The Samuelson Clinic submitted comments on behalf of eight computer scientists and engineers to the Office of Passport Policy, Planning and Advisory Services at the U.S. Department of State in response to the Department’s February 18 Notice of Proposed Rulemaking on Electronic Passports.
In their comments, these leading cryptology and security experts urged the Department of State to consider fully the security and privacy implications posed by the planned use of RFID technology and biometric information on the data page of U.S. passports. They further urged the Department to incorporate important security measures, including data encryption and RF blocking schemes such as Faraday cages, into rules for the implementation of the electronic passport system.
Additionally, Samuelson Clinic research specialist Jennifer King presented “Embedded RFID and Everyday Things: A Case Study of the Security and Privacy Risks of the U.S. e-Passport” at the IEEE-RFID conference in Dallas, Texas. The study, co-authored by Ph.D student Marci Meingast and Clinic Director Deirdre K. Mulligan, presented a case study of the adoption process of the RFID-enabled e-Passport by the U.S. Department of State. The paper identified privacy and security risks with embedding “everyday objects” such as the e-Passport with RF transponders, and offered a critique of the e-Passport project, which failed to adequately identify and address these risks.