U.S. set to issue passports with RFID chips
An August deadline will be met despite fears of security experts
Computerworld - The U.S. Department of State is on track to start issuing passports with radio frequency identification (RFID) chips next week, despite warnings from some security experts that such systems could be accessed or tracked by hackers.
The new program will start in the Denver passport office and be rolled out across the country over the next several years. All American passports are expected to include RFID chips containing personal information by 2017.
State Department personnel have successfully tested the electronic passports over the past year, said Frank Moss, deputy assistant secretary for passport services.
Moss contended that electronic passports improve security by making it harder to forge or alter official documents. All personal information on the chip must precisely match that in the printed portion of the electronic passport. "In the past, it could have been possible to put a new photo inside [a stolen passport] or find someone who looks like the holder," Moss said.
Additionally, if an electronic passport is stolen, the chip has a unique identifying number that can be tracked by law enforcement agencies worldwide, he said.
Moss said that extra memory space on the RFID chip may be used in the future to store biometric information such as a fingerprint image. However, he said no decision has yet been made on how to use the extra storage space.
Some security experts have expressed concern over the use of a chip that doesn't require contact with a scanner. The new passport can be read about four inches from a scanner.
Given the fast pace of technology changes, and the 10-year life of a passport, it's inevitable that the RFID chip will become hackable and that technology will be built to access it from long distances, said Bruce Schneier, founder and CTO of Counterpane Internet Security Inc. in Mountain View, Calif. The new passport could eventually allow for surreptitious access and tracking, he said.
Schneier contended that the State Department could have used an RFID chip that requires contact with a reader. "I can think of no benefit for a contact-less chip," he said. "The question is, if there is no good reason for RFID, why are they pushing so hard for it?"
Other experts downplayed such potential flaws. "The only vaguely legitimate arguments I have heard against E-passports is that they might permit someone two feet away from you to learn that you are American and blow you up, or permit someone two feet away to learn whatever might be stored on the E-passport," said Michael Shamos, a professor who specializes in security issues at Carnegie Mellon University in Pittsburgh.
"It's a balancing of risks. The E-passport will be much more difficult to forge and thus ought to reduce the prospect of terrorists getting hold of valid ones," he said.
The passive 64Kb RFID devices in the new passports will be supplied by Infineon Technologies North America Corp. of San Jose and Amsterdam-based Gemalto NV, Moss said. The E-passports meet specifications laid down by the Montreal-based International Civil Aviation Organization (ICAO), a United Nations standards body.
The ICAO has been pushing for its 189-member countries to adopt machine-readable passports by 2010.
Read more about Mobile Apps and Services in Computerworld's Mobile Apps and Services Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Empowering Your Mobile Worker
- Today's most productive employees are mobile, and your company's IT strategy must be ready to support them with 24/7 access to the business...
- Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Mobile Apps and Services White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Mobile Apps and Services Webcasts