[LINK] US Abandons RFID'd Visas

Roger Clarke Roger.Clarke at xamax.com.au
Sat Mar 10 10:51:18 AEDT 2007 

            http://www.epic.org/alert/EPIC_Alert_14.05.html

========================================================================
[3] Homeland Security Abandons Visitor Tagging Plan Criticized by EPIC
========================================================================

Plans to use radio frequency identification (RFID) technology in the
US-VISIT border security system have been abandoned after pilot testing
failed, Department of Homeland Security Secretary Michael Chertoff
admitted in Congressional testimony on February 9th. A government report
released in January said testing of RFID tags embedded in I-94 documents
was unsuccessful. Chertoff said about the program, "I think, yes, we're
abandoning it. That's not going to be a solution."

In 2005, the Department of Homeland Security began testing RFID-enabled
I-94 forms in its United States Visitor and Immigrant Status Indicator
Technology (US-VISIT) program to track the entry and exit of visitors.
The RFID-enabled forms stored a unique identification number, which is
linked to data files containing foreign visitor's biographic
information, including name, date of birth, country of citizenship,
passport number and country of issuance, complete U.S. destination
address, and digital fingerscans.

EPIC has warned that the proposal to embed RFID tags in travel documents
places visitors to the United States at risk, citing the plan's lack of
basic privacy and security safeguards. In October 2005 comments to the
Department of Homeland Security, EPIC urged the Department to reject the
proposal. EPIC asserted that the timesaving benefits of RFID tag use
would be slight and significantly overshadowed by its privacy and
security risks. EPIC explained, as an invisible technology, RFID allows
a person's information to be accessed without his or her knowledge.
Anytime a visitor is carrying his I-94 RFID-enabled form, unauthorized
individuals could access his or her unique identification number, and
thus the biographic information linked to that number.

In a July 2006 report, the Department of Homeland Security's Inspector
General echoed EPIC's concerns, stating that the US-VISIT border
security program fails to protect data collected through the use of RFID
tags. The report found "security vulnerabilities that could be exploited
to gain unauthorized or undetected access to sensitive data" associated
with people who carried the RFID-enabled forms.

A report released by the Government Accountability Office in late
January identified numerous performance and reliability issues in
Department of Homeland Security's 15-month test.  The report detailed
the failure of RFID readers to detect a majority of visitors'
identification numbers. US-VISIT officials had set a target read rate at
70 percent, but a weeklong test demonstrated that RFID readers correctly
identified only 14 percent of identification numbers. Furthermore, the
report said that even if such performance and reliability issues were
addressed, questions remained about the program's future. The report
said that RFID failed to "meet a key goal of US-VISIT -- ensuring that
visitors who enter the country are the same ones who leave."
Essentially, the I-94 form could not guarantee that the person to whom
the form was issued would be the same individual exiting the country
with the form.

Government Accountability Office report (pdf):

       http://www.gao.gov/new.items/d07378t.pdf

DHS Inspector General Report (redacted) (pdf):

      http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_06-53_Jul06.pdf

EPIC's October 2005 comments to the Dept. of Homeland Security (pdf):

       http://www.epic.org/privacy/us-visit/100305_rfid.pdf

EPIC Guidelines on Commercial Use of RFID Technology (2004) (pdf):

       http://www.epic.org/privacy/rfid/rfid_gdlnes-070904.pdf

EPIC's page on RFID:

       http://www.epic.org/privacy/rfid/

EPIC's page on US-VISIT:

        http://www.epic.org/privacy/us-visit/

========================================================================

-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW

More information about the Link mailing list