Video: Hacker war drives San Francisco cloning RFID passports
By Thomas Ricker 
posted February 2nd 2009 3:51AM
posted February 2nd 2009 3:51AM
Think of it this way: Chris Paget just did you a service by hacking your passport and stealing your identity. Using a $250 Motorola RFID reader and antenna connected to his laptop, Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the passports of two very unaware US citizens. Fortunately, Chris wears a white hat; his video demonstration is meant to raise awareness to what he calls the unsuitability of RFID for tagging people. Specifically, he's hoping to help get the Western Hemisphere Travel Initiative -- a homeland security project -- scrapped. Perhaps you'll feel the same after watching his video posted after the break.
Read -- Western Hemisphere Travel Initiative
Read -- RFID passports cloned
@thomas_malkin: wow... 1984 much?? Hmm... which is faster? Reading a piece of paper and entering it in a computer or AUTOMATICALLY querying a reference number in a database from an RFID tag? Obviously RFID tags in passports speed things up and were included to shorten wait times in lines.
Watch out for that black helicopter flying over your head...
Was I the only one waiting for a white van to drive next to him on the street and throw him in?
Phewww...luckily when I go out in public, I wear an aluminum foil suit anyway! Don't want the government tracking me!
i will now use a wallet made of duct tape and tin foil
You guys don't really get the point I think, or maybe I'm just way off.. it doesn't mater if he can get any "information" of the card. I think the point he is trying to make is this way you can be tracked on a long range all over the country/continent. Because you can find these unique tags over such a long range by just driving by, you can easily be logged. It's a privacy issue. They don't steal all your personal information by doing this they just invade your privacy by tracking you everywhere. But then again they already do with cellphones
And only the government has the capability to pull off any kind of long distance tracking required for your scenario. So unless you are doing something illegal that woulg get the Gov a warrant for such a venture, you really have nothing to worry about.
Because governments (all of them) have such a wonderful track record for only pursuing bad people. They never make a mistake.
http://news.bbc.co.uk/2/hi/uk_news/4288682.stm
http://news.bbc.co.uk/2/hi/europe/6316369.stm
http://us.imdb.com/title/tt0854678/
Watch out!
@ z0phi3l
Once a government thought that killing jews was alright.
I don’t think the point is the fact that you personal info can be taken (SSN, DL, Address, ect.) by some would be ID thief because the thief would have to have access to the Government database in order to tie you RFID tag to you personal info. But the point is these tags do produce a unique number and who is preventing him from creating a database of his own and set up these receivers all over the city? Who is preventing the government from setting up receivers throughout the country to track where people are? They already have the database, they can just as easily set these up on the freeways to grab your info when you drive by. This guy is worried that they will start putting these RFID tags in all Drivers Licenses and Identification Card in order to expand there data base. How long until they start tagging Babies with RFID so they know who everyone is and where they are at all times?
"How long until they start tagging Babies with RFID so they know who everyone is and where they are at all times? "
How do you know this is not already being done?
you guys miss the real scary scenarios here
the cards can be read at 66ft, maybe not the data, but the rfid chip can be pinged
Only westerns carry rfid equipped cards, someone could tell how many westeners are in
a 132 ft radius. Or could find the unique code and use it to id someone, make sure you are
grabbing the right person.
Its a little more Hollywood then reality right now, but then again pre 9-11 flying planes in to buildings
was too
It has certainly been suggested in the past that it would be possible to ID US citizens remotely with this sort of tech
A few points:
1) This is a "vicinity read" tag rather than a "proximity read" tag like the regular passport. It's designed to be read at a range of 20-30 feet (which is what I get already), with suitable amplifiers and antennas it's possible to read these things from over a mile away. EPC Gen2 tags don't use a magnetic coupling like traditional RFID - it's much closer to RADAR.
2) Don't go smashing any RFID tags just yet. Nobody knows what the rules are if you try to get through the border with a disabled tag - I certainly wouldn't want to be the guinea pig.
