The E–Passport and Identity
Isaac Quinn DuPont
August 2006
Suppose you are on vacation. On your return home you are stopped by an immigration agent, and being a year in the future, you hand over your new electronic passport (e–passport) for inspection. The immigration agent passes your e–passport through a specially designed reader, and seconds later your identity is flashed up on the agent's screen. Lo, it turns out there there is a mistake somewhere: the data on the immigration agent's screen is different than the biometric readings he is taking from you (perhaps your fingerprint or iris). Next, you are barred entry to your own country. You are no longer a citizen; a nomad without identity. What has happened here? Perhaps your identity was stolen-not by a malicious thief, but by an electronic doppelgänger, your new e–passport?
The United States has recently approved a move towards implementing new passports that will encode biometric information on radio frequency chips (basically RFIDs). Since Canada is among the twenty-seven VISA waiver countries, it will not be long before Canada also implements the new international standard. Then, the chilling science fiction detailed above will become a reality.
This essay will explore the concept of identity in our post-modern world through the tensions created by e–passports. To help understand the complexities of identity I will draw upon Baudrillardian and Derridian themes while recognizing the centrality of technology.
1 The reality is here.
In 2002 the United States initiated the Enhanced Border Security and Visa Entry Reform Act (EBSVERA) which ushered in tighter immigration and travel controls, including a call for enhanced passports. By May 21, 2004 the International Civil Aviation Organization (ICAO) had drafted standards for embedding contactless smart card processor chips1 in passports that would contain biometric information about the owner. Originally the EBSVERA called for a 2005 date for implementing the e–passports in all VISA waiver countries, but due to protest from some European countries the date was pushed back. Delayed but not stopped, we are now on the eve of having all new American passports embedded with biometric information made available through RFID technology (diplomats currently carry e–passports).
Of course, using RFID technology and encoding biometric data is not new-high security commercial and government organizations have used some variant for years. RFID and biometrics are not even new for passports or national identity cards; Malaysian passports have included biometric data since 1998 [Juels et. al., 2005]. The United Kingdom is on track for an RFID and biometrics national identity card by 2007, and the United States is also implementing state identification encoded with biometric information, such as driver's licenses and social security cards.
Although the technology and applications are not unique, the scope of the ICAO initiative is unprecedented. The ICAO standards currently stipulate that biometric information is optional, although if biometric information is encoded then it must minimally include encoded face imagery [ICAO, 2004,§ V, art. 6]; other biometric data such as iris and fingerprint encodings are optional. All e–passports must be machine readable through contactless data transmission.
The RFID chips in e–passports are quite dissimilar from the RFID chips (or 'tags') used by retails chains (e.g., Wal-Mart) and logistics organizations (e.g., shipping companies). The commercial-grade chips are relatively inexpensive (around five cents each), whereas due to the technology involved, the RFID chips used in e–passports are suggested to cost at least five dollars each. The extra cost is due to the strong cryptography used to secure the contents of the chip (such as the biometric data, but also including non-biometric data such as passport number, date of birth, etc.).
The ICAO standard does not consider face encoding to be private information, although iris and fingerprint encodings are considered private and are recommended to be encrypted and transmitted with authenticated and authorized readers only [ICAO, 2004,§ 1.2]. The biometric data must, however, be protected from cloning or tampering, and cryptographic hashing is used to perform this. The details of the hashing algorithm are optional, although the ICAO recommends SHA-1 to SHA-512 paired with RSA 1024 or ECDSA 224 [ICAO, 2004,§ 3.3.5]. These algorithms are secure, but relay or spoofing attacks are possible. One well known attack is to relay another person's passport credentials (such as from a person waiting in a queue) to a reader, under the guise of the e–passport placed in the reader. This attack is possible because no manipulation of data is necessary; the system works as designed but mistakenly authenticates a passport that is not placed into the reader. The only known defense of this sort of attack is extremely costly and difficult to implement-careful timing of the authentication ensures that the data was not relayed through another system.
