pixelbomb

While the US State Department is continuing to promote RFID embedded passports as being a good thing for national security and are assuring people they are addressing the many privacy issues, critics are still crying foul.

RFID privacy problems are larger than passports and identity cards. The RFID industry envisions these chips embedded everywhere: in the items we buy, for example. But even a chip that only contains a unique serial number could be used for surveillance. And it’s easy to link the serial number with an identity — when you buy the item using a credit card, for example — and from then on it can identify you. Data brokers like ChoicePoint will certainly maintain databases of RFID numbers and associated people; they’d do a disservice to their stockholders if they didn’t.

The State Department downplayed these risks by insisting that the RFID chips only work at short distances. In fact, last week’s publication claims: “The proximity chip technology utilized in the electronic passport is designed to be read with chip readers at ports of entry only when the document is placed within inches of such readers.” The issue is that they’re confusing three things: the designed range at which the chip is specified to be read, the maximum range at which the chip could be read and the eavesdropping range or the maximum range the chip could be read with specialized equipment. The first is indeed inches, but the second was demonstrated earlier this year to be 69 feet. The third is significantly longer.

And remember, technology always gets better — it never gets worse. It’s simply folly to believe that these ranges won’t get longer over time.

To address this concern, the State Department has announced it will be included a radio shield which will protect the chip from being scanned when the passport is closed. The data contained on the chip will also be encrypted, with the key physically printed on the passport itself.

However, RFID chips can still be uniquely identified by their collision avoidance ID number — a number that is buried deep in the chip. To fix this concern, critics are asking the not only the State Department, but RFID manufacturers on a whole to implement ISO 14443A, the RFID spec that allows collision avoidance based on a random system instead of unique ID.

[via Wired]

This entry was posted on Thursday, November 3rd, 2005 at 10:39 am and is tagged with tech, travel. You can discuss this entry, share pictures, and more in the pixelbomb forums. Responses are currently closed, but you can click here to generate a trackback url for your own site.