We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,696 News Articles

Opinion: US biometric passports fail early privacy tests

A concerned American speaks out

US federal officials, eager to step up controls on people entering the country, are preparing to issue passports with embedded personal and face-recognition data. A good plan to increase security it may be, but poorly executed it will put individuals’ privacy at risk.

The US Department of Homeland Security has spent the past six months testing biometric passport prototypes and wants to roll out the new technology as soon as possible.

The passport's chip will store more than just the holder’s name. It will store biometric facial recognition scan data to help a computer recognise the holder by – for instance, the distance between their eyes. It'll also contain a passport photo in digital form, as well as personal data including name, birth date and birthplace, gender and passport number.

Other countries, as well, are adopting passports with electronic data, under a specification developed by the International Civil Aviation Organisation (ICAO). The organisation has created the specifications for most of the world's passports for more than 50 years.

US Homeland Security officials say that the new passports go a long way toward preventing people from using another person's passport. The passports also permit touchless data transfer, meaning that a passport agent can collect the data without connecting the passport's chip physically to a computer. The US wants all travel documents to have touchless technology by 2006.

Unfortunately, in the case of the US passports, the personal information is stored in unencrypted form. Worse, touchless technology might let someone with the right equipment read the personal information at a distance.

Officials are developing workarounds to prevent so-called skimming, but until they do, the contactless technology poses a threat. Instead, officials should use smart cards that must be physically connected before they'll divulge their data. Issuers should also encrypt the data included on a passport.


IDG UK Sites

Motorola Moto G vs Nokia Lumia 530 comparison: What's the best budget smartphone

IDG UK Sites

Everything you need to know about Apple's iPhone Camera in iOS 8

IDG UK Sites

Why you shouldn't trust password managers

IDG UK Sites

How to make an 'Apple iWatch' using an iPod nano and a 3D printer