http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/ Engadget Comments for Video: Hacker war drives San Francisco cloning RFID passports http://www.engadget.com/media/feedlogo.gif http://www.engadget.com en-us Copyright 2012 Weblogs, Inc. The contents of this feed are available for non-commercial use only. Blogsmith http://www.blogsmith.com/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 3:56AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 7:27PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 3:56AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
http://www.wikihow.com/Protect-Your-RFID-Enabled-Passport]]>Feb 2nd 2009 4:05AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/cover it in foil or microwave it

or just hit it with a hammer.]]>Feb 2nd 2009 4:23AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
http://www.emvelope.com/

It should be easy enough to test whether it works.]]>Feb 2nd 2009 4:28AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 2:31PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 5:58PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.rfid-shield.com/products.php]]>Feb 2nd 2009 9:16PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 4:04AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Just because this particular kind of RFID tag isn't that suitable for being used in passports doesn't mean RFID can't be a cool and useful technology. The tags that are being used are EPC tags, designed for tracking products around the supply chain. There are loads of tags more suitable for use in passports, with much smaller read range, integral encryption, etc.

Don't be tempted to consign an entire technology to the rubbish heap because of one dumb implementation.]]>Feb 2nd 2009 4:29AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 11:17AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 4:06PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Justice at its sweetest.]]>Feb 2nd 2009 4:04AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 4:27AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
All for deaf ears.]]>Feb 2nd 2009 7:13AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 4:54PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Was he able to crack the information on the RFID or just copy it? He kind of slips off into confusing talk at the end. Having the data is still no good if you go through clearance, since your face and other biographic data pops up when the CBP officer scans your passport.
]]>Feb 2nd 2009 8:36AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 4:57AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 5:08AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 5:13AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 5:04PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.dol.wa.gov/about/news/priorities/edl.html

As far as I can tell, he wasn't able to read normal ePassports - which have a protective material built into the cover.

Additionally, the number he was pulling is a number that only has meaning to the EDL/CBP databases. As I understand it, a person would "wave" their card at a checkpoint, and the reader would capture the number (just like Chris did). The number itself is meaningless until the system looks up name, address, picture, other biometrics, etc, and either a human officer, or a biometrics matching system would verify the individual and border crossing rights (i.e. citizenship & residency).

So getting your number alone would do no good, unless you were also able to fool the biometrics information. There is no "personal data" on the RFID chip (and yes, I do realise the def'n of "personal data" could be debated).

But I don't disagree with the purpose of his exercise - I'd much rather have a smart card (which requires physical contact) for this application.]]>Feb 2nd 2009 5:18AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 5:29AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Only a very small subset of RFID chips are "ID only". The large majority of chips contain a manufacturer embedded, non-volatile ID, like the one referred to in the article, but they also contain varying amounts of user-writeable bits.

The big-picture problem with RFID use in situations where personal data is used is that clueless implementors store actual user information in that user writeable space, not in the private, hard-to-access centralised database. It allows systems to operate neatly without a centralised database (no need to lookup the ID, you can get all the info you need from the chip), but it's ripe for exploitation, both by users tweaking their own chips and by others cloning them.]]>Feb 2nd 2009 10:01AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
OTOH, info in the central database is vulnerable to attack and seizure of all (or large parts) of the data, completely out of my control. Data in an RFID in my tinfoil wallet lies within my responsibility, and my ability, to protect.

(Of course, I might be advocating this for someone other than the devil, if it wasn't quite likely the data is exposed on a central server anyway in most such systems, so you're adding, not replacing, vulnerabilities...)]]>Feb 2nd 2009 12:24PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.youtube.com/watch?v=DBo_dnQrkCw
http://en.wikipedia.org/wiki/Datamatrix]]>Feb 3rd 2009 11:38PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 5:51AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 7:25AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 1:23PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 6:44AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 8:01AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 8:10AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
]]>Feb 3rd 2009 5:58AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
http://en.wikipedia.org/wiki/Proximity_card

Which means he'd have to get that crazy device of his 0-3 inches in order to read the tag. Didn't people notice he was trying to scan them? Also how did he read them driving by? It takes a couple of seconds to read the card. Maybe he ran them over and then scanned them...]]>Feb 2nd 2009 9:18AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Do you actually think they made us carry those cards for fun? They're conditioning us to accept the things. Reading a passport with eyeballs has worked fine. The RFID cards are no less copyable than a paper passport. Those cards can be scanned from a distance, in large numbers, by the proper equipment, and believe me, they possess the proper equipment. They are crowd scanning devices in embryonic form. What other purpose could they have? ]]>Feb 2nd 2009 11:29AMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 2nd 2009 12:17PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
I'm going to chalk it up to ignorance (Heinlein's razor), but you need to be aware that you could look like part of a conspiratorial coverup when you identify as one of ''them'' and spew forth reassuring nonsense. If you don't know it, don't talk like you do.]]>Feb 2nd 2009 12:29PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
He wasn't using a high gain antenna. Look at it. Do you even know what one of those is?

