Thursday, 28 September 2006
Governments prepare to log travellers' movements on passport chips
Earlier this month -- before being sidetracked with other deadlines , the start of a new season of The Amazing Race , and major electrical work on my house that made it hard to get any work done for the last week -- I attended a Symposium on Machine-Readable Travel Documents (MRTD's) at the headquarters of the International Civil Aviation Organization (ICAO) in Montréal, Québec.
I'm used to being the "odd man out" as one of the few independent journalists or consumer advocates at gatherings of travel industry executives. But this was even more extreme: the plenary hall of a United Nations specialized agency (imagine the U.N. General Assembly chamber, just slightly smaller) filled with (A) delegations from the national police, border guards, and ministries of registration and control of the citizenry from a hundred countries, listening to simultaneous translations in English, French, Spanish, Russian, Arabic, and Chinese, (B) vendors of person-tracking hardware and software, also from around the world, and ( C ) yours truly, single-handedly playing the roles of both global civil society and the world press.
This was not a decision-making or consultative event. It had more of the feel of a revival meeting, with an evangelical flavor to the presentations and no questions or comments entertained from the floor until the optional third day of the three-day program , when some delegates had already gone home.
The exhortatory fervor of the speakers urging ICAO member countries to start issuing their citizens with RFID "e-passports" suggested a deep undercurrent of uncertainty on the part of e-passport proponents (vehemently denied, of course) as to whether enough countries can be persuaded to go along to make RFID passports the global norm.
A wide range of numbers were thrown out as to how many countries are "expected", at least by the true believers, to start issuing RFID passports by the end of this year, or next year, or some other future date. It was as though by saying adamantly enough that "the whole world is moving to e-passports" they think they can make it so. Maybe they can. But the fact is that very few countries, and probably not a critical mass, are actually issuing them -- yet.
The standards for MRTD's and RFID passports are contained in ICAO Document 9303:
- ICAO Document 9303, Part 1, Volume 1 (OCR machine-readable passports)
- ICAO Document 9303, Part 1, Volume 2 ("e-passports" or passports with RFID chips)
- ICAO Document 9303, Part 2 (machine-readable visas, including optional RFID chips)
- ICAO Document 9303, Part 3, Volume 1 (ID cards used as travel documents)
- ICAO Document 9303, Part 3, Volume 2 (RFID chips in ID cards used as travel documents)
Resolutions adopted by ICAO's governing council of government representatives, which have the force of the international treaties that created ICAO, require members to stop issuing non-machine-readable passports by 2010. But that doesn't require RFID passports, only the machine-readable lines of OCR type. Despite efforts to imply otherwise, no ICAO decision requires any country to deploy e-passports.
Ironically, one of the problems identified in RFID passport tests is that travellers didn't recognize the RFID passport logo on their passport covers or on the signs identifying the proper lines for e-passport holders at immigration checkpoints, or didn't know what they meant. That should be no surprise, since ICAO and its member governments have avoided promoting awareness of the logo, lest it become identified as a symbol of something evil to watch out for.
My position on the sidelines, without voice or a role in decisions, was fairly typical of that of civil society when it tries to engage with international organizations.
The overt fault lines were also typical: between governments of rich countries (which want more ability to control immigration from poor countries -- the clear subtext was that immigration control and general policing, not prevention of terrorism, are the drivers for RFID passport and other identity credentialing schemes) and governments poor countries (which don't want to spend their limited funds on measures that will only facilitate discrimination against their citizens who want to travel to rich countries, although some are tempted by the promise that the same schemes might facilitate domestic repression and control of dissent); and between all governments (which want sole control over and access to the personal information and dossiers whose collection is facilitated by e-passports) and airlines and other travel companies (who are eager for access to this data for their own commercial purposes in exchange for working as "partners" of law enforcement, as the laws in many rich countries already force them to do anyway).
Perhaps the most poignant speech, when the floor was finally opened for comments, came from one of the delegates from Pakistan, which has spent a relatively large sum for such a poor country on e-passports, in the hope that having more "secure" identity credentials will help mitigate the vicious discrimination against Pakistani travellers as automatic terrorist suspects in most non-Muslim countries.
Despite having an RFID diplomatic passport and a machine-readable visa issued by the Canadian embassy is Islamabad, the delegate had almost been denied entry at Trudeau (Dorval) Airport when his visa couldn't be machine read (probably because of interference between the visa and passport chips, it was suggested).
"If that happens to me as a diplomat, what happens to the common man? Because it's really all about what happens to the common man." Of course, such an argument would have had more weight if it hadn't been coming from the representative of a general who derives his power from a delicate balance between his patrons in the CIA, the national bourgeoisie, and the military, all of whom, for their own reasons and the protection of their privileges, oppose the calls from the common people of Pakistan to throw out the American occupation force.
Some of the most dangerous ideas, unfortunately, were those on which there was no debate. Speaker after speaker, for example, referred to a need to "balance" security and the facilitation of travel, as though there were something incompatible about fascism and making the planes run on time. Since the only voices were those of governments and those vendors who profit by selling them the tools of control of the citizenry, there was no one to raise the possibility that the (or at least a) threat to individuals could come from malign governments or malign corporations. Yet in reality, many people have occasion to travel to countries whose governments they wouldn't trust with their entire life history.
