Long-range RFID under consideration for PASS card

24 April 2006

The proposed PASS border card, for use by citizens wanting to cross the USA’s northern and southern borders, could use RFID chips capable of being read at a distance up to 30 feet.

Jim Williams, director of the US Visit Program at the Department of Homeland Security, made the comments at a recent industry conference, creating an immediate debate surrounding the privacy and security implications of such a move.

The PASS card (People Access Security Services) has been proposed in response to the Western Hemisphere Travel Initiative signed by the United States, Mexico and Canada and a federal mandate that requires a passport or an alternative document to cross these borders starting from 2008.

The US State Department would be responsible for issuing the new documents. According to Williams and Frank Moss, deputy assistant secretary of state for passport services, who presented later in the Smart Card Alliance Government Conference, both long-range RFID technology and contactless smart chip technology are still being considered for the PASS card, with the State Department reportedly preferring the contactless smart card chip option, as is currently being implemented in ePassports. (Contactless smart card technology also uses radio frequency for communications, but is based on microprocessors with built-in security features, capabilities that are not present in typical long read range RFID chips.)

To increase security, DHS plans to use a digital facial image as a biometric, so border agents can make sure the person carrying the credential is the one to whom it was issued. But with US$1.8 billion in trade crossing the border every day, DHS needs to balance the goals of security and privacy protection with economic efficiency, which translates into a requirement for fast throughput at the land borders.

To speed things up, the current thinking at DHS is that they would use some form of RFID that could be read from up to 30 feet away, so when individuals get to the checkpoint their information has been pre-loaded for the agent to see. The card would contain a 96-digit number that points to a database record containing demographic information and a facial image of the cardholder.

According to Williams, security and privacy is assured by the fact that any personal information is stored remotely, and no personal information is broadcast. DHS is currently testing such technology, although test results have not yet been released.

The problem with contactless smart card technology is that the read range is only a couple of inches, and customs and border agents are concerned about throughput and people dropping cards or sticking their arms out of the car.

A decision as to which technology will be selected is expected within a month.