Privacy coalition calls for halt to biometric/RFID passport plans

Edward Hasbrouck wrote:
passport and travel document standards to include biometric information
and remotely-readable radio-frequency identification (RFID) chips.

There are even greater dangers with biometric and especially RFID.

First and foremost, an individual would have no way of knowing when his
personal information contained in his RFID-equipped passport has been scanned
by *anyone*. So a crook could be collecting tons of personal information by
just standing next to the customs's hall exits.

Secondly, right now, the information stored in your passport does not contain
any "personal identification" used in ATMs or building security systems. But
if passports are to contain biometric information such as fingerprints or iris
"prints", then such information could then be used to access your money
through ATMs should ATMs even switch from PIN to fingerprint/eye identification.

If you suspect your PIN has been compromised, you can change it. You can't
change your fingerprints or eye prints if you suspect your personal
information has been compromised.

They would need to develop a smarter RFID with built in CPU/authentcation
where the only output from the RFID would be true or false. (input biometric
info and output true or false). This way, casual scanning of a passport could
not reveal any personal information.

This does not however remove the problem that like it or not, your biometric
would be recorded by immigration of a country when they scan you in order to
verify it against the info in your passport.

Technically, it would be possible that your biometric info would be just kept
in the immigration system's RAM until it is validated against your passport
and never then written to disk. But you cannot trust all countries, especially
those with 1984ish regimes who have implemented goals of knowing everything
about everyone.


Because passports would need to be "readable" in any country, the encoding and
any encryption would need to essentially be public domain. This means that any
sophisticated crook could produce a passport with fake ID but real biometric
information so that the holder would be authenticated when traveling through
immigration. (unless they actually check against a database and find out the
guy has changed fingerprints since the last time he entered that country).

A safer method would be to have the biometric info staored at your
government's data centre. Immigration of counrtry X would read your
fingerprint, send it along with your name , passport number etc to yoru home
country who would then reply "true" or "false".

This way, only recognized countries with proper data security/privacy laws
would be granted access to this "true or false" service and countries without
safeguards would not be granted access by your home country.


For the USA, it would defeat their true goal since in order to gain access to
a foreign countries biometric verification service, the USA would have to pass
the strict privacy laws that exist elsewhere and that would prevent the USA
from misusing that info which is exactly what the USA wants to do.

http://hasbrouck.org/blog/archives/000178.html

INTERNATIONAL PRIVACY COALITION CALLS FOR
HALT TO ICAO RFID/BIOMETRIC PASSPORT PLANS

In "An Open Letter to the ICAO" released today by Privacy International",
35 privacy and civil liberties organizations from around the world (with
more still joining as endorsers) are calling on the International Civil
Aviation Organization not to adopt the proposals currently before ICAO for
passport and travel document standards to include biometric information
and remotely-readable radio-frequency identification (RFID) chips.

Letter:
http://www.privacyinternational.org/.../terrorism/rpt
/icaoletter.pdf

Background paper:
http://www.privacyinternational.org/.../terrorism/rpt
/icaobackground.html

Previous discussion in my blog:
http://hasbrouck.org/blog/archives/000070.html

As discussed in a background paper from Privacy International accompanying
the joint letter to ICAO, and as previously discussed in my blog, ICAO's
Facilitation Division has been meeting last week and this week in Cairo,
Egypt to consider, inter alia, proposals to require the inclusion in
passports and travel documents of remotely-readable RFID chips and
digitally encoded biometric information, and for the standardization and
sharing with governments of personal information contained in airline
reservations.

ICAO facilitation Section session:
http://www.icao.int/icao/en/atb/fal/fal12/index.html

ICAO proposals:
http://www.icao.int/icao/en/atb/fal/...umentation.htm

ICAO Working Group on Machine-Readable Travel Documents:

These proposals, which are already close to adoption, have enormous
privacy and civil liberties implications which ICAO has not addressed. So
far as I know, no privacy or civil liberties organizations have been
consulted by the relevant ICAO working group, or are in attendance at the
Cairo meetings.

In combination, the proposals now before ICAO would convert existing
commercial airline reservation systems, and individual countries'
border control systems into an integrated "International Infrastructure
for Surveillance of Movement" which would lead both to global biometric
(facial photo and/or iris scan and/or fingerprint) databases and the
ability for governments and commercial entities secretly (due to the
potential for remote reading of RFID chips) to construct and access
lifetime biographic and biometric travel histories.

ICAO is the source of current passport barcode standards. Because the law
in the USA already requires passports used for visa-free travel to the USA
to comply with whatever standard is adopted by ICAO, ICAO (a "technical"
body with no formal procedure for public input) has in effect been
delegated authority to legislate USA and global legal requirements for
passports.

