http://economist.com/science/displayStory.cfm?story_id=3D3666171
http://economist.com/science/PrinterFriendly.cfm?Story_ID=3D3666171
Border controls
New-look passports
Feb 17th 2005
From The Economist print edition
KOBAL COLLECTION
High-tech passports are not working.
IN OLDEN days (before the first world war, that is) the traveller
simply pulled his boots on and went. The idea that he might need a
piece of paper to prove to foreigners who he was would not have
crossed his mind. Alas, things have changed. In the name of security
(spies then, terrorists now), travellers have to put up with all sorts
of inconvenience when they cross borders. The purpose of that
inconvenience is to prove that the passport's bearer is who he says he
is.
The original technology for doing this was photography. It proved
adequate for many years. But apparently it is no longer enough. At
America's insistence, passports are about to get their biggest
overhaul since they were introduced. They are to be fitted with
computer chips that have been loaded with digital photographs of the
bearer (so that the process of comparing the face on the passport with
the face on the person can be automated), digitised fingerprints and
even scans of the bearer's irises, which are as unique to people as
their fingerprints.
A sensible precaution in a dangerous world, perhaps. But there is
cause for concern. For one thing, the data on these chips will be
readable remotely, without the bearer knowing. And again at America's
insistence those data will not be encrypted, so anybody with a
suitable reader, be they official, commercial, criminal or terrorist,
will be able to check a passport holder's details. To make matters
worse, biometric technology as systems capable of recognising
fingerprints, irises and faces are known is still less than reliable,
and so when it is supposed to work, at airports for example, it may
not. Finally, its introduction has been terribly rushed,=20 risking
further mishaps. The United Sates want the thing to start running by
October, at least in those countries for whose nationals it does not
demand visas.
Your non-papers, please
In theory, the technology is straightforward. In 2003, the
International Civil Aviation Organisation (ICAO), a UN agency, issued
technical specifications for passports to contain a paper-thin
integrated circuit basically, a tiny computer. This computer has no
internal power supply, but when a specially designed reader sends out
a radio signal, a tiny antenna draws power from the wave and uses it
to wake the computer up. The computer then broadcasts back the data
that are stored in it.
The idea, therefore, is similar to that of the radio-frequency
identification (RFID) tags that are coming into use by retailers, to
identify their stock, and mass-transit systems, to charge their
passengers.
Dig deeper, though, and problems start to surface. One is
interoperability.
In mass-transit RFID cards, the chips and readers are designed and
sold as a package, and even in the case of retailing they are
carefully designed to be interoperable. In the case of passports, they
will merely be designed to a vague common standard. Each country will
pick its own manufacturers, in the hope that its chips will be
readable by other people's machines, and vice versa.
That may not happen in practice. In a trial conducted in December at
Baltimore International Airport, three of the passport readers could
manage to read the chips accurately only 58%, 43% and 31% of the time,
according to confidential figures reported in Card Technology
magazine, which covers the chip-embedded card industry. (An official
at America's Department of Homeland Security confirmed that there were
problems .)
A second difficulty is the reliability of biometric technology.
Facial-recognition systems work only if the photograph is taken with
proper lighting and an especially bland expression on the face. Even
then, the error rate for facial-recognition software has proved to be
as high as 10% in tests. If that were translated into reality, one
person in ten would need to be pulled aside for extra
screening. Fingerprint and iris-recognition technology have
significant error rates, too. So, despite the belief that biometrics
will make crossing a border more efficient and secure, it could well
have the opposite effect, as false alarms become the norm.
The third, and scariest problem, however, is one that is deliberately
built into the technology, rather than being an accident of its
present inefficiency. This is the remote-readability of the chip,
combined with the lack of encryption of the data held on it. Passport
chips are deliberately designed for clandestine remote reading. The
ICAO specification refers quite openly to the idea of a walk-through
inspection with the person concerned possibly being unaware of the
operation . The lack of encryption is also deliberate both to promote
international interoperability and to encourage airlines, hotels and
banks to join in. Big Brother, then, really will be watching you. And
others, too, may be tempted to set up clandestine walk-through
inspections where the person is possibly unaware of the operation
. Criminals will have a useful tool for identity theft. Terrorists
will be able to know the nationality of those they attack.
Belatedly, the authorities have recognised this problem, and are
trying to do something about it. The irony is that this involves
eliminating the remote readability that was envisaged to be such a
crucial feature of the system in the first place.
One approach is to imprison the chip in a Faraday cage. This is a
contraption for blocking radio waves which is named after one of the
19th-century pioneers of electrical technology. It consists of a box
made of closely spaced metal bars. In practice, an aluminium sheath
would be woven into the cover of the passport. This would stop energy
from the reader reaching the chip while the passport is closed.
Another approach, which has just been endorsed by the European Union,
is an electronic lock on the chip. The passport would then have to be
swiped through a special reader in order to unlock the chip so that it
could be read. How the European approach will interoperate with other
countries' passport controls still needs to be worked out. Those
countries may need special equipment or software to read an EU
passport, which undermines the ideal of a global, interoperable
standard.
Sceptics might suggest that these last-minute countermeasures call into
doubt the reason for a radio-chip device in the first place. Frank Moss, of
America's State Department, disagrees. As he puts it, I don't think it
questions the standard. I think what it does is it requires us to come
up with measures that mitigate the risks. However, a number of
executives at the firms who are trying to build the devices appear to
disagree. They acknowledge the difficulties caused by choosing
radio-frequency chips instead of a system where direct contact must be
made with the reader. But as one of them, who preferred not to be
named, put it: We simply supply all the technology the choice is not
up to us. If it's good enough for the US, it's good enough for us.
Whether it actually is good enough for the United States, or for any other
country, remains to be seen. So far, only Belgium has met America's
deadline. It introduced passports based on the new technology in November.
However, hints from the American government suggest that the October
deadline may be allowed to slip again (it has already been put back
once) since the Americans themselves will not be ready by then. It is
awkward to hold foreigners to higher standards than you impose on
yourself. Perhaps it is time to go back to the drawing board.
Copyright 2005 The Economist Newspaper and The Economist Group.
NOTE: For more telecom/internet/networking/computer news from the daily
media, check out our feature 'Telecom Digest Extra' each day at
http://telecom-digest.org/td-extra . New articles daily.
*** FAIR USE NOTICE. This message contains copyrighted material the
use of which has not been specifically authorized by the copyright
owner. This Internet discussion group is making it available without
profit to group members who have expressed a prior interest in
receiving the included information in their efforts to advance the
understanding of literary, educational, political, and economic
issues, for non-profit research and educational purposes only. I
believe that this constitutes a 'fair use' of the copyrighted material
as provided for in section 107 of the U.S. Copyright Law. If you wish
to use this copyrighted material for purposes of your own that go
beyond 'fair use,' you must obtain permission from the copyright
owner, in this instance the Economist Newspaper..
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
Marcus Didius Falco (falco_marcus_didius@yahoo.co.uk)