State to issue e-passports despite criticism

Electronic passports began flowing to citizens this week in spite of the continuing kerfuffle over a range of technology and policy issues surrounding border security.The rollout of the new e-passport has brought the credibility of smart-card identification units into sharper focus, as procurement and legislative disputes continue to simmer.For example, On Track Innovations Inc. of Ft. Lee, N.J., recently filed a protest of a Government Printing Office decision to eliminate it from the competition for passport smart cards.Congress, when it returns from its summer recess, also will continue to debate whether the People Access Security System card will need a technology shake-up and a 17-month delay.And a recent dust-up over whether the e-passport could be cloned spurred another round of discussion over the document's security and technology.The OTI protest'its second in two years'follows the award of contracts to Gemalto of Washington and Infineon Technologies North America Corp. of San Jose, Calif. for e-passport production.In December 2005, the United States Court of Federal Claims granted OTI's protest against the GPO's decision to eliminate the company from the e-passport contract competition.OTI already provides technology for the Basel project, a large-scale program that involves the issuance and use of smart-card-equipped credentials to thousands of Palestinians who work in Israel.As for the passport technology State already has approved, the department plans to begin distributing the documents at its Denver office, agency officials said. According to State's plans, members of the general public will begin receiving the passports later this week.Infineon and Gemalto have contracts to provide passport cover blanks, which they will send to GPO and the State Department for additional pages and printing, federal sources said.Neville Pattinson, director of marketing and government affairs for Gemalto, said his company would provide the covers from production facilities in Owings Mills, Md. The passport covers come three to a sheet and are subject to 100 percent inspection, he said.When GPO receives the passport cover blanks, the agency adds a 'Faraday box' feature, likely a piece of metal film, to block radio queries to the chip, several sources said. Such unauthorized radio contacts are called 'skimming.'The e-passports, each bearing a secure contactless radio frequency smart chip containing the bearer's name, photograph and a security feature called basic access control, will look and feel different from existing passports, with slightly stiffer covers and textured inner pages.Experts in the government and private industry note that passport security features appear at several levels of sophistication:Specialists in preventing document fraud say many of the controls built into passports mimic similar controls used in the production of currency. However, they add that passport forging organizations, especially those sponsored bynational governments, have shown progressively greater sophistication in challenging anti-fraud measures.State issued some 10 million passports in 2005 and is on track to provide 13 million this year.The technology and smart-chip world last week buzzed with a media flap over whether e-passports could be 'cloned,' based largely on a demonstration at the Black Hat conference in Las Vegas last month. The presenter downloaded the information off an authentic German passport and read the data to a 'blank passport.'The Black Hat demonstration was widely reported as a step in the direction of cloning passports, but advocates of e-passport technology cited several technical reasons why such efforts could be easily detected.State officials and executives of the Smart Card Alliance countered by pointing out that the International Civil Aviation Organization standard that defines e-passports envisioned from the beginning that certain passport information could be read by commercially available passport equipment.Those methods do not represent a security gap in the passport, officials and industry smart-card specialists said.The Smart Card Alliance and State officials defended the e-passport's security, pointing to five chip features that help assure the integrity of the passport (see box).Smart Card Alliance executive director Randy Vanderhoof added that 'efforts to clone passport chips are the electronic equivalent of photocopying the data page,' because the resulting fraud would be obvious.The concern over forged documents also played out on Capitol Hill earlier this month.At a hearing of the Senate Finance Committee, Government Accountability Office witnesses described how they had managed to bluff their way past Customs and Border Protection port officials with bogus documents.Gregory Kutz, GAO's director of forensic audits and special investigations, presented the results of a test titled 'Border Security: Continued Weaknesses in Screening Entrants into the U.S.' (, GCN.com/660), that described how GAO auditors used counterfeit driver's licenses and birth certificates to sneak into the country at nine border crossing points.'CBP officers never questioned the authenticity of the counterfeit documents presented at any of the nine [border] crossings,' Kutz testified.The hearing also featured testimony by Jason Ahern, CBP's assistant commissioner for field operations, among other specialists from government and industry. Ahern described 12 steps the agency plans to prevent document fraud at the borders.Committee chairman Charles Grassley (R-Iowa) used the session to highlight existing technology used by banks and other private companies to expose fraudulent credentials. Industry witnesses estimated that document verification units and the system integration to tie them together could be deployed at all ports of entry for less than $50 million.In addition to publicizing the commercial ID verification systems, Grassley used the hearing to promote a pending administration requirement to tighten border controls for U.S. citizens. The PASS card project of the Western Hemisphere Travel Initiative would require citizens entering the county by land to use secure identification as of mid-2008, potentially via a new 'passport-lite' card.But the PASS card project faces a potential 17-month delay and new technical requirements under a provision of the fiscal 2007 Homeland Security Department appropriations bill, known as the Leahy-Stevens amendment.Border state Sens. Patrick Leahy (D-Vt.) and Ted Stevens (R-Alaska) drafted the measure, which passed the Senate without objection. The House version of H.R. 5541 does not include the provision. A conference committee will decide the amendment's fate after the current congressional recess.Grassley said he would write to the conferees, urging them to reject the Leahy-Stevens amendment on the grounds that the PASS card would simplify and strengthen border security.