There has been some comment online regarding the privacy and security risks of the forthcoming United States Biometric Passports, and the Department for Homeland Security's plans for Federal Employee Smart ID Cards, as outlined by this Wired article and the RFID Kills website.
However it should be remembered that the United Kingdom Passport Service is planning to issue very similar Biometric Passports, to the same International Civil Aviation Organisation standards for Machine Readable Travel Documents at almost the same time as the United States.
"The UKPS is planning to implement a facial recognition image biometric in the British Passport book from late 2005/early 2006."
"In line with ICAO recommendations, the UKPS will deploy contactless integrated circuit media (i.e. a computer chip) of sufficient capacity to facilitate storage of the facial image and at least one additional biometric identifier. A contactless chip includes an aerial to allow close proximity readings, i.e. without being swiped through a reader. Modern contactless chips are paper-thin and therefore particularly suited to being incorporated in passport books or passport identity cards."
Privacy International have published an analysis of the Passport Service's 5 year plan and the confusion with the controversial National Identity Register and ID Card scheme.
Astonishingly, as outlined in the recent Identity Cards Bill Second Reading debate in the House of Lords, the UK Government does not currently plan to insist on checking the Biometrics of United States passport holders, despite the wretched US-VISIT system, which the United States has unilaterally imposed on United Kingdom tourists and business travellers.
The Minister of State, Home Office (Baroness Scotland of Asthal):
"Thus if the United Kingdom were not to introduce its own biometric passports, British citizens visiting the United States would first have to obtain a visa.
Lord Maclennan of Rogart: My Lords, I am extremely grateful to the noble Baroness for giving way. Is there any intention to achieve reciprocity in this respect? Do the British Government intend to make similar demands of American citizens?
Baroness Scotland of Asthal: My Lords, the British Government have not come to a view on that"
Surely border controls between two countries should be on an equal footing in terms of cost, inconvenience and delay to travellers ?
"remember, the privacy activist is nowhere near as technically sophisticated as you are but can smell a universal identifier from a mile away"
RFID Contactless Biometric smartchips, embedded in a United Kingdom passport will introduce exactly the same risks to personal privacy and safety a sthe United States RFID Biometric Passport, making us more vulnerable to criminals and terrorists than using the alternative and well understood contact smarcards, e.g. like Chip & PIN credit cards etc. We have been pointing these sort of risks with RFID tags, especially if they are ever used by our military armed forces, for over two years now, but only recently have some of the media started to pick up on these potential risks.
It does not matter how much more sophisticated the RFID chips in Passports can afford to be, compared with the disposable ones being touted for individual supermarket item barcode replacement tags, the privacy risks are almost the same.
Even if strong encryption is incorporated at some point in the message exchange protocol between the Passport chip and the reader device, the initial part of the handshake will be unencrypted and easily recognisable as a United Kingdom or United States passport.
Even if strong encryption is used, there is simply no way to protect against man-in-the-middle attacks by rogue passport reader equipment which an attacker has placed between a genuine Passport reader and the victim's RFID passport, which cannot communicate with the genuine Reader , because of the alleged "security feature" of a restricted range for the normal operation of the RFID radio link. Since the plan is to use Industrial Scientific Medical band "licence free" radio frequencies, there will be lots of cheap off the shelf hardware available which can read these chips or can be modified to extend the normal working range with non-standard antennas or amplifiers.
There may be some level of protection available against such a man-in-the-middle attack, at some airports and port passport control booths, in some countries, but not worldwide , and not if the Passport is demand and checked by, for example hotels or car hire offices.
This ability to select by Nationality or even by Individual very worrying prospect as it is ideal for a terrorist bomb trigger to be activated when a sufficient number of UK or US Passports, or when a certain individual Passport (and almost certainly the holder of the Passport) is detected within its blast radius.
The UK Biometric Passport specifications still seem to be secret, but, if they follow the United States ones, then none of the information encoded on the embedded chip will not be encrypted, although it will hopefully be digitally signed to reduce, but not entirely eliminate, the chance of forgery.
One obvious solution to the privacy and security risks that such RFID Passports imply is to shield the RFID antenna and prevent it from being read in secret. Metal foil will do the job nicely, as we have demonstrated with our aluminium foil lined London Transport Oyster Card wallet holder.
There are two approaches to this, one to have the Faraday cage radio frequency shielding built into the cover of the Passport book, in which case whatever alleged time saving a "contactless" RFID chip may possibly have over a Contact chip evaporates, as people and officials have to manually open the covers sufficiently to expose the RFID chip embedded page inside the Passport to the Reader.
The second approach is to keep your passport in an external holder or outer wallet which is shielded. This might work reasonably well, given that there are usually queues in front of Passport control , where the "dead time" of queuing can absorb the fumbling to get remove the RFID Passport from its shielded wallet.
Unfortunately this approach negates all the attempts to use metal dtetectors, Passive Millimetre Wave , Low Intensity Backscatter X-Ray, Teraherz or Ultra Wideband imagers which are meant to find possible weapons or drugs etc - your shielded Passport or wallet shows up opaque on all these systems and will lead to a massive number of false alarms.
How better to smuggle small quantities of drugs etc. or explosives than in a shielded Passport wallet ?
There is some muttering from the US authorities that they might somehow use a grid of wires rather than a continuous metal shield to protect from RFID snooping, which might, in theory, if it is designed to block the RFID frequency only, overcome the "see under your clothes" or metal detector problem. This does not address the extra delay and cumbersome manual procedure of having to find the correct inside page of the RFID passport to present to the Reader device.
Many countries already optically scan or photocopy the Machine Readable page of modern passports. This resides on the inside back cover of the Passport. If built in shielding is used, then the RFID chipped page cannot
be placed on this page, as it will not work - the shielding behind the RFID antenna will be enough to interfere with the induction of sufficient electric current into the RFID antenna which then powers up the contactless RFID chip.
If a Biomteric SmartCard chip is to be embedded in a Passport, then it is safer, more private and more convenient from a handling point of view to use a contact system like a Chip & PIN credit card, or a completely optical system such as a 2D barcode, rather than a Contactless RFID chip.