Sunday, April 10, 2005
RFID's in passports: A criminal's dream
How more sercuirty can make you less secure.
Jax
The reason RFID is more controversial than, say, a bar code is that the data on the chip is read by a remote reader. The State Department asserts that the tags it will use can be read from only 4 inches away. But privacy advocates say there's no way the State Department can guarantee that.
As security expert Bruce Schneier writes on his blog:: "Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity. Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily -- and surreptitiously -- pick Americans or nationals of other participating countries out of a crowd."
There are no plans to encrypt the data on the tags in passports. "This is a dangerous, inappropriate device to be installing in U.S. passports," says Scannell, who imagines terrorists overseas identifying Americans by their passports when picking targets to bomb. "Which cafe do we lob the grenade into? Ping, ping, ping. There are 21 Americans in there." The tags could also be used to identify people who walk into an abortion clinic, a mosque or a political meeting. (Link)
Jax
The reason RFID is more controversial than, say, a bar code is that the data on the chip is read by a remote reader. The State Department asserts that the tags it will use can be read from only 4 inches away. But privacy advocates say there's no way the State Department can guarantee that.
As security expert Bruce Schneier writes on his blog:: "Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity. Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily -- and surreptitiously -- pick Americans or nationals of other participating countries out of a crowd."
There are no plans to encrypt the data on the tags in passports. "This is a dangerous, inappropriate device to be installing in U.S. passports," says Scannell, who imagines terrorists overseas identifying Americans by their passports when picking targets to bomb. "Which cafe do we lob the grenade into? Ping, ping, ping. There are 21 Americans in there." The tags could also be used to identify people who walk into an abortion clinic, a mosque or a political meeting. (Link)
