The Department of Homeland Security's US-VISIT program is testing radio frequency identification systems through Spring 2006 at five crossing points along the Canada and Mexico borders to better monitor the comings and goings of visitors to the U.S., sparking protests from privacy groups.

Meanwhile, the Department of State also is looking at incorporating RFID in U.S. passports while Great Britain is field-testing RFID-enabled automobile license plates, an application that U.S. officials reportedly also are contemplating.

The DHS and DOS programs differ in that the RFID chip used by the DHS contains a unique numeric identifier. In contrast, the DOS chip also contains a digital photo, fingerprints and biometric and biographical information.

The DHS program is a pilot program that involves just five border crossings out of the 50 in the U.S. that fall under the aegis of US-VISIT. (There are 166 total US-VISIT ports of entry in the U.S. and Puerto Rico, including airports and seaports.) The chip is embedded in the standard I-94 form issued to non-residents when they enter the country. US-VISIT has printed the forms being used in the pilot program on heavier stock to accommodate the chip.

The pilot program is seeking to determine whether a balance can be struck between keeping the U.S. safer and avoiding onerous inconvenience for the millions of legitimate visitors who enter the U.S. for work and play each year, according to US-VISIT Director Jim Williams.

Williams said about $650 million in trade crosses the U.S./Mexico border each day, with double that — about $1.4 billion — crossing the U.S./Canada border.

“We want to find every means possible to protect that supply chain,” while improving border security, he said.

In addition, about 500 million people cross the borders each year, with about 350 million of them crossing at land border checkpoints.

“The vast amount of people entering the country are legitimate, and we want people to come to the U.S.,” Williams said. “But we also want to stop the bad guys who want to do us great harm.”

The land border check program isn't the first DHS initiative in this regard, according to Williams. Digital fingerprint-scanning was implemented at 115 U.S.-based airports and 14 seaports handling international traffic in January 2004 that, to date, has stopped 700 potential entrants who were either arrested or deported. In the process, the program processed 30 million visitors, Williams said.

Those concerned about additional bottlenecks potentially created by forcing visitors through RFID readers have little to worry about, according to Williams, because only about 4.5 million visitors annually are subject to the I-94 process.

He added that US-VISIT is very cognizant of the need to keep things moving at land border checkpoints. He cited the border crossing at San Ysidro, Calif. — the main crossing between San Diego and Tijuana, Mexico — that has “24 [automobile] lanes jammed 24 hours a day.” When lines grind to a halt, “people in line get frustrated, and they cause pollution,” Williams said.

While privacy groups are concerned about using RFID for such purposes, their worries are unfounded, largely because the passive tags being used for customs forms and passports have a read range of only about 3 inches, according to Tim Heffernan, director of government relations for RFID vendor Symbol Technologies.

“Hand-held readers are quite large. You would notice someone using a gun-like device with a funky antenna trying to scan people from three inches away,” he said. In addition, the data is encrypted.

Even in a worst-case scenario, the only information that could be pirated from the tag is the unique identifier number, which has no meaning unless matched to information in the US-VISIT database, Heffernan said, adding that privacy groups would do well to refrain from alarming the public needlessly.

“Everyone was afraid of bar-coding when it was new, because it was thought that retailers would use the technology to trick consumers,” he said.

But hackers regularly hack into databases, said Cedric Laurant, policy counsel for Washington-based Electronic Privacy Information Center.

“Once you're into the database, you can connect the dots,” he said.

Consequently, EPIC wants the DHS to adopt measures taken by the State Department to reduce the chances for data interception. Among the tactics adopted by the DOS for its e-Passport program is the use of a thin metal substrate in the passport folder to deflect radio waves, making the hand-held readers used by skimmers and eavesdroppers useless.

This tactic wasn't part of the program originally, according to Sara Shah, ABI Research analyst. “The privacy groups in this case did a really good job — they got the government to listen,” she said.

Shah added that the two-layer protection afforded by the substrate and data-encryption techniques should afford adequate protection to e-Passport holders. “Anything's possible, but the possibility [of interception] seems so low,” she said.

Another DOS tactic EPIC wants the DHS to adopt is the incorporation of basic access control (BAC), which would require a key or password to unlock the information contained on the RFID chip. But Laurant concedes that BAC processes could add time at the border crossings. “The utility of RFID would no longer make sense,” he said.

Time is a critical component, Williams said. “At very busy border crossings, adding a few seconds to the person at the front of the line could add hours to the person at the back of the line.”