Feds Rethinking RFID Passport
posted by:Jennifer Manning // 07:58 AM // April 27, 2005 // Surveillance and social sorting
Following criticism from computer security professionals and civil libertarians about the privacy risks posed by new RFID passports the government plans to begin issuing, a State Department official said his office is reconsidering a privacy solution it rejected earlier that would help protect passport holders' data.
The solution would require an RFID reader to provide a key or password before it could read data embedded on an RFID passport's chip. It would also encrypt data as it's transmitted from the chip to a reader so that no one could read the data if they intercepted it in transit.
TrackBack URL for this entry:
I think the State Department is not telling the real (or at least reasonable) motivations for using RFIDs on passports.
What is being claimed now (in the article as well as in the INTERNATIONAL CIVIL AVIATION ORGANIZATION document mentioned) is that the RFIDs are being used for the only purpose of holding an electronic signature that can be matched with the information found on the passport thus certifying its authenticity.
But this very same security requirement can be achieved in a 1) more cost effective and 2) more secure (from eavesdropping) way using UPC bar code technology. So why does the State Department insist on using RFIDs? Certainly not for lack of ideas or solutions.
In fact, as indicated in the article, the U.S. officials rejected an anti-skimming/eavesdropping solution that the International Civil Aviation Organization proposed. And that's quite reasonable because their solution destroys RFIDs' ability to be read remotely and with no line-of-sight, reducing it to a mere barcode (with a higher cost!) which is apparently not what U.S. officials are looking for.
For more on RFIDs, their reading range, and cost see http://www.rfid-101.com/rfid-frequencies.htm
Posted by: Mohamed Layouni at April 28, 2005 11:08 AM