Privacy Threat in New RFID Travel Cards? 265
DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."
Even if it was a few inches... (Score:3, Insightful)
RFID triggered terrorist bombs (Score:5, Insightful)
Re:practically speaking (Score:2, Insightful)
Imagine that these ids can be read from a distance. Now suppose a chain of stores, say some clothing stores, installs sensors and begins reading these tags. You sign up for their "monthly mailing list", and now they know who you are and what your unique ID is.
After a trip, you get an email/letter saying, "Thanks for visiting our [exotic destination] location. We hope you enjoyed your trip". Okay, not terrible, but I don't really want clothing stores knowing where I take my vacations.
Now, substitute that store with your employer, and your vacation destination with a labour lawyer. All of a sudden you employer knows you've been talking to a labour lawyer.
There are definitely worse scenarios, if you let your imagination run a little
Re:practically speaking (Score:5, Insightful)
There is off the shelf hardware that will allow you to read RFID tags (with varying levels of reliability) from ranges in excess of thirty feet. A collection of RFID tags produces a sort of constellation even if they are not unique. For instance, the guy who has the bottle of scope mouthwash, the bag of fritos flamin' hot, and the #2 philips screwdriver at this intersection is probably the same guy who has the same stuff at the next intersection. This allows you to positively track someone based on checkpoints, even without a unique RFID like your passport will be. Furthermore, even if some of the tags don't scan properly, the percentage similarity can be compared from point to point and you can get a fairly positive match anyway.
With Unique tags, then you don't need to go even that far, of course.
If you cannot imagine why this is a bad thing, then truly, you should read 1984.
Re:practically speaking (Score:5, Insightful)
"Ground Beef a L'amerique".
Ingredients:
1 Terrorist.
1 RFID reader.
1 Pringles can.
1 Blasting cap.
1 Pound of boom-boom stuff.
Assemble recipe. Bake in broad daylight on side of road until American tour bus comes by.
Re:practically speaking (Score:3, Insightful)
RFID is bad because it makes the job of criminals much easier, and there has been no boost in security from other areas. There is another aspect of this which is slightly more controversial: prosecution based on RFID.
The bottom line is, no machine will be as efficient and accurate at identifying what happens at a crime scene. With the use of RFID scanners you could "confirm" that John Doe was the man who broke into a jewelry shop... when in fact is was John h4x0r. Currently, the competency of courts when dealing with issues of advanced technology is a shame to the US, and with this kind of power of evidence things will only get worse.
With these two major issues raised, I ask what advantages does having personal RFIDs bring to the table? The purposes that justify checking identification now are mostly childish, and wouldn't stop any truly purposed criminal. This question is just another one of those situations where benefit/loss is so bad that it begs the question of whose side its supporters are on.
In other news ... (Score:3, Insightful)
(I choose such an odd analogy because rfid readers are about as hard to obtain as microscopes. Not everyone will have one on them but it's not exactly mil-spec hardware)
Or RFID triggered goverment bombs (Score:2, Insightful)
Devil's advocate - switch the antenna (Score:5, Insightful)
Why not put a switch in the antenna's path? To use the card, you have to push a contact button to turn it on? That would stop passive scanning, right?
A boon for terrorists (Score:3, Insightful)
Re:practically speaking (Score:2, Insightful)
That doesn't work too well in a passive setting, like along side of a road, or unmanned building entrances, etc...
On the back of my credit card, I have my endorsed name AND a note that says "please check ID". How often do you think they check my ID? Also, do you think EVERY place that is going to be using this cards has a nice pretty display to view the picture of the individuals? And if it's a simpe 96 digit number, then imagine the fun as criminals cycle thru the DB looking for people who match their general appearance. Oh what joy.
Re:practically speaking (Score:5, Insightful)
How is this any different from someone stealing your passport now?
Because it's not even necessary to steal your passport, it's not even necessary to touch it. You can walk past someone at 25 feet and copy it. If you have an ordinary passport and keep it in a safe place all the time you can be pretty sure no one takes it without you knowing and if they steal it, you might notice it's missing.
Besides, if the RFID card is designed to be readable at 25 feet, it's probably possible to do so at a much longer distance using special equipment.
Re:yes, but.. (Score:3, Insightful)
If you've done nothing wrong... (Score:2, Insightful)