3) WHTI needs to be scrapped because it explicitly calls for the inclusion of this tag technology in all WHTI-compliant documents. If you have a passport card, electronic drivers license, or any of the other 3-4 card types that make up WHTI, you have a vicinity-read RFID tag.
4) As for the tinfoil shields - according to UW, electronic drivers licenses can still be read when inserted into their protective sleeve. I'd rather just not have the tag in the first place.
RFID Chips were never made for security reasons but to slowly track everybody down when necessary. Big Brother will be watching you in the future even more. All that stupid "terrorist prevention". All the 9/11 "terrorists" traveled with their original passports anyway. That's what makes them so dangerous, nobody knows who they are. They don't need to disguise themselves.
It's depressing to see what we are becoming. Dumb cattle which doesn't mind to give up freedom because they think they get more security. It makes me sad to hear the national anthem these days, specially the part "Land of the free" with laws like the Patriot Act passed. Call me paranoid but the idea of getting arrested for an indefinite time with no right to see a lawyer because I am a terrorist suspect doesn't make me feel free. And the fact that upon release I cannot talk to anbybody about it doesn't help the situation either.
But hey, I've got a RFID chip up my ass all time to feel secure about my life.
Funny how the president doesn't have wifi in his office for security reasons. It looks to me that when it comes to security "over the air communications" is a big NO so why have those chips in my passport and ID?
Speaking about cattle, they already wear RFID tags in the ear.
What about people that think this (RFID) is the Mark of the Beast?
Hi all, so you might wonder "would the military industrial complex try to make a complete RFID tracking network on interstate highways in order to monitor warehouse supply chains and create Total Transportation Domain Awareness Centers of Excellence"? That sounds nuts, but as it happens in my day job I stumbled into 700+ pages of documents from the Minnesota Department of Transportation that spell out in precise detail how this plan is getting rolled out. You can download the whole darn thing, and you should! (Thank the MN Data Practices Act!)
http://www.politicsinminnesota.com/2008/aug/19/now-searchable-mndot-nasco-nafta-superhighway-document-stash
http://www.politicsinminnesota.com/files/nasco-documents-ocr.pdf
I did OCR on them so it is fairly searchable now.
It hasn't gotten the notice it should, but reading through this shows EXACTLY how RFID will be used by these guys to create a total tracking system - that could then be extended to catch items like RealID RFID'd drivers licenses using high-gain antennas. Also this is how you could implement a Big Brotherish "Mileage Tax" that they are going to try to do in Oregon.
The umbrella system is called NAFTRACS, and it was created by SAVI Networks which got bought out by Lockheed Martin. The agenda of the North American Super Corridor Coalition (NASCO) is to roll out NAFTRACS on I-35 and I-94, and nonprofit NASCO is effectively bankrolled by Lockheed and intended to be the "Systems Integrator" IE lead contractor controlling subcontracts, in a manner similiar to the "Deepwater" Coast Guard upgrade debacle.
NAFTRACS is supposed to 'clone' the Pentagon's main shipping container tracking system, which is I believe GTN or Global Tracking Network, controlled at some facility called The Lighthouse. The data feeds from this whole system would be then resold by Lockheed's business unit here in MN (Eagan), presumably so that Wal-Mart et al could subscribe to all the deep shipping data of their competitors, or whatever. The data would be congealed into "Total Transportation Domain Awareness Centers of Excellence" which I would judge to be like Jack Bauer's Traffic Control Office. (these "centers of excellence" are the latest "fusion center" contractor ongoing cash racket. See that nasty 'homegrown radicalization' bill for a parallel example)
The design of all these systems, from the emails of PR strategy to the federal grant applications, is spelled out in this block of multi-PDFs collected from several Data Practices requests, and I strongly encourage the Engadget set to look deeper into this. I was amazed by the whole thing, and yet have not been able to get word out about it far enough.... It is all part of the implementation of military-industrial tracking technology domestically, passive techs providing collection of yr tracking datas WITHOUT a warrant.
