Byte - Privacy concerns over e-passports (June 2005)
The implementation of biometric passports compliant with International Civil Aviation Organisation (ICAO) standards has caused significant outcry from privacy advocates and civil liberties groups.
The standards are set out in the ICAO’s harmonised blueprint for the integration of biometric identification information into passports and other Machine Readable Travel Documents (MRTDs). The guidelines select facial recognition as the globally interoperable biometric for identity confirmation. High-capacity, contactless integrated circuit (IC) chips are recommended to store identification information in MRTDs.
Privacy advocates and civil liberties groups worldwide have expressed significant opposition to the adoption of the so-called e-passports. The main concern centres on the choice of technology used to store information. IC chips, commonly known as RFID (Radio Frequency Identification) chips use radio waves to transmit information. The unique feature of RFID is that information can be read from a distance using an electronic reader. The passport does not need to be physically scanned through a reader. Technology experts warn however that with specialised antennas, data may be read up to 30 feet away. The implications of this are vast, with a considerable possibility of unauthorised data access. The key concern of privacy groups is the potential for identity theft, given that the chip stores a large amount of personal information - name, date and place of birth and a digital photograph.
The concerns are paramount in light of the United States Congress deadline of 26 October 2005 requiring citizens of all 27 Visa Waiver Program nations (including Australia) to carry biometric passports compliant with the ICAO standards.
Countries are currently considering various data protection measures to address such concerns. Encryption, password access and metal shielding inside passport jackets are amongst some of the features being evaluated. The US, though initially reluctant to adopt such measures has since retracted from this stance. Australia is one of the first countries to develop a trial e-passport and has chosen to implement public key infrastructure (PKI) technology to ensure the security of personal information. It remains to be seen however whether such measures will allay these concerns.