Bruce Schneier’s new weblog

October 5th, 2004 – 7:07 pm
Tagged as: Uncategorized

Security expert Bruce Schneier has started a new weblog called Schneier on Security. It’s the same material he puts in his monthly Crypto-Gram, but it’s published continually, rather than just once a month.

Here’s a sample from his latest post:

But the Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that’s a very bad thing.

These chips are like smart cards, but they can be read from a distance. A receiving device can “talk” to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.

Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.

Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder’s knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily–and surreptitiously–pick Americans or nationals of other participating countries out of a crowd.

It is a clear threat to both privacy and personal safety, and quite simply, that is why it is bad idea. Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.

Security is always a trade-off. If the benefits of RFID outweighed the risks, then maybe it would be worth it. Certainly, there isn’t a significant benefit when people present their passport to a customs official. If that customs official is going to take the passport and bring it near a reader, why can’t he go those extra few centimeters that a contact chip–one the reader must actually touch–would require?

The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.

Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can’t be done.

Bruce usually has a perspective that is informed more by his security expertise than by his personal politics, and he’s always well worth a read.

2 Comments

» RSS feed for comments on this post

  1. 1

    RFID, like any other technology, has to be used correctly. The tags that are proposed can only be read from about 2 meters max, and that would take an antenna just as long, you would notice it before it could read anything. Reality, the range is just a few centimeters. Also, these are passive tags, so they are powered by the RF engergy from the readers. Put some tin-foil over the tag and you have effectivly fire-walled your passport.

    Leave all the ports on your server open and connect it to the internet and the whole world can see you from the comfort of thier own living room. Bring that nifty 802.11 wireless PDA into the airport, and you just exposed everthing on it to whomever is within 30 meters of you.

    RFID technology, like the internet, wireless networking, and wireless phones all have value, and if not configured and used carefully, can give up an enormous amount of privacy. So either we don’t use these medias, or we learn how to use them correctly from both a consumer and provider perspective.

    Best Regards,

    Tom Rose

    Comment made by Tom Rose on December 1, 2004 @ 12:40 am

  2. 2

    Yes, but that’s Bruce’s point, that this RFID deployment isn’t a correct use. As he says:

    Security is always a trade-off. If the benefits of RFID outweighed the risks, then maybe it would be worth it. Certainly, there isn’t a significant benefit when people present their passport to a customs official. If that customs official is going to take the passport and bring it near a reader, why can’t he go those extra few centimeters that a contact chip–one the reader must actually touch–would require?

    He’s right. What *benefit* is gained from having the chip be readable from any distance at all, even if it’s just a few centimeters?

    Comment made by Michael on December 1, 2004 @ 7:42 pm


Sorry, the comment form is closed at this time.