February 18, 2005

New-look passports - The Economist stands before the Identity Juggernaut

Identity fits squarely in the Rights layer, as it establishes a way to get access to assets and resources. There are other ways, all methods having their pros and cons. The problem - the cons - with identity is that while it may well be fine for humans, it is a simply hopeless, intractable way to deal with computers and networks. To make matters worse, it is the only method that non-technical people understand, so we have a dichotomy between those who understand ... and those who really understand it. Or, at least, between those who use it and those who implement it.

All this notwithstanding, the identity project of national governments is rolling forward like a juggernaut, and rather than politicise this forum, I've tried to keep away from it. That project is much too much like "you're either with us or against us" and technical issues are swept aside in such debates. I fear that's a line in the sand, though, and the tide is rolling in.

Last December, The Economist weighed in against the juggernaut, and copies are circulating around the net. As a reputable listing of the dangers of one Identity project, this one is worth preserving. If I find a reputable listing for the benefits of the Identity project, I'll do the same.

Friday February 18th 2005

Border controls

New-look passports

Feb 17th 2005
From The Economist print edition

High-tech passports are not working

IN OLDEN days (before the first world war, that is) the traveller simply
pulled his boots on and went. The idea that he might need a piece of paper
to prove to foreigners who he was would not have crossed his mind. Alas,
things have changed. In the name of security (spies then, terrorists now),
travellers have to put up with all sorts of inconvenience when they cross
borders. The purpose of that inconvenience is to prove that the passport's
bearer is who he says he is.

The original technology for doing this was photography. It proved adequate
for many years. But apparently it is no longer enough. At America's
insistence, passports are about to get their biggest overhaul since they
were introduced. They are to be fitted with computer chips that have been
loaded with digital photographs of the bearer (so that the process of
comparing the face on the passport with the face on the person can be
automated), digitised fingerprints and even scans of the bearer's irises,
which are as unique to people as their fingerprints.

A sensible precaution in a dangerous world, perhaps. But there is cause for
concern. For one thing, the data on these chips will be readable remotely,
without the bearer knowing. And-again at America's insistence-those data
will not be encrypted, so anybody with a suitable reader, be they official,
commercial, criminal or terrorist, will be able to check a passport holder's
details. To make matters worse, biometric technology-as systems capable of
recognising fingerprints, irises and faces are known-is still less than
reliable, and so when it is supposed to work, at airports for example, it
may not. Finally, its introduction has been terribly rushed, risking further
mishaps. The United Sates want the thing to start running by October, at
least in those countries for whose nationals it does not demand visas.

Your non-papers, please

In theory, the technology is straightforward. In 2003, the International
Civil Aviation Organisation (ICAO), a UN agency, issued technical
specifications for passports to contain a paper-thin integrated
circuit-basically, a tiny computer. This computer has no internal power
supply, but when a specially designed reader sends out a radio signal, a
tiny antenna draws power from the wave and uses it to wake the computer up.
The computer then broadcasts back the data that are stored in it.

The idea, therefore, is similar to that of the radio-frequency
identification (RFID) tags that are coming into use by retailers, to
identify their stock, and mass-transit systems, to charge their passengers.
Dig deeper, though, and problems start to surface. One is interoperability.
In mass-transit RFID cards, the chips and readers are designed and sold as a
package, and even in the case of retailing they are carefully designed to be
interoperable. In the case of passports, they will merely be designed to a
vague common standard. Each country will pick its own manufacturers, in the
hope that its chips will be readable by other people's machines, and vice

That may not happen in practice. In a trial conducted in December at
Baltimore International Airport, three of the passport readers could manage
to read the chips accurately only 58%, 43% and 31% of the time, according to
confidential figures reported in Card Technology magazine, which covers the
chip-embedded card industry. (An official at America's Department of
Homeland Security confirmed that "there were problems".)

A second difficulty is the reliability of biometric technology.
Facial-recognition systems work only if the photograph is taken with proper
lighting and an especially bland expression on the face. Even then, the
error rate for facial-recognition software has proved to be as high as 10%
in tests. If that were translated into reality, one person in ten would need
to be pulled aside for extra screening. Fingerprint and iris-recognition
technology have significant error rates, too. So, despite the belief that
biometrics will make crossing a border more efficient and secure, it could
well have the opposite effect, as false alarms become the norm.

The third, and scariest problem, however, is one that is deliberately built
into the technology, rather than being an accident of its present
inefficiency. This is the remote-readability of the chip, combined with the
lack of encryption of the data held on it. Passport chips are deliberately
designed for clandestine remote reading. The ICAO specification refers quite
openly to the idea of a "walk-through" inspection with the person concerned
"possibly being unaware of the operation". The lack of encryption is also
deliberate-both to promote international interoperability and to encourage
airlines, hotels and banks to join in. Big Brother, then, really will be
watching you. And others, too, may be tempted to set up clandestine
"walk-through inspections where the person is possibly unaware of the
operation". Criminals will have a useful tool for identity theft. Terrorists
will be able to know the nationality of those they attack.

Belatedly, the authorities have recognised this problem, and are trying to
do something about it. The irony is that this involves eliminating the
remote readability that was envisaged to be such a crucial feature of the
system in the first place.

One approach is to imprison the chip in a Faraday cage. This is a
contraption for blocking radio waves which is named after one of the
19th-century pioneers of electrical technology. It consists of a box made of
closely spaced metal bars. In practice, an aluminium sheath would be woven
into the cover of the passport. This would stop energy from the reader
reaching the chip while the passport is closed.

Another approach, which has just been endorsed by the European Union, is an
electronic lock on the chip. The passport would then have to be swiped
through a special reader in order to unlock the chip so that it could be
read. How the European approach will interoperate with other countries'
passport controls still needs to be worked out. Those countries may need
special equipment or software to read an EU passport, which undermines the
ideal of a global, interoperable standard.

Sceptics might suggest that these last-minute countermeasures call into
doubt the reason for a radio-chip device in the first place. Frank Moss, of
America's State Department, disagrees. As he puts it, "I don't think it
questions the standard. I think what it does is it requires us to come up
with measures that mitigate the risks." However, a number of executives at
the firms who are trying to build the devices appear to disagree. They
acknowledge the difficulties caused by choosing radio-frequency chips
instead of a system where direct contact must be made with the reader. But
as one of them, who preferred not to be named, put it: "We simply supply all
the technology-the choice is not up to us. If it's good enough for the US,
it's good enough for us."

Whether it actually is good enough for the United States, or for any other
country, remains to be seen. So far, only Belgium has met America's
deadline. It introduced passports based on the new technology in November.
However, hints from the American government suggest that the October
deadline may be allowed to slip again (it has already been put back once)
since the Americans themselves will not be ready by then. It is awkward to
hold foreigners to higher standards than you impose on yourself. Perhaps it
is time to go back to the drawing board.

Related Items

From The Economist
Biometrics Dec 4th 2003

America's State Department has information on the machine-readable passport requirement <http://www.state.gov/r/pa/ei/rls/36114.htm>. The Enhanced Border Security Act <http://thomas.loc.gov/cgi-bin/query/z?c107:H.R.3525.ENR:> set the timetable for the introduction of the passports
<http://europa.eu.int/idabc/en/document/3669/194>. The EU has information on its own plans to introduce machine-readable passports. Ari Juels <http://www.rsasecurity.com/rsalabs/node.asp?id=2029> is a security expert at RSA laboratories.

Copyright The Economist Newspaper Limited 2005. All rights reserved.

Posted by iang at February 18, 2005 10:18 AM | TrackBack
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.