Spotlight on Surveillance
Homeland Security PASS Card: Leave Home Without It
EPIC's "Spotlight on Surveillance" project scrutinizes federal government programs that affect individual privacy. For more information, see previous Spotlights on Surveillance. This month, Spotlight focuses upon the PASS card project of the Western Hemisphere Travel Initiative (WHTI), coordinated by the departments of State and Homeland Security.1 For Fiscal Year 2007, President Bush has requested $1.94 billion for border security, of which WHTI is a part.2
An RFID tag or chip will trasmit information to a reader, which will communicate those results to a database. This database is often linked to other databases and, possibly, the Internet.
Source: Government Accountability Office
The Intelligence Reform and Terrorism Prevention Act of 2004 mandated that, by January 2008, the departments of Homeland Security and State develop and implement a plan to require U.S. citizens and foreign nationals to present a passport or other documents to prove identity and citizenship when entering the United States from certain countries in North, Central or South America.3 This program is called the Western Hemisphere Travel Initiative, and its impact is the greatest upon U.S. citizens who routinely cross the border. Accepted documents for U.S. citizens will be either a valid U.S. passport or the proposed People Access Security Service (PASS) card, which, if adopted as proposed, would include a long-range wireless technology that would create an increased security risk.4 This is a significant change from the previous system, where U.S. citizens would show a driver’s license, birth certificate or nothing at all to cross the border. Approximately 23 million U.S. citizens cross the border to Mexico or Canada about 130 million times per year.5
The State Department recently published a proposed rule in the Federal Register for the creation of the PASS card, which would be used for “international travel by U.S. citizens through land or sea ports of entry between the United States, Canada, Mexico, the Caribbean, and Bermuda.”6 The PASS card would not be valid identification for air travel.7 The card would cost $20 for those ages 16 and up and $10 for those under age 16, and applicants might also have to pay a $25 “execution fee.”8 There are also costs for the reader equipment. In May, the Government Accountability Office found that a problem associated with the PASS card is that “no all land ports of entry currently have equipment to read documents, and existing equipment may not be compatible with the approach chosen.”9 There is also the cost to U.S. citizens in terms of international trade. For example, Sen. Patrick Leahy said that his state of Vermont would be significantly affected. In 2004, “Vermont exported $1.516 billion worth of products to Canada.... Policies that hamper this trade have obvious and serious consequences for Vermont businesses and workers.”10 There are concerns about the effect on the U.S. tourism industry. “In 2003, more than two million Canadians visited Vermont and spent $188 million while here. If these new burdens discourage Canadians and other foreign visitors from traveling to Vermont, our tourism industry will feel it,” Sen. Leahy said.11 And Vermont is just one of the many border states that would be affected.
An RFID-enbedded card contains a tag or chip (on which data is stored) and an antenna (to transmit the data to a reader). "Active" RFID tags or chips have an internal power source, transmit continuously, and can initiate communication wtih readers. "Passive" RFID tags or chips do not have an internal power source; nor can they initiate communication with readers.
Source: Government Accountability Office
Fiscal concerns and questions about privacy and security safeguards of the PASS cards led Sen. Leahy to co-sponsor, with Sen. Ted Stevens of Alaska, legislation to postpone implementation of the Western Hemisphere Travel Initiative until certain requirements are met.12 The legislation, recently passed, mandates that the departments of Homeland Security and State “ensure that the technology for any Passport Card (PASS Card) meets certain security standards – and that the National Institutes of Standards and Technology certify the technology chosen by DHS and State.”13 Upon learning of the State Department’s proposed rule for the PASS card technology, Sen. Leahy expressed disappointment. “This draft rule shows the importance of our reforms to improve the PASS Card system and to make these agencies more accountable…Without even testing the technology for use as a passport or personal ID, they have chosen a weaker security standard that would make our borders less secure and that would risk the personal information of millions of Americans,” he said.14 But Sen. Leahy said that the recently passed WHTI requirements would help to safeguard privacy rights. “[T]he security issue will be revisited when the National Institute of Standards and Technology is required to certify whether it would protect Americans’ personal identification,” he said.15
The data on the PASS card would include the personal information currently displayed in passports, “bearer’s facial image, full name, date and place of birth, passport card number, dates of validity and issuing authority,” and the reverse side would include “a machine-readable zone.”16 The card “will use a full facial image printed on the card as the biometric identifier.”17 The PASS card also will “utilize Radio Frequency (RF) technology to store and transmit” a unique reference number to the border official so that she may access the traveler’s information in a large federal database, “which could include additional information, for example, information about the bearer’s membership in one of [Customs and Border Protection’s] international trusted traveler programs.”18
The federal government has been increasingly using RFID technology in its identification documents. The Department of Homeland security last year began using RFID-enabled I-94 forms in its United States Visitor and Immigrant Status Indicator Technology (“US-VISIT”) program to track the entry and exit of visitors.19 This year, the State Department began issuing RFID-enabled passports to U.S. citizens.20 Only 23% of U.S. citizens have passports.21 Therefore, under the Western Hemisphere Travel Initiative, U.S. citizens would have to carry either a passport, which costs $97 for first-time applicants, or a PASS card. As the proposed Western Hemisphere Travel Initiative PASS card, U.S. passport, and US-VISIT I-94 entry and exit forms all contain RFID chips, if the PASS card proposal is adopted, then all U.S. citizens carrying either a passport or PASS card and visitors entering the country through US-VISIT will be able to be tracked using RFID technology.
There are significant privacy and security risks associated with the use of RFID-enabled PASS cards to track the entry and exit of U.S. citizens, particularly if individuals are not able to control the disclosure of identifying information. They include the risks of clandestine tracking of individuals, “skimming,” and “eavesdropping.”
In the absence of effective security techniques, RFID tags, whether passive or active, are remotely and secretly readable. Concerning RFID-enabled passports, security expert Bruce Schneier noted, “Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.”22 This demonstrates one security risk of the RFID-enabled PASS cards proposal, that of clandestine tracking.
Other privacy and security risks associated with RFID-enabled identification cards include “skimming” and “eavesdropping.” Skimming occurs when information from an RFID chip is surreptitiously gathered by an unauthorized individual. Eavesdropping occurs when an individual intercepts data as it is read by an authorized RFID reader. The Government Accountability Office has said that “without effective security controls, data on the tag can be ready by any compliant reader; data transmitted through the air can be intercepted and read by unauthorized devices; and data stored in the databases can be accessed by unauthorized users.”23
The radio frequency identification (RFID) chip24 embedded in the PASS card would be passive (without an internal power source), and it would utilize, “vicinity read technology” that “would allow the passport card data to be read at a distance of up to 20 feet from the reader.”25 This is a large distance, much larger than the few inches that would be necessary to hand a PASS card to a border official. This longer distance increases the security risk, as unauthorized readers could be hidden a significant distance from the PASS cardholder.
The Government Accountability Office has highlighted this security problem unique to wireless technology:
The widespread adoption of the technology can contribute to the increased occurrence of these privacy issues. As previously mentioned, tags can be read by any compatible reader. If readers and tags become ubiquitous, tagged items carried by an individual can be scanned unbeknownst to that individual. Further, the increased presence of readers can provide more opportunities for data to be collected and aggregated.26
Although DHS states that the RFID tags will only carry a unique reference number, which will not contain any personally identifiable information, the numbers are linked to data files, and are subject to interception. The reference number is the key that permits access to records in the federal database.27 Anytime a U.S. citizen is carrying his RFID-enabled PASS card, his unique reference number, which is linked to his individual biographic information, could be accessed by unauthorized individuals. And because the RFID wireless technology is unseen, the person would not know that his information was intercepted.
