If you want to stop terrorists from getting at you, your first thought might be to step up surveillance at ports of entry; your second might be to exploit the modern world's technology advantage over the likes of Al Qaeda. The problem is, the proper technology is rarely chosen at first thought.
Undue haste led the U.S. government and the 27 countries in its visa-waiver pool to start a program two years ago to embed radio-tagged ICs in passports. These chips will encode the physical characteristics of the bearer, starting with the face. The U.S. initiative, included in the Enhanced Border Security and Visa Entry Reform Act of 2002, gained overwhelming support in the U.S. Congress and among the other 27 countries.
Because of foot-dragging and incompatible technologies, the system could not make its planned rollout this past October and had to be postponed for a year. But the problem goes deeper: the facial-recognition technology that companies promised would identify travelers doesn't live up to the hype. And even if the new e-passport program, at an estimated cost of more than US $1 billion a year, could make it harder to forge visa-waiver passports, it would not do much to thwart serious terrorists.
First, though, consider the embarrassing postponement. It began late last year when tests in Australia of the various visa-waiver countries' systems raised "a host of concerns," according to Barry J. Kefauver, former deputy assistant secretary of state for the U.S. Department of State's Passport Services. He is now chair of the International Organization for Standardization Task Force on New Technologies and advises the International Civil Aviation Organization (ICAO), which sets security standards. The Montreal-based ICAO began working "with crisis impetus," Kefauver says, in an effort to make different chips and readers work together and to ensure that chip packages were tough enough to last through a passport's life. But it soon became clear that the job couldn't be done in time to meet the U.S. deadline.
Last year, the ICAO laid out 22 passport improvements, centering on a few critical goals. The new passports should be harder to forge than today's versions, identify the bearer reliably, and require a traveler to spend no more than 11 seconds at the passport agent's booth.
People have been working toward these goals since the late 1980s. That's when passports began incorporating machine-readable features: two lines of 44 characters on the passport's data page that encapsulate the essential information—name, country, and passport number. The code didn't stop forgers; it remained just as simple to cut and paste your picture into a stolen passport. So in theory at least, the new chips will provide governments with the foolproof system they need to be able to guarantee that you are who you say you are. This is the ideal scenario: a traveler presents the e-passport, with a chip laminated into its front cover, to a passport control agent. A camera takes the person's picture while the agent passes the e-passport over a radio-frequency reader and downloads the data already printed on the document and encoded in its IC—name, date and place of birth, height, weight, and code number, as well as other biometric data also encoded in the chip. The passport agent, with computer assistance, compares the page to the data downloaded from the chip, to the person standing there, and also to a central database to make sure all the attributes match.
The encrypted chip makes the forger's job nearly impossible. A few millimeters square, the chip contains 64 kilobytes of dynamic random access memory and a processor running software that communicates through a built-in antenna with the passport agent's reader. It can either be a system-on-chip, complete with a tiny antenna, or it can be packaged with a large external antenna wrapped in a spiral to lie flat in the page. It isn't easy to make—any bad guy with less funding than, say, Dr. No, would find it essentially impossible to make a comparable chip from scratch. And a stolen one isn't easy to crack. Even if the thief could decrypt the chip's stored personal and biometric data, altering its contents would require custom reverse-engineering software.
Goal: To provide foolproof passport identification using a combination of biometrics and secure, radio-tagged ICs
Why it's a loser: It won't stop terrorists from getting into the country
Organization: The U.S. Department of State and counterparts in its 27-country visa-waiver pool
Center of activity: Washington, D.C., plus various research centers across the world
Number of people on the project: Not available
Budget: A few million U.S. dollars in the research phase; up to $100 million per year in the United States, $1 billion worldwide after deployment