United States now issuing RFID Passports

I subscribe to a tech newsletter, and this morning I learned that the U.S. is now issuing passports that contain micro RFID chips which store personal information about the passport holder.

This has huge privacy and security implications for U.S. citizens. Many worry that RFID (which Walmart uses to track supplies, shipments, and inventory) will be used to track citizens, and monitor their whereabouts. Even worse, RFID passports may subject the user to identity theft, as the information can be easily gathered/read using an RFID scanner (you can even amplify the signal so that the information can be read from a distance).

According to Cnet…

"State Department officials claim that a layer of metallic anti-skimming material in the front cover and spine of the book can prevent information from being read from a distance, provided that the book is fully closed. The document will also employ a cryptographic technique called Basic Access Control, which means the RFID chip unveils its contents only after a reader successfully authenticates itself as being authorized to receive that information.

"State Department spokesman Kurtis Cooper dismissed recent concerns raised by security researchers that the passports could nevertheless be 'cloned'–that is, copied and used in a forged passport. The agency is confident that other security features built into the book would foil would-be imposters, he said.

"The cloning technique demonstrated at the Las Vegas [DefCon hacker convention] is simple: It requires only a laptop equipped with a $200 RFID reader and a smart card programmer. The laptop's software scanned information from the RFID chip and wrote it to the smart card, which can then be embedded in a fake passport.

"Security researchers have not, however, figured out how to alter the personal information, which is protected with a digital signature designed to enable unauthorized changes to be detected. Creating a fake passport therefore would be most useful to anyone who can forge the physical document and resembles the actual passport holder."

Online reactions about the new passports are exceedingly negative. To prevent identity theft (and "fishing" expeditions for your personal data) some people suggest buying a wallet that acts as a Faraday shield, and prevents the passport from being read via a RFID reader (unless the passport is removed from the wallet and opened). Others suggest microwaving the RFID chip, and thus destroying it. The unanswered question, however, is will you be able to travel, and gain entry to foreign countries if the RFID chip is destroyed/non-functioning?

Plus, there is the threat of terrorists scanning crowds to find Americans to target (the targeting could be based on accessing the information inside the RFID chip, or based on the digital fingerprint of the chip/signal).

Bottom-line: This is not good news. RFID is a technology, and like all technology/hardware, it's "hackable," crackable, and breakable on some level.

Read more about new RFID passports, U.S. rollout of RFID, and the security risks of RFID passports.