Passports USA.com

Department of State Logo and United State Flag
Latest Islamic Terrorist Threats Contact Us text

Remarks As Prepared for Frank Moss, Deputy Assistant Secretary of State for Passport Services


Computers, Freedom And Privacy Conference
Seattle, Washington
April 13, 2005
 
Thank you all for joining me this morning for a discussion of the role of information technology in travel documents.  I certainly look forward to this exchange and hope that I can bring you up-to-date on the international effort to improve travel document security and developments in the U.S. Program to strengthen our passport. 

I know that many of you probably want to talk only about the issue of biometrics and contactless chips in the U.S. passport.  If I may, however, I would like to spend a few moments putting that decision into a broader context. 

The first objective of the United States and governments throughout the world is to ensure that passports are issued only to persons who are legitimately entitled to them.  This is particularly important since physical security improvements to passports – such as the use of photodigitized images of the bearer – make it increasingly difficult to counterfeit a passport.  Thankfully, the days are over for most passports in which a skilled forger can remove one person’s photograph and replace it with another.

You are well aware of our efforts to biometrically enable our passports, but I also want to talk to you about two other critical aspects of the passport process—adjudication and the physical appearance and security of the passport.  I also want to touch briefly on the State Department’s responsibility for the safety and security of Americans as they travel abroad.

We at the State Department believe that the U.S. passport is one of the most sought after travel documents in the world.  It is portable proof of both your identity and your nationality.  It literally opens doors around the world should you need assistance from an American embassy while you travel or live abroad.  It is also the key to returning to this nation after your foreign travel abroad.

Last year some 8.8 million Americans applied for passports.  This was a record by more than 1 million cases and represented a workload increase of some 22 percent over the prior year totals.  This year we forecast a 9 percent increase in that demand, but are experiencing in fact a 14 percent rise.  And, as many of you know, we have just announced that Americans traveling to the Caribbean, Canada or Mexico will have to present more formal travel documentation to return to the U.S.  This requirement will be phased in between now and the end of 2007.  As a result of this initiative and “normal” growth in international travel, we expect that overall passport demand will increase from its current annual level of less than 10 million cases per year to 17 million applications each year by 2008.
 

This increase in demand for passports could create inadvertently security vulnerabilities as some persons may seek U.S. Passports who do not have valid claims to citizenship.  The issue for us then is how to apply technology to help passport specialists, who determine whether someone qualifies for a passport, do a better job.  We have a number of initiatives underway in this area.

  • We are partnering with the social security administration to improve our ability to verify the identity and background of passport applicants.
  • We are making greater use of commercial databases to help ensure that persons applying for passports are who they claim to be.
  • Now…don’t get me wrong…we are not running credit scores on passport applicants, but we are using some of the tools of the financial services industry to assist us in “looking behind” the paper passport application and its supporting documentation.
  • Finally, and this is an area that we are investigating but have not yet implemented, there is the potential role of rules-based decision techniques in our passport application process.

Let me now discuss the way we are actually changing the passport itself.  We have just completed the first cover-to-cover redesign of the U.S. passport in more than a decade.  The changes start on the front cover which now includes the international logo that shows to a border inspector or airline official that the passport has an I.C. to which biometrics are written.  The new changes include moving the data page to enhance security, introducing new artwork that incorporates sophisticated new security features, adopting printing techniques used in the current generation of U.S. currency, and utilizing a variety of other techniques, many of which are visible only under UV light, to help raise further the barrier to anyone or any government attempting to counterfeit a U.S. Passport.

Now for the issue of biometrics.  Here is what the State Department will incorporate into the U.S. passport:

