Passports and Privacy: Here Come the RFID Chips

Travel Blog  •  Michael Yessis  •  09.18.06 | 3:15 PM ET

passport22Photo by Michael Yessis.

As if we needed more to worry about when we’re traveling. Soon the United States, like many other countries, will start embedding radio-frequency identification (RFID) chips into all of its citizens’ passports, where it will store electronic copies of your digital photo and other relevant information. “By itself, this is no problem,” Bruce Schneier writes in a scary op-ed piece in the Washington Post. “But RFID chips don’t have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship.”

Some RFID proponents dismiss these arguments as scaremongering, saying those who are opposed are simply confused about the technology. It seems to me the concern is warranted. At least one security expert has already cloned an electronic passport and, according to Schneier, steps to implement security measures such as shielded covers and encryption mechanisms fall short.

Although those measures help, they don’t go far enough. The shielding does no good when the passport is open. Travel abroad and you’ll notice how often you have to show your passport: at hotels, banks, Internet cafes. Anyone intent on harvesting passport data could set up a reader at one of those places. And although the State Department insists that the chip can be read only by a reader that is inches away, the chips have been read from many feet away.

The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a “meaningless stunt,” pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.

It all could lead people to want to do this when they fly.

 

Tags: Travel and Security, North America, United States, News and Briefs


No comments for Passports and Privacy: Here Come the RFID Chips.

Commenting is not available in this weblog entry.