Papers, Please – Page 34 – Papers, Please!

Mar 10 2009

DHS considering hackable long-range RFID as “alternative” to REAL-ID

Chris Strohm of the National Journal’s CongressDaily reports:

Homeland Security Secretary Janet Napolitano, a former governor of Arizona, said Monday that her office is participating in a working group established by the National Governors Association to review the so-called Real ID law, which Congress passed in 2005 while under Republican control.

“What they’re looking at is whether statutory changes need to be made to Real ID,” Napolitano said after a speech to Homeland Security employees marking the sixth anniversary of the department’s creation.

“They are looking at whether some version of an enhanced driver’s license that perhaps creates options for states would be feasible. They’re looking at what the fiscal impact would be particularly given that states have no money right now,” she added.

“I would expect that over the course of the spring we’ll be rolling something out,” she said.

So-called “enhanced” drivers licenses, already being issued in Washington and Vermont, contain a remotely-readable long-range (“vicinity”) RFID chip, in violation of ICAO international standards for only shorter-range RFID chips in travel documents, with a globally unique identification number to permit anyone within range to track the card or the movements of the person carrying it. Hackers have already demonstrated, in on-camera real-world tests on the streets of San Francisco, that these enhanced drivers licences and the passport cards that use the same type of RFID chips have succeeded in their design goal of being readable from inside or outside a moving car as it passes by.

This is no “solution” to the problems of the REAL-ID Act, and no improvement.

As we’ve argued in our proposals to the administration and Congress, the only solution to REAL-ID is repeal. Until Congress takes that essential action, states and citizens should continue their refusal to comply with REAL-ID.

Feb 20 2009

“Homeland Security USA” shows how to travel without ID

The new “reality” television show Homeland Security USA has prompted a Facebook group calling for it to be taken off the air, and protests against its bigotry outside the ABC-TV / Walt Disney Corp. offices in Burbank, even while ratings and viewership have been falling steadily since the first episode.

This week, though, the show gave us a useful lesson: how to fly (within the U.S.) without showing ID.

You can watch Benjamin fly without showing ID in the first half of Episode 5 here on the ABC.com website. (The player won’t work unless it thinks you are running Windows XP or Vista, but it’s possible — sometimes — to get it to work in Linux by using the Windows version of Firefox in the “wine” environment.) Read More →

Feb 11 2009

ID checks and government logs of hotel guests

Demands for ID credentials from hotel guests are once again in the public eye, with commenters in travel journalist Christopher Elliott’s blog weighing in with opinions on his recent article about an Orlando hotel, Hotel shows customer the door after he refuses to show ID — can it do that?

This sort of thing doesn’t happen only in the land of Disney World, though. Coincidentally, one of the final public acts of the outgoing Chief Privacy Officer of the DHS last month was to release a lengthy analysis of European laws and practices for requiring hotel guests to identify themselves, and for government access to those records: Interim Report on the EU Approach to the Commercial Collection of Personal Data for Security Purposes: The Special Case of Hotel Guest Registration Data. Read More →

Feb 09 2009

Exit permits, ESTA, APIS, and asylum seekers

According to a recently-released European Commission staff working document, the U.S. Electronic System for Travel Authorization (ESTA) is not “tantamount to the … visa … process” required for admission to the European “Schengen Zone”, and therefore does not give cause for the imposition of reciprocal visa requirements for US citizens seeking to enter Schengen countries.

That’s may be correct. But the EC appears to have asked the wrong question: the ESTA is not an entry permit but an exit permit scheme — which is a much more fundamental violation of human rights, U.S. treaty obligations, and the sovereignty of European and other countries from which people might wish to travel to the U.S.

The same is true of other U.S. travel control schemes (including the APIS and Secure Flight regulations), the proposed European PNR regulations, and the “carrier responsibility” rules in both the U.S. and the E.U. Regardless of whether it is referred to as “travel authorization”, “pre-departure clearance”, or “permission to transport”, the only meaningful way to construe a “travel authorization” that isn’t an entry visa is as a de facto exit visa. Read More →

Feb 03 2009

Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

Recent developments in the USA in travel data

(Comments of the Identity Project at a workshop on “What’s on the agenda in the USA and Canada?” at the annual conference on Computers, Privacy, and Data Protection, Brussels, 16-17 January 2009)

Two major issues have emerged in the last year in relation to personal data about travel: (1) The overall goal of the government of the USA in its various policy initiatives on “travel security” has become increasingly clear. The USA is seeking to establish a global norm that:

Government-issued identity credentials should be required for all forms of travel, domestic and international.
All travel transactions should be recorded in a lifetime “travel history”.
Pre-departure government permission should be required for all travel (based on the identity credential and the associated historical dossier), particularly for air travel or international travel.