Even if there is a conspiracy, this guys bogus and a liar. He's a fear-monger plain and simple and if people like him get to decide policy we'd all be living in log cabins cowering around our windows with shotguns. Boo Luddites, boo.]]>Feb 2nd 2009 2:05PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
I wouldn't call it high-gain but it's certainly directional - 6dBi gain over a 60 degree beamwidth. It's a Motorola AN400 if you want to look up the specifications - I'm planning on replacing it with a pair of 15dBi yagis at some point.

"Even if there is a conspiracy, this guys bogus and a liar."

You seem to be confusing "vicinity read" technologies (such as the EPC Gen2 tags in EDL and PASS) with more conventional "proximity read" technologies (such as my previous work cloning HID cards). EPC Gen2 has a designed read range of 20-30 feet. Might I suggest you watch the video, come to Shmoocon and see my demonstration (and examine the kit up-close if you'd like), do some googling for "epc gen2 read range", and then re-think your comments?
]]>Feb 2nd 2009 2:48PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
http://www.rfidjournal.com/article/view/1951/1/1

"The ISO 14443 specification permits chips to be read when an e-passport is placed within approximately 10 centimeters of an RFID interrogator (reader)". Last time I checked 10cm was around 3 inches.

I stand by what I've said. I've done the engineering, I've done the research. I've made an attenuated bidirectional antenna and you can't get the range. Myself and the rest of the RF engineers weren't able to do it. None of our competitors were able to either. We worked on this stuff for 2 years trying to squeeze an extra centimeter out of that crappy 14443 spec. You can't do it. This guy is a bold faced liar and a fear-monger. ]]>Feb 2nd 2009 4:04PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
EPC Gen2 (aka ISO18000-6) - 900MHz.
ISO14443 - 13.56MHz
ISO15693 - 13.56MHz

Totally different systems based upon a totally different communication mechanism (electrical modification of the tag's reflectivity coefficient versus differential power consumption via a magnetically coupled pair of coils) and operating at a totally different frequency. Saying that EPC tags are "usually 15693" just demonstrates your lack of clue since they really couldn't be more different. The specification is online at http://www.epcglobalus.org/dnn_epcus/KnowledgeBase/Browse/tabid/277/DMXModule/706/Command/Core_Download/Default.aspx?EntryId=292 if you want to go read it. ISO14443 and 15693 tags cannot be read at long-range - but these aren't either of those specifications, and are actually wildly different from them.

The RFID firm that you used to work for - let me guess, HID?]]>Feb 2nd 2009 4:29PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Here's the thing ePassports don't use EPC tags. I've never read anything that says they do. You are probably right, he could drive through a warehouse and picked up some tags. Who cares? He's saying that you can do that with ePassport and you can't. They aren't EPC tags. Feel free to post a link saying they are if you still think they are.

FYI Still sticking with what I said before... ]]>Feb 2nd 2009 4:39PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
http://www.epcglobal.org.hk/enews/epc_page.php?newid=374

Quote: "So you need to keep that data more secure. For that reason, the ISO 14443 chip architecture, with its very short read range, is used [for the passport]."


Here, this one talks about the bidding wars for A and B variants of 14443:

http://www.eetimes.com/news/latest/showArticle.jhtml;jsessionid=JWPXZYTYCXYT0QSNDLPSKHSCJUNN2JVN?articleID=52200157&_requestid=19538

Also the one I posted earlier. So how did you do it Chris? How did you read short range (10cm or less) card (that take up to 2 seconds to read) in a car by driving by people? ]]>Feb 2nd 2009 5:06PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://travel.state.gov/passport/ppt_card/ppt_card_3926.html You're correct that the passport uses 13.56MHz chips - the PASS card and Electronic Drivers License use EPC Gen2 tags. Different system.
]]>Feb 2nd 2009 5:39PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
PASS cards are for North American travel only and all they have on them is a number that is looked up on a database to retreive information. They are also supossed to be kept in a metallic sleeve:

Frank Moss: "I also think that it is noteworthy to mention that even in the PASS card, the vendors proposing a solution must provide a [metallic] sleeve to keep that card from being read until it is removed from the sleeve."
http://www.epcglobal.org.hk/enews/epc_page.php?newid=374

Leaving you self open for attack this way is as dumb as leaving you Visa laying around. Just keep it in the sleeve until you need it.

The vicinity chip portion of the EDL contains only a unique number as well. From the Washington State website:
"The passive RFID tag embedded in your EDL/ID doesn’t contain any personal identifying information, just a unique reference number."
http://www.dol.wa.gov/driverslicense/edlfaq.html#rfidpersonal

It also comes with a sleeve. Both of these documents don't contain personal info and they will be checked by border patrol as well.

