An identification card intended for use by Americans that frequently travel to nearby countries has significant security weaknesses that could be used to track U.S. travelers, the Center for Democracy and Technology, a policy group, said this week.

The U.S. Department of State issued federal rules on Monday describing the specifications of the card, known as the Passport Card. The electronic document contains a remotely readable chip known as a radio-frequency identification (RFID) tag but has far fewer security measures than the electronic passports, or e-passports, currently being issued to U.S. citizens, the CDT showed in a chart comparing the two formats. In addition, the Passport Card has a unique identification number that can be read at a distance of up to 20 feet, placing U.S. citizens in danger of being tracked, the group stated.

"The new rule calls for the use of 'vicinity read' RFID technology without the use of encryption -- this means the card will be able to be read remotely, at a long distance," the CDT said in an online statement. "CDT strongly objected to the use of this technology -- developed for tracking inventory, not people -- because it is inherently insecure and poses threats to personal privacy, including identity theft, location tracking by government and commercial entities outside the border control context, and other forms of mission creep."

Electronic documents and identification cards have became a major issue in the past two years. In 2006, the United States began deploying a nationwide system for reading electronic passports, despite the reservations of security researchers and privacy advocates about the electronic documents. Last year, security researchers continued to warn about problems with using RFID in privacy-sensitive applications, despite legal threats by companies whose product were investigated.

The State Department received more than 4,000 comments on the proposed format of the Passport Card. The majority of the comments were generated by an online petition, but 18 comments addressed perceived privacy issues and another 21 comments outlines potential security problems with the electronic document.

If you have tips or insights on this topic, please contact SecurityFocus.