title:

A target in your pocket

By Scott Bradner

This is not just another column on the evils of RFIDs, even thought it starts out looking like one. The column is actually about decision making.

After a series of closed meetings the UN-sponsored International Civil Aviation Organization (ICAO) (http://www.icao.int/) developed an international standard for electronic passports. The standard specifies a passport with an imbedded RFID-like electronic chip. Unlike the RFID chips I have recently written about ("An RFID warning shot" - http://www.nwfusion.com/columnists/2005/020705bradner.html and "The kids were right, school is a prison" - http://www.nwfusion.com/columnists/2005/022105bradner.html) which basically contain a unique ID, the chip in the passport will be able to store all sorts of information (eventually up to 512K bytes) - the initial information set includes name, date of birth, place of birth, a digital photo and, I expect, the country that issued the passport. The U.S. and a number of other countries are in the process of adopting the standard.

As with other RFID chips, the information in the passport chip will be able to be read without the reader having to be in actual contact with the passport. Also as with other RFID proposals quite a few people have expressed considerable concern over this remote reading ability, particularly since the data will not be encrypted. The ACLU and EFF have both provided comments to the U.S. State department on the proposed electronic passport. Their comments and backup material are on-line at http://www.aclu.org/passports and http://www.eff.org/Privacy/Surveillance/RFID/. Do not read this information if you want to continue to think that the U.S. government wants to protect your safety.

One of the ACLU documents uses information that the ACLU obtained under the freedom of information act to detail how the U.S. government repeatedly argued against adding safeguards, such as encrypting the data or using contact-type rather than wireless chips, to the standard when such safeguards were proposed by other countries. The U.S. government also repeatedly dismissed concerns of surreptitious scanning of these electronic passports while still in the traveler's pockets. The U.S. government public position is that the scanners are bulky and will only work at very short distances (4 or so inches). This position willfully ignores the fact that technology is constantly improving. If reading can be done at 4 inches today, it will be 4 feet in a year or two, and 40 feet a few years after that. (See http://www.nwfusion.com/columnists/2005/020705bradner.html it may already be 40 feet) There are many parts of the world where I would not want to travel with a passport in my pocket that could tell any properly equipped terrorist within easy striking distance that I'm an American.

Overall the picture is chilling.

What is most chilling is the idea that the US government has been actively trying to keep the passports from being secure. In effect, they have been actively, and with full warning from many sources, trying to ensure that Americans will be at risk when traveling in any place where someone might harbor bad feelings about America.

What kind of decision process could possibly have concluded that putting ones own countrymen at risk was worse than having secure passports? The only thing I can think of is that the U.S. government must want to surreptitious track passport holders from other countries and the desire to do that outweighed the safety of Americans. Maybe there is another explanation, one that just involves mulish stupidity or obstinate shortsightedness about the pace of technical evolution. But, as a traveler, I am being put at risk - not something that I much like -- whatever the explanation.

disclaimer: Mulish stupidity is not a common Harvard trait so the above observation is mine -- not the university's.