These are definitely the droids you're looking for. For further inquiry contact dan AT politicsinminnesota.com . Thanks guys & please get this out.
So what did he actually do on this video? All I see is a bunch of talking, whereas other researchers actually proved something.
I think this is just to try to create a lot of fear, and doesn't have much substance behind it. He basically drives around, and says that he picked up stuff, which could have true or false.
The ePassports are using 14443, not EPC Gen 2, so I am not sure how he was able to pick up any passports.
@Duy - he's picking up "Passport Cards" and "EDLs" (Enhanced Drivers Licenses) - new documents that allow you to drive a car or boat across a US border. About 700,000 of them have been issued to date.
Chris isn't picking up "traditional" ePassports (i.e. passport books), which are required for international air travel. There are millions and millions of them issued so far (most of the western world and a ever-growing percentage of the developing world).
The two use different RFID technology, and have VERY different use-cases. (Have loved the comments of everyone who's knowledgeable on this topic - I've learned quite a bit.)
The only way RFID security in passports is going to change is if someone sits in Reagan National Airport with an RFID reader, clones the passports of members of Congress, Executive Branch officials, and high ranking military officers as they walk past, and then posts the results on the web. Otherwise, the powers that be don't care.
Somebody go for it.
You'd have to get cheek-to-cheek to lift their passport data - that's the issue here. E-passports use H-field parts, you generally need to be within a foot or so to interrogate them. What Mr Paget is discussing is getting the serial number off of a PASS or EDL card, which is quite different, and is just a serial number. There's no passport info there. And none of the congresscritters would have a PASS or EDL card anyway.
I guess if you were hellbent on shooting Canadians, you could use PASS to pick them out of crowds.
Paget isn't talking about "cloning" an e-Passport or a RealID or whatnot. He's talking about EDL, but he's CALLING it a passport. It's not. EDL is similar to the State Department's PASS system. EDL/PASS are ways of pre-registering your passport and drivers license info so that you can bypass a lot of the border crossing bullcrap as you cross over into Canada or the US.
It's intended to speed that up. In order to do that, it has to be readable from a distance, so they embed a very simple UHF E-field serial number tag into the PASS or EDL. The serial number is used to look up the person's passport and DL info from the registration process. That's it. There is no other info on PASS or EDL. The idea is that you can be verified "on the fly" as you drive past the border checkpoint or walk through a turnstile at the border.
e-Passports and many other types of cards, including every RFID credit card that I know of and the proposed RealID parts, are H-field type RFID parts that cannot be scanned in this manner. You can't drive around with a UHF E-field reader and read e-passports. H-field and E-field tags are apples and oranges.
I'm going to claim shenanigans on this one. Paget does say "EDL" up front but calls it a passport after that. It isn't. PASS doesn't contain any of your passport info, beyond a simple serial number that's used as a unique index in a database which contains the info you provided at registration. PASS/EDL are INTENDED to be distance readable, that's why they're designed that way. It's not some amazing loophole he's discovered. I'd hope Paget's simply being sloppy about his nomenclature but I have to conclude that he's purposely trying to get you to draw a false association between EDL and e-passports.
Paget: " It's designed to be read at a range of 20-30 feet (which is what I get already), with suitable amplifiers and antennas it's possible to read these things from over a mile away."
Hang on, there, bubba.
UHF E-field parts like PASS and EDL are powered by the interrogator, and signal back with backscatter modulation. For the most part, that 20-30 foot range is set by the energy density in the interrogator's signal - too far and that old inverse-square law will reduce the power density at the tag below the point that the tag can operate. Of course, the backscatter return is eaten up by the same rule.
I can't imagine the gain of the antenna you'd need, and the exciter power you'd have to have, to deliver enough power to a simple E-field tag from a mile away to get it to operate. Mainly because I'm at home and don't have immediate access to a representative tag's data sheet to see how much power density it takes with a reasonable tag assembly. Maybe if you had a big parabolic on both sides, a few tens of kilowatts of input power? Certainly you couldn't do it with a credit card sized antenna at the tag end. The RFID systems I've seen, and to which I suspect you refer, are semi-active systems with batteries in the tags. Not RF-powered E-field parts like PASS.
