I thought American Expats (particularly those of the less-than-legal variety) might be interested in the article below. It's rather creepy and seems like it could make it a lot easier to track where people have been. I need to get a new passport relatively soon, anyway... I hope they aren't doing this in Madrid yet.
The ID Chip You Don't Want in Your Passport
By Bruce Schneier
Saturday, September 16, 2006; Page A21 If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. If you don't have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don't want one of these chips in your passport. RFID stands for "radio-frequency identification." Passports with RFID chips store an electronic copy of the passport information: your name, a digitized picture, etc. And in the future, the chip might store fingerprints or digital visas from various countries.
By itself, this is no problem. But RFID chips don't have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship. At first the State Department belittled those risks, but in response to criticism from experts it has implemented some security features. Passports will come with a shielded cover, making it much harder to read the chip when the passport is closed. And there are now access-control and encryption mechanisms, making it much harder for an unauthorized reader to collect, understand and alter the data. Although those measures help, they don't go far enough. The shielding does no good when the passport is open. Travel abroad and you'll notice how often you have to show your passport: at hotels, banks, Internet cafes. Anyone intent on harvesting passport data could set up a reader at one of those places. And although the State Department insists that the chip can be read only by a reader that is inches away, the chips have been read from many feet away. The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a "meaningless stunt," pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years. This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding. Whatever happens, if you have a passport with an RFID chip, you're stuck. Although popping your passport in the microwave will disable the chip, the shielding will cause all kinds of sparking. And although the United States has said that a nonworking chip will not invalidate a passport, it is unclear if one with a deliberately damaged chip will be honored. The Colorado passport office is already issuing RFID passports, and the State Department expects all U.S. passport offices to be doing so by the end of the year. Many other countries are in the process of changing over. So get a passport before it's too late. With your new passport you can wait another 10 years for an RFID passport, when the technology will be more mature, when we will have a better understanding of the security risks and when there will be other technologies we can use to cut the risks. You don't want to be a guinea pig on this one. Bruce Schneier writes often on security subjects.
Posts: 1070 | Location: Madrid | Registered: 10 December 2002
I did some looking-up about this, and many articles came out a year ago, stating implementation to begin this October (2006). It seems these chips will contain "the name, nationality, sex, date of birth, place of birth and digitized photograph of the passport holder." I also saw this:
"In regulations published Tuesday, the State Department claims it has addressed privacy concerns. The chipped passports "will not permit 'tracking' of individuals," the department said. "It will only permit governmental authorities to know that an individual has arrived at a port of entry--which governmental authorities already know from presentation of non-electronic passports--with greater assurance that the person who presents the passport is the legitimate holder of the passport." article
From what I understand then it will be used upon entry to the US, for US gov't purposes... it seems to me then it won't be anything that could really hurt those of us aborad less-than-legally, but I may be missing something. And of course, there is also the issue of protecting one's personal idenity information...
From what I understand then it will be used upon entry to the US, for US gov't purposes... it seems to me then it won't be anything that could really hurt those of us aborad less-than-legally, but I may be missing something. And of course, there is also the issue of protecting one's personal idenity information...
The problem is that Spain (and many other countries) have also implemented this technology or will soon implement it. So from here on out, one of these passports will carry a very easily readable record of all entries and exits from any country using this technology. Theoretically, with one blip, passport control, a consulate, extranjería, and anyone else with one of the readers would be able to know that someone has overstayed a tourist visa (as opposed to the way they have to do it now, by looking at all of those inscrutable stamps). Which isn't to say that they are actually going to do anything about someone overstaying (I know quite a few people who have gotten snagged, but they still managed to talk their way through), but I think it's better not to take the chance.
I'm going to do my best to get one this month without the chip. Even though I'm legal, I'd rather have them see where I've been the old fashioned way.