Today's open letter to ICAO is signed by Privacy International, the
American Civil Liberties Union, and other leading digital privacy and
civil liberties groups in the USA, Canada, Europe, Australia, and Korea:

"Specifically, the undersigned call on the ICAO to:

* Follow through on earlier promises to review privacy implications of
biometrics and trans-border personal information transfers;

* Release clear and binding privacy requirements that will reduce the
risks of illegal collection, use, retention, and transfers of this
information;

* Uphold national data protection laws or cultural practices, as
previously promised by the ICAO;

* Prevent, by design or biometric selection, the development of biometric
databases;

* Refrain from adopting RFID or biometric standards until their privacy
and surveillance implications -- and the possibility of alternatives with
less potential for privacy invasion or other abuse by surveillance
agencies -- can be more fully evaluated.

We hope that the choices of biometrics have been driven primarily by
logistical and commercial concerns, and were not intended to facilitate
the conversion of travel systems into a global infrastructure of
surveillance. But we are deeply concerned that this may become their
unintended consequence."

The joint statement on RFID and biometric passports, travel
document, and databases is the second in a series entitled, "Towards an
International Infrastructure for Surveillance of Movement". The first
paper in the series, "Transferring Privacy", focused on international
transfers of airline reservations, particularly between the European Union
and the USA.

"Transferring Privacy":
http://www.privacyinternational.org/.../terrorism/rpt
/transferringprivacy.pdf

----------------
Edward Hasbrouck

http://hasbrouck.org

"The Practical Nomad: How to Travel Around the World"
(3rd edition, February 2004, now in bookstores)
"The Practical Nomad Guide to the Online Travel Marketplace"
http://www.practicalnomad.com

Edward Hasbrouck wrote:
In "An Open Letter to the ICAO" released today by Privacy International",
35 privacy and civil liberties organizations from around the world (with
more still joining as endorsers) are calling on the International Civil
Aviation Organization not to adopt the proposals currently before ICAO for
passport and travel document standards to include biometric information
and remotely-readable radio-frequency identification (RFID) chips.

The combination of biometric data and RFID is particularly scary.

Anyone who passes within a few feet of you could potentially read all the
vitals out of your passport without your noticing.

miguel
--
Hit The Road! Photos and tales from around the world: http://travel.u.nu

Miguel Cruz writes
Edward Hasbrouck wrote:
In "An Open Letter to the ICAO" released today by Privacy International",
35 privacy and civil liberties organizations from around the world (with
more still joining as endorsers) are calling on the International Civil
Aviation Organization not to adopt the proposals currently before ICAO for
passport and travel document standards to include biometric information
and remotely-readable radio-frequency identification (RFID) chips.

The combination of biometric data and RFID is particularly scary.

Anyone who passes within a few feet of you could potentially read all the
vitals out of your passport without your noticing.

Yes, this is disturbing. No matter how the RFID data is encoded or
protected, someone somewhere will find a way of misusing it.

But it would be trivial to make a radio opaque passport cover, and just
remove one's passport when it needs to be read.

The biometric part is a bit of a problem too. It seems that ICAO is
rushing into this without ensuring that all the necessary safeguards are
in place.
--
Simon Elliott
http://www.ctsn.co.uk/

On Tue, 30 Mar 2004 15:42:20 +0100, Simon Elliott
wrote:

But it would be trivial to make a radio opaque passport
cover, and just remove one's passport when it needs to be read.

That's been proposed as a mitigation method. But one has to
*display* one's passport frequently to check into a htoel,
cahs a travellers check, etc. And with RFID, there will be
no way to tell whether the hotel desk clerk, money changer,
etc. has read your passport's RFID/biometric chip (and
retained the data for future use in identity theft,
passport forgery, "gaming" ATM's, etc.).

It seems that ICAO is rushing into this without ensuring
that all the necessary safeguards are in place.

Very true. As the ACLU (one of the initial endorsers of
the Privacy international letter to ICAO) says:

http://www.aclu.org/Privacy/Privacy.cfm?ID=15353&c=130

"The right to movement is recognized as a fundamental right
around the world, and any steps that could restrict that right
must be taken with the utmost care and deliberation. We have
not seen that kind of public discussion about these measures."

----------------
Edward Hasbrouck

http://hasbrouck.org

"The Practical Nomad: How to Travel Around the World"
(3rd edition, February 2004, now in bookstores)
"The Practical Nomad Guide to the Online Travel Marketplace"
http://www.practicalnomad.com