Hot debate over proper technology slows progress on border-crossing ID

Published 23 June 2006

Political pressures from states bordering Canada persuaded DHS to relax its demand that U.S. and Canadian citizens crossing the border back and forth for shopping carry passports; instead, a biometric ID card would be issued; trouble is, there is an acrimonious debate over what technology to use in the card

At the beginning the Department of State and DHS wanted U.S. and Canadian citizens crossing the border to do some shopping to carry passports. Heavy pressure from the congressional delegations of states which benefit from these cross-border shopping trips — New York, Michigan, North Dakota, Washington — persuaded the two departments to opt instead for a simpler and cheaper credit card-sized ID for land border crossings by U.S. citizens. This was more than five months ago, but an interagency debate over which technology should be used for the card has hobbled the project. This is not only an interagency technology debate — but also an intra-agency debate: DHS’s own Data Privacy and Integrity Advisory Committee opposes the very technology DHS supports.

DHS proposes using active RFID technology so the card could be read from a relative distance (just as toll cards are now being read on some U.S. highways). The State Department is concerned about active RFID’s privacy implications, supporting instead passive RFID technology which makes the card readable only by proximity readers capable of reading cards at a distance of two to four inches only.

Active RFID, capable of transmitting data for up to thirty feet, are more susceptible to skimming by hackers (this is why drivers can leave them on their dashboards for toll readers to read). DHS counters by saying that it intends to add security to an RFID card by placing only a unique identification number on the card and using the number to retrieve personal information from a central database. This means that a hacker would be able to pick up only a number which, for him, would be meaningless since he would not have the means to access the DHS database. In addition, DHS says that RFID is better because it would allow for quicker processing of traffic across the border.

RFID critics reject both assertions. Since it is not possible to detect electronically whether an RFID card had been tampered with, a border official would have to inspect the card physically, slowing down the process. DHS’s Data Privacy and Integrity Advisory Committee agrees with this argument: In a 19 May report it said that “just as someone holding a key to a house cannot be identified as the owner of the house based upon possession of that key alone,” a biometric check, such as an iris scan, must be conducted on border crossing people even if the active RFID on their dashboard appears to be in order.