Page II: Countries begin test programs -- get ready for a facial scan the next time you take an overseas flight.
In 2002, ICAO came out with what is called the "New Orleans Resolution" (named after the city where it was voted on). In the resolution, ICAO endorsed facial recognition as the biometric identification technology of choice, with fingerprints and iris scans as optional, supplemental forms of biometric identification.
Fingerprints -- despite providing the most accurate means of identifying a person -- were ruled out because of the criminal overtones. Governments worried that their citizens would feel like they were being arrested.
"Australia, Canada and the US ruled it out right away," said Kefauver, the former US official, who chaired the technology working group on this issue for ICAO.
If nations begin to adopt electronic passports, the process of boarding an international flight will take on a slightly different feel. Customs agents will examine a passport and then request that a traveller stand in a particular spot, where a facial recognition device will then scan that person's face. Customs agents will then swipe the electronic passport past a reader.
A positive match would permit a traveller to proceed, while a mismatch would lead to further ID checks. In the United States and possibly other countries, the two images would also be correlated to an image in a remote database. If a nation required it, fingerprints or iris scans could also be taken.
How it differs from RFID
Technologically, the chips proposed for passports are more sophisticated than standard RFID, or radio frequency identification, tags, said Infineon's Borchert. RFID technology, a kind of high-tech bar code, is being adopted by retailers to keep tabs on their merchandise and, in more extreme cases, it's being promoted as a way to identify people.
First, the distance at which an e-passport chip can be read is far shorter. Though readers can wake up some RFID tags from as far away as 400 feet, depending on the reader and the tag, the reader in Infineon's ID system has to be as close as 10.5 centimeters, or about four inches, to obtain information.
Second, unlike many RFID tags, e-passport chips come with a built-in encryption engine. Even if hackers could obtain one reading, they would have to take repeated readings before they could translate the data coming out of the chip from encrypted gobbledygook into actual information. Even then, at least in the passport chips, the thieves would only be able to get a digital image of someone's face.
Electronic passports also contain several layers of tamper-proofing to prevent criminals or others from removing the chip or altering data stored in its embedded memory, which is a non-standard form of non-volatile memory. Changes in temperature or light will shut the chip down. Borchert would not disclose other anti-tampering techniques embodied in the chips.
"Getting into these chips is going to take more than your average bear. There will be MIT students who do it, but it probably won't be widespread," said Jim Handy, an analyst at Semico Research. "You will have to know how the chip is encrypted and how it is programmed."
Borchert acknowledged that the system isn't perfect and inevitably would be vulnerable to attacks, but he said it improves on existing security policies.
More work to be done
It is a technology still in its infancy. The United States, for instance, recently extended the deadline for 21 nations in a visa waiver program to begin to incorporate biometrics into passports. The cutoff was originally set for October; it's been pushed back a year.
7%
3%
