Previous entries
Next entries

May 24th, 2005

Will Embedding RFID Chips In Passports Pose a Saftey Risk to Americans?

By Alice Hill
RealTechNews

I’ve been a big fan of RFID technology as a way for retailers to track inventory and understand what merchandise is hot and what isn’t. I like the fact that RFID chips could help stores cut down on shoplifting. I also found the privacy argument mostly a bunch of hoo hah, because it just didn’t seem like a bad idea for a store to know that aisle three was running low on paper towels, and I suppose someone could sit in front of my house and scan in the fact that I like Red Bull energy drink and use Colgate toothpaste, but I guess I just don’t think that’s a big admission to be making. Storm the gates, she bought Velveeta! Supermarkets have been cataloging most purchases anyway with those loyalty cards.

But today we are going to look at the flip-side of RFID - the use of an RFID chip in passports. I travel a lot internationally and have to say that the it’s not th easiest time to be an American, and a chip that could broadcast that to anyone with a cheap RFID scanner is quite worrisome. So let’s kick the issue off with info I found on a slightly hysterical (as in alarmist, not funny) website called, RFID Kills.

“The RFID chip the US State Department wants to put in our passports holds 64KB of information, five and a half times the amount of read-only data the Apollo 11 computer needed to put a man on the moon. This chip will contain all of the information currently on your US passport, including your photograph. None of this information will be encrypted. When an RFID reader says ‘Marco’ to the passport chip, the chip will broadcast the entire contents of your passport in a digital, copy-able format. The more power the reader sends out to the chip, the further away the chip can be read. An RFID reader modified by terrorists to send out a lot of power could be used, for example, to do a drive-by scan of cafes in order to determine which one had the most Americans in it. A few thousand dollars and a little technical know-how is all it takes to buy and modify an RFID reader, a trifling sum for professional kidnappers, organized crime, or terrorist groups. ” Source: RFID Kills

Here’s the other side of the argument:

“Why would we assume that the US Department of State wouldn’t handle the RFID issue similarly to the way SpeedPass handles it? That the information embedded in the passport is simply an identification code, and the identification code ties back to a secure database? And that it’s the secure database which actually contains detailed data about the individual, not the RFID chip itself? Thus, an RFID-chipped passport would simply reveal an identification code that is meaningless unless you also have access to the secure database. Any terrorist or identity thief with an RFID reader would not have access to your name, your date of birth, your address, your digital photo. All they would have is, say, an alpha-numerical code. And as to the claim that kidnappers will be able to pick Americans out of a crowd, well here’s a news flash: any observant person can do that today. ” Source: The RFID Weblog

So I did more research and found this: “To protect privacy, the government assures tags won’t include visitors’ personal or biometric information. Rather, they will contain only serial codes that links to visitors’ information securely stored in databases used by US-Visit. The serial codes would be meaningless to any third party trying to collect that information. The tags also will be tamper-proof and difficult to counterfeit. Information on the tags cannot be changed, and the tags will only be activated once they’re officially issued. These factors will prevent so-called skimming, which is the use of unauthorized reading devices to capture information from RFID tags, the government contends. Also, authorities say, it’ll be impossible to track the whereabouts of someone holding such a passive tag without a corresponding reading device.”

So what do you think? My take is that the chips are not going to be an issue.

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • digg
  • Fark
  • NewsVine
  • Reddit
  • YahooMyWeb
You can leave a comment, or trackback from your own site. RSS 2.0

8 comments to "Will Embedding RFID Chips In Passports Pose a Saftey Risk to Americans?"

  1. Brad says:

    Having everything stored on a “secure” database wouldn’t make me feel one iota safer. In fact I would feel less safe. There’s no fail-proof way to secure anything that’s networked, therefore it would only be a matter of time before that database would be accessed by outsiders.

    May 24th, 2005 at 12:12 pm

  2. Alice says:

    Good point. Look at alll the credit card databases that are being leaked.

    May 24th, 2005 at 12:18 pm

  3. Rob says:

    Just put your passport in a foil sleeve when not at a checkpoint and you will be scan-proof. Can’t help you on the database. : {

    May 24th, 2005 at 1:37 pm

  4. David says:

    Yeah, they should make “passport protectors”…aluminum cases kind of like Altoids mints cases or something. I’d definitely get one for myself.

    May 24th, 2005 at 3:26 pm

  5. Cheese Toast says:

    Or you you could just keep it at The D’Souzas.

    May 24th, 2005 at 4:40 pm

  6. Perros says:

    And why not get a matching foil hat?

    Here’s news for all of you worrying about your info being put on a database, It already is! US imigration just scans the machine readable code at the bottom of the passport page and uses that to access their database at the moment.

    -Perros-

    May 25th, 2005 at 1:20 am

  7. Roy says:

    Altoiding your passport may not be a bad idea. The one property of RFID that no amount of information hiding can change is that it’s RFID. Whether or not an attacker can understand the information in the tag, he can always ascertain that the tag exists. This leads to the RFID-enabled passport being a beacon that identifies the carrier as USian. In some parts of the world, this identification can be hazardous to one’s health.

    May 25th, 2005 at 7:15 am

  8. Josh says:

    My beef isn’t with the databases and such. It’s with the technology. Everything that the government says that it wants to accomplish could simply be done with a card that requires physical contact, just like a credit card. Why does the government want to do this with radio waves, and NOT something like a credit card? The only real answer, to me, seems to be to allow covert tracking of someone. I don’t like that.

    May 31st, 2005 at 9:05 am

Leave a comment