RFID chips in everything from drivers licenses and passports to metro transit and bus passes can be more easily be read by scanner machines than traditional IDs, which translates to speed and ease of use. On the surface this seems like a great idea, since agencies have to contend with automating or electronically accepting these, including the initial costs involved, so why not include a microchip? Security is why, and security is one of the primary reasons for requiring these forms of identification in the first place. Ironic, isn’t it? According to the U.S. Department of Homeland Security, the use of RFID has been increasing and to date at least 192,000 RFID-enhanced drivers licenses have been issued. In fact they themselves have recommended it, despite warnings from its own advisory committee! Worse, they allegedly make people “trackable” without their consent or without them knowing it. Beyond the traceability problem by government agencies or anyone with access to such records, issues with the security in the RFID are really twofold, one that they can be cheaply and easily faked, reproduced, or cloned, and two that they can be read not only by authorized agencies but by someone nearby with a machine reader, allowing just about anyone close enough to you with a small, inconspicuous device to “rip” all your information from a chip on your person simply by bumping into you, or even just getting close enough to get a whiff of that cheap aftershave you’re wearing on a plane, train, or waiting for a cab.
Savvy enough hackers with RFID readers and good enough antennae can even steal your identity from a distance of several dozen feet, and from practically any direction. This has been been demonstrated by bargain-basement hackers on Youtube and elsewhere with about $250 of basic equipment purchased on eBay and some basic know how. Thanks to the Internet, this information is available at really no charge for anyone willing to look. It’s virtual pickpocketing of your identity, and even worse can go virtually undetected and is virtually untraceable. After the hacker (or more likely, one of their skeezy independent businessman henchmen) might bump into you in an airport or other public place, and after collecting thousands upon thousands of these ID’s over time can sell them over the Internet months or even years later. Even suppliers of RFID chips are concerned. An executive for Gemalto Inc., a major supplier of microchipped cards, says placing RFIDs in driver’s licenses and passports makes them vulnerable “to attacks from hackers, identity thieves and possibly even terrorists.”[1] Clearly not enough is being done to ensure these standards or the media being issued to our citizens are secure enough or to ensure all the major kinks have been worked through. As for now, we’ll stick to our laminated driver’s license from 1985 until they pry it from our cold, dead hands.
References:
[1] http://www.lehighvalleylive.com/today/index.ssf/2009/07/government_officials_say_rfid.html
[2] http://news.yahoo.com/s/ap/20090711/ap_on_bi_ge/us_chipping_america_iv
[3] http://www.youtube.com/watch?v=9isKnDiJNPk
