All New U.S. Passports Scheduled To Be Electronic By End Of April

However you feel about the many wireless devices that have insinuated themselves into U.S. culture, you might have to tote along at least one more if you plan any international travel. The "device" in question is the new U.S. Electronic Passport, which comes with its own embedded wireless chip and new security features.

The U.S. State Department began issuing U.S. e-passports in August. About half of recent passports issued are e-passports, with the goal of raising that number to 100% by the end of April. Renewals still use the old format.

The easiest way to identify the e-passport is by a small rectangular box that appears under the "United States of America" text in the lower center of the front cover.

The chip in the passport stores a variety of biometric data, including a digital photo, name, address, date of birth and other information that also appears on the photo page of your passport. In the future, it could also store such data as retinal scans and fingerprints.

Some Red Flags

For some -- but not all -- people, that's good news, giving the passport some added security by cutting down on forgeries. Storing data digitally makes it more difficult for someone else to use your passport by stealing it and altering your photo and personal data.

"What we are trying to do here is establish a much more secure link between the authorized bearer of the passport and the document," said Frank Moss, who this month retired as deputy assistant secretary for consular affairs at the State Department. "It greatly complicates the ability of that passport to be used for travel by anyone else."

For others wary of security and privacy issues, e-passports send up red flags.

This is mainly because the chips that store the data primarily work on radio frequency identification technology, which generally enables reading of the data without actual contact with the document. Critics of RFID have identified a range of concerns and unfavorable scenarios, from privacy thieves remotely reading and collecting biometric information, to terrorists identifying and specifically targeting Americans within a particular tourist group.

Researchers have raised questions about vulnerability of the RFID technology in some major contactless credit cards, which are used by their holders for fast, convenient retail checkout and other purposes. Various reports estimate the number of RFID credit cards used in the U.S. at 20 million. A recent study by researchers from the University of Massachusetts, Amherst, RSA Laboratories in Bedford, Mass. (the security unit of EMC EMC), and privately held Innealta in Salem, Mass., found that a number of major RFID-enabled cards were susceptible to privacy invasion. After experiments using a $150 homemade device, they concluded that a criminal could effectively "skim," or read the data on some cards, then "replay," or emit, the same information to make purchases.

The report contends that e-passports are subject to similar attacks. But it adds that security makes crime possibilities unlikely, at least for now.

Effort Began In 2005

In 2005, when the State Department began developing e-passports, it sought public comment. It received more than 2,000, the great majority concerned with security.

In response, the department enhanced the passports with a variety of additional security features, including:

A metallic shielding material in the front cover that wraps around to a portion of the back cover where the chip is located. This is meant to prevent the chip from being energized by a radio signal and consequently read remotely.

A Basic Access Control (BAC) technology that requires authentication before the data on the chip can be read. To read the passport, it must be optically scanned, which generates encryption keys needed to access the information.

In response to fears of Americans being identified remotely by their passports, Moss says U.S. passports are no more identifiable than those issued by other countries.

"These are generic chips used around the world," he said. "There's nothing that specifically marks an American e-passport chip from one being used by a Brit, a German, a Canadian or anyone else. The idea that people will be able to go down the corridor of a hotel and figure out what rooms the Americans are in is just nuts."

Many security experts and other observers say the State Department controls do make the passports more secure, but two concerns persist.

One is whether hackers will be able to crack the e-passport encryption. Last year, a Dutch television program worked with a local security firm to decrypt the codes on a Dutch RFID e-passport.

Shielding Recommended

Security specialists point 15ut that while U.S. passports employ more sophisticated encryption algorithms, it's possible hackers could crack them within the 10-year life of the passport.

The second issue, as expressed in a recent report by Kevin Mahaffey of Los Angeles-based, privately held wireless security firm Flexilis, regards the ability of the metal shield to prevent remote reading when the passport is even partially open, as in a purse or briefcase. Mahaffey says the shield prevents this scenario when the passport is completely closed, but a stronger RFID reader can communicate with a chip when the passport is open even a fraction of an inch.

He recommends that the State Department expand the shielding to the back cover of the e-passport and increase the encryption strength.

Still, authorities are confident the e-passport is secure.

"It's important to note that the first population to whom these books were issued was U.S. diplomats," Moss said. "That's how confident we are with the security of this information."

Copyright 2007 Investor's Business Daily, Inc.