RFID E-Passports

Whether you’re one of the relatively few Americans thinking of traveling outside the country, a tin-foil-hat wearing conspiracy theorist, or simply a citizen concerned about identity theft, the imminent use of potentially insecure technology to electronically store personal data on new US passports should cause you to sit up and take notice.

As part of a plan hoped to increase efficiency and security at borders, the U.S. Government – along with several other government’s around the world – have planned a massive overhaul of the passport system, which includes digitizing and storing personal data on the passports themselves, allowing for quick electronic reading.

Rolling out now in passports issued to a select group of diplomats, and reportedly to be included in all U.S. passports by this October, Radio Frequency Identification technology, or RFID, has in some form been around for decades, but has recently become much more popular. If you have E-ZPass, or an American Express Blue card, you’ve used RFID tags before.

Also used by large retailers like Wal-mart to track inventory, the technology essentially stores small amounts of data on a tiny, paper-thin “chip” which can be accessed wirelessly by an RFID reader from a few inches to several meters away, depending on the type of reader and tag.

If you haven’t put two and two together yet, that means that someone could conceivably buy a wireless RFID reader from ebay or elsewhere, and steal the personal information right off your passport without even getting close to you. A few minutes in an airport could be enough to keep an identity theft busy for months, and unsuspecting victims busy for years.

The good news is that the data is at least encrypted, and the passport case deadens the signal enough so that it can only be read through direct contact. But if you ever want to take your new passport out of it’s case, you may want to make sure you’re relatively alone.

Some might think that encryption would be enough to alleviate fears of data theft, but recently a Dutch television show, with the help of a private security firm, was able to intercept Dutch passport data (which uses a similar RFID system and the same encryption) as it was being sent to a passport reader. Once they had the data, they took it back to a PC and decrypted the it in less than two hours, giving them the person’s picture, their fingerprint, and all the personal information a passport contains.

As if that weren’t cause enough for alarm, researchers – again from the Netherlands – recently demonstrated that computer viruses could be transmitted via these new passports, and thus introduced into the database systems. As one reader of popular tech blog engadget.com wrote recently, “What if you got an “I’m a terrorist” virus on your passport that alerted customs that you were a terrorist? That would make for some interesting vacations.”

For a technology with these potential issues, it’s no wonder that the U.S. government has wavered over the past few years in their statements about whether they would use RFID in new passports or not. A couple times they announced they had dropped the idea altogether, and at one point in 2005, they even announced that they would not even encrypt the data on passports at all. Clearly they’ve had some problems with the tech. Yet if all goes well in this test run, expect the RFID E-Passports to go into mass release by October, and the first reports of stolen data and cloned passports to pop up in the news media a few weeks later.

All hope for passport security isn’t lost however. A company called DIFRWear has recently begun selling a wallet and passport case which they claim will block RFID tags within them from being successfully scanned. If for some reason you can’t get your passport before October, picking up one of these might be a good idea, particularly if you already have an American Express Blue card which contains an RFID chip. At $15, it’s a cheap way to know that you’re safe, which when it comes to potential identity theft, is a whole lot better than being sorry.

Leave a Reply

Your email address will not be published. Required fields are marked *

+ 6 = seven