Passport RFID New US passports are slated to have Radio Frequency ID (RFID) chips added shortly. The chip will broadcast details of the owners name, address, digital photo to anyone with suitable receiving equipment. The reason given is to improve security, but it's difficult to see how this addition will improve security. A number of groups have pointed out the possibilities for easy identity theft by anyone with a suitable receiver. The argument has degenerated into a 'yes it is'/'no it isn't' slanging match between those who claim that the signal can be read at a distance, and those who claim you have to be within a few centimetres to read it. Now as it happens we in the UK are also due to have our passports 'chipped' in the near future, so I was already thinking about this issue. I don't really know just what range the chips can be read at - I'm a programmer not a hardware engineer - but there are one or two issues that no one seems to be addressing. For instance we all know from experience that there are freak conditions where radio signals can be broadcast far beyond their normal range. It would be prudent to assume that the same can happen with RFID signals - they are after all radio signals. Arguably, though, this is a rare enough phenomena that no 'reasonable' criminal would rely on it. So is there any evidence that the signals can travel significant distances - say a meter or two - under normal operating conditions? I don't know. I haven't been able to find any trial results that would vindicate either side in this argument. However, it is worth considering that these RFID chips are the same ones that the likes of K-Mart and the big supermarkets are trying to introduce on their goods. Now, over here, one of the benefits touted for these chips is that you wouldn't have to queue at the checkout anymore. The RFID reader, it is claimed can read all the RFID chips in your trolley in one go. Think about that. A supermarket trolley is about two feet wide, and there is some extra space in the gaps between the checkout desks. The reader will have to read the RFID chips on the far side of the trolley, and it will have to be able to read them reliably (think of the litigation if they got it wrong). This implies that the readers can reliably read the chips at least a yard away - and probably considerably further away with somewhat less reliability. So, we are forced to conclude that either supermarket owners are lying to us, or politicians are lying to us! Take your choice. There is another issue, though, that no one seems to have raised yet, and that concerns the chips themselves. The whole point about these chips is that they are supposed to be ubiquitous and available for a few cents. This implies that (a) they are very simple in structure and (b) they are easy to manufacture. Both these factors lead inescapably to the conclusion that anyone with the technical ability to forge or successfully alter a passport would have no problem faking up the RFID chip. But it's even worse than that when you consider psychological implications. Whenever these sort of tech 'silver bullets' are introduced there is a tendency to rely on them. How long will it be before passports whose RFID chips, much easier to fake than the passport itself with all the complex watermarkings, become the subject first of the most cursory inspections, and then of only random checks if the RFID chip comes up OK? Because of this the effect of RFID is, it seems to me, to add a weaker, less secure, link into the passport. As the 19th century proverb says, 'A chain is no stronger than its weakest link'. http://go.hotwired.com/news/privacy/0,1848,65412,00.html/wn_ascii |
If you have any questions or comments about the articles on my web site, click here to send me email. |