Thursday, 19 October 2006

PASS card: RFID "passport light"

Aaron Caplan calls attention in a comment on an earlier article to this week's announcement by the USA Department of State of plans for a "card format passport" with a remotely-readable RFID chip. Citizens of the USA would (if, of course, other countries agree), be able to use this so-called "PASS card" in lieue of a standard passport book for travel between the USA and Canada, Mexico, Bermuda, and the Caribbean (i.e. for trips for which, until the Western Hemisphere Travel Initiative takes effect, no passport at all is current needed).

The proposed rule is available at http://www.regulations.gov by searching for docket "DOS-2006-0329". Few details are given, but, "The Department of State will accept comments from the public up to December 18, 2006. The Department of State solicits comments on the selection of RF vicinity read technology for the passport card."

The RFID chip on the proposed PASS card will be unshielded, and will respond to any query with an unencrypted "unique reference number". Since the PASS card is intended for frequent border crossers, it will likely be used as a "loyalty card" by businesses near the borders. And your "unique reference number" will be added to your Choicepoint, Acxiom, and other dossiers the first time you show your PASS card, and some other ID, at such a business.

According to the proposed rule, the ISO 18000-6C "vicinity read technology would allow the passport card data to be read at a distance of up to 20 feet from the reader" with current technology. PASS cards will be valid for 10 years, the same as standard USA passport books, during which time improved technology will probably increase the feasible read range. By comparison, the State Department claims that the ISO 14443 "proximity" RFID chip being deployed in USA and other passport books "requires the proximity chip to be read within approximately four inches of the reader," although I've seen it demonstrated from at least five times further than that.

The State Department and the Department of Homeland Security have blamed their decision to add RFID chips to USA passports on the need to comply with International Civil Aviation Organization (ICAO) standards. But the proposed new RFID "PASS card" won't comply with the ICAO standards.

Why?

The passport card is not designed to be a globally interoperable travel document as defined by the International Civil Aviation Organization (ICAO). Designing a card format passport for wide use, including by air travelers, would inadvertently undercut the broad based international effort to strengthen civil aviation security and travel document specifications to address the post 9/11 threat environment.... The passport card is designed and authorized for international land and sea travel between the U.S., Canada, Mexico, the Caribbean, and Bermuda and will not be a globally interoperable document. Therefore, the ICAO standards and recommendations for globally interoperable passports would not apply to passport cards.

If effect, the State Department is saying, "We'll do whatever we feel like, or whatever ICAO says -- whichever we feel like."

The real reason for the USA not to comply with the ICAO standards in this case appears to be the desire to use a substantially longer-range type of RFID chip.

ICAO Document 9303, which sets the standards for booklet-size RFID passports , also includes standards for credit-card ("Size 1") travel ID documents ("TD-1"), including an option for a TD-1to include an RFID chip. Annex H to Section IV of ICAO Document 9303, Part 3 provides for either an ISO 14443 "proximity" chip (range supposedly only 10 cm, but actually at least 50 cm or 0.5 m) or an ISO 15693 "vicinity" chip (range reportedly up to 1.5 m).

Instead of either of those, the State Department proposes to use ISO 18000-6C chips with, so they say, 20 ft. (6 m) range, more like the range of the chips used in RFID road-toll payment (and vehicle tracking) devices like Fastrak and E-ZPass. That's a very different definition of "vicinity".

So much for standards when they stand in the way of surveillance.

Link | Posted by Edward on Thursday, 19 October 2006, 08:20 ( 8:20 AM) | TrackBack (0)
Comments

I have posted about this card format passport here: http://www.blah3.com/article.php?story=2006101806383014.
My take is a different one, but the end result is the same.

Posted by: TimBuck2, 22 October 2006, 19:15 ( 7:15 PM)

a good read.

Posted by: laptop, 10 June 2008, 18:24 ( 6:24 PM)
Post a comment









Save personal info as cookie?