Tuesday, April 10, 2007

May I Beam Your Passport, Please?

Fraudulent U. S. passports can lead to a lot of trouble, which is why a couple of years ago, the U. S. State Department announced that as of October 2006, all new passports issued would contain an RFID chip with identifying information such as the owner's photograph, name, and birth date. These chips provide their information to a suitably equipped reader placed a few inches away, without the need for physical contact.

From the viewpoint of a potential passport forger, this is bad news. From now on, he will have to imitate not only the paper quality and other distinguishing characteristics of a genuine passport, but will also have to make or steal an RFID chip with encrypted data that matches the printed information and can be read by a U. S. customs official's machine. Or at least that seems to be the thinking of the State Department.

What they may not have counted on is the chorus of negative publicity that has greeted the introduction of the new technology. Numerous news reports over the last two years portray the RFID-equipped passport as a security risk, not a benefit. The fear is that a hacker with pirated software and enough hardware could read your name and personal information from many feet away, not just inches, and without your knowledge. To alleviate these fears, State added a metallic shield in the cover so the chip can't be read unless the booklet is open. But critics weren't satisfied: hotels, restaurants, banks, and many other establishments often want to see your passport, and who knows if you're being spied upon by radio waves at any of those places? The government has gone ahead with the rollout, but the prevailing winds of public opinion still blow cold on the idea.

I've discussed RFID at other times, so today I'd like to concentrate on a factor that many engineers either ignore or neglect in dealing with ethical issues: public perception of a technology. For better or worse, engineers tend to be a breed apart: conversant with mathematics that is unfamiliar to most people, inclined to think in terms of logical connections and detailed chains of reasoning rather than overall impressions, and often (but not always) insensitive to the emotional resonance of a situation. To a logical, problem-solving mind (many of which may work for the U. S. State Department, we hope), the problem of U. S. passport fraud suggests a technical solution: RFID chips that are hard to fake and hard to read without authorized gear. Since the cost of a passport hasn't gone up, and they will be easier to use if anything, why on earth would anyone object to such a thing?

I'll tell you why: because the notion of someone being able to view your photograph, date of birth, and other personal data by invisible means of which you are unaware, creeps out many ordinary people. (If I concentrate, I can get creeped out by it myself, although it's an effort.) I think it's this instinctive repugnance at the idea that some kind of evil twin of Superman can look through your clothes, into your wallet, and read stuff that you don't want just anybody to see, that is at the root of a lot of the opposition to RFID-equipped passports.

Technically speaking, the critics have a point. I am no RFID expert, but I do know something about antennas, and with any RFID system there are at least two antennas involved: one on the chip and one in the reader. Basic antenna theory says that the maximum distance you can read an RFID chip from depends on the characteristics of both antennas. A potential data thief can't do anything about the RFID chip's antenna, but he can certainly build a fancier and more sensitive antenna than the usual reader employs, especially if he can hide it somewhere at a distance (because it will tend to be larger than the conventional unit). So there is some truth to the idea that RFID chips which are normally read from a few inches away can sometimes be read at much larger distances if you go to enough trouble on the reader end.

As far as hacking the encryption software goes, unless the State Department has come up with something new that they're not talking about, it is simply a matter of bringing to bear enough resources to break virtually any computer encryption. One big problem in this department is that passports are supposed to be valid for ten years. If some bad guy out there does manage to break the RFID encryption code, is the U. S. State Department going to recall all its passports for an upgrade? The answer isn't clear.

But beyond these technical problems lies the larger public relations problem. If I were a State Department engineer, I might say something like, "Look, these people who are complaining don't understand the technology, they don't understand the problems with forgery we're having, and anyway, they don't have a choice, so they might as well pipe down." Needless to say, such an attitude is unhelpful. Whenever an organization tries to introduce a new technology, people will try to make sense of it by using whatever intellectual resources they have. For good or ill, RFID has a kind of spooky spying-at-a-distance reputation these days which seems to be predominantly negative except among a minority of enthusiasts such as the gentleman who implanted RFID chips in his hands (see this blog's "A Chip In Your Shoulder?", Mar. 27). The public doesn't seem to mind RFID chips in bags of cookies or packaged rutabags if it helps check you out at the grocery store faster. But chips in your passport or your body, that's getting personal, and the emotional temperature falls right away.

I'm not sure how the State Department could have handled this better. But it does seem like they should have informed themselves more about what people would think of the new technology. They did respond to initial concerns with the shielding fix, but as often happens, the negative press got rolling and gained a momentum of its own. Now you can read different ideas on how to disable the chips, ranging from washing the passport with your socks and underwear (doesn't work) to running it through a microwave (throws off sparks and catches fire) to pounding the back cover with a hammer (probably effective). Nobody is saying what happens if you show up with one of the new passports in which the chip doesn't work. Maybe if it means a full-body search, people will change their minds about wrecking the chips. For me personally, I'm going to hang on to my old passport till it expires in 2011, and maybe by that time they will have come up with something even more advanced—or more controversial.

Sources: An article by Kelly Heyboer in the New Orleans Times-Picayune online edition of Apr. 8, 2007 (http://www.nola.com/national/t-p/index.ssf?/base/news-0/1176014434312450.xml&coll=1) clued me in to this issue. Bruce Schneier of the Washington Post wrote a critical piece about it in the Sept. 16, 2006 edition found at http://www.washingtonpost.com/wp-dyn/content/article/2006/09/15/AR2006091500923.html. I tried to look at the U. S. State Department's website that deals with U. S. passports, but the page was apparently down or overloaded.

1 comment:

  1. This blog deserves more comments than it gets. Maybe your target audience (engineers) are too busy designing things to read or write in blogs.

    I especially admire your reasoning in this particular post. I'm not anti-intellectual, but I am anti-academic (by which I mean NOT that I'm opposed to the people known as "academics" [of which you are one!], but to what I perceive as the "academic" style of thought -- purely abstract and impractical). The reason for the cliche of the "mad scientist" is a popular conception that too much abstraction destroys common sense. The weather man needs to look out the window once in a while. Purely abstract calculations can lead us astray -- not because the laws of physics aren't absolute, but because real-world situations are so complicated that a "reality check" is often needed. When we were in school, we were told that after solving a problem we should check to see if the answer was reasonable (if it was a category of problem for which a "feel" for what's reasonable was possible) -- usually as a guard against having misplaced a decimal. Mad scientists forget to do that.

    I'm not claiming common sense is superior to careful, empirically-based calculation; in 1903, common sense said the Wright brother's contraption could never fly. But BOTH are needed and useful.

    So, long story short, I agree with you that emotional public perception of technological advances should be taken into consideration. Not just because of problems with public acceptance, but because common sense may notice something that abstract calculation overlooked. Like, in this example, "If the State Department can read my private information, what's to stop everyone else?"

    Cousin Mike