IBM in Essex Junction will soon begin manufacturing the high-security chips embedded in a number of different electronic documents, including the "e-passports" issued by the United States and other countries around the world, according to an announcement today by the chip's designer, Infineon Technologies of Neubiberg, Germany.
The new chips, called "highly secure integrated circuit," or "ICs," are considered "state-of the-art security technology" and have a variety of applications. They include Department of Defense ID cards, enhanced driver's licenses and Social Security cards, national ID and health cards, and "smart" consumer credit cards, says Matt Schmidt, spokesperson for Infineon's North American headquarters. According to Schmidt, the Vermont IBM facility will be the only plant in North America to make the new high-security chip, known as the SLE-78.
In recent years, the U.S. government has made a concerted effort to find domestic supply lines for such security-sensitive products, says Schmidt. Infineon, the world's largest security-chip manufacturer, has had a long relationship with IBM and is one of only two companies in the world that supplies the e-passport chips to the U.S. government. Schmidt declined to put a dollar figure on the value of deal, but said the contract between Infineon and IBM is "open ended" and will depend on a variety of factors, including global demand for the product.
The United States first began issuing e-passports (pictured, right) in 2006 as a way to make them more difficult to breach, forge or duplicate. Since then, about 50 to 60 million such passports have been issued. For years, electronic-privacy advocates have warned about the inherent dangers of radio-frequency ID, or "RFID," technologies that are used in enhanced driver's licenses and PASS Cards, the wallet-size American passports used for non-air travel among the U.S., Canada, Mexico and the Caribbean. They warn that such technologies allow governments and other individuals to snoop for data embedded in the chips without the users' knowledge or consent.
Notably, in February 2009 security researcher Chris Paget demonstrated how easy it is to capture passport card information from unsuspecting individuals while driving through San Francisco, using a device he built for only $250 in his spare time.
But according to Schmidt, passport manufacturers, both in the United States and elsewhere, have since taken additional measures to protect the contents of their security chips from being read surreptitiously. Schmidt claims these new passport chips require a "digital handshake" that makes them unreadable unless they're run through the optical character readers found at U.S. ports of entry.
Sounds like a challenge in the making.
****** UPDATE *******
Infineon spokesperson Matt Schmidt contacted Seven Days yesterday to clarify one point about the new technology.As Schmidt explained, the high-security chip used in U.S. passports that will be manufactured at the IBM Essex facility is "radically different" from the chip currently used in the PASS Card, which has been the subject of unauthorized digital snooping. As Schmidt explains, the PASS Card uses a chip similar to the one designed to "identify retail products in stores." For more information on that technology and the risks associated with its use, check out the reports published by the Smart Card Alliance, an industry association.
In contrast, Schmidt goes on to say, the chip used in the e-passport is a "secure microcontroller" with "more than 50 built-in protection mechanism." In short, he argues, comparing the chips used in the PASS card to the one in e-passport is a case of "apples and oranges." Or, chips and pretzels...