HOME
ABOUT ACTE
  • History
  • President's Message
  • Board of Directors
  • Regional Chairs
  • Global Ambassadors
  • Global Partners
  • ACTE By-Laws
MEMBER
RESOURCES
  • ACTE Interactive
  • ACTE Connect
  • Membership Directory
  • Global Business Journal
  • Job Bank
  • Volunteer Opportunities
  • Awards Program
  • Award Winners
EDUCATION
CALENDAR
  • Global Conference, Rome
  • Canada Conference, Toronto
  • Latin America Conference, Mexico City
  • Africa Conference, Johannesburg
MEMBERSHIP
BENEFITS
JOB BANK
SPONSORSHIP, AD
& TRANSACTE INFO
SPONSORS
ACTE
CENTRE
ACTE
CONNECT
SITE SEARCH
Email
Password
Need Your Password?
Remember Me
  • JOIN / RENEW
  • Education, Training, Networking
    • Calendar of Events
    • Past Events
    • Host an ACTE Event
  • Regions
    • Asia-Pacific
    • Canada
    • Europe
    • Latin America
    • Middle East & Africa
    • United States
  • Advisory Committees
    • Business Resiliency
    • Corporate Productivity
    • EMEA Traveller Security & Data Privacy
    • North America Traveler Security & Data Privacy
    • Corporate Social Responsibility (CSR)
  • Press Room
  • Job Bank
  • Contact Us
  • Laptop Seizures
  • ACTE Global
  • Demand Management
  • Buy Books

RFID

Industry Analysis:

April 6, 2005
From The Travel Security Task Force
Association Of Corporate Travel Executives

Critical Facts About RFID Tags In Passports...And How They May Affect You Or Your Travelers

Introduction:

Conflicting information about the capabilities of radio frequency identification tags (RFID) - and the risks they may impose on U.S. travelers - prompted the Association of Corporate Travel Executives to oppose a State Department proposal implanting these devices in passports. That opposition was made public on March 28, 2005. A subsequent survey of ACTE members indicated the business travel industry required an immediate analysis of RFID technology, detailing its development, most appropriate use, and most serious drawbacks.

This document constitutes the basis of that analysis.

Released under the aegis of ACTE's Traveler Security Task Force, this report was compiled by the association's leading authority on radio frequency identification tag technology and contains the latest information on this subject, contributed by scientists and product developers. It presents an objective look at these devices, as well as the background data supporting the conclusions reached by the Traveler Security Task Force, and ACTE leadership.

The question of RFID technology will not be resolved with the closing of public commentary by the State Department on April 4, 2005, but will most likely move into the sector of public debate. The information in this report will be extremely useful in determining your stance on this issue and the action you decide to take. The Association of Corporate Travel Executives will continue to monitor the situation, updating this data as new developments unfold. This issue will be the focus of a special "Privacy & Security" presentation at ACTE's Global Conference in Vancouver, on May 1, 2005.

I) Understanding The Terminology:

A number of terms are being used by governments and the press to define the technology to digitally carry the information printed on the data page of a passport within the actual passport. These terms include ePassports, embedded electronic chips, radio frequency identification (RFID) tags and contactless integrated circuit chips with RFID tags being the most common. While the terms are subtly different (though used interchangeably), the underlying technology and security issues are the same.

II) How does an RFID system work?

Very simply, an RFID system consists of two key components:

  1. A scanning antenna at the station
  2. The embedded chip in the passport

The scanning antenna is the key part of the technology especially for the chips to be used in passports since there is no battery. The antenna puts out radio frequency (RF) signals in relatively short range. For the proposed passport program, this distance is around 4 to 6 inches. This RF radiation does two critical things; it wakes up the electronic chip and gives it the energy that it needs to operate and provides the means to communicate with the chip. Since these chips do not need batteries, they can be made very small (and flat) and the information stored on the chip can be held for a long time from 10 years to possibly decades.

When the RFID chip passes through the signal from the scanning antenna, the chip is energized and then transmits the data stored on it. The scanning antenna picks up the return signal from the chip and captures the information.

III) What are the problems with using RFID technology?

