Smart Card Alliance Says No to Long-Range RFID
In a press release yesterday, the Smart Card Alliance weighed in on plans by the U.S. Department of Homeland Security (DHS) and several states including Arizona, Vermont and Washington, to develop and issue enhanced state driver's licenses that could be used as acceptable alternative documents for crossing the United States' land and sea borders. The Smart Card Alliance says it "has serious privacy and security concerns for U.S. citizens participating in these programs based on the direction DHS has been recommending for the enhanced driver's license technology."
The Smart Card Alliance applauds state efforts to boost security at borders while facilitating trade and tourism; however, the Alliance also believes that ensuring the privacy and security of U.S. citizens is a primary requirement and that the technology choice for an enhanced driver's license must also address this critical requirement.
The Smart Card Alliance, a not-for-profit, multi-industry association, is in a good position to be objective on the merits of different technologies under consideration for border crossing cards because its members provide both the technology favored by DHS, long-range radio frequency identification (RFID) products, and the more secure and privacy-sensitive products the Alliance recommend for enhanced driver's license programs, secure RF contactless smart cards. Even as manufacturers of RFID, the Alliance attests to the fact that long-range RFID, the most likely technology to be selected by DHS, is an inappropriate technology for human identity documents.
Within the WHTI specification and in the Washington and Arizona enhanced driver's license projects, DHS has proposed a long-range vicinity-read RFID technology solution. This proposal raised serious privacy, security, and operational functionality issues among industry experts in responses to the Department of State's Federal Register Notice for the WHTI passport card.
Industry concerns include:
The full Smart Card Alliance response to the Department of State Federal Register Notice for the WHTI passport card is available at http://www.smartcardalliance.org.
- The lack of strong cryptographic features in long-range RFID-based cards, making it easy for criminals to read the unprotected, static citizen identifiers from the cards and create fraudulent documents.
- The reliance on real-time access to central databases and networks in order to verify every individual's identity, leading to vulnerabilities to infrastructure failures and attacks or to network and system security breaches.
- The challenges of reliably reading large numbers of long-range RFID tags at crowded border crossing points, making it unlikely that desired operational efficiencies will be achieved.
- The ability for criminals to use inexpensive long-range RFID readers to detect the citizen's electronic identity from a distance, putting U.S. citizens carrying the enhanced driver's license at risk of having their movements tracked.
Add your comment... (note that all comments are reviewed before they're published)