Space, Physics, and Math

Concerns Still Swirling Around New Passports

Experts continue to debate the merits of putting radio frequency chips in American passports.

February 7, 2007
Will radio microchips make passports more difficult to forge? [CREDIT: DESKDEMON.COM]
Will radio microchips make passports more difficult to forge? [CREDIT: DESKDEMON.COM]

It only took 48 hours, an off-the-shelf microchip reader, a journalist and one computer expert to hack into the private identity information stored on the radio microchips of three British passports.

The story of the staged passport sabotage surfaced in The Guardian, a British newspaper, in November. The “hackers” were able to come away with the passport holder’s facial characteristics, passport number and birth date, among other data.

The hacking stunt lent new urgency to the concerns of security experts worried about the Radio Frequency Identification (RFID) chips that, since August, have been put in all newly issued American passports. Radio chips are supposed to make it harder to forge passports, but the technology was rushed into use without ever being tested by independent analysts. Some observers think the chips may be vulnerable to identity thieves and might even be used to explode bombs, though experts acknowledge that’s unlikely.

“I still haven’t been convinced that we have to do it this way,” said Bruce Schneier when asked his thoughts about updating passports using RFID. Schneier is a chief technology officer at BT Counterpane, an enterprise security company that “protects [a company’s] critical information assets and infrastructure.” He went on to say that he wasn’t sure the benefits of radio chips, such as storing facial biometric data, were worth the risks – risks that he believes still remain unknown.

They remain unknown, explained David Wagner, a cryptographic researcher and an associate professor of computer sciences at University of California, Berkeley, because the government did not release the final model of electronic e-passports to independent review by security experts and technologists before they issued it last August.

The U.S. is not the only country to begin using RFID chips in passports: nations such as the United Kingdom, Australia, and China, among others, had no choice but to start implementing RFID technology after the U.S. threatened to lift visa waiver status for international travelers whose passports were without the chips.

RFID chips work by transmitting and receiving radio signals through an antenna embedded in a silicon chip. The passive microchip used in American e-passports can only transmit data when it is supplied with energy from a nearby “reader”—and the State Department attests on its passport website that the particular chip they’ve used in e-passports can only be read, or activated, by a reader that is no more than about four inches away.

Counterfeiting the chips requires the proper equipment – a reader that could be used to skim data from a passport’s chip is purported to cost anywhere between $100 and $300 – and the savvy to use it, said Mark Roberti, founder and editor of the RFID Journal, which describes itself as the “world’s objective authority” on RFID technologies. Even if a criminal managed to make a passable fake RFID chip, the hacker would still have to manipulate his physical facial characteristics to pass through a passport checkpoint.

This is because, for added security, while presenting an e-passport an individual’s facial characteristics, which can be described as the face’s peaks and valleys, are analyzed by a camera located behind the passport reader.

“Let’s say they can copy the data — and I don’t know that they can — they would somehow need to be me,” said Roberti. He also points out that while spoofing an RFID chip is possible, an exact clone can never be made, because each chip comes with a specific “digital signature,” a radio’s unique fingerprint that cannot be duplicated.

Even though the chips may make forgery more difficult, Schneier believes the threat of “surreptitious access” to data on the chip makes this possible benefit a moot point. Surreptitious access, or the use of a hidden reader to steal the information off of someone’s passport chip without their knowledge, is one of the biggest concerns security and privacy experts have about the new e-passports. According to Schneier, this would not have been an issue if the State Department hadn’t bypassed using the smart card chip. Smart card technology requires interlocking physical contact with a reader and thus rules out the possibility of someone gaining surreptitious access to a holder’s personal data.

The State Department did not respond to repeated requests for comment, but Roberti speculates that the government might have steered clear of the smart card chip because contact-free technology requires less upkeep. “Contact technology typically wears out,” he said. “With RFID, you very rarely need to replace [parts] because there is not touching involved.”

On its website, the State Department acknowledges its 2003 announcement concerning its plans to update passports with RFID was met with overwhelming public dissent. The outcry was due in part because the government’s initial passport design lacked any security precautions. In response, the department implemented security features, including metallic shielding on the passport cover to disrupt the radio signal and a signal scrambler known as Basic Access Technology.

Basic Access works by scrambling the personal data on the microchip, allowing it to be unscrambled only with the appropriate pass code, similar to a PIN number for an ATM machine. The code is specific to each individual passport, being derived from a random combination of numbers found on the face of the passport, and is revealed to the reader when the passport is waved in front of it.

Despite encryption, The Guardian journalist and computer programmer were able to unscramble the personal data on the passport by writing a computer program that deciphered information passed from the RFID chip to the reader. According to The Guardian article, in reply to the stunt the United Kingdom Home Office explained that hackers would need to have access to the physical passport in order to get the PIN that unlocks data stored within. In other words, criminals would have to physically steal someone’s passport in order to get the scrambled data – so surreptitious access is prevented. They also pointed out that data obtained from the chip poses no greater threat to personal security than the data that can be obtained on paper passports since, aside from the biometric imagery, the chip contains the same information that’s printed on your passport cover.

But even if these security measures are sufficient, will these measures stand the test of time? After all, a passport has to last up to ten years before expiring. Roberti feels this is the biggest concern raised by the e-passports. “I do think, that when you’ve got something that’s going to last ten years, any type of electronic technology will be out-of-date quickly,” he said.

One solution is for the chips to be regularly updated in much the same ways computers are updated to protect against viruses. Whether the State Department plans to do this remains to be seen.

No matter what side of the issue they stand on, those interviewed said they would feel more confident in the chips if the government had subjected e-passports to independent scrutiny before they were introduced.

“Questions have been raised about how secure they truly are, and the best thing they could have done was to widely share the technology, and let everyone attack,” said Stanley, a privacy expert for the American Civil Liberties Union. “Waiting until you come out with it to see how it fares is not the best way to proceed.”

Subscribe

The Scienceline Newsletter

Sign up for regular updates

About the Author

Discussion

2 Comments

Alan Dove says:

I don’t get the argument that the biometric data on the chip preclude forgery. Why couldn’t one simply copy the basic passport data from the original chip, then modify the biometric information to match one’s own face? Burn a new chip with the altered information, and everything would check out. It’s the same idea as substituting the picture. The only way to counter this would be to have every customs scanner do a cross-check with the central passport database to see that the original biometric data match the data on the passport. But if you’re doing that, why put the biometric data on the chip at all?

The whole thing strikes me as a pointless use of new technology. It doesn’t seem to provide any benefits over the old barcode plus picture.

Ciara Curtin says:

Check out Wired‘s “How To: Disable Your Passport’s RFID Chip” (http://www.wired.com/wired/archive/15.01/start.html?pg=9). Which, they note, is illegal.

Leave a Reply

Your email address will not be published. Required fields are marked *