This threat is exacerbated by the taken-for-granted expectations of both rich and poor governments that (A) governments can, and should, have the right not just to monitor but to control who is allowed to go where (see, for example, slides 12 and 13 of this presentation by Joel Shaw -- his actual talk referred specifically to a transition from "Advance Passenger Information" to an "Authorization To Travel" system) and (B) personal data about travelers should be shared reciprocally, universally, and at all levels, so that any law enforcement officer anywhere in the world can retrieve anyone's lifetime travel history as quickly and easily as they can retrieve their criminal history. (This was most evident in the opening keynote by Interpol's second in command, Jean-Michel Louboutin, for which the slides haven't been posted publicly.)
One place I agree with e-passport advocates, however, is that the greatest danger doesn't lie in the chip technology. The danger is in the personal dossiers ("travel histories") whose compilation, use, and commercial and governmental mis-use will be facilitated by RFID passports, by any form of machine-readable passport, or, indeed, by any identity credential which travellers are compelled to produce and display.
The most disturbing evidence of where this is all going is in the fields (Data Group DG 19, "Travel Records") and definitions of tags reserved in the logical data structure in Document 9303 for future use in recording logs of movements on the RFID chips in e-passports, where they would be available to any government or commercial entity to whom one has to show one's passport. In the ICAO standard , these are reserved for future use (see slide 13 of this presentation for another version of this). But as I saw demonstrated, travel records are already being recorded on the RFID chips in Malaysian passports, which began to be issued in 1998 before the ICAO standards were drawn up. Put a Malaysian passport close enough to a standard RFID reader, and you can see a log of the date, time, and place of the last ten entries and exits to and from the country.
I finally got my one chance to raise any of these questions publicly on the final afternoon:
My name is Edward Hasbrouck, and I'm a travel writer and a consultant to the Identity Project , a non-governmental organization in the USA.
I'd like to drill into something Gary McDonald said, that privacy is a major issue but one we haven't heard much about this week.
Obviously, much of the debate about MRTD's has concerned privacy and larger questions of civil liberties and human rights.
But we haven't heard from any presenter who represents primarily those interests, or whose expertise was identified as being primarily in those areas.
So my question is:
First: what is ICAO's practice, either in the past or going forward, to involve those stakeholder groups in the ICAO process, such as by encouraging inclusion of data protection authorities in national delegations to ICAO, or including in ICAO working groups experts from the non-governmental, civil society organizations that signed the Privacy International joint letter seeking dialogue with ICAO on MRTD's?
And second, if ICAO isn't the proper forum for those issues, what is the venue -- particularly within the U.N. system of which ICAO is a part -- where, for example, the security and facilitation interests represented here, especially as traveller identification and information systems such as API [Advance Passenger Information] evolve into travel authorization and control mechanisms -- where and by whom are these being weighed and considered along with, for example, the right to freedom of movement under Article 12 of the International Covenant on Civil and Political Rights, as interpreted and enforced by the U.N. Human Rights Committee.
So (1) how are these interests represented in the ICAO process? And (2) if not here, where is the interface with the other U.N. agencies and civil society stakeholders with expertise on these issues?
I didn't get much of an answer during the public session -- not that I expected one. The panelists bounced my question to the shy and soon-to-retire director of ICAO's facilitation division (which includes the RFID passport project), Mary McMunn . "ICAO isn't an organization just of aviation and immigration authorities", she claimed, despite the evidence to the country in the composition of the audience around her. "ICAO is an organization of governments, and those governments represent and balance within themselves all these concerns."
Gary McDonald from Passport Canada, the chair of the ICAO's Technical Advisory Group on MRTD's, told me later that he had given several briefings to staff of the Privacy Commissioner of Canada. But "briefing" is as far as it had gone. No one I talked to could remember any representative of a privacy, data protection, or human rights office, agency, or NGO ever participating in an ICAO national government delegation or working group.
Bob Davidson of the airline cartel IATA (also based in Montréal, just a few blocks from the ICAO building), is proud to have invited the head of the Article 29 Working Group of European Union data protection officers to IATA's forthcoming conference on electronic passenger processing. That's a step, I'll grant, but stilll only a small one. Since 11 September 2001, IATA and its member airlines have increasingly been excluded from governments' security/surveillance decision-making. And Davidson had one of the most objectionably inhumane lines of the entire event when he told the assembled government representatives, "Every time someone at a border says the magic words, 'political asylum', you've lost." So much for the idea that each time someone reaches a place of refuge from a well-founded fear of persecution, it's a victory for human rights.
Some people (especially the vendors) dismissed opponents of RFID passports as cranks, Luddites, or technically ignorant. But no one was entirely unaware of the issues they have raised. No one seemed to find my presence at all objectionable or inappropriate. And several people told me, off the record, that they thought ICAO should have engaged with its critics, instead of ignoring them. No one would say exactly who had blocked that from happening within ICAO's technical working groups, but fingers pointed at Ms. McMunn and at the USA government delegates from the Department of Homeland Security.
What's urgently needed is for national privacy, data protection, and human rights officials -- perhaps most especially Canada's Privacy Commissioner -- to insist that they be included in their government's delegations to ICAO, and that they be actively and directly involved, not merely consulted, in their government's nominations of non-governmental participants in expert bodies and technical working groups.
It's also urgently important for NGO's concerned with these questions to begin to establish permanent observer status with ICAO. Governments may find other vehicles for policy laundering, but these issues of travel dossiers, and ICAO's role in them, aren't going away any time soon.
There's much more I could say about both the ICAO process and the specific isseus discussed. If you are interested in more information about the MRTS Symposium, including further details on the attendees and exhibitors, please get in touch with me privately.
[Update: The links and the PDF files for ICAO Document 9303 have been updated to reflect the latest versions as of 2008, including the new specifications for RFID chips.]Link | Posted by Edward on Thursday, 28 September 2006, 19:36 ( 7:36 PM) | TrackBack (0)