You're correct that I'm cloning PASS cards and EDLs (as well as the other cards that make up the WHTI) - I've tried to be pretty clear about the difference but most media outlets seem to be confusing the two. The original source (at http://www.theregister.co.uk/2009/02/02/low_cost_rfid_cloner/ ) is much clearer.
As for upping the range to a mile - the kit I'm using puts out 1W into 6dBi of patch antenna (with unknown efficiency). Upping that to 15-18dBi of yagi and a few hundred watts of RF (legal limit is 1500W with a ham radio license) will certainly put you in the right ballpark for a 1-mile read. 65 meters has been demonstrated using 10W into 12dBi of transmit antenna - look at slides 14 onwards in http://www.slideshare.net/ravipappu/ravi-pappu-google-tech-talk-2008. They claim 100% successful reads at that distance, so far greater range should be achievable with relatively little hassle. Whether a mile is achievable or not, you can't argue that these cards can be tracked from a significant range - that's the important point here.
"As for upping the range to a mile - the kit I'm using puts out 1W into 6dBi of patch antenna (with unknown efficiency). Upping that to 15-18dBi of yagi and a few hundred watts of RF (legal limit is 1500W with a ham radio license) will certainly put you in the right ballpark for a 1-mile read."
I think the issue here is that you're losing power density at the tag as the square of the distance to the tag, and losing the backscatter return signal as the square of the distance back to the interrogator. In addition, the tag's simple antenna likely has very little gain on the return, depending on the design; I'd expect most of them to perform like a dipole. Which all means there is a HUGE difference between 65 meters and 1600 meters in terms of power available to the tag. But it also means that the very small return signal from the backscatter modulator, which is deriving its power from the interrogator's field and is far from 100% efficient, is going to have to make it back those 1600 meters and not fall below the noise margin of the receiver. I don't think you can hand-wave it quite so easily. In essence, backscatter modulation is modulating the reflectivity of the tag. Trying to pick out the tiny variations of passive RFID backscatter returns which are at the interrogator's frequency leads to really terrible SNR issues for distant tags. As you increase the outbound power to drive the tag at a distance, and as the tag's reflectivity changes become smaller and harder to pick out at a distance, you have both sides of the issue gnawing away at your SNR. It is one thing to pick out a microwatt of reflectivity change from 1W of outbound power, it's another to pick out a nanowatt of reflectivity change from 10,000W of excitation. So it's not just inverse square problems with signal amplitude, you have a hellacious SNR issue that's related to the fourth power of the distance. If you have an active tag operating at a different frequency, it makes your job much easier.
We've worked on several projects involving RFID tags in various systems I can't really discuss but I'd have given chunks of flesh to be able to easily interrogate E-field tags from such distances (or better, H-field tags). The only system I know of that does mile distance tags is being looked at for a military application, and they use something like 1500W in the interrogator with an antenna gain in the 18dBi range, and that's just to get the poll signal to the tag. The tags are semi-active and have batteries for the return, and aren't powered by the interrogator. It takes 1500W just to get the tags to spot the poll reliably given their crappy antenna systems, small apertures, random orientation and relatively low receiver and antenna gains. The return signal is much larger since it's powered by the battery, and the return signal is not identical to the interrogator's frequency to make it a lot easier to separate from the outbound signal.
At any rate, I guess I'm not that alarmed by PASS or EDL being 'pingable' at 10 meters. Unless you've got a way to access the database, I'm not sure what the serial number can tell you, other than "someone's got a PASS in the room". Even if you clone the number into a fake PASS, the border guards are supposedly pulling up your picture with the serial number to confirm your identity, so you'd have to clone someone's number that looks a bit like you in order to do much with it. If you were bent on havoc, you could just as easily take a walk through the woods somewhere and cross the Canadian border without dealing with the issue at all.
