New travel rules kick in June 1 amid concerns over RFID-tagged passport cards
Card can be easily cloned, used for tracking purposes, critics say
May 29, 2009 12:01 AM ETComputerworld - New travel requirements go into effect June 1 at U.S. land and sea borders amid security concerns over an RFID-enabled passport card that has been approved for U.S. travelers.
The passport cards are being issued by the U.S. State Department under a program aimed at better securing U.S. borders against terrorist threats. Under the program, called the Western Hemisphere Travel Initiative (WHTI), U.S. citizens returning from Canada, Mexico, Bermuda and the Caribbean by land or sea will be required to show a valid passport, the RFID-enabled passport or a WHTI-compliant driver's license starting June 1. Currently, U.S. citizens can re-enter the country from these four regions with a driver's license and proof of citizenship, such as a birth or naturalization certificate.
The passport cards, about 1 million of which have been issued so far, are designed to be a secure but cheaper alternative to regular passports. The card costs $45 for those 16 and older and $35 for those under 16. In contrast, a regular passport costs $100 for those over 16 and $85 for minors.
The credit card-size passport cards have a vicinity-read radio frequency identification tag that allow Customs and border protection officials to read the cards from 20 to 30 feet away. The goal is to reduce wait times by allowing officials to access an individual's information even before the traveler reaches the border. (The Customs Department provides details on how to use the card for U.S. land border entry on its Web site.)
Critics of the passport card maintain that those features that makes the card convenient to use also pose security and privacy risks. Organizations including the Center for Democracy and Technology (CDT) and the Electronic Privacy Information Center (EPIC) have noted that the use of vicinity-read or long-range RFID tags heightens the risk of data being skimmed by those with unauthorized card readers because the data is unencrypted as it travels over the air.
Cardholders could unknowingly broadcast their identity information while traveling, opening up the possibility for the data to be stolen and the cards cloned, these groups say.
The CDT said the RFID passports are less secure than U.S. electronic passports, which also use a chip to store a digital image of the passport holder and all of the same data that is visually displayed on the first page of the passport. However, the chips used on electronic passports are proximity-read and the encrypted information on it can only be accessed by swiping the card through a reader at the border crossing. The chip is also embedded into the back cover of the passport and shielded from snooping. No such protections are available with the passport cards, the CDT has noted.
RFID-tagged passport
Additional Resources



White Papers & Webcasts
Death to PST Files
Download Now
The Tangled Web: Silent Threats & Invisible Enemies
Download Now
Tape Killed the IT Guy
Watch Now
Forrester Consulting Mobility Study: Taking Control of Enterprise Mobile Device Diversity
Download Now
BRM: What You Can Do To Reduce Risk In Challenging Times
Watch this webcast now!
What IT Must Do to Support Employee-Owned BlackBerry, iPhone and Android Mobile Devices
Download Now
Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".
eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...

