go ahead with embedding 64KB chips in future passports, citing a desire to abide by "globally interoperable" standards devised by the International Civil Aviation Organization, a United Nations agency. Other nations, including the United Kingdom and Germany, have announced similar plans.

In regulations published Tuesday, the State Department claims it has addressed privacy concerns. The chipped passports "will not permit 'tracking' of individuals," the department said. "It will only permit governmental authorities to know that an individual has arrived at a port of entry--which governmental authorities already know from presentation of non-electronic passports--with greater assurance that the person who presents the passport is the legitimate holder of the passport."

To address Americans' concerns about ID theft, the Bush administration said the new passports will be outfitted with "antiskimming material" in the front cover to "mitigate" the threat of the information being surreptitiously scanned from afar. It's not clear, though, how well the technique will work against high-powered readers that have been demonstrated to read RFID chips from about 160 feet away.

"The shielding in the passport is a physical device that basically, when the passport cover is closed, it's very difficult to read the chip," a State Department official, who did not wish to be identified by name, said Tuesday. The official was unable to provide details about the material's composition. The National Institute of Standards and Technology, which has been working to evaluate the chip's vulnerability to skimming, was unable to provide further information on Tuesday.

Privacy advocates told CNET News.com that the anti-skimming device was a decent start. But if the cover of the passport happens to be open, all bets are off, said Bill Scannell, a privacy advocate who founded the site RFIDkills.com. "They've built little baby radio stations into peoples' passports and covered it with concrete," he said, "but when the little hatch is open, you can still hear the music."

"It's better than nothing," Scannell went on, "but why take this risk?"

In addition, the passports will use "Basic Access Control," a reference to storing a pair of secret cryptographic keys in the chip inside. The concept is simple: The RFID chip disgorges its contents only after a reader successfully authenticates itself as being authorized to receive that information.

Computer scientists, however, have criticized that encryption method as flawed. In a recent paper (PDF here), RSA Laboratories' Ari Juels, and University of California's David Molnar and David Wagner, warned that the design of the encryption keys is insufficiently secure. They said that the use of a "single fixed key" for the lifetime of the e-passport creates a vulnerability.

The Bush administration could face an eventual legal challenge. A letter to the State Department from privacy groups (PDF here) says there is "no statutory authority" for the RFID passport because Congress has not authorized it.

"Our point is, whatever Congress may have meant in giving the State Department authority to issue passports was probably to issue passports that were like the old passports," said Lee Tien, staff attorney for the Electronic Frontier Foundation, which co-authored the comments. "But at some point you are doing something that is significantly different, which should probably require some sort of additional congressional authorization. The argument is how broadly does that authority go, and honestly, it's something no one knows."

[m.meister]

Once again..

Once again, this administration shows an arrogance and, frankly, <br />an ignorance to the concerns of privacy of the citizens of this <br />nation.<br /><br />I don't see Congress being the saviors though. They are ready to <br />crush our rights at the drop of a hat (can anyone say Patriot Act).<br /><br />Whenever someone challenges either of them, the two catch <br />phrases come out to play: "terrorism" and "9/11". This <br />administration's power is based on nothing but fear.

[Techno Guy]

The Shadow of Fear

I think this discussion is best divorced from the bogieman of Bush-bashing. The fact is, neither major political party in the United States is particularly interested in protecting personal data, and proponents and opponents can be found in both parties. It is more a matter of personal conviction than it is of partisan loyalty.

[m.meister]

Once again..

Once again, this administration shows an arrogance and, frankly, <br />an ignorance to the concerns of privacy of the citizens of this <br />nation.<br /><br />I don't see Congress being the saviors though. They are ready to <br />crush our rights at the drop of a hat (can anyone say Patriot Act).<br /><br />Whenever someone challenges either of them, the two catch <br />phrases come out to play: "terrorism" and "9/11". This <br />administration's power is based on nothing but fear.

[Techno Guy]

The Shadow of Fear

I think this discussion is best divorced from the bogieman of Bush-bashing. The fact is, neither major political party in the United States is particularly interested in protecting personal data, and proponents and opponents can be found in both parties. It is more a matter of personal conviction than it is of partisan loyalty.

[dargon19888]

RFID not yet ready for primetime...

Its one thing to use RFID in managing warehouse distribution, its another to try and manage it with individuals.<br /><br />Since any RFID reader can read the RFID chip, what's to stop someone like Wal-Mart from capturing the data as you enter the store or when you make the purchase. This way they can capture your id with your CC purchase.<br /><br />If that sounds paranoid, its not. Wal-Mart will place RFID scanners at their entrace/exits for theft prevention. All scanned tags' data will be captured...<br /><br />In reality though, all the RFID tag will do for the US government is to ensure that the passport being presented is one that has been issued by the US government, cracking down on forgeries.<br /><br />And even then, there will still be ways to cheat the system.

