In a prior post, I discussed the new RFID technology and its data security and privacy issues. There is an excellent Los Angeles Times article which questions just how secure the U.S. State Department's new RFID passports are. Here's how the new U.S. passports work:
"The chip on your passport stores your name, gender, birth date and place; your passport number, its issue and expiration dates; and a digital version of your ID photo. It broadcasts this data when its antenna is activated by signals from a government reader at a border crossing. The security of this broadcast is the crux of the debate. The State Department says the chip's range is about 4 inches and that it cannot be read when the passport book is fully closed. But with the right equipment, early critics said, people several feet away or more could secretly access the data and use it to identify Americans, track their movements and steal their personal information. The chip could also be copied or altered to make phony passports..."
To respond to the threat, the State Department modified its new passports:
- "To block radio signals, it put metallic material in the passport's front cover and spine.
- To thwart eavesdropping, it placed a cryptographic key on the printed data page that must be read by an optical scanner to unlock the chip's data. (Officials note Social Security number and address are not on the chip.)
- To prevent tracking, it installed a "randomized unique identification" system that presents a different ID to a reader each time the chip is accessed.
- To counter fraud, it installed a digital signature that flags chips that have been altered."
Are the new passports 100% safe? Nobody knows. I hope that these identity protection measures work. There's an awful lot at stake.