DHS, State push 'passport-lite'
Connecting state and local government leaders
Security experts say additional features are needed to reduce security risks with RFID.
As the Homeland Security Department moves forward with its People Access Security System (PASS) card, travel document security professionals inside and outside government continue to question the use of radio frequency identification technology in the cards.
The PASS card, which will enable U.S. citizens to enter the country by land and sea ' but not air ' from Canada, the Caribbean, Bermuda and Mexico, is designed to be a cheaper alternative to a passport and speed border crossing times.
The RFID tag component of the card will contain a number unique to each individual. The number will link to a database containing the holder's identity information.
DHS recently awarded a five-year, $72.7 million contract to General Dynamics to develop cards for the program.
Raising doubts Critics have cited privacy and procedural issues, costly duplicate technologies, and counterfeiting as potential threats with the card.
Some experts have questioned whether a system to read the cards would ever be fully implemented at borders.
General Dynamics' contract calls only for creating the cards.
No proposals or timelines have been issued for installing reader infrastructure or the related database, which is required to capture information from the card. In the meantime, the cards will be visually scanned by border crossing agents, the same procedure in place today.
RFID relies on ultra-high-frequency readers to capture card information from a distance. Any RFID reader available to the public will be able to read the cards.
The State Department, which worked in conjunction with DHS on the card specifications, initially stated that ' to counter privacy concerns ' the card could only be read from a distance of four inches.
But tests showed a read distance of approximately 30 feet.
The government has since said that metallic sleeves would be provided, in which PASS card holders should store their cards to prevent unauthorized access.
What is needed, some experts say, is encryption on the card to prevent theft of information or counterfeiting. The cryptography key would only be available to authorized personnel, further guaranteeing the authenticity of the card and making it harder to counterfeit.
The United States 'is adopting a technology that has never been used in human identity authentication with no regard to the number security in it,' said Neville Pattison, vice president of government affairs and standards at Gemalto North America, one of the bidders on the contract.
'It seems that the privacy aspects were not as important as the operational aspects' in choosing the card technology, said Joerg Borchert, vice president of chip card and security integrated circuits at Infineon Technologies, another bidder on the contract.
Several experts question the cost of installing separate reader systems for passports and PASS cards, which use separate technology systems.
'DHS has a great number of credentialing programs,' such as the Transportation Worker Identification Credential, First Responder ID Card and Real ID, said Ken Scheflen, an independent consultant. 'Why not use the same standards for all of them?' Instead, most DHS credentialing programs are run independently, he said.
Before launching his consulting practice, Scheflen advised some of the contract bidders and worked with State on its new passports in addition to being responsible for the implementation and development of the Common Access Card at the Defense Department.
Many experts also say the RFID technology was not adequately tested in the field, and they expect a high failure rate for the cards.
DHS has 'done a pilot using RFID and I-94 documents, a document used by visitors coming to this country, [and] only 14 percent of the cards could be read,' Pattison said. Humidity and a range of other factors can affect read rates.
Optical option Kathryn Alsbrooks, director of U.S. federal programs at LaserCard, a subcontractor on the General Dynamics proposal for the program, said an additional security feature could be added to the card: optical memory via a laser-readable strip built into the unit's polycarbonate structure.
Federal officials with oversight authority in the travel document security arena have told GCN repeatedly that such laser strips have never been counterfeited and cannot be altered.
The strips could contain an embedded hologram showing the cardholder's digital photograph and biographical information.
Those laser photos, which officials say also cannot be counterfeited, would provide a biometric identification function that border guards could use without electronic equipment.
Of the approximately 150 points of entry, the Customs and Border Protection agency said it plans to install RFID readers at the 39 busiest ' which account for 95 percent of crossings into the United States ' by the end of 2008. At the remaining sites, officials will use the cards as visual flash passes without checking the biometric data embedded in the cards.
NEXT STORY: VA tool patrols the network