Part of the reason the vicinity read technology is being used is to “facilitate a faster processing of individuals” at the border, according to the State Department.28 However, tests have shown that RFID technology is detrimental to the security and efficiency goals of the inspection process. According to documents obtained last year by EPIC under the Freedom of Information Act, government testing of the RFID-enabled passports uncovered many problems with the program.29 Tests conducted by the Department of Homeland Security revealed that wireless RFID technology does not improve the efficiency of the inspection process.30 The tests found that “[i]nstructions on the reader distract the inspector, e.g. electronic displays” and “[r]eaders require too much attention and time on the part of the inspector.”31
Questions concerning the security and privacy risks associated with RFID technology are not unique to the United States. The European Union, which includes 25 member states, is also scrutinizing the technology. The increasing use of RFID technology “will raise tremendous challenges for sovereignty, individual liberties and economic independence. It will be necessary that citizens keep control of how the information concerning them is utilized and updated and how the tags can be deactivated,” EU Information Society Commissioner Viviane Reding recently said at the EU RFID 2006 Conference.32 “We have to reinforce our efforts to make sure that privacy enhancing technologies are deployed when they are needed,” she said.33 The European Commission is considering proposing legislation in 2007 to ensure privacy safeguards in the use of RFID technology.34
Recently passed legislation in the United States has delayed implementation of the WHTI until “the National Institute of Standards and Technology certifies that the Departments of Homeland Security and State have selected a card architecture that meets or exceeds International Organization for Standardization (ISO) security standards and meets or exceeds best available practices for protection of personal identification documents.”35 It also requires that “the National Institute of Standards and Technology shall also assist the Departments of Homeland Security and State to incorporate into the architecture of the card the best available practices to prevent the unauthorized use of information on the card.”36 A thorough evaluation finds that the limited timesaving benefits do not outweigh the significant privacy and security risks that would be associated with RFID-enabled PASS cards, and the National Institute of Standards and Technology should not certify the proposed PASS card system.
1 Spotlight has examined identification issues previously, evaluating the Transportation Worker Identification Credential (July 2006), http://www.epic.org/privacy/surveillance/spotlight/0706/; the Registered Traveler Card (October 2005), http://www.epic.org/privacy/surveillance/spotlight/1005/; and the Homeland Security ID Card (April 2005), http://www.epic.org/privacy/surveillance/spotlight/0405/.
2 Department of Homeland Security, Budget-in-Brief Fiscal Year 2007 (Feb. 6, 2006), available at http://www.dhs.gov/interweb/assetlibrary/Budget_BIB-FY2007.pdf and http://www.epic.org/privacy/surveillance/spotlight/0806/dhsb07.pdf.
3 Pub. L. No. 108-408, §7209, 118 Stat. 3638, 3823 (2004).
4 Department of State, Card Format Passport; Changes to Passport Fee Schedule Proposed Rule, 71 Fed. Reg. 60928 (Oct. 17, 2006) [hereinafter “PASS Card Proposed Rule”], available at http://www.epic.org/privacy/surveillance/spotlight/0806/pass_fr.html.
5 Frank Moss, Deputy Assistant Secretary for Passport Services, Bureau of Consular Affairs, Department of State, Hearing on Proposed Western Hemisphere Passport Rules: Impact on Trade and Tourism Before the Subcom. on Immigration, Border Security and Citizenship of the S. Judiciary Comm., 108th Cong. (Dec. 2, 2005), available at http://judiciary.senate.gov/testimony.cfm?id=1714&wit_id=4868 and http://www.epic.org/privacy/surveillance/spotlight/0806/moss_1205.html.
6 Id.; Press Release, Department of State, Department of State to Introduce Passport Card (Oct. 17, 2006).
7 PASS Card Proposed Rule, supra note 4 at 60929.
8 Id. at 60931.
9 Government Accountability Office, Observations on Efforts to Implement the Western Hemisphere Travel Initiative on the U.S. Border with Canada, GAO-06741R (May 25, 2006), available at http://www.gao.gov/new.items/d06741r.pdf and http://www.epic.org/privacy/surveillance/spotlight/0806/gao06741r.pdf.