On first thought, it also seems like you'd have some serious issues with the numbers of tags that would lie within your footprint as well at a mile's distance, even with a Yagi. At first thought, I'd say you're going to have some issues running an aloha anti-collision algorithm with the huge number of tags you'd have, as the time to run it increases exponentially with tag number. It also strikes me (admittedly without putting in much time to analyze it) that using something like aloha you might find it tough to separate out responses from both very distant and close tags reliably.
I've been working with low power levels and relatively low-gain antennas so far, but the ranges I'm seeing match up well to an inverse square relationship with power and the stated gains of the antennas involved. Extrapolating outwards from the data I have supports the theory that 300W of RF into 18dBi of antenna should give you a mile. Clearly you've worked at the power levels I'm only theorizing about at this point though, so I'm curious to identify the discrepancy.
Two data points:
1W into 6dBi (my system): ~20 feet
http://www.slideshare.net/ravipappu/ravi-pappu-google-tech-talk-2008 (slides 12 onwards):
10W into 12dBi: 213 feet.
10x power gives sqrt(10)=3.1x range, and twice the range for every 3dB of antenna gives another 4x. 4 x 3.1 x 20 = 248ft, not far off (and explainable by their insistence on 100% successful reads - to me, any read is a success). Extrapolating forwards from the second setup, 300W into 18dBi (admittedly a lot of power into a lot of antenna) should give 4 x 5.5 x 248 feet = 5456 feet, or 1.03 miles. Clearly my math and your experience are discontinuous somewhere - I'm curious where.
I'm toying with the idea of starting up an RFID hackers forum, so as to continue this thread (and others) in a more suitable environment. If that sounds interesting to anyone, ping me an email - ivegotta@tombom.co.uk.
So, this title is wrong? This guy padgett is not reading PASSPORTS at all, just the "PASS-CARDS"?
I misspoke - the company that's doing the semi-active tag pitch to the Army is using an omnidirectional antenna with about 6 dBi gain with the 1500W exciter for the outbound link. You can switch between an 18dBi directional antenna and an omni with less gain on the receive side.
http://www.wired.com/gadgets/miscellaneous/news/2007/07/steel_wallet
Maybe it's time for the "RFID scrambling pendant". Wouldn't take but a few microwatts of emission to step on the return from any E-field tag you're carrying. Only $19.95 from TomCo.
Hang on, You don't see the issue? its always the same number... once you associate that number to a person that person is marked and can be tracked anywhere. This may not be an issue now.. but as it gains in popularity it will be. Much easier to try and stop it now rather than 2-3 years down the track when its too late.
I mean I'm the type of guy I would have a reader in my house and use it even just to see when people are in range of me. IE when my neighbour gets home or to know to get ready to expect a visit.
Whoa, this is very similar to what happened in Cory Doctrow's novel, Little Brother. Check it out, it's a good read.
The title's way off. He's not cloning anything, just reading the IDs. Yes he's in a car, which makes it slightly more interesting than the ton of other people who've already read the IDs in the past and flagged the security risks, but that's about it.
This video is mostly sensationalism and contains some incorrect/misleading technical information. Also, the UHF EPC tag shown here is very different from the secure encypted HF tag that is used inside ePassports. It's great that people are becoming more aware of potential security holes with RFID. But believe me the RFID industry is well aware of these and has created many security features to suite various applications. The real rfid security studies and hacks will never be published on public web logs like this, but simple testing as shown in this video serves a good purpose to keep up the public awareness.
Looks like somebody with too much time on their hands. Congratulations, you can read an RFID tag. Now what? Looks like someone that is confused about the whole "identity & privacy" issue.
If you are that concerned, get rid of your credit card, your cell phone and your on star equipped vehicle. All of which are trackable, traceable and all that goodness. Also, don't user the interwebs either. Better yet, don't register for a SSN card just to be safe. Oh, don't pay your taxes either.
Better yet, just kill yourself now.
Can anyone tell me why we need RDF tags in passports .... I mean really ???
