Via Cryptome:
The Department of State is urging Congress to postpone a legal deadline on the adoption of more sophisticated passports because neither international nor U.S. immigration agencies are able to meet the October 26 target. "
"We do not expect to receive large shipments of 64kb chips for use in the U.S. passport until spring, 2005. Like other governments, we expect deliveries to ramp up during 2005, but we ourselves will only be able to complete our transition to a biometric passport by the end of 2005."
"However, given the time it has taken to resolve these complex operational issues, few, if any, will be able to meet the October 26, 2004 deadline. For example, none of the larger countries - Japan, the United Kingdom, France, Germany, Ireland, Italy or Spain -- will begin issuing passports with standardized biometrics by that deadline. The United Kingdom expects to begin in late 2005, Japan to complete transition to full production by April 2006. Others may not come on-line until well into 2006. This delay is not due to a lack of good will but due to significant scientific and technical challenges that has taken us to the cutting edge of changing technologies. "
The words "I told you so" spring to mind.
The use of "contactless chips" is a particular privacy/security risk - what happens when people with amplified/more sensitive radio equipment read people's passports or at least track and identify them as repeat visitors well away from the official passport checking desk, just like with RFID tags, but much more intrusive ?
When will the first "passport chip activated bombs" targeted at individuals or certain nationalities appear ?
The International Civil Aviation Organisation (ICAO), which has ignored the open letter signed by many privacy and civil liberties organisations condeming their Biometric Passport plans, has not published a secure contactless passport chip specification which will safeguard against unauthorised snooping etc.
"4.6 PRIVACY AND UNAUTHORIZED READING(.pdf)
ISO/IEC 14443 and ISO/IEC 15693 specify maximum reading distances for machine (RF) readers that conform. As the available power for the contactless ICs decreases proportional to the sixth power of the distance between the machine (RF) reader and the IC, it is unlikely that unauthorized reading will occur.However, this can not completely ruled out. There are methods of preventing unauthorized reading. One such method is that a state (or other organization) wishing to issue contactless IC may consider giving holders the advice to keep their MRTD in a metal jacket when not in use. This will completely prevent unauthorized reading. The MRTD must be removed from the metal jacket for authorized reading.
With MRPs another option if privacy is of paramount concern is to place a metal surface on an adjacent page. Under this scheme the contactless IC will not be readable while the MRP is closed.
To read the contactless IC the MRP must be opened causing the antenna of contactless IC to be moved away from the metal surface.
At borders, the reading states may need to ensure that the sub-carrier of the contactless IC (returning data to the machine (RF) reader) is not detectable at any appreciable distance from the machine (RF) reader."
i.e. anybody with an amplified antenna will be able to snoop on these contactless chips, or on the official readers at an appreciable distance, just like with WiFi or Bluetooth technologies.
Using metal shielding to prevent snooping of the contactless chip, just like we do with our Oyster Card, means that any metal detectors or Passive Millimetre Wave Radar Cameras, or Low Intensity X-Ray scanners, which are in use at airports to look for hidden weapons etc. will pick up the shielded passports. This will lead to even more false alarms and delays and queues, and stress for passengers, many of whom worry about handing over their passports to yet another set of faceless officials.
Having a metal shielding page adjacent to the page or cover of the passport with an embedded coontactless chip, means that the passport has to be manually opened and scanned, an operation which will take several times longer than the whole point of having a contactless chip /b> in the first place i.e. rapid throughput to reduce the inevitable queues. This does not seem to offer any extra security or convenience over contact chips as used in "Chip and PIN" credit cards and other smartcards.
"We are already working hard on public diplomacy outreach to address some of the negative perceptions and misunderstandings concerning tightened U.S. visa policies. Even longer wait times would make it even more difficult to convince people worldwide that America welcomes and values their presence. The delays resulting from this increased nonimmigrant visa demand will also discourage travel to the U.S. as visitors, both tourist and business people, may "vote with their feet" and choose to travel and take their business elsewhere, or defer their travel to the U.S., hurting relations with some of our closest friends and allies, and harming the American economy. "
This is already happening with the existing insulting and unequal treatment of foreign tourists and business visitors foolish enough to visit the increasingly xenophobic USA.
"At all visa-adjudicating posts overseas, consular officers have pushed the very borders of our nation far beyond our physical limits as a nation. And through our Visa Viper committees at every post, we aggressively pursue all leads so that every element of the Embassy in a position to do so - all over the world - contributes critical information to our consular lookout systems."
In many countries, including the USA, this is a definition of espionage and "activities incompatible with diplomatic status"
Leave a comment