A conservative think tank came out against the U.S. proposal to place radio frequency identification (RFID) chips in all citizens’ passports.
“The proposed Electronic Passport rule is inappropriately cavalier about placing citizens’ personal information, unencrypted, on an RFID chip that must be carried in order to travel,” said Privacilla.org in comments filed Monday with the U.S. Department of State.
Jim Harper, director of information policy studies for the Cato Institute, signed the comments. Harper is also editor of Privacilla.org, a libertarian public interest Web site that acts as an information resource about privacy policy, which is supported by Cato.
The government wants to equip passports with the tiny RFID chips, which contain antennae that transmit information when they come into proximity with a reader in order to allow “contactless” reading of passport information. The government does not plan to encrypt the digital information stored on the chip, which would include the holder’s personal information, photo and fingerprint. The initiative is part of a global attempt to standardize electronic passports.
Harper dismissed the feds’ argument that the data to be carried by the chip is only that which is already available on the paper passport by pointing out that different transmission media have unique security requirements.
“A financial statement delivered on paper by U.S. mail carries one set of security and privacy risks. A financial statement delivered over the Internet carries a different set of security and privacy risks, just as a financial statement delivered via a roadside billboard would have a different set,” the letter said.
“Data on an RFID chip is more easily revealed surreptitiously than data printed on sheets of paper that are folded together,” the statement continued.
Harper pointed out that RFID is still an early-stage technology, mostly used in the supply chain for transactions of relatively low consequence. When chips are attached to goods at the retail level to enable quick customer service, or are kept in the car for payment of tolls, individuals have a choice about whether to accept them.
“None are where RFID is legally mandated for entire populations,” the letter went on.
Harper complained that the U.S. Department of State provided only vague justification for the need for RFID-enabled passports: It didn’t offer information about how bad the problem is or about how much time it expects to save using contactless reading of the chip.
Privacy experts warn that the unencrypted data stored on the chips could be intercepted or read by unauthorized third parties by “skimming,” or clandestinely moving a hidden reader within range.”
Many critics of the proposal, including the American Civil Liberties Union and the Electronic Freedom Foundation, believe that smart chips that must come into contact with the reader in order to deliver the information would not be subject so skimming.
The State Department’s proposed implementation would require the RFID chip to come within four inches of the reader. In response to the criticism, the State Department promised to implement an unspecified method of preventing skimming.
“If the department believes that not having to move passports four inches to make contact with a reader will alleviate congestion at international borders, it should say so. If it does not believe this, it should select a non-RFID chip at most, and perhaps withdraw the proposal entirely, sticking with optical character recognition
Harper called on U.S. officials to rethink the e-passport strategy and withdraw the proposal to use RFID — even if it means that U.S. passports won’t conform to the global standard.
“Standards that are set in international bodies, representing the ‘average’ international view, are not appropriate to apply to Americans, who have a unique love of freedom and privacy,” Harper wrote. “The department should recognize that RFID is good for products, not people.”