Fatal Flaw Weakens RFID Passports
By Bruce Schneier
02:00 AM Nov. 03, 2005 PT
In 2004, when the U.S. State Department first started talking about embedding RFID chips in passports, the outcry from privacy advocates was huge. When the State Department issued its draft regulation in February, it got 2,335 comments, 98.5 percent negative. In response, the final State Department regulations, issued last week, contain two features that attempt to address security and privacy concerns. But one serious problem remains.
Before I describe the problem, some context on the surrounding controversy may be helpful. RFID chips are passive, and broadcast information to any reader that queries the chip. So critics, myself included, were worried that the new passports would reveal your identity without your consent or even your knowledge. Thieves could collect the personal data of people as they walk down a street, criminals could scan passports looking for Westerners to kidnap or rob and terrorists could rig bombs to explode only when four Americans are nearby. The police could use the chips to conduct surveillance on an individual; stores could use the technology to identify customers without their knowledge.
RFID privacy problems are larger than passports and identity cards. The RFID industry envisions these chips embedded everywhere: in the items we buy, for example. But even a chip that only contains a unique serial number could be used for surveillance. And it's easy to link the serial number with an identity -- when you buy the item using a credit card, for example -- and from then on it can identify you. Data brokers like ChoicePoint will certainly maintain databases of RFID numbers and associated people; they'd do a disservice to their stockholders if they didn't.
The State Department downplayed these risks by insisting that the RFID chips only work at short distances. In fact, last week's publication claims: "The proximity chip technology utilized in the electronic passport is designed to be read with chip readers at ports of entry only when the document is placed within inches of such readers." The issue is that they're confusing three things: the designed range at which the chip is specified to be read, the maximum range at which the chip could be read and the eavesdropping range or the maximum range the chip could be read with specialized equipment. The first is indeed inches, but the second was demonstrated earlier this year to be 69 feet. The third is significantly longer.
And remember, technology always gets better -- it never gets worse. It's simply folly to believe that these ranges won't get longer over time.
More:
Story location:
http://www.wired.com/news/privacy/0,1848,69453,00.html