ICAO’s new report speaks out against hacker claims
30 November, 2007
category: Biometrics, Contactless, Government
ICAO’s latest MRTD (Machine Readable Travel Documents) report includes an interview with Barry Kefauver, formerly of the US Department of State, who confronts recent media and hacker claims surrounding the security and privacy of contactless chips. In particular Kefauver, who currently chairs the ISO Task Force on new technologies of the TAG/MRTD on the security and privacy issues related to the ePassports, points out that: “It’s very important to consider all of the security features of a given ePassport as complementary.” Link to download entire report included
Latest ICAO MRTD report scathing of ePassport critics
ICAO’s latest MRTD report (Vol.2, No. 2) features an exclusive interview with Barry Kefauver, formerly of the US Department of State, who confronts recent media and hacker claims surrounding the security and privacy of contactless chips.
In particular Kefauver, who currently chairs the ISO Task Force on new technologies of the TAG/MRTD on the security and privacy issues related to the ePassports, brings to task Lukas Grunwald, infamous for creating a media storm surrounding the cloning of ePassport chips last year.
Kefauver watched a presentation given by Grunwald at the Security Document World 2007 show in London this May, and vocally disagreed with him on many of his claims.
According to Kefauver: “To deal with the facts would blunt the bite of their old and tired arguments, diminishing their headline-garnering effects…When I and others in the audience would try to address such claims as comprehensively as possible, he would simply ignore the substance and go on to his next irrational statement.”
Kefauver points out that: “It’s very important to consider all of the security features of a given ePassport as complementary. To highlight a specific, alleged deficiency of a document’s printing, selected security features, bindery or contactless chip is to ignore the context that these documents are used within and to ignore the understanding that everyone developed early-on in the process with respect to biometrics being an additive and not a replacement security measure.”
Kefauver also addressed the question of whether any consideration was ever given to contact chips in the development of the ePassport.
“This is one of those areas where one of the myths surrounding our selection of contactless technology crept in: namely, that we were in some way ‘puppets’ of the RFID industry and simply let them spoon-feed us along the path to an RFID future. Among the more far-fetched, there were actually a series of allegations made that we had selected the contactless chips so that we could launch satellites and keep track of individuals from space – which is patently preposterous. Individuals tried to make the analogy that this technology was in some way similar to the chips being used for inventory purposes at your local department store. The fact is that the genre of chip used for inventory control and the 14443 chip used in passports are completely different technologies, not to mention that both have very different performance and security attributes that were carefully considered in the early going.”
The full report can be downloaded by clicking here.