We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Opinion: US biometric passports fail early privacy tests

A concerned American speaks out

US federal officials, eager to step up controls on people entering the country, are preparing to issue passports with embedded personal and face-recognition data. A good plan to increase security it may be, but poorly executed it will put individuals’ privacy at risk.

The US Department of Homeland Security has spent the past six months testing biometric passport prototypes and wants to roll out the new technology as soon as possible.

The passport's chip will store more than just the holder’s name. It will store biometric facial recognition scan data to help a computer recognise the holder by – for instance, the distance between their eyes. It'll also contain a passport photo in digital form, as well as personal data including name, birth date and birthplace, gender and passport number.

Other countries, as well, are adopting passports with electronic data, under a specification developed by the International Civil Aviation Organisation (ICAO). The organisation has created the specifications for most of the world's passports for more than 50 years.

US Homeland Security officials say that the new passports go a long way toward preventing people from using another person's passport. The passports also permit touchless data transfer, meaning that a passport agent can collect the data without connecting the passport's chip physically to a computer. The US wants all travel documents to have touchless technology by 2006.

Unfortunately, in the case of the US passports, the personal information is stored in unencrypted form. Worse, touchless technology might let someone with the right equipment read the personal information at a distance.

Officials are developing workarounds to prevent so-called skimming, but until they do, the contactless technology poses a threat. Instead, officials should use smart cards that must be physically connected before they'll divulge their data. Issuers should also encrypt the data included on a passport.

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model