A passport card set to be issued by the State Department for travel to Canada, Mexico and the Caribbean doesn’t require privacy protection, even though it uses a radio frequency identification chip which can be read from 20 feet away, because the chip itself doesn’t contain personal information, according to the director of the National Institute of Standards and Technology.
NIST director William Jeffrey said that because the RFID chips will only contain a unique reference number which points to a database entry, the passport cards don’t need to be encrypted or to have other safeguards for protecting personal information.
But RFID industry and computer security experts disagreed, saying that even the reference number could be used to compromise Americans’ privacy and security at ports of entry and abroad.
“Strong encryption was deemed unnecessary due to the lack of information on the Radio Frequency chip outside of the pointer to the secure Department of Homeland Security database,” Jeffrey wrote in a May 24 letter to the Smart Card Alliance, an industry group.
NIST also concluded that since the RFID chip contains no personal information, the card architecture for the PASS card is not subject to international standards regarding protection of personal information on smart cards and other types of identification cards.
“The card architecture will contain no technology to collect, store and share personal information,” Jeffrey wrote. — Washington Technology
But even a single number readable from 20 feet away could jeopardize the safety of Americans traveling abroad, experts said.
NIST “is making the very mistakes the Data Privacy and Integrity Advisory Committee warned about,” said security expert Bruce Schneier, who served on that committee when it released a report recommending against the use of RFID in identifying people.
And Smart Card Alliance executive director Randy Vanderhoof laid out the problem succinctly in a statement last year: “Unlike electronic passports, which have built-in security features, a free read of a unique reference number at long distances opens possibilities to identify or even track U.S. citizens.”
The Smart Card Alliance said that the government failed to follow best practices for using RFID in identity applications, and recommended that the government use short-range RFID chips which have only a range of a few inches.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works license.
Video published by this site is licensed under a Creative Commons Sampling+ license.
Bad Behavior has blocked 2646 access attempts in the last 7 days.
Facebook
Digg
del.icio.us
reddit.com
Newsvine
Nigel Watt
May 31, 2007
I have a Faraday cage wallet. I’ll probably still microwave any REALID, but at least it’ll be harder for my identity to be stolen.
Brock
Jun 01, 2007
I’m gonna figure a way to power my cell phone from it. Anyone want to invest in my company?
miche
Jun 05, 2007
Didn’t you guys pick on me in February ’06 for bringing this up @ HoT? I had to replace my passport and was pissed about my new RFID tech model.
geri
Jun 15, 2007
“Secure” Department of Homeland Security database…
ROFLMAO..funniest thing I’ve heard in a long time.
chuck
Jan 19, 2008
Microwaving them may not work. A company has introduced a new device that uses magnetic technology to “radiation harden” the rfid up to a dose of 45000 Gray. This is a whole lot higher than airport x-ray equipment and much higher than gamma ray sterilization doses.
So, you may have to magnetize them in a very strong magnet or radiate them a long time or both.
summer
Oct 24, 2010
• Keytag,Plastic card,Magnetic strip card,RFID cards,DESfire 4K cards,Mifare 1K,4K card
Dear Sir/Madam,
We OPRFID Technologies., LTD are a manufacturer of smart cards and PVC Cards.
Our major Products is Memory Chip cards,Plastic card,Mifare DESfire card,PVC card,RFID Chip cards and CPU Chip cards, Java Chip cards, Magnetic strip cards, Barcode cards and so on.
The most competitive price and the best quality with service will be offered for your company.
We wish to have the opportunity to serve for you, if you’re interested in our products, please no hesitate to contact us for more detailed informations.
Thanks.
Have a great day!
OPRFID Technologies., LTD
2-603 Room, Hong Feng Jia Yuan , 270# BeiMo Stree ChengXiang Putian City Fujian,
P.R, China.
Tel: (0086)594 2790031
Fax: (0086)594 2790185
Website: http://www.oprfid.com
Email:OPrfid.summer@oprfid.com
MSN:oprfid.summer@hotmail.com