  • Beginning this summer and as part of an international effort, the United States will begin to include a 64kb contactless chip in the rear cover of the passport.  We will write to that chip the same data as found on the data page of the passport. 
  • The data will be secured to the integrated circuit (I.C.) using very robust public key infrastructure techniques.
  • Biometrics will strengthen security by ensuring that the person carrying a U.S. passport is the person to whom the department of state issued that passport.  They will also help facilitate the movement of all of us through airports and customs and immigration processing.
  • The only biometric employed in the U.S. passport will be the face.  Let me assure you that should at some time the U.S. decide to incorporate other biometrics such as iris scan or fingerscans, those changes will be the subject of public review and comment through the federal register process.
  • Security of personal data has been a consistent goal throughout the international process to develop a new generation passport appropriate to the post 9/11 and, in the case of our European friends, the post 3/11 environment.  The chip that will be incorporated into the passport will operate consistent with ISO standards 14443a or b which prescribe a maximum reading distance of 10 centimeters or less.
  • The department of state is well aware of concerns that data on the chip is susceptible to unauthorized reading (“skimming”). We are working hard with technical experts from the private sector and the national institute of standards and technology both to assess that risk and the efficacy of countermeasures.  Through these efforts, we have identified a number of materials that prevent the chip and the reader from communicating as long as the passport is mostly or totally closed and we will include this technology in the new generation U.S. Passport.  I certainly recognize, however, that this issue is not just a matter of physics or dueling experts, but also one of public perception.  Therefore, I want to assure you that the department of state will not issue biometric passports to the general public until we have addressed successfully the risk of skimming.
  • Then there is the separate matter of “eavesdropping” or intercepting communications between the chip and the reader.   Some recent media reports have confused the eavesdropping tests performed at the International Civil Aviation Organization (ICAO) I.C. interoperability tests (the so-called “Morgantown tests”) with the surreptitious skimming of data from the chip.  I agree that eavesdropping is technically feasible, but it can also be successfully addressed by taking the proper precautions in the design and manufacture of passport readers. The “Morgantown tests” involved very preliminary designs of passport readers.  Some were little more than “bread board” products, and some of these readers were susceptible to eavesdropping.  One reader at Morgantown was, however, a more finished product and its included standard shielding techniques and its communications could not be eavesdropped.  The more recent tests at Tsukuba in Japan showed that other readers had eliminated the risk of eavesdropping. The bottom line is that corporations that plan to market passport readers to governments around the world recognize that eavesdropping is an issue that can and must be fixed before biometric passports are used.
  • I know one concern of some of you is that the U.S. is not encrypting the transmission of data between the chip and the reader and some other countries are.  Here is why we made that decision.  First, some other governments, especially in the E.U., plan to write fingerscans to the i.c.  Clearly, this is data not found on the existing datapage of the passport.  I agree that writing such data to an i.c. raises significant privacy problems since fingerscans are being used to access some computer networks and ATM terminals.  The U.S., however, does not collect fingerscans as part of our passport application process and thus cannot write them to the chip. Since the only data being written to the I.C. in the U.S. Passport is the data found on the data page, we do not believe that encryption is appropriate at this time.  Should we include other biometrics in the future, we will, of course, thoroughly revisit this issue.
  • The other issue with encryption is that it is contrary to the overarching goal of global interoperability for passports.  By that I mean that the U.S. passport must be able to be read quickly and accurately by readers at ports-of- entry throughout the world and we have to be able to process the passports of the 30 or more governments that plan to introduce biometric passports.  The international community has agreed that the public key needed to help verify the authenticity of data can and should be written to the I.C. And then compared, when required, against an international database of public keys.  But encrypting data such as fingerscans and then allowing that data to be read by customs inspectors and airlines around the world presents daunting challenges as well as real opportunities for the acquisition by another government of profoundly personal data.  We don’t think these problems have yet been solved.   In fact, at least some governments that plan to write fingerscans to passports may encrypt that data, but retain the keys needed so that the data can only be read by that nation’s border inspectors.  In other words, even through the biometric data is on the I.C., it is not globally interoperable.
  • Let me stress that the United States is committed to ensuring that the American traveling public is safe, secure and protected, including privacy and integrity of individual rights. We will continue to work very closely with other countries to insure that the measures we employ to carry out these responsibilities are as sound and effective as we possibly can make them. As data security needs evolve, and measures to address those needs are developed and proven to work, we will do everything needed to protect the interests of American citizens

Having said what we are doing, let me also tell you what we are not doing since there seems to be some misunderstanding about that:

  • The United States will not collect fingerscans as part of the passport application process. 
  • We will not write your social security number to the chip.
  • We will not write your home or office address to the chip.
  • We will not be able to track the movement of people through the chip. 

In closing, I would like to make four points.  One of the core missions of the department of state is the protection of American citizens as they live and travel abroad.  That is a function that we take with enormous seriousness.  (witness in this regard our response to help identify and assist American victims of the late December tsunami in the Indian Ocean.)  It would be totally contrary to that mission to take any steps with the U.S. Passport that endanger Americans as they live and travel abroad.  And, quite frankly, we are confident that we have not done so.  The new passport—with all of the improvements that i have discussed—takes security and travel facilitation to a new level without, we believe, endangering in any way, shape or form the passport bearer.  In this regard I should also note that the first versions of this new passport will be issued to diplomatic and official personnel of the U.S. government.  Would we do that to our friends and colleagues if we thought this passport created additional risk to travelers in the international environment?  I hope you agree with me that the answer is a resounding “no.” 

Second, biometrics and contactless chip technology are a tool to help improve U.S. Border security and the functioning of our overseas visa process.  They are not “silver bullets” and the United States consequently has no plans to take the inspector and his or her judgment out of the border entry process nor the consular officer’s judgment out of the visa process.  Moreover, even if one’s chip fails while traveling that doesn’t create a significant problem.  The international community agrees that in such situations the data page can and will be examined by border inspectors and serve as the ultimate repository of your passport data.

Third, improving the U.S. Passport is not a “one shot deal”.  We are engaged in a continuous product improvement effort for the U.S. passport.  We will continue not just to monitor technical developments, but also finance research and other work to ensure that we always produce a passport that is highly secure, tamper resistant and globally interoperable.  If in the future technologies like basic access control evolve to the point that they can be implemented, we will introduce them.  Should the U.S. decide to consider different biometric technologies than facial recognition, we will also seek public comment through the federal register process.

Finally, and while not directly related to travel document security, i would like to bring to the audience’s attention last week’s announcement by the departments of state and homeland security that we are publishing an “Advanced Notice of Proposed Rule Making” pursuant to the requirements of section 7209 of the intelligence reform and terrorism prevention act.  This legislation requires that American citizens reentering the United States use a passport or similar document of identity and nationality after any foreign travel, including to the Caribbean, Canada or Mexico.  This requirement will be phased in between now and the end of 2007, beginning with travel to the Caribbean, Central America and Bermuda at the end of this year.  We recognize that we don’t have all of the answers for this program so we are soliciting public comment and I encourage all of you who have concerns about this program to write early and often.  However, this policy change is also a matter of law, not just decisions of the secretaries of State and Homeland Security.  If you don’t have a passport and travel outside the United States, including to the Caribbean or by air or sea to Mexico or Canada, it might be a good idea to start thinking about applying for one.

Thank you for your time and attention.  I look forward to your questions.