The ICAO standard has been through several iterations since its inception, largely due to security concerns with its original design. Some of the design changes are the use of Faraday mesh to reduce unauthorized RFID reading and hash chaining the individual biometric fields encoded on the RFID chip. A Faraday cage is an enclosure designed to shield electromagnetic fields, so using the specially designed mesh the e–passport can only be read when held open (although a recent demonstration at the August 2006 BLACKHAT Conference demonstrated that by using a high-gain and finely tuned antenna one can read an e–passport from a long distance if it is open an inch or so). Hash chaining is a layered security approach where each field encoded on the e–passport is hashed and then concatenated in a final and inclusive hash, so no data can be elicited without first authenticating with the basic security layer.
2 But, what is the reality?
As the technical discussion above suggested, the security measures on e–passports are not foolproof, so my initial science fiction story is not without some plausibility. You may have been subject to some sort of spoofing attack, or there may have been some human error during the manufacture of your e–passport. Although the ICAO standard strongly recommends that biometric information should not be relied upon as the only indicator of identity, it will assuredly be perceived as the final word on the matter. Since, after all, iris and fingerprint scans have cold steely accuracy, and the passport is secured with Faraday mesh, SHA hashing, Diffie-Hellman key exchanges, RSA, EDSA, PKI, and dozens of other awe inspiring acronyms. The biometric identity encoded on the e–passport is immutable and everlasting, unlike the ephemeral and mutable identity of your subjectivity. The biometric identity is the real; you are only a faint smudge of reality that attempts to measure up to the technological and scientific biometric identity.
Of course, before e–passports there were regular (paper) passports; and before paper passports there were other forms of identification, including signatures-the ubiquitous form of identity. Taking a cue from Derrida's discussion of signatures (see for example, [Derrida, 1985]), we can see that the power of the signature requires the absence of the subject. The signature makes identity multiple and iterative, but the signature receives its legal and social power by signifying the absent subject. The paper passport includes a signature, but even more. Unlike the signature, which can function independent of the signified subject, the paper passport does not maintain its legal and social functions divorced of its owner. The passport picture ties the passport to an identity in a way that the signature does not. The signature is an abstraction that is germane to an identity, yet stands apart at the same time. For example, by signing a credit card receipt with your signature you demonstrate (at least legally) that you personally authorized the purchase. Yet, by signing a contract you are releasing your identity to function on its own, by authorizing future purchases, decisions, etc.. However, a paper passport without an owner is useless, it is identification without identifying. This all changes with the introduction of the e–passport.
To understand the tension that e–passports create for notions of identity, we must first understand what biometric identity is, beyond purely technical descriptions. Although biometric identity is a sign-a representation-it is not merely a sign. Biometric identity is a doppelgänger of your subjectivity, in the sense that Richard Avedon described it , "Is it just a shadow representation of a man? Or is it closer to a doppelgänger, a likeness with its own life, an inexact twin whose afterlife may overcome and replace the original?" (quoted in [Floridi, 2005,195]). When biometric information is encoded in e–passports, identity becomes more akin to inexact twin identities than technological entities; these electronic lives can move through wires, develop and change, and be recognized by other technological beings. When you enter a border crossing you are not really being recognized by the immigration agent in the way we typically consider, rather you are being authenticated by interrogating your biometric information (such as colour of skin, facial composition, height, clothing, etc.). Stretching the analogy somewhat, your doppelgänger lives just like you: as you enter a country the doppelgänger may travel to a central database to mingle with its kind, when receiving a VISA the doppelgänger develops new dynamic personalities (fields), and dispenses information when recognized (authenticated) by e–passport readers. This is only possible due to the form of abstraction that the identity takes in an e–passport. Paper passports do not have the same power or authority, nor can they be divorced from their 'owner'. In this way, the e–passport is much more similar to the signature than to the paper passport.
The ontology of authentication, both human and electronic, is an exchange and interrogation of signs. Baudrillard suggests that post-modernity has ushered in a metaphysics (or a pataphysics) where subjects have been superseded by objects. In the language of traditional Saussurian semiotics, there are no longer signifiers, there are only signs. Derrida too, reaches a similar conclusion, suggesting that only differance is distinguishing; origins fade away as relics of modernist metaphysics. Indeed, the fixity of identity defers to socio–technological trends. The techno-determinism of post-modernity ensures that identity retains permanence only through electronic encodings.
