Tuesday, 1 August 2006
ICAO acknowledges risks of RFID passport "session keys"
I've noted previously that one of the most significant risks of secretly and remotely-readable Radio-Frequency Identification chips in passports -- even after the changes made to the State Department's original plans for RFID chips in USA passports -- is the potential for the unique chip ID numbers used as "session initiation keys" to also be used as tracking numbers. I've also noted the unverifiable claims by government contractors and others -- although not in the published procurement specifications for RFID chips for USA passports, never by the USA government, and never with any binding commitment -- that the RFID chips in USA passports actually generate and use a new random session key each time they are read, rather than a persist unique chip identification number ("UID").
Now the International Civil Aviation organization (ICAO), the organization whose standards are being used as the justification for RFID passports in the USA and other countries, has finally acknowledged the risk of a persistent session key:
The e-passport may serve as a "beacon" in which the chip emits when initially activated data (the UID number) that might allow identification of the issuing authority. When opening the dialogue between an ePassport and an ePassport reader, some information is immediately exchanged between them.
(June 2006 Supplement to ICAO Document 9303, "Machine Readable Travel Documents".)
But while ICAO now recommends the use of a random session key, they have decided not to require it, but to allow continued use of persistent unique chip ID numbers, despite the risk, "for security reasons" (those reasons remaining unspecified):
That start of the dialogue between an ePassport and a reader, which is technically specified in ISO/IEC 14443, allows the choice of the option whether the ePassport presents a fixed identifier, assigned uniquely for only that ePassport, or a random number, which is different at each start of such a dialogue. Some issuers of passports wish to implement a unique number for security reasons or any other reason. Other issuers give greater preference to concerns about data privacy and the possibility to trace persons due to fixed numbers.... The use of random UIDs is RECOMMENDED, but States MAY choose to apply unique UIDs."
What's next? Pages 27-28 (29-30 of the PDF) of the inaugural issue of ICAO's MRTD Report highlight plans for the introduction of RFID visas -- just as the USA is already testing and planning to expand the use of RFID chips in the I-94 immigration form that each nonimmigrant visitor is required (under 8 USC 1304(e) and 8 CFR 264.1) to "at all times carry with him and have in his personal possession" while in the USA.Link | Posted by Edward on Tuesday, 1 August 2006, 19:37 ( 7:37 PM)