Lawmakers question PASS card security
- By Wilson P. Dizard III
- May 05, 2008
The PASS card security technologies that the Homeland Security and State departments are poised to roll out this spring have prompted tart criticism from lawmakers. In letters sent last fall and now circulating in the House of Representatives, members of the Homeland Security and Judiciary Committees have pressed the two departments to improve PASS card security.
Some of the latest criticism has taken the form of a joint letter to secretaries Michael Chertoff of DHS and Condoleezza Rice of State demanding explanations of their departments' recent PASS card technology decisions. Below is the bipartisan letter sponsored by Reps. Bilbray (D-Pa.) and Christopher Carney (R-Calif.):
The Honorable Condoleezza Rice
United States Department of State
Washington, DC 20520
The Honorable Michael Chertoff
United States Department of Homeland Security
Washington, DC 20528
Dear Secretary Rice and Secretary Chertoff:
The 9/11 Commission's Final Report clearly states that "For terrorists, travel documents are as important as weapons." Implementation of the Western Hemisphere Travel Initiative (WHTI) is critical to securing our borders and increasing the facilitation of legitimate travelers.
It is important to reiterate that the purpose of WHTI is two-fold, enhancing national security and facilitation of trade and travel. Of course, security is of paramount importance and border crossing credentials issued by the Department of State and or the Department of Homeland Security must reflect that imperative.
We understand that DHS will soon begin site surveys in preparation for construction, installation and maintenance of an information technology infrastructure to read vicinity RFID tags embedded in travel documents.
It is also our understanding that this infrastructure will only be deployed to the 39 busiest land Ports of Entry and that full deployment will realistically take a number of years. We know that radio-frequency identification (RFID) tags only enhance security when the IT infrastructure is present and operational. Therefore, it is imperative that all WHTI travel documents issued by the State and Homeland Security Departments, while they serve to facilitate travel, are sufficiently counterfeit resistant, tamper-proof and physically secure.
We have serious concerns regarding the final card chosen for the Passport Card. Each card will carry the same rights and privileges of the US Passport Book with the exception of international air travel.
As such, the cards will be used not only to cross the border, they will also be used throughout the interior United States as proof of citizenship and identity in everyday transactions; as a proof of identity in TSA lines, to enter federal buildings, to engage in financial transactions, and to obtain driver's licenses.
Without exception they must be reliable on "face value" visual inspection for the inevitable event when machine readers and IT infrastructure connectivity are unavailable. Public information clearly indicates that the Department will be issuing Passport Cards as early as this spring, while the infrastructure deployment is only in its infancy.
Physical document security should be the first priority in evaluating proposals for the Passport Card. We question whether the Department of State and the Department of Homeland Security conducted adequate forensic evaluation and adversarial testing during the procurement evaluation process.
Please explain the decision-making process behind the decision to put the artwork and specifications for the PASS Card on the State Department website for every counterfeiter in the world to see and capture.
Further, we are concerned that the Department of State has posted the Passport Card artwork and certain specifications for the card on its Web site, which will surely enable counterfeiters to begin working to replicate the Passport Card. Please provide us with a report on the evaluation process and adversarial testing in this procurement.
We also have serious concerns about the State Department's stated intention to use this same form factor for the next generation Mexican Border Crossing Card (BCC). Current law requires these cards to be embedded with a biometric identifier.
In their current form, the cards contain fingerprint biometrics encoded in a tamper-proof media which has proven to be extremely resistant to counterfeit fraud. These cards are virtually fool-proof when used in combination with the deployed Biometric Verification Systems.
We are baffled as to why the Department would choose to issue new cards which are less physically secure than those successfully deployed over the last decade in both the BCC and Permanent Resident Card programs. It is incumbent upon both Departments to advise the appropriate Congressional authorizing and appropriating Committees with adequate reasoning as to why the State Department has chosen to ignore Congressional intent and public law.
Unfortunately our concerns are heightened by recent hearings and press coverage regarding other Federal credentialing programs. Two programs, in particular, are of note.
The Transportation Worker Identification Credential (TWIC) program is a startling example and similar scenario. The secure IC chips on a TWIC card are designed to be read in an IT infrastructure with IC chip card readers.
After many years and hundreds of millions of dollars, the TWIC reader infrastructure has yet to be deployed and been repeatedly delayed. TWIC cards contain negligible physical security features resulting in cards that are insecure even as "flash passes" since they can be easily duplicated.
Both Departments have highlighted Nexus, Sentri & FAST, "trusted traveler" programs, as examples of successful RFID card deployments. Yet we have learned that the nearly 400,000 existing cards were made in China and have absolutely no physical security features to prevent counterfeit and fraud. In the current form factor, these cards pose a serious security threat.
We are concerned that both Departments are placing a higher value on facilitating trade and travel than ensuring the security of travel documents.
The Western Hemisphere Travel Initiative reflects Congressional will to implement the findings of the 9/11 Commission. We are concerned that Passport Card, which will be proof of US citizenship, will end up being counterfeited soon after issuance.
Reps. Carney, Bilbray and other Members of Congress