There is no longer an ontology of subject and object, rather only objects interact through deferral and exchange of meaning. Both human and electronic authentication is an exchange of hyperreal signs-biometrics are electronically encoded signs whereas sensory (human) cues are outward manifestations (signs) of a fleeting personal identity. Just as your iris and fingerprints are not really you, your skin, smell, haircut and the like are not really you. The immigration agent is not authenticating you, but only a sign of you-just as the e–passport reader is authenticating signs, albeit electronically encoded.
At the moment of the border crossing your identity is authenticated-human signs and electronic signs are brought into this tension of deferral and meaning. The resulting tension unsettles your conception of identity, and makes you aware of the system of simulacra. You become aware that the biometric encodings on the e–passport are no more 'you' than the flesh and bones standing in front of an immigration agent. In this case, however, your corporeal simulacra has failed you, and instead of being accepted as authoritative and representative of you (the signifier), your e–passport has surreptitiously virtualized the other signs. Just as media (especially visual media) had previously raised the simulacra of corporeality into hyperreality, technology and science has outpaced media and propelled the electronic doppelgänger into a more coveted position of hyperreality. Your identity is nothing more than the dialectical struggle of media and technology in a race for the hyperreal.
3 What have we done?
Although Baudrillard and Derrida would think that this sort of metaphysical identity crisis is unavoidable, neither would suggest that their are no implications. The unsettling of identity in the moment of authentication forces the question of identity upon us. Just as Latour [Latour, 1999] argues that physically broken or malfunctioning technology cleaves our understanding of the techno-social world, I am arguing that the disruptive authentication makes reexamination of identity necessary. Although we see identity in terms of subjects, the surreptitious nature of your electronic doppelgänger questions the permanence of your identity qua subject. The future of e–passports are uncertain, but with the march of technology the old passports will be discarded, leaving behind an outdated understanding of identity as embedded. No longer is identification identifying (like the paper passport), rather, identification is identity (like the signature). Identification is distinct from you, yet some how still self-same, a true doppelgänger. As biometric enabled RFIDs begin to move back inside the body (in the form of implanted chips, recently approved for medical use in the United States), there may be another radical shift in our understanding of identity. Although the digitization of your biometric information is still a competing sign for your identity, by placing the device back within the body new avenues of fixity may erupt. Perhaps the day will come when your e–passport is embedded on to your nervous system, much like the very odd professor in California who placed electromagnetic sensors in his fingertips-claiming he can experience a sixth sense. This professor has apparently even transmitted his feelings to his wife (also with embedded sensors) across the internet. In such a scenario one could envision reapplying the hash chaining technique used to concatenate (and cryptographically secure) individual biometric fields in e–passports to an embedded nervous system function. Perhaps by hash chaining the encoded biometric information fixity of identity result—if you do not send your identity to your wife across the country.
References
International Civil Aviation Organization. Machine readable travel documents: Development of a logical data structure - LDS for optional capacity expansion technologies. Technical Report Rev. 1.7, Secretary General, 2004.
International Civil Aviation Organization. Machine readable travel documents: PKI for machine readable travel documents offering ICC read-only access. Technical Report Rev. 1.1, Secretary General, 2004.
Jacques Derrida. Excerpt from Signature, Event, Context. In Alan Bass, editor, Margins of Philosophy, pages 307-330. University Of Chicago Press, 1985.
Luciano Floridi. The ontological interpretation of information privacy. Ethics and Information Technology, 7:185-200, 2005.
Ari Juels, David Molnar, and David Wagner. Security and privacy issues in e–passports. Proceedings of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, pages 1-12, 2005.
Bruno Latour. A collective of humans and nonhumans. In Pandora's Hope: Essays on the Reality of Science Studies, pages 174-215. Harvard University Press, Cambridge, MA, 1999.
Footnotes:
1There is a technical distinction between radio frequency identification chips and contactless smart cards; the main distinctions are that smart cards are not designed for the relatively long operational range of RFIDs, and RFIDs are not designed to hold dynamic information. The difference between the two is now blurred though, since it has been discovered that by using high-gain antennas smart cards can have operational ranges in excess of ten meters, and RFIDs are now often manufactured with limited random access memory.