[Techno Guy]

Reasonable Discussion

I agree that there are legitimate privacy and security concerns over including RFID chips in passports, but identity theft at the hands of WalMart isn't one of them, for at least two reasons: 1) Most people aren't likely to carry their passports while shopping at WalMart, and 2) the RFID chip in a passport will be shielded so that WalMart's readers likely wouldn't even detect them.

[dargon19888]

RFID not yet ready for primetime...

Its one thing to use RFID in managing warehouse distribution, its another to try and manage it with individuals.<br /><br />Since any RFID reader can read the RFID chip, what's to stop someone like Wal-Mart from capturing the data as you enter the store or when you make the purchase. This way they can capture your id with your CC purchase.<br /><br />If that sounds paranoid, its not. Wal-Mart will place RFID scanners at their entrace/exits for theft prevention. All scanned tags' data will be captured...<br /><br />In reality though, all the RFID tag will do for the US government is to ensure that the passport being presented is one that has been issued by the US government, cracking down on forgeries.<br /><br />And even then, there will still be ways to cheat the system.

[Techno Guy]

Reasonable Discussion

I agree that there are legitimate privacy and security concerns over including RFID chips in passports, but identity theft at the hands of WalMart isn't one of them, for at least two reasons: 1) Most people aren't likely to carry their passports while shopping at WalMart, and 2) the RFID chip in a passport will be shielded so that WalMart's readers likely wouldn't even detect them.

[ballssalty]

Glad I just got mine

I'm glad I just got my passport. It won't expire for ten years. <br /><br />But I have to agree, the arrogance is astounding. 98.5% of comments were negative and they go through with it anyway. What balls.<br /><br />I guess you could try and rip it out or damage it in someway that no reader can read it and just say it must be defective or something.

Damage the RFID chip

Why not just put the passport in the microwave for a minute. I'm pretty sure that would kill the chip.<br /><br />Next question is what would the passport checker do to you when he scans the passport and it doesn't work. Do you think that a full body cavity search would be next?

[ballssalty]

Glad I just got mine

I'm glad I just got my passport. It won't expire for ten years. <br /><br />But I have to agree, the arrogance is astounding. 98.5% of comments were negative and they go through with it anyway. What balls.<br /><br />I guess you could try and rip it out or damage it in someway that no reader can read it and just say it must be defective or something.

Damage the RFID chip

Why not just put the passport in the microwave for a minute. I'm pretty sure that would kill the chip.<br /><br />Next question is what would the passport checker do to you when he scans the passport and it doesn't work. Do you think that a full body cavity search would be next?

[shadowself]

New Business Idea

Anyone want to start a business of making copper foil lined passport holders?<br /><br />You could make an entire line of them from very high end with the outside make of expensive leather all the way down to plastic exterior with designs and/or logos on them.<br /><br />I know in 9 years when my current passport expires I'll either be buying one or making one of my own! I don't trust that just closing it and putting it into my pocket will keep it from being read. Inside a nice sleeve which is copper foil lined will be much more reasuring.

[shadowself]

New Business Idea

Anyone want to start a business of making copper foil lined passport holders?<br /><br />You could make an entire line of them from very high end with the outside make of expensive leather all the way down to plastic exterior with designs and/or logos on them.<br /><br />I know in 9 years when my current passport expires I'll either be buying one or making one of my own! I don't trust that just closing it and putting it into my pocket will keep it from being read. Inside a nice sleeve which is copper foil lined will be much more reasuring.

[NotaBene]

It won't solve the problem

Implanting RFID chips in passports is not going to make them more secure. Because they are RF they can be scanned at any time without the passport holders knowledge. And if it can be scanned it can be copied. And if it can be copied it's useless for the purpose of uniquely identifying anyone

[NotaBene]

It won't solve the problem

Implanting RFID chips in passports is not going to make them more secure. Because they are RF they can be scanned at any time without the passport holders knowledge. And if it can be scanned it can be copied. And if it can be copied it's useless for the purpose of uniquely identifying anyone

[vigilant]

it begs the question

since they do it against the will of the people, also this passport will be simple to fake, why are they doing it? i wonder if this administration has some kind of interest in the security busines..

[vigilant]

it begs the question

since they do it against the will of the people, also this passport will be simple to fake, why are they doing it? i wonder if this administration has some kind of interest in the security busines..

[Roman12]

chip implants

Sounds like a cool high-tech plan. But if you think about it, it seems dangerous. What is these scanners fall into hands of the enemy? Then every US passportis readable from a distance. Any encryption is crackable eventually... I personally think the current passports are just fine, or at least these new ones aren't better overall.

