UMBC ebiquity
New US RFID pass card raises privacy and security concerns

New US RFID pass card raises privacy and security concerns

Tim Finin, 12:39pm 1 January 2008

Today’s Washington Post has a story, Electronic Passports Raise Privacy Issues, on the new passport card that’s part of the DOS/DHS Western Hemisphere Travel Initiative. The program is controversial since the cards use “vicinity read” radio frequency identification (RFID) technology that can be read from a distance of 20 or even 40 feet. This is in contrast to the ‘proximity read’ RFID tags in new US passports that require that the reader be within inches. The cards will be available to US citizens to speed their processing as they cross the borders in North America.

“The goal of the passport card, an alternative to the traditional passport, is to reduce the wait at land and sea border checkpoints by using an electronic device that can simultaneously read multiple cards’ radio frequency identification (RFID) signals from a distance, checking travelers against terrorist and criminal watchlists while they wait. “As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through,” said Ann Barrett, deputy assistant secretary of state for passport services, commenting on the final rule on passport cards published yesterday in the Federal Register. src

As described in the ruling published in the Federal Register, the Government feels that privacy concerns have been addressed.

“The government said that to protect the data against copying or theft, the chip will contain a unique identifying number linked to information in a secure government database but not to names, Social Security numbers or other personal information. It will also come with a protective sleeve to guard against hackers trying to skim data wirelessly, Barrett said.” src

Of course, if you carry the card in your purse or wallet, your movements can still be tracked by the unique ID on the card. There are also security concerns since the tag’s ID may be cloned.

“Randy Vanderhoof, executive director of the Smart Card Alliance, represents technology firms that make another kind of RFID chip, one that can only be read up close, and he is critical of the passport card’s technology. It offers no way to check whether the card is valid or a duplicate, he said, so a hacker could alter the number on the chip using the same techniques used in cloning. “Because there’s no security in the numbering system, a person who obtains a passport card and is later placed on a watchlist could easily alter the number on the passport card to someone else’s who’s not on the watchlist,” Vanderhoof said.” src


3 Responses to “New US RFID pass card raises privacy and security concerns”

  1. HAL Says:

    Just get yourself a cell phone blocker bag. Make sure the mesh compound covers the reader freq of the ID tag. About 25 bucks, on average.

    HAL

  2. Mr. Protip Says:

    PROTIP: EMP an airport and the chips in the passports are fried – as well as all other electronics – but nobody would suspect that the target was the passports and users could pass checkpoints untagged.

  3. Mr. Protip Says:

    “But Mr. Protip, airports are high security areas it would be foolish to unleash an EMP there!”

    Thats a good point, alter-ego, in other countries and places like Europe, passports are needed for many other services outside of airports. EMP-ing is much easier in less security zones like malls, where one, especially tourists, might be to get a new phone card, or a sim card for their out of area cellular phone. A passport might need to be presented there, EMPing cards in those locations would render still render their RFID chips fried by the time they go to the airport!