No Encryption for E-Passports

Serious privacy concerns have emerged from the government's decision not to include encryption in the next generation of electronic passports. Wired News reports:

Despite widespread criticism from security experts that a proposed high-tech upgrade to Americans' passports actually introduces new security risks, the government is declining to encrypt data on new high-tech e-passports, according to proposed new rules published last week.
[...]
The new passports will include a radio frequency identification tag, a chip that will store all the information on the data page of the passport, including name, date and place of birth, and a digitized version of the photo passport, according to the proposal in the Federal Register.
[...]
But the rules, which are open for comment until April 4, rule out encrypting the bearer's name, birth date and digital photo, saying such a move would impede worldwide adoption of e-passports and that encrypted data would slow down entry and exit at customs.

The lack of encryption baffles privacy advocates and security researchers, who say the new passports are vulnerable to "skimming," an attack that uses an unauthorized reader to gather information from the RFID chip without the passport owner's knowledge.

Technorati tag: privacy