"Clearly my math and your experience are discontinuous somewhere - I'm curious where."
Interesting - we had terrible SNR issues at those distances. Not to mention the issues with anti-collision problems. We were using a monostatic setup in an environment that was supposed to simulate MOUT, with lots o' multipath reflections. So the higher we cranked the output power, the worse the bounce got from buildings, cars, pavement, wiring and so on, and the more crap we got back from the antenna isolator. To be sure, you could use a bistatic antenna setup if you had the room and lose at least that contribution to bad SNR, with the downside being that as your antenna setup becomes more specialized it becomes more noticeable, which we were attempting to avoid. A Yagi and a circularly polarized UHF antenna with a nice reflector co-mounted with a rotator on a van roof looks ... odd.
Next, you're talking about using a Yagi, and I'm guessing that you are arranging the tag orientation in that case so that you get maximum reception. Most tag reading systems for real-world applications have to use a circularly-polarized interrogator antenna so that you can drive the card in more orientations, but that generally gives you less antenna gain than you'd get with a linearly polarized Yagi. The rule of thumb is that you lose about 3dB but the situation is often more complex. The guys I've seen at Black Hat talking about distance reads are using bistatic Yagi setups and very carefully orienting the cards for maximum coupling when held in an atypical framework, generally some plastic that's essentially transparent to UHF; I don't buy this as a real-world setup. You should have to test with cards in orientations you'd get on a person, and you should also either USE a person or a reasonable RF facsimile - people are a different load than free space, adding in the other stuff in their wallet will reduce your range considerably.
On the way to the tag, for simple cases the tag range in meters is given by (I don't think I can include mathcad formula jpg's - sorry for the format) -
Tag range = (L1 / 4PI) * SQRT( (Pt * Gt * G * p * t)/Pth))
where:
L1 : wavelength
Pt : transmitter power
Gt : transmitter antenna gain
G : tag antenna gain
p : mutual polarization efficiency
t : impedance matching coefficient between tag antenna and chip
Pth: tag operating threshold power for reads
This defines the range at which you can power the tag up for reads in free space. It's a lot more complex in an environment with reflections, or when the tag is on a person. The mutual polarization efficiency and impedance matching coefficient numbers are hard to come by, p depends on what sort of antennas you're using on both ends, and how they are oriented to each other.
For a circularly polarized transmit antenna and a linearly polarized tag, which is the typical configuration, the maximum p possible is 0.5. For a Yagi transmit antenna and a dipole tag that are tweaked to line up, it's more like 1.0. That shows that if you use an artificial setup like a Yagi, you can effectively double the read range. However, as I said before, I think that is unrealistic - for off-axis orientations of the card which will be the rule when it's on a person, the Yagi setup becomes much less efficient than the CP-LP setup.
As you can see, the dominant effect on powering up the tag is the inverse square of the distance. There's also a tag antenna gain factor, and another for chip-tag antenna impedance effects, and this is where the person comes in. A tag on a person behaves differently than a tag on a Teflon frame, and I've never seen an improvement on a person, it always cuts the distance.
This also assumes free space propagation. In a city environment, the multipath returns at the tag side can both enhance and reduce the available tag power, producing "dead zones" and "hot zones". For most environments we tested in, dead beat hot by about 2:1, but it is not predictable, especially with vehicles moving around. Sometimes you get lucky, but sustaining a reliable link in a busy environment at a distance is tough.