Here's the kicker. There isn't any personnal information on the card only a unique number. You don't have any way to associate that number with a person that you read it from. So what's the scandal?



]]>Feb 2nd 2009 6:25PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
Two points here - firstly, RFID is an unknown technology to most people. If they don't understand that their tags can be cloned from 20-30 feet away, why should they bother to protect them? Secondly, according to the UW research paper at http://www.rsa.com/rsalabs/node.asp?id=3557 , the sleeves supplied with Washington-state EDLs are ineffective at shielding the tags from a standard reader (albeit with reduced read range). If you have no viable way to protect the identity documents which are vital to your everyday life, what are you supposed to do?


"The passive RFID tag embedded in your EDL/ID doesn’t contain any personal identifying information, just a unique reference number."

Your credit card is just a unique reference number, as is your SSN. Both are considered sensitive information by themselves, due to the purpose that they serve. The fact that it's just a number is irrelevant - it's what happens to that number and how it is used that's important.


It also comes with a sleeve. Both of these documents don't contain personal info and they will be checked by border patrol as well.

How? If a border patrol officer encounters a WHTI document with an incorrect or non-functional RFID tag in it, how will they respond? How much security at the border is actually dependant upon that RFID tag? These questions have yet to be answered by DHS, so nobody knows for sure how much access that ID number could give you. If the processes surrounding the authentication of RFID-enabled documents are as vulnerable as the tags themselves, this system could be opening up US borders to anyone with $250 and an eBay account. I'd hope it's nowhere near that bad, but until DHS answer some questions it's impossible to say for sure.]]>Feb 2nd 2009 7:14PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
It is relevant because of how it's used. SSN, Visa, Drivers license numbers are all a means of identification outside of the government. The RFID number is only used inside the government. It's a subtle but important detail. This number is only used to grant a government official (ie border patrol) access to your personal information. It doesn't give anyone else access to that information. It can not be associated with you in any other way. In other words it has no meaning outside of that database and can't be considered personal information.



How? If a border patrol officer encounters a WHTI document with an incorrect or non-functional RFID tag in it, how will they respond?

Quote Frank Moss: "Cloning the chip is possible—it's essentially taking a digital photocopy of a chip. But cloning a chip doesn't mean you've made a fake passport that will get you into a country. [U.S.] passports also use watermarks, ultraviolet and infrared security features. And at the end of the day, you have the inspector doing checks on the passport and on you. If a reader were to crash because of the passport you were carrying, it would mean you'd be inspected more carefully."

That number alone isn't enough to get you through the border. That's what Border Patrol agents are for. They are the defense of the border. Whether they can be trusted to do their jobs or not is outside the realm of RFID.]]>Feb 2nd 2009 7:45PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/
You are correct, but only to a point. As I explain in the video, you can correlate the long-range EPC Gen2 tag against other short-range tags about your person (credit card, whatever) by using multiple readers at a choke point (a doorway, for instance). This correlates that ID number to an identity (digital photo is optional), which you can then track at a distance using the long-range Gen2 tag. Even without other tags, you can drive around taking digital pictures whenever you can see a tag - if you see the same tag twice, look for the person in both pictures. Instant identity.

As long as I can drive around downtown San Francisco harvesting cloned passport cards, there is a problem with either the shielding technology or the message that people are being given about the importance of it. Something is wrong here, and we need to find out what it is (and fix it if possible) before it's deployed to every drivers license issued by every state.


That number alone isn't enough to get you through the border. That's what Border Patrol agents are for. They are the defense of the border. Whether they can be trusted to do their jobs or not is outside the realm of RFID.

DHS has repeatedly claimed that RFID tags in identity documents add security (such as http://www.dhs.gov/xnews/releases/pr_1161115330477.shtm, where "enhancing the security of our citizens and travelers" is the third line). I want to know how. These tags are designed for cattle and shipping crates, not people - they have no security at all and are completely unsuited to this application. Aside from the warcloning issue there's still myriad different attacks against the system that bring it to its knees - how is there security here?

If there's no security being added by the RFID tag, then the security of the PASS card is dependant solely upon its other features and the ability of the CBP officer. Since CBP are now hand-inspecting every PASS card for verification, how has the RFID tag sped up the border crossing process?

We have no added security and no added speed through borders because of this RFID tag, so why exactly is it there? Given its distinct lack of benefits, is it really worth the risk that the bad guys can end up making realtime Google Maps mashups of large swaths of the population - in exchange for whatever meager arguments are left in favour of it?
]]>Feb 2nd 2009 10:14PMhttp://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/http://www.engadget.com/2009/02/02/video-hacker-war-drives-san-francisco-cloning-rfid-passports/Feb 3rd 2009 10:19AM