Monday, November 22, 2004
Biometric Passports
They're coming. The British government will be testing the new passports starting in January.
A biometric passport contains a computer chip containing the holder's photograph and personal information on the current passport, including name and date of birth, and a set of measurable personal features such as an iris image scan or fingerprints as identification markers. RFID scanners at immigration stations around the world are necessary to take advantage of this technology. Presumably, such a chip could contain much more information than this. While privacy advocates have raised their concerns, but it appears this technology is on it's way.
A machine-readable passport contains printed OCR-B machine-readable (scanner) data. The size of the passport, the arrangement of data fields and the photograph meet the standard of the International Civil Aviation Organization. This is currently in place and from what I'm able to gather, the new passports will include both technologies.
Initially, the new biometric passports will be used to admit visitors from those countries where a visa is not required. The Senate in July voted to delay by one year the Oct. 26 deadline for implementing the new passports for U.S. citizens.
There has been a move to incorporate biometric passports for over a year. The European Union approved these passports last month for EU citizens. The British government appears ready to use this technology in a national identification card system.
There also appears to be a chicken/egg conundrum. If any country adopts a standard that works today but a better technology is available tomorrow, what to do? And if another country uses better chips tomorrow our airport and seaport immigration terminals will be required to upgrade to accommodate that newer technology. I suspect there's an international standards group to control that scenario, but I can't find reference to such a group on the Internets.
I wonder if there will be a delay to renew passports to get the new ones or will passport holders resist.
Update: Bruce Schneier, an expert in IT security, offers this:
[T]he Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that's a very bad thing.
These chips are like smart cards, but they can be read from a distance. A receiving device can "talk" to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.
Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.
Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily--and surreptitiously--pick Americans or nationals of other participating countries out of a crowd.
This goes beyond the compromise of personal information. This gets to the compromise of personal safety. Hmmm. Thanks for the tip, Kristi.
