This story appeared on Network World at

http://www.networkworld.com/columnists/2005/041805bradner.html

'Net Insider

A target in your pocket

By Scott Bradner, Network World, 04/18/05

Scott Bradner

This is not just another column on the evils of radio frequency identification, even though it starts out looking like one. This is actually about decision-making.

After a series of closed meetings, the U.N.-sponsored International Civil Aviation Organization developed an international standard for electronic passports. The standard specifies a passport with an embedded RFID-like electronic chip. Unlike the RFID chips I have recently written about (here and here), which basically contain a unique ID, the chip in the passport will be able to store all sorts of information (eventually up to 512K bytes). The initial information set includes name, date and birthplace, a digital photo and, I expect, the country that issued the passport. The U.S. and a number of other countries are in the process of adopting the standard. As with other RFID chips, the information in the passport chip will be able to be read without the reader having to be in actual contact with the passport. Also, as with other RFID proposals, quite a few people have expressed considerable concern over this remote reading ability, particularly because the data will not be encrypted. The American Civil Liberties Union (ACLU) and Electronic Frontier Foundation both provided comments to the U.S. State Department on the proposed electronic passport. Their comments and back-up material are online at here and here . Do not read this information if you want to continue to think that the U.S. government wants to protect your safety.

One ACLU document uses information that it obtained under the Freedom of Information Act to detail how the U.S. government repeatedly argued against adding safeguards to the standard, such as encrypting the data or using a device with physical contacts rather than wireless chips, when such safeguards were proposed by other countries. The U.S. government also repeatedly dismissed concerns of surreptitious scanning of these electronic passports, while still in the traveler's pockets. The U.S. government's public position is that the scanners are bulky and only will work at very short distances (about 4 inches). This position willfully ignores the fact that technology is constantly improving. If reading can be done at 4 inches today, it will be 4 feet in a year or two, and 40 feet a few years after that (see my column at DocFinder: 6729). There are many parts of the world where I would not want to travel with a passport in my pocket that could tell any properly equipped terrorist within easy striking distance that I'm an American.

Overall the picture is chilling. What is most chilling is the idea that the U.S. government has been actively trying to keep the passports from being secure. In effect, the government has been actively, and with full warning from many sources, trying to ensure that Americans will be at risk when traveling any place where someone might harbor bad feelings toward the U.S. What kind of decision process could possibly have concluded that putting one's own countrymen at risk was worse than having secure passports? The only thing I can think of is that the U.S. government must want to surreptitiously track passport holders from other countries, and the desire to do that outweighed the safety of Americans. Maybe there is another explanation, one that just involves mulish stupidity or obstinate shortsightedness about the pace of technical evolution. But, as a traveler, I am being put at risk. That's not something that I much like, whatever the explanation.

Disclaimer: Mulish stupidity is not a common Harvard trait, so the above observation is mine - not the university's.

Bradner is a consultant with Harvard University's University Information Systems. He can be reached at sob@sobco.com.