Washington is finally walking the walk when it comes to border security. That may not be a good thing, at least according to some critics.
Knowing just who is entering the country is a critical element of the homeland security initiatives passed by Congress in the aftermath of the 2001 terrorist attacks. No one disagrees with that premise.
By 2004, Congress approved the Intelligence and Terrorism Prevention Act requiring U.S. citizens and foreign nationals crossing U.S. borders to present a passport or other documents as proof of citizenship.
More importantly, Congress voted for the identification scheme to involve linking the passports and other documents to U.S. databases.
The lawmakers left the pesky details of privacy and security — there were plenty — to the bureaucrats.
First came the e-passports, which incorporate an RFID chip holding a digital photograph and the bearer’s personal data. From a few inches away, a reader activates the chip and U.S. Customs officials can compare the information on the e-passport against what it has in its database.
The implementation of e-passports was delayed by more than two years of security and privacy criticisms but finally began rolling off the presses in August.
Now comes the “limited use passport card,” for U.S. travelers returning by land or sea from Canada, Mexico, the Caribbean or Bermuda. Prior to the legislation, returning U.S. travelers from those countries did not need to present a passport.
Instead, Customs officials accepted a wide variety of documents issued by state or local authorities such as drivers’ licenses and birth certificates, which prove identity but not necessarily U.S. citizenship.
No more: “Your papers, please!”
As proposed, the passport cards will be implemented over the next three years.
For the Department of Homeland Security and the Department of State, this presents some tough logistical problems.
According to a study by Bearing Point, approximately 23 million U.S. citizens cross the land border into Canada and Mexico nearly 130 million times each year. Another four million Americans travel to Canada and Mexico by air or sea, while two million travel to the Caribbean by air or sea.
Of the 23 million land border crossers, about half are frequent crossers. Almost all are traveling by automobile. Most do not have passports.
On any given day at a U.S. land border crossing, particularly between the U.S. and Mexico, the sea of cars resembles a football stadium parking lot on game day.
In other words, there’s a lot of people and cars to move through Customs. To accommodate those crowds, DHS and State ditched the technology behind e-passports in favor of efficiently moving all those cars and people through Customs.
Instead of the short-range RFID used in e-passports, the government is going with vicinity (or long range) RFID for passport cards. The chip in the passport card can be read from at least 20 feet away.
As cars near the Customs checkpoint, a holder of the card can flash it to an overhead reader. When the car reaches the checkpoint, the information is ready on Customs’ computer screen.
“Using long range RFID technology is a major step backwards for government-issued identity credentials,” Randy Vanderhoof, executive director of the Smart Card Alliance, contends. “These RFID tags simply don’t have the security features necessary to protect the border and also maintain citizen privacy.”
Smart Card Alliance members, it should be noted, lost out on the passport card deal after securing the e-passport contracts.
Although the holder of the passport card must supply the same information as if applying for an e-passport (digital photo and personal data), the RFID chip on the passport card will only contain a “marker” or “pointer” to the bearer’s info in the database.
“The vicinity-read RFID technology proposed for the passport card does not support the necessary security safeguards to allow border officials to verify that the passport card is authentic, nor does it prevent the citizen’s unique reference number from being tracked when it is outside of its protective sleeve,” said Vanderhoof.
According to Vanderhoof, the bad guys will be able to pluck the marker or pointer out of the air to enable cloning of false passport cards.
“Vicinity technology was chosen because we’ve been using it for years,” said Kelly Klundt, a spokesperson for Customs and Border Protection. “The technology is not new and we have an excellent track record in protecting privacy.”
Klundt said vicinity RFID has been used by Customs since as early as 1995 and “to my knowledge we have had to incidences of things like that [identity theft, cloning or tracking].”
The Smart Card Alliance also points out U.S. land border crossings are equipped to process e-passports. So why impose a second reader system?
“It doesn’t make sense to use two technologies to accomplish the same thing,” Cathy Medich, manager of the Smart Card Alliance’s Industry Council, said.
Klundt said the criticism is not surprising.
“The argument [between vicinity and short range RFID] is going to persist and keep going around,” she said. “It makes sense that competing businesses have different points of view.”
That’s probably a healthy thing, given the national security stakes.
Nothing is set in digital stone as yet and the government is welcoming comment until December 18.