Now, that's the exciter-to-tag limit, which is set by the distance you can be and still power up the tag. Coming back from the tag is another matter. The simple equation is:
Pr = Pt * Gt^2 * G^2 * K * (L/ (4* PI * d))^4, where
Pr = power at receive antenna
Pt = transmit power
Gt = transmit antenna gain (this assumes a monostatic setup, if not then use GtGr instead of Gt^2)
G = tag antenna gain
K = modulation efficiency
d = distance
L = wavelength
This leaves out polarization efficiency, the percent of incident power consumed by the tag chip and thus not reflected and a few other bits and pieces, but you get the picture. The antenna gains help a lot, so anything you can do at the transmit end helps, but again it's a cheat to use a linearly polarized Yagi. The poor tag antenna gains hurt, and the big problem is that the distance to the tag comes in as an inverse fourth power, not an inverse square. This wreaks havoc with returns from distances. For most tag reads in sane ranges, the limit is the distance at which you can drive the tag. However, for a system in which you use high antenna gains and ungodly power to pump the tag, you'll run into the inverse fourth power signal loss issue coming back. The power input to the system comes in as a first power contribution but gets eaten away as a fourth power distance loss. That's an issue. In an environment where your receiver is seeing outbound power reflections from buildings, vehicles, the ground, wiring and the like, even assuming a bistatic antenna setup to ditch the stray returns from the isolator, you're going to be seeing a lot more of your drive signal than you are the return from the tags. You'll also be fishing around in the noise margin for the returns from a tag a mile away, and the RF noise in a city environment is pretty bad. Even using DSP techniques like correlating multiple reads and convolving the phase and amplitude modulation of the tag to differentiate the tag's signal from noise, you'll have trouble at a mile.
So you've got several biggies - getting enough power to the tag to drive it, the fourth-power path loss coming back, SNR issues with big drive power in a multipath environment, environmental RF noise and tag-person interactions (orientation, impedance, and tag antenna gain).
It's one thing to test in an open field with a Yagi and a low loss frame with optimal orientation. You might find it a bit more challenging on a moving person across downtown Tampa with a circularly polarized monostatic antenna and a large number of other Gen2 tags in your footprint.
It's an interesting subject and a fun hobby, although I get enough of it at work. At any rate, I think any RFID on your person should have been designed so that you have to press a membrane key on the card to allow it to respond, that would eliminate all of this and it's something easily designed in - some IC's support it but I've never seen it used.
A friend got me the passport holder from this company, www.difrwear.com, before I went out of the country last summer for two weeks. Not only does it hold a lot for its size, it has it held up really nicely, but it's subtle and doesn't scream tin foil hat.
Great article, Thomas! And I think most of us agree that this is an issue, and somewhat of a break of privacy.
Unfortunately, the WHTI cards issued so far are based on long read range RFID (UHF). And even worse, this long read range RFID doesn’t have security of any kind – they can be cloned and they emit all information in the clear to any sneaking reader.
Short read range can be achieved by either using a different kind of RFID (based on high frequency – 13.56 Mhz), or making appropriate changes to the UHF antenna designs to operate only in near field. This can protect against any off-the-shelf long range reader, such as the one shown in Paget’s video, reading all tags in a wide area.
Verayo provides a unique security technology that addresses the issue of cloning of the RFID chips. Verayo’s technology is a type of silicon ‘biometric’ technology that makes these ID chips effectively unclonable, and enables a strong and robust authentication mechanism based on a silicon chip’s fingerprints. With Verayo’s PUF technology, DHS can collect some silicon fingerprints of the ID chip in each WHTI card they issue, and then authenticate the card at the port-of-entry by comparing the ID chip’s fingerprint.
Additionally, I believe RFID should not store much information, beyond the equivalent of an identifier – a kind of vehicle number plate for the ID card. The mapping of this electronic ‘number plate’ to relevant personal data should happen in some secure backend server. If it is absolutely necessary to store information on the RFID chip it could be encrypted, such that only the authorized readers (like the DHS readers) can decrypt and make sense of it.
The technology certainly exists today, and I think it is matter of revising the current implementation. That will certainly address lot of the concerns.
I look forward to more on this story as it continues to unfold in the comments.
- Vivek Khandelwal, Verayo
As I say in "How to Be Invisible" (St Martins Press), on my website, and on my blog (http://invisible-privacy.com), there is no need to ever carry a driver's license or a passport unless you need the DL to rent a car, or the passport in order to travel. Otherwise, leave the DL in your car and your passport at home. Pay cash wherever your go.