Sunday, October 24, 2004

Bruce Schneider on RFID passports

Most followers of computer security and privacy news know about Bruce Schneier. (He is the author and editor of the Crypto-Gram newsletter and of Beyond Fear: Thinking Sensibly about Security in an Uncertain World.) In his recent blog entry about the security and privacy issues related to the reports that RFID will be added to American passports (see Wired News: American Passports to Get Chipped), he very clearly articlates the perceived privacy risks of adding this technology to passports. I would only add that the same risks are inherent in adding RFID to any identity document.

Schneier on Security: RFID Passports:

"October 04, 2004
RFID Passports

... But the Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that's a very bad thing.

These chips are like smart cards, but they can be read from a distance. A receiving device can "talk" to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.

Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.

Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily--and surreptitiously--pick Americans or nationals of other participating countries out of a crowd.


The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.

Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can't be done.

Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it."


Anonymous said...

Bruce's name isn't "Schneider", it's "Schneier".

privacylawyer said...

I noticed that after I posted it, but changing it would affect the permalink. I think I've been much more diligent since in making sure that I get Bruce's name correct.

Thanks for the comment, though.