Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Threat in New RFID Travel Cards?

Posted by ryuzaki0 on from the new-and-improved-tin-foil-wallets dept.

DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."

2 of 265 comments (clear)

  1. Re:practically speaking by dwandy · · Score: 5, Informative
    This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse
    Lots of ways, most immediately comes to mind:
    1. Capture your data.
    2. Encode to my chip.
    3. Now I'm you, I can:
      • Travel as you.
      • Commit various offences as you
      • Do whatever I want as you, and hell, the computer can't be wrong.
    5. (mandatory) PROFIT!
    But I'm sure more devious plots will come to other people's minds...
    --
    If you think imaginary property and real property are the same, when does your house become public domain?
  2. Clear up some of the FUD by Anonymous Coward · · Score: 5, Informative

    Let's clear a few things up, because there is a little FUD here... IANAL, but I am in the RFID business for commercial use (inventory management and the like)

    1. RDID tags come in a HUGE variety of types. You have to choose the right tag for the job. For example, is the item liquid? Is it metal? Is it a large crate? A small one? Etc. My guess is for a passport, the RFID tag would be a very short range (2-3" read type).

    2. There are active (like those attached to your toll tags, or to large pallats & containers). These have batteries in them. A passport won't have a battery in it.

    3. There are passive tags. These get charged by the antenna, that makes the circuit work. Think crystal radio here... same sort of concept. It charges the circuit, then the reader reads the tag.

    4. The tags generally (although they can) carry only a serial or lookup number. NOT specific information. The more info, the more expensive the tag. Some newer tags CAN carry things (like product expiriation dates, inventory dates, etc.)

    5. There are tags that can be both programmed and are read only. Depends on the type of tag. Both active and passive tags can do this. This means the reader can also program the tag.

    6. Readers are NOT hard to get. It's a commerical device. However, in most cases, the reader is specific to the tag type. There are SOME standards coming out now with the gen2 tags, but they are not in wide deployment. The readers are NOT CHEAP.

    So, here's my guess of what they would (or SHOULD) do:

    --very short range passive tag (would require the passport to nearly touch the reader)
    --Read only tag
    --Tag would only contain some sort of authentication string that would be read, decrypted, and authenticated to see if passport is real.
    --Tag would contain some sort of lookup string, which would be read, then queried on the backend systems to make sure the tag matches what's on the passport.

    ALL this can be done with protection of privacy, IF DONE RIGHT! It's being done today, specifically in the pharma industry.