NEW YORK – Countries that have historically friendly relations with the United States on Thursday will begin issuing passports to residents traveling abroad complete with facial-recognition software and digital chips.
The U.S. State Department is already issuing so-called e-Passports to some American travelers as part of the U.S. government's effort to make travel documents more secure in a post-Sept. 11 world.
"The department is committed to shutting down the ability of terrorists and criminals to use false travel documents to move freely through our borders. The upgrade to e-Passports is a significant advance in preventing terrorists from using lost or stolen passports to obtain entry into the United States," Homeland Security Secretary Michael Chertoff said Thursday.
"It is going to make for a quicker inspection. It also allows the inspectors to focus their resources on people who don't have electronic documents who have, perhaps, come from countries of greater concern," added Frank Moss, deputy assistant secretary for consular affairs at the State Department. "I've never tried to tell people the e-Passport is a silver bullet … it is another tool to improve border security ... and to make the inspection process more efficient for the vast majority of legitimate travelers."
Passports currently have a bar code that is swiped by customs officials through a reader. The traveler's information then comes up on the computer screen. The new passports have the regular bar code, digital photographs and an electronic chip in which is stored the same biographical data of the traveler currently on the first page of the "old" passport. E-Passport holders will be able to pass through the customs booth with the e-Passport symbol — hopefully in a quicker fashion than the regular passport lines.
After Sept. 11, not only did the United States and other countries set out to create more secure travel documents, but to do it in a way that didn't put travelers through even more time-consuming security checks.
The Sept. 11 commission noted in its report that the use of forged or fake documents to get into the United States is one of the biggest holes in U.S. homeland security.
The move to more advanced machine-readable passports "sort of went gradually until Sept. 11, 2001, where the world said 'whoa — we have to accelerate research and guidelines on electronic passports because of the bottlenecks in airport security,'" said Denis Chagnon, spokesman for the International Civil Aviation Organization, which created the technical standards for the e-Passports.
Many foreign travelers need to show their visa upon arrival at U.S. airports. But some countries — Australia, France, Germany, Portugal, Spain, Sweden and the United Kingdom, among others — are exempt from that requirement. Those countries participate in the Visa Waiver Program, which only requires a passport for arrival in the United States.
Critics have pointed out that VWP countries have had their own share of terrorists in their midst — for instance, would-be shoe-bomber Richard Reid, a British citizen who flew out of France; and the British citizen bombers who killed 56 others in the subways and on a bus in London on July 7, 2005 — and they shouldn't benefit from more lax security restrictions.
The U.S. Border Security Act of 2002 requires that as of Thursday, passports issued by VWP nations must be electronic. It also requires that U.S. ports of entry have technology in place to compare and authenticate the high-tech documents. All countries issuing e-Passports must also have readers in place to read any other countries' e-Passports.
Come Thursday, "the overwhelming majority of countries" will be in compliance with the new passport requirements, DHS spokesman Jarrod Agen said, adding that some countries outside of the VWP are also beginning to issue e-Passports.
The three countries not yet issuing e-Passports are Andorra, Brunei and Liechtenstein. Their residents will need a visa to enter the United States if they have a passport issues after Oct. 26 until e-Passports are available.
But some groups are concerned that technology in the passports could be preyed upon by identity thieves.
"There have definitely been some improvements in what the government has done. Nevertheless, we're really still not satisfied with the way this is being done," said Lee Tien, senior staff attorney at the Electronic Frontier Foundation.
At home, the State Department began issuing e-Passports to its diplomats and other officials last December, then to other government personnel in April. The new technology was first issued to American tourists Aug. 14 out of the Colorado passport agency; the passports take about six weeks to make and deliver. Last Thursday, passport agencies in Boston, Washington and Miami began issuing them.
Only residents applying for passports in those cities will receive e-Passports immediately. By mid-2007, the State Department hopes to have converted all its U.S. passport agencies to e-Passport production in what Moss said is part of the effort to combat the "active market" of lost and stolen passports around the world.
The United States issued 12.1 million e-Passports in the fiscal year that ended Sept. 30 and officials expect demand to be between 15 and 16 million in the coming fiscal year.
How They Work
The new U.S. passports have an international e-Passport symbol on the cover, which is a rectangle with a circle inside (see photo); each page depicts a different American scene — such as the Statue of Liberty, Boston Harbor, cowboys and a boat on the Mississippi. Each book contains a chip with the passport holder's name, address, date of birth and other biographical information and a digital photograph of the traveler. The chips are called RFID (radio frequency identification) chips; they're equipped with antennae and use radio waves to identify the passport holder. They're similar to chips used in bank cards, cell phones and automated payment systems.
The e-Passport readers at airports also have antennae, which send out electromagnetic waves to the chip and convert incoming waves into digital data that shows up on the airport official's computer screen.
Travelers who arrive at airport inspection booths displaying the international e-Passport symbol will have their passport scanned by a biometric reader. Chagnon said the biggest change travelers may see at some airports is a camera that they will look into so airport officials can determine the passport holder is who the passport says he or she is.
Chagnon explained that encryption keys allow the immigration or security official to determine the passport isn't a forgery and to determine that the person in front of them is same as the one in the passport photo.
"What the coding and decoding does, is it takes hundreds of points, sets of two points all over the face, then it compares those to what the camera sees. So even though someone may look like someone else, they're not the same. The accuracy is such that by comparing these two points, the distance between the eyes isn't the same…it's very accurate," Chagnon said.
"It's really excellent in authenticating a document and a person," he added. "It doesn't replace the person [airport official], it's just an added feature to help authenticate the person, the travel, and the passport and the document."
A State Department official clarified that U.S. airports will not install cameras specifically for e-Passport holders, but they may be used in some airports abroad. The benefit of RFID is that it requires no contact, meaning the user can simply wave the RFID-embedded object close to a reader to get the information verified.
But that's a problem with RFID, come critics say, because anyone sitting nearby with a laptop can easily "skim" the data from the chip when the passport is swiped. Some cyber-security gurus say they've actually cracked RFID and successfully stolen data from cards or other devices using the technology.
Tien likened the RFID swipe to that of punching in your pin number at and ATM with someone looking over your shoulder. Calling RFID an "inherently leaky technology," he said: "If you don't put in more controls, the data's going to be flying in the clear."
U.S. officials say the government has countered those concerns by including various encryption and digital signature devices, as well as a basic-access control in the chip, which essentially locks the chip's data and only allows someone with authorization to read the RFID signal and chip information after the printed lines of data are skimmed through the reader. That's opposed to the chip being an open book for anyone with a compatible reading device. The passport chips are also designed to operate only within 10 centimeters of a chip reader.
A piece of metallic material also covers the passport from front to back, and the chip is included on the third page, not the front.
"At the end of the day, you ended up what looks a lot to me like a swiping card, because you had to deal with the privacy issues," Tien said, adding that two-dimensional barcode passports or laser cards using light technology — not radio waves — would work just as well.
"There's a lack of openness and accountability here that makes me very skeptical about the initial decisions to use RFID, and therefore, the whole policy question about 'should the U.S. government be promoting itself a technology that has known privacy and security issues when there appear to be equally if not better, more effective alternatives."
But Moss said the new passport "establishes a gold standard" for protecting privacy.
"The bottom line is, we have adopted a belt-and-multiple-suspenders approach to security because we want to be sure we're providing the American public with the most secure travel documents possible," Moss said.