Passports issued by the United States of America are about to go high-tech. Starting this spring, all American passports will be manufactured with RFID chips (Radio Frequency Identification) embedded into each passports’ back cover. This chip will broadcast all of the information that is printed inside the passport, as well as a digital image of the passport-holder to any RFID reader within range. Older passports will be valid until they were scheduled to expire, whereas any passport renewed or established when the system takes effect will be chipped. These new passports, termed e-passports, will be harder to forge and easier to validate, hopes the U.S. State Department.
RFID technology has only recently become affordable enough to be widely adopted, sometimes costing as little as 40 cents per chip. It is currently coming to replace the conventional magnetic strips of ID badges at corporate offices, as well as being the basis of the EZ-Pass toll-collection system.
In addition to the personal information, each chip will also broadcast a unique digital signature that is intended to verify that the chip was produced by the government. The personal data on the chip, however, will not be encrypted.
Worried bloggers and privacy advocates, such as the American Civil Liberties Union, are concerned that e-passports will have the reverse effect on passport security than what is intended. The system, as designed, seems to allow for anyone with an RFID receiver within range to gain access to the contents of every passport that passes by, as well as a digital image of each passport’s rightful owner. With this information the individual can go about creating a duplicate passport or some other identification document in order to impersonate you.
However, government officials insist that the passport chips will be difficult to read from a distance greater than ten centimeters away. Additionally, RFID readers are large bulky machines that criminals would have a difficult time hiding from their potential victims. Unfortunately, there will be no way for a passport owner to know when his passport’s chip is being accessed.
A worry that is particularly striking is the possibility of a determined and intelligent criminal imbedding an RFID reader into a doorframe, or some such fixed structure and collecting passport information from hundreds of passers-by. Later, at his leisure, the criminal can choose a person whose photograph looks most similar to his own image and assume this person’s identity. The criminal can choose to make a duplicate passport without an RFID chip, which will still be accepted for years to come, or to produce an RFID chip with an identical digital signature as the original. In either case, an evildoer can get all of the information he needs by gaining access to these chips.
Luckily, potential identity theft can be avoided fairly easily. Simply storing your passport in a metallic sleeve, which will deflect radio waves, will prevent any reader from accessing the chip’s data. The privacy concerns being raised will not affect those who are aware of the existence of the chip and actively protect themselves in this way.
However, it does seem as though the government truly failed to address a potentially important security problem. E-passports have already been issued to some government employees, and plans to expand this system are moving along swiftly without a second thought to privacy. Given the information available about RFID technology, it does not seem likely that an average street criminal will be able to steal your personal information. However, the door seems open for a highly organized effort, if unnoticed, to exploit the system.
