Hello again pcventures-ga;
Thank you for allowing me to answer your interesting question. The
concerns about radio frequency identification (RFID) passports are
based on multiple issues. Since the document is said to contain a
?smart card? of sorts it can be read remotely and from a distance.
This allows anyone with a reader to learn about, locate or isolate a
cardholder from a crowd of people based on certain criteria (name,
nationality, etc). Should some nefarious person or organization with
evil intentions come into possession of a reader, they could
theoretically pinpoint a person in a crowd for victimization or
exploitation without their knowledge.
Secondly, there is personally identifying data on a passport that most
people would prefer to keep safe or at the very least, private. A
person with a card reader could also theoretically steal someone?s
identity and use that information illegally.
Present technology enables these chips to be read from as far away as
160 feet (20 meters, though the tests have been disputed) and while
the industry is trying to reduce the distance from which a chip can be
read to only a few centimeters so card-holders are made aware of the
scan, the fact remain that most of the current chips and readers
function relatively well at greater distances than that. Improvements
in technology are not only possible but also probably inevitable
(eventually, at least). However, given the temperament of the world
today and the need to efficiently, quickly, remotely and
surreptitiously scan large numbers of people in very short periods of
time, it is doubtful that the reduction of RFID signal distance is
likely to become an important issue any time soon. Because of this
security issue a person walking through an open market or airport for
example can be scanned without his knowledge in only a matter of
seconds and his need for privacy is greatly outweighed by the need for
more efficient security.
Thirdly, theft is always in the forefront of people?s minds. Should
the card become lost or stolen there is always the possibility that
someone could use the information improperly. Hackers are already said
to have cracked RFID codes in Germany and in the Netherlands so
clearly such a scenario is possible in theory.
Next, of course, is the issue of forgery. If a party were to duplicate
one?s chip it would be difficult if not impossible to determine, if
scanned from a distance, that the carrier of the fraudulent chip was
not who he or she is reported to be by a remote scanning device.
Finally, it is no secret that some scientists have insisted that the
encryption method used in RFID chips is seriously flawed. In a recent
paper RSA Laboratories' Ari Juels, and University of California's
David Molnar and David Wagner, warned that the design of the
encryption keys has numerous problems.
Moreover, privacy advocates are claiming that the government has no
statutory authority to place such devices on personal documents.
The US State Department claims it has addressed these concerns by
enacting laws, but apparently not to the satisfaction of advocacy
What measures can you take to help protect yourself? Well, one
possibility (albeit somewhat tongue-in-cheek) is the suggestion that
someone invent an ?anti-RFID wallet? in which the passport can be
carried so that the signal can only be read when it is specifically
requested by someone operating a scanner. Such a ?wallet? does not yet
exist that I am aware of but such a device could certainly provide the
carrier with some peace of mind that he is not being randomly scanned
without his knowledge. Again, this suggestion is only theoretical but
it does seem to make some sense, though it would probably be handily
defeated and deemed illegal should RFID chips become the norm.
Unfortunately, short of not getting a passport at all, it seems that
one?s best option at the moment is to lobby against them, or at least,
to lobby against the way in which they are designed and tentatively
anticipated to be used. You might consider becoming involved in one of
the anti-RFID groups and letting your concerns be known to your
governmental representatives. Here are some groups within this area of
ENTERPRISE PRIVACY GROUP
CONSUMERS AGAINST SUPERMARKET PRIVACY INVASION AND NUMBERING (CASPIAN)
I hope you find that my answer exceeds your expectations. If you have
any questions about my research please post a clarification request
prior to rating the answer. Otherwise I welcome your rating and your
final comments and I look forward to working with you again in the
near future. Thank you for bringing your question to us.
Tutuzdad-ga ? Google Answers Researcher
SCHNEIER ON SECURITY
SEARCH ENGINE USED:
SEARCH TERMS USED: