Print Format - Security vs. Privacy: Continued

December 6, 2004 - E-Pass McLean

Security vs. Privacy: Continued

As the year draws to an end, arguments continue to be presented by both security and privacy experts as to how the threat of terrorism should be confronted while preserving the privacy of the individual. Little progress has been made in finding a middle ground where both sides feel that their respective interests have been adequately met.

In compliance with standards set by the International Civil Aviation Organization (ICAO), an affiliate of the U.N., and beginning next year, all new U.S. passports are scheduled to contain a computer chip embedded in their back cover that will store all of the document's printed biographic information: owner's name, birth date, issuing office, and biometric identifier (a digitized photograph of the passport’s owner). The chips will, however, be capable of containing additional information and identifiers such as fingerprints and iris scans.

At the request of the U.S., this same requirement will apply to foreign travelers entering the United States. After September 2005, new passports issued to residents of some 27 non-visa countries such as England and France must include a microchip containing the information required by the new ICAO standards.

The new passports need only be waved in front of a reader to be read. This ability to be read remotely - at a distance estimated by some authorities to be as much as 30 feet - has met with resistance from civil rights advocates and legal experts.

Though a somewhat more sophisticated version, the chip proposed for the new passport is similar to the common RFID (Radio Frequency Identification) chip widely used to protect merchandise from shoplifters. Several optional requirements proposed by ICAO include the ability to send one piece of information at a time as queried by machine readers and the incorporation of multiple layers of encryption.

The ICAO standards represent a step toward a more secure identity yet fall short of being a complete solution. Privacy rights organizations find much to oppose in the new standards. e-pass, however, offers an ideal solution with which both privacy and security interests can be happy.

Containing a wafer-thin computer with all the appropriate operating and application software from multiple U.S. and state agencies, the e-pass device merges the convenience of smart cards with the processing power of a small computer. Its operating system and CPU control the flow of information set forth by the ICAO standards. This includes biographical information and a digitized photograph of the passport holder. As standards may increase over time, iris scans and fingerprints could also be stored. All of this information can be protected by built-in encrypted authentication proving the originality of all documents.

Contributing to the security of the e-pass device are one or more display windows providing for the selective display of information from any of the data bases contained within the device. As the e-pass device incorporates PIN codes and/or bio-codes, access to the information held by the device is gained only by verification within e-pass of the proper sequence of PIN/BIO codes.

Incorporating digitized images and authenticated documents contributes to the security of the device and the information it contains while the method of entry insures that only the holder of the device may gain access. e-pass brings to the debate a uniquely powerful and secure device, offering a plausible solution to both security and privacy.