10 Statement of Senator Patrick Leahy, Hearing on Proposed Western Hemisphere Passport Rules: Impact on Trade and Tourism Before the Subcom. on Immigration, Border Security and Citizenship of the S. Judiciary Comm., 108th Cong. (Dec. 2, 2005), available at http://judiciary.senate.gov/member_statement.cfm?id=1714&wit_id=2629 and http://www.epic.org/privacy/surveillance/spotlight/0806/leahy_1205.html.
12 Pub. L. No. 109-295 (2006).
13 Id.; Press Release, Office of Senator Patrick Leahy, President Signs Bill With Leahy’s Measure To Delay Border-Crossing ID Requirements Until Bush Administration Certifies Better Coordination and Preparation (Oct. 4, 2006).
14 Press Release, Office of Senator Patrick Leahy, Comments of Sen. Patrick Leahy (D-Vt.) (Chief Sponsor Of The Leahy-Stevens Amendment) On the State Department’s Proposed Rule, Issued Tuesday To Implement the PASS Card Border ID System,
Part of the Western Hemisphere Travel Initiative (WHTI) (Oct. 17, 2006).
16 PASS Card Proposed Rule, supra note 4 at 60930.
19 The US-VISIT program has issued more than 459,000 RFID-enabled I-94 forms. Press Release, Department of Homeland Security, DHS Proposes to Expand the Use of Vicinity RFID in Implementing Western Hemisphere Travel Initiative (Oct. 17, 2006); EPIC previously has commented upon the security and privacy risks involved in the US-VISIT program’s use of RFID-enabled I-94 forms: http://www.epic.org/privacy/us-visit/100305_rfid.pdf.
20 Press Release, Department of State, Department of State Begins Issuing Electronic Passports to the Public (Aug. 14, 2006).
21 Congressional Research Service, Canada-U.S. Relations 96-397 (May 1, 2006), available at http://leahy.senate.gov/issues/Immigration/Canada-USRelations.pdf and http://www.epic.org/privacy/surveillance/spotlight/0806/crs96397.pdf.
22 Bruce Schneier, Opinion, Passport radio chips send too many signals, Int’l Herald Tribune, Oct. 4, 2004.
23 Gregory C. Wilshusen, Director Information Security Issues, Government Accountability Office, Hearing on Ensuring the Security of America’s Borders through the Use of Biometric Passports and Other Identity Documents Before the Subcom. on Economic Security, Infrastructure Protection, and Cybersecurity of the H. Comm. on Homeland Security, 108th Cong. (June 22, 2005), available at http://www.gao.gov/cgi-bin/getrpt?GAO-05-849T and http://www.epic.org/privacy/surveillance/spotlight/0806/gao05849t.pdf.
25 PASS Card Proposed Rule, supra note 4 at 60931.
26 Government Accountability Office, Report to Congressional Requesters: Information Security: Radio Frequency Identification Technology in the Federal Government, GAO-05-551 (May 2005), available at http://www.gao.gov/new.items/d05551.pdf and http://www.epic.org/privacy/surveillance/spotlight/0806/gao05551.pdf.
27 “This reference number will be assigned by Department of State at the time the passport card is issued.” PASS Card Proposed Rule, supra note 4 at 60930.
29 Department of Homeland Security, International Civil Aviation Organization, and International Organization for Standardization, E-Passport Mock Port of Entry Test November 29 thru December 2, 2004: Operational Impact on the Inspection Process obtained by EPIC through FOIA requests available at http://www.epic.org/privacy/us-visit/foia/mockpoe_res.pdf.
32 Viviane Reding, Member of the European Commission responsible for Information Society and Media, RFID: Why we need a European Policy (Oct. 16, 2006), available at http://europa.eu.int/rapid/pressReleasesAction.do?reference=SPEECH/06/597&
format=PDF&aged=0&language=EN&guiLanguage=fr and http://www.epic.org/privacy/surveillance/spotlight/0806/reding_1006.pdf.
34 Id.; Aoife White, “EU Calls for RFID Privacy Enhancements,” Associated Press, Oct. 16, 2006.
35 Pub. L. No. 109-295 (2006).