[Roman12]

chip implants

Sounds like a cool high-tech plan. But if you think about it, it seems dangerous. What is these scanners fall into hands of the enemy? Then every US passportis readable from a distance. Any encryption is crackable eventually... I personally think the current passports are just fine, or at least these new ones aren't better overall.

Ok Guys this is a no brainier!

When you have the top experts in the field of RFID technologies telling you that at the present time, current encryption technology is unable to make RFID completely secure? you should listen. <br /><br />Yes, Wal-Mart has been using this technology for awhile to track its movement of sending and receiving of inventory between locations, but last I knew it was to cost prohibitive to actually attach them to actual items. Even the passive RFID chips run about 20 cents apiece. <br /><br />I feel this is one area that we need to actually take a step back and allow better encryption technology to emerge before the deployment of RFID chips are installed in passports.

eddy.... ha ha

encryption? ha ha ha.. <br /><br />I got beamed up to a red white and blue noahs ark once.. and traveling out of the country on the company card... it invites you to a whole bunch of very interesting people... now with this rfid stuff... it really makes me look forward to some serious biz opps... I mean opportunities..... ha ha ha.....

Ok Guys this is a no brainier!

When you have the top experts in the field of RFID technologies telling you that at the present time, current encryption technology is unable to make RFID completely secure? you should listen. <br /><br />Yes, Wal-Mart has been using this technology for awhile to track its movement of sending and receiving of inventory between locations, but last I knew it was to cost prohibitive to actually attach them to actual items. Even the passive RFID chips run about 20 cents apiece. <br /><br />I feel this is one area that we need to actually take a step back and allow better encryption technology to emerge before the deployment of RFID chips are installed in passports.

eddy.... ha ha

encryption? ha ha ha.. <br /><br />I got beamed up to a red white and blue noahs ark once.. and traveling out of the country on the company card... it invites you to a whole bunch of very interesting people... now with this rfid stuff... it really makes me look forward to some serious biz opps... I mean opportunities..... ha ha ha.....

[embeddedsystems.us]

Passport, Popcorn, Microwave Oven

A few seconds in a microwave oven with the cover open will destroy the RFID chip.<br /><br />Will government agencies (customs, etc.) rely on printed information only in the case of a defective RFID?<br /><br />Would a citizen traveling with a defective RFID passport still be allowed entry into US and foreign ports?

[embeddedsystems.us]

Passport, Popcorn, Microwave Oven

A few seconds in a microwave oven with the cover open will destroy the RFID chip.<br /><br />Will government agencies (customs, etc.) rely on printed information only in the case of a defective RFID?<br /><br />Would a citizen traveling with a defective RFID passport still be allowed entry into US and foreign ports?

[Gayle-Edwards]

What I love...

I wish more people would pay attention to the "International angle" of this GROSS political-manipulation.<br /><br />Europe is RAILROADING this BIOMETRIC identity scheme through, over the angry protests of individual-nations, and citizens, by claiming that "...they have to do this", to comply with American-standards. And, American-politicians are claiming that WE AMERICANS have to do this in order to allow compliance with an "International" standard.<br /><br />And, both sides conveniently ignore the reality that this plots primary-purpose is actually to facilitate every participating governments ability to identify, and mercilessly-track, their own citizens, both directly and through "..information sharing" agreements, which are, for the most part, rather obviously designed especially to allow various government-agencies to side-step nearly every chance for "oversight" or "legal-restrictions" upon their nearly ABSOLUTE-POWER to "..monitor" every facet of our lives.<br /><br />England, is trying to shove national BIOMETRIC-IDs down their own citizens throats, right now. And, the U.S. government has already passed the "REAL-ID Act" which does the same thing to ALL "U.S. citizens".<br /><br />And, NONE OF THIS will actually benefit the common-citizen, or provide "...security from Terrorism".

[Gayle-Edwards]

What I love...

I wish more people would pay attention to the "International angle" of this GROSS political-manipulation.<br /><br />Europe is RAILROADING this BIOMETRIC identity scheme through, over the angry protests of individual-nations, and citizens, by claiming that "...they have to do this", to comply with American-standards. And, American-politicians are claiming that WE AMERICANS have to do this in order to allow compliance with an "International" standard.<br /><br />And, both sides conveniently ignore the reality that this plots primary-purpose is actually to facilitate every participating governments ability to identify, and mercilessly-track, their own citizens, both directly and through "..information sharing" agreements, which are, for the most part, rather obviously designed especially to allow various government-agencies to side-step nearly every chance for "oversight" or "legal-restrictions" upon their nearly ABSOLUTE-POWER to "..monitor" every facet of our lives.<br /><br />England, is trying to shove national BIOMETRIC-IDs down their own citizens throats, right now. And, the U.S. government has already passed the "REAL-ID Act" which does the same thing to ALL "U.S. citizens".<br /><br />And, NONE OF THIS will actually benefit the common-citizen, or provide "...security from Terrorism".