Fundamentally, these RFID devices were designed for inventory management and not security applications. The biggest issue with RFID technology is that anyone with an appropriately equipped scanner who can get near enough to the chip can "wake it up" and read its contents. What is "near enough" will depend on the design of the antenna and the electronic characteristics of the chip. Careful design of a high-gain antenna may enable the device to be read or at least detected from considerable distance.

Privacy groups raise the concern that even being able to "wake up" the chip is an invasion of privacy. Someone, such as a foreign intelligence organization or criminal group, could easily setup an antenna and would be alerted to any passport they "see". Even if they could not read the data from the chip, they would be able to detect the passport and its unique signal structure (referred to as a signature) that would likely identify the issuing country of the passport.

The solution to preventing access to the information on the chip is twofold. First, the data should be encrypted when it is transmitted. This would require the person scanning the device to have the key to unlock the information. Second, the chip should authenticate the reader to only respond to readers it is programmed to know in advance. Unfortunately, the proposed passport system will not implement either of these security controls, which is the source of most of the controversy.

There are other problems with RFID technology that will likely surface in real-world use. The first will be tag collision. This occurs when there are multiple tags present in a small area. This would be the case when you hold several passports together or in the future when a visa containing an RFID chip is in the passport. As this technology expands in different markets, no one knows what other items may contain RFID chips. Since there are limited standards around this technology or a central clearinghouse to control its use, tag collision will likely become more prevalent over time.

The other likely real-world problem will not be the chips themselves, but the data that is recorded in the chip. While it is pretty straightforward to develop standards for the basic information such as name, address, date of birth, etc. It is more difficult to develop standards around the biometric data to be stored on the chip such as a photo or fingerprint. This will make global interchange and standard use of this biometric information unlikely for a number of years. The International Civil Aviation Organization (ICAO) is responsible for these standards but it is unclear that they have truly interoperable biometric encoding standards. While basic incompatibility issues will likely be worked out in the near future, the issues regarding biometric data, encryption and authentication are a long way from being resolved.

IV) Should we be concerned about having electronic chips in a passport?

Virtually all privacy experts and most experts involved in this area as it relates to security agree on the same position. While the technology exists, it should not be used in security applications until both the technology and systems to support it mature further to address fundamental privacy and security concerns.

One of the key privacy concerns is where an unknown third party could setup a scanning antenna to watch what devices respond. The technology needs to prevent this vulnerability by allowing the chip to "wake up" but not transmit unless the chip authenticates that the reader is a "known" reader.

The current government proposal specifically does not encrypt the information when it is read from the chip. Given the ability for an unknown third party to potentially read the passport data, would increase the risk of identity theft for travelers. It would also allow criminals to know when you are traveling and give them your home address. This would make it even easier for them to show up with a moving truck.

Building a global system to support data encryption will be very difficult and costly. This is why the government has not included this capability in its program and one of the main reasons that Internet e-mail is not widely encrypted. A global system to mange the keys to unlock the data would need to be developed. Each country would need to integrate this key management system into their passport systems resulting in significantly increased complexity and cost.

There are concerns beyond the embedded chips. Privacy experts in the US, European Union and Canada have deep concerns over the recording of facial biometrics. Unlike other biometrics such as fingerprints, facial biometrics could be used at a distance to track individuals without their knowledge. This issue and Canada's recent internal report that questions the effectiveness of facial biometrics in passports adds to the list of technology and privacy concerns.

Until these or similar protection technologies are developed and thought through, people will and should be concerned about having these RFID chips in their passport. Unfortunately, it appears that the government is attempting to push this technology into the market before its time.

V) Are there alternatives to RFID tags in passports?

There are alternatives to RFID chips such as chips that require the reader to make physical contact. Some credit card and bank companies have introduced "smart cards" that have a gold chip printed on the card. These chips are referred to as contact smart cards or contact integrated chips. As with any technology, there are tradeoffs. In this case, having to make contact with the device reduces the lifetime of both the card and the reader and slows down the throughput of the system. However, in a passport application this should not be a major issue since they are not used that frequently and are manually handled. The benefits of this technology would be that the chip could not be interrogated or read from a distance by an unauthorized third party.

