Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Juels is quick to note that the cards won’t be the only thing protecting the border. “If border agents do all that they’re supposed to do [including, for example, comparing the photographs stored in the database with those printed on the ID], they should be able to detect counterfeits,” he says. He adds, however, that it’s human nature to become less vigilant when there’s tech­nology to lean on.

When I asked the Department of Homeland Security about these concerns, press secretary Laura Keehner responded with a statement that said, in part, “While the risks described in the University of Washington/RSA paper may be technically possible, we believe that many are ­improbable, and even if realized, would have ­little impact other than causing an individual traveler minor inconvenience at the border. … As we identify additional mitigation strategies, we will continue to strengthen requirements for … cross-border travel documents in order to both enhance border security and privacy of the document holder.”

The New York License, and Beyond
No independent researcher has yet published an evaluation of New York’s enhanced driver’s license, but the card avoids some of the concerns raised about the federal and Washington cards. The chips in the New York licenses have serial numbers to protect them against counterfeiting, and their memory banks have been locked to protect them against unauthorized use of commands. It’s admirable that Homeland Security and the states it’s working with are willing to make use of better technologies than they chose at first. But it’s not clear whether these efforts will go far enough.

The New York licenses present the same privacy issues that the other cards do, and as Keehner’s comments suggest, officials have a tendency to dismiss such concerns–which could very well mean that nothing will be done about them. Yet surely it’s possible to protect the privacy of cardholders without requiring them to keep track of privacy sleeves. For example, says Avi Rubin, each card could be fitted with a button that allows the user to control when to send information. Unless the button was pushed in, the ID wouldn’t respond to queries. Such cards would cost a bit more, but they could offer more security as well as more privacy.

As long as the remaining problems are ignored, though, it’s unlikely that the technology will become good enough to protect international borders without compromising the privacy of thousands or millions of people. Tadayoshi Kohno, for one, says that at this point, he is not convinced that RFID even offers security advantages over the old IDs. Technology used on this scale, and for purposes this important, should be clearly better than what it’s replacing: the U.S. experience with electronic voting systems shows what can happen when it’s not. If officials continue to advocate band-aids such as privacy sleeves rather than working to address the full extent of critics’ concerns, they will ultimately undermine the very technology that they hope to promote. While new ID technology seems likely to stay, it could become a fiasco if officials don’t pay attention to the work of hackers and security researchers. These people try to expose weaknesses before they can be exploited maliciously. It’s much less painful to swallow the news from them than to wait until a problem becomes embarrassing–or devastating.

Erica Naone is a Technology Review assistant editor.

7 comments. Share your thoughts »

Credit: Harry Campbell

Tagged: Computing

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me