Federal rules adopted for electronic U.S. passports

Computerworld - The U.S. State Department has approved new rules that pave the way for the use of RFID-equipped electronic passports beginning in December -- despite concerns about privacy issues raised by the new technology.
The rules went into effect Tuesday and call for the inclusion of several security measures to protect passport holders from data theft, according to the agency. One method will prevent data on the built-in radio frequency identification tag from being "skimmed," or captured from afar by using a special material on the passport cover that blocks the data from being read by unauthorized equipment.
In August, the State Department announced that the electronic passport program will begin in December for government workers who have "official" or "diplomatic" passports, and will be fully rolled out by next October for all U.S. citizens (see "Electronic U.S. passports coming in December").
The use of electronic passports is designed to enhance document and border security and to make identification for international travel easier and more secure for U.S. citizens, the department said.
During a public comment period earlier this year, the agency received 2,335 messages, with more than 2,000 of them from critics concerned about data integrity, data theft and privacy.
Marc Rotenberg, executive director of the Washington-based Electronic Privacy Information Center, said the latest rules are an improvement over the State Department's original plans. Rotenberg said the main privacy worry centered around the possibility of RFID tag skimming. "This is improved. It's certainly better than it was earlier this year," he said.
He cautioned that the government could still one day use RFID-equipped passports to track passport holders in various locations -- even when they are not crossing national borders. "With RFID, you create the risk of remote identification, where people don't know their identification information is being collected," Rotenberg said.
The new rules reflect and incorporate those comments by building in safeguards to protect the passport information, according to the State Department. To combat data theft, the passport RFID chip must be held within about four inches of a special reader and the passport cover must be open.
The agency also noted that the RFID chips are not the same as those used for warehouse inventory tracking over larger distances and will not permit "tracking" of individuals. "It will only permit governmental authorities to know that an individual has arrived at a port of entry -- which governmental authorities already know from presentation of nonelectronic passports -- with greater assurance that the person who presents the passport is the