Maryland Seeks to Change License Policy on Immigration In Order to Implement REAL ID System

Maryland’s governor and transportation secretary have announced that they will seek legislation to change the state’s long-standing policy on driver’s license registration and require proof of legal residence before issuing the cards to state residents. Maryland is hoping to make this change as it begins implementing the federal REAL ID national identification system. The governor had rejected a previous proposal for a two-tier system that would have allowed the issuance of a lower-tier license to individuals unwilling to show such proof.

According to the Maryland Motor Vehicle Association’s site, REAL ID implementation means that. “Effective January 1, 2010, individuals applying for a new license will be required to show documentation to prove that they are in the United States legally.” Driver’s license applicants will have to show “Documents such as Social Security Card, U.S. Birth Certificate, U.S. Naturalization of Citizenship, Valid U.S. Passport, Valid Foreign Passport with Visa, U.S. Permanent Residency Card” or other documents to prove their legal presence in the United States.

We have previously detailed the many privacy and security problems that arise from requiring such documentation for a state driver’s license, but let’s focus on the immigration issue that Maryland is attempting to address. Read More →

Dec 02 2008

As DHS Secretary, Napolitano Should Halt REAL ID System

The New York Times has a story today about Arizona Gov. Janet Napolitano’s nomination as Obama’s Secretary of Homeland Security. The story states that in this new position, Napolitano would have to lead the REAL ID program, a national identification scheme that DHS is attempting to foist on the states. As governor of Arizona, Napolitano signed legislation to join 10 other states in rejecting this national ID program.

The substantial civil liberty problems inherent in this scheme to create a national database of the country’s driver’s license and state ID cardholders won’t disappear if Napolitano replaces Michael Chertoff as the head of DHS. Napolitano should stick to her beliefs and reject this system. As governor, Napolitano focused on the high cost of implementing this national ID system to the states, and these costs will remain substantial if the new administration implements the system created under Chertoff.

In The Identity Project’s recommendations to the Obama transition team, we urged the repeal of REAL ID. Besides the civil liberty problems, REAL ID also has security problems. Those of us who have been following the REAL ID issue, as well as other identification-based security programs, know that there is no sure way for an individual to prove his or her identity based merely on documents that can be easily forged. Therefore, REAL ID would create a system that people would trust even though they shouldn’t — because criminals and terrorists can spend the time and money necessary to forge these “trusted” ID cards.

REAL ID is a fundamentally flawed national ID system for which there is no fix. It must be repealed, and Napolitano should halt the implementation when she takes office.

Nov 26 2008

Border Agents Begin Using “Long-Range” RFID Scanners on ID Cards

USA Today has a story on the new long-range RFID scanners reading ID cards as individuals drive toward the border.

“By the time a car stops at the Customs booth, the agent will have the photos and information of everyone in the car. If a name is on a watch list or database, the person will be taken in for questioning. The system will be “more efficient,” says Thomas Winkowski of Customs and Border Protection.”

DHS claims that the unsecured wireless transmissions will make border crossing more efficient, but why is Homeland Security choosing speed over security.

As we’ve explained before, there are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Off-the-shelf readers can easily skim the data.

Currently, the RFID-enabled ID cards only transmit a unique number to allow border agents to pull up an individual’s file. However, the Department of Homeland Security could easily add more data to the ID card, especially if the agency can convince people to use the RFID-enabled card as an “all-in-one” identification document – where you could use it when you go to the bank, grocery store, gym, school, and more. Read More →

Nov 10 2008

The Obama Administration and the Right to Travel

The Obama Administration promises change, and invites suggestions for their agenda.

Since they’ve asked, here are the first things we think the new administration should do to restore our right to travel, and to address the issues of ID requirements and identity-based government surveillance and control of travel and movement.

Some of these can be accomplished with the stroke of a pen on Inauguration Day in January, through Presidential proclamations and directives to Executive staff and agencies. Others can be ordered by the President, but will require a slightly longer process to comply with administrative notice and comment requirements for changes to (and, in many cases, withdrawal of) Federal regulations. Others will require legislation, which we urge the Presidential transition team and members of Congress to begin drafting so they can take action early in the new Congressional session. If asked, we would be available to advise and participate in this process. Finally, Senators should question nominees for Executive appointments —especially those nominated to be the new Secretary of Homeland Security and the Administrator of the TSA – about how they will address specific, important issues from the day they take office. These questions are detailed below (and also available here in PDF format).

Executive Orders:

Reaffirm Executive Order 13107 on Implementation of Human Rights Treaties, and instruct heads of agencies to ensure that it is carried out. As part of his agenda, President-Elect Obama has promised to “strengthen civil rights enforcement,” and this should include enforcement of rights guaranteed by international human rights treaties to which the U.S. is a party. In particular, President-Elect Obama should extend Executive Order 13107 to explicitly mandate consideration of international human rights treaties in Federal agency rulemakings that could implicate rights protected under those treaties — such as the freedom of movement guaranteed by Article 12 of the International Covenant on Civil and Political Rights (ICCPR). Read More →