Of course, if the passport control agent is going to have to place the passport in a reader there are other technologies such as optical barcoding that would eliminate the reader wear and tear issue and speed up the handling process - a key goal of the proposed embedded chip. While the traditional product barcode would not work for anything other than possibly the passport number, modern optical barcodes can encode up to millions of characters of information. This technology would probably be the best next step for passports. In fact, this technology is already in use by the Department of Homeland Security (DHS) for millions of Border Control Cards. With this already in the government's inventory, why do we need another costly system?

VI) Will RFID's actually improve passport security?

The goal of the government is to enhance the security of the passport and simplify the handling of the document to speed up the process at border checkpoints. The current government proposal may enhance the integrity of the passport document but not the overall security of the system. Document integrity is enhanced through the proposed use of a digital signature to detect if the information in the chip has been changed and security features that make it nearly impossible to alter the chip. The use of RFID technology makes handling of the document easier since it will not need to be physically fed through a reader. However, the overall security of the passport document in the broader environment has not been enhanced and will likely be diminished. This is a classic systems engineering failure in not addressing the entire operating environment - people, processes and devices as a whole. Or worse yet, a calculated objective that would allow government security and intelligence personnel to exploit the system.

At the end of the day, embedding a chip in the passport may not even be the desired solution or add any significant value to the security process. Given time, any individual or organization bent on defeating the system will figure out a way to do it. This is especially true when they have easy access to the device to experiment. This concern is made even more real when students at Johns Hopkins University recently defeated several RFID tag based systems such as an Exxon Mobil SpeedPass, automobile "smart" keys and other systems. One RFID tag based system was defeated in 15 minutes using $200 worth of equipment.

VII) Is there an alternative approach?

A fairly robust solution could be developed based on international government cooperation and transfers of passport information, not on the passport itself, but through trusted networks and secure transmissions. When a traveler presents a passport, the official would check the document against a trusted, issuing authority controlled database of valid passports. The official would immediately know if the passport was valid, has expired or was stolen. The system would display the official data collected when the passport was issued. This can be easily compared with the information on the document using existing passport technology. The official can determine if the basic information on the document was altered. This system would not require embedded chips or any other changes to existing passports and would provide a significantly greater level of security than we currently have in place.

We would not put the biometric data in a central database. As the European Union has already decided, having biometric data in a centralized database would likely increase the risk of abuse and function creep. There is also a concern that it would increase the risk of using these biometric identifiers as 'access keys' to various databases, thereby interconnecting databases.

To enhance the proposed system, the next generation passport would encode a fingerprint biometric using an optical barcode with a digital signature. The digital signature would enhance document integrity. Existing fingerprint scanners would allow the official to determine if the bearer is the person to which the document was originally issued. This proposed solution would significantly enhance the overall effectiveness of the passport system, leverage our existing investment in fingerprint scanners, and satisfy privacy concerns.

VIII) Conclusion:

Electronic chips in passports raise serious security and privacy concerns that cannot be addressed until both the technology and systems needed to support the technology mature. There are near-term alternatives that should be considered and the government should wait before putting embedded chips into passports. Every traveler, travel management executive, and procurement specialist should make his or her opinion known on this subject.

Taking the time to understand the key issues is a critical first step. However, having your opinion heard is an important next step. You can communicate directly with your elected representatives and support advocacy groups or trade organizations.

The key groups taking positions on this important issue include:

  • American Civil Liberties Union - Privacy & Technology - www.alcu.org
  • Association of Corporate Travel Executives - www.acte.org
  • Business Travel Coalition -- http://btcweb.biz/rfid.htm
  • Electronic Privacy Information Center - http://www.epic.org

Acknowledgments:

The Association of Corporate Travel Executives would like to acknowledge the efforts of its Traveler Security Task Force - especially Bruce McIndoe, CEO, iJET Travel Risk Management - for making this document available to ACTE members.

Back to the Home Page

Contact Us | Site Map | Privacy Policy

Copyright © 2008 ACTE Inc. All Rights Reserved