News

Smart Card Alliance says long-range RFID poses security concerns

September 11, 2007

PRINCETON JUNCTION, N.J. - The U.S. Department of Homeland Security and several states, including Arizona, Vermont and Washington, have announced programs to develop and issue enhanced state driver's licenses that could be used as acceptable alternative documents for crossing U.S. land and sea borders. According to the Smart Card Alliance, those programs pose "serious privacy and security concerns."

Homeland Security has proposed a long-range vicinity-read RFID technology solution. That proposal raised privacy, security and operational functionality issues among industry experts in response to the Department of State's Federal Register Notice for the WHTI passport card.

Industry concerns include:

A lack of strong cryptographic features in long-range RFID-based cards, making it easy for criminals to read unprotected, static citizen identifiers from the cards and create fraudulent documents.
Reliance on real-time access to central databases and networks in order to verify every individual's identity, leading to vulnerabilities in infrastructure failures and attacks, or to network and system security breaches.
Challenges relating to the reliability of reading large numbers of long-range RFID tags at crowded border crossing points, making it unlikely that desired operational efficiencies will be achieved.
The ability for criminals to use inexpensive long-range RFID readers to detect the citizen's electronic identity from a distance.

The full Smart Card Alliance response to the Department of State Federal Register Notice for the WHTI passport card is available athttp://www.smartcardalliance.org.