When privacy provocateur Bill Scannell called me in my Tombstone, Arizona hotel room a few weeks back, ranting about the State Department's decision to imbed radio frequency ID chips into passports, I didn't pay him much mind. New passports are already machine readable, I thought. So what if they can be read from a little further away?
I guess I can be a little thick sometimes. Especially when it's late at night, and I'm on assignment. Because after reading this story in Salon, I get it. The dangers of RFID passports are pretty freakin' obvious.
The reason RFID is more controversial than, say, a bar code is that the data on the chip is read by a remote reader. The State Department asserts that the tags it will use can be read from only 4 inches away. But privacy advocates say there's no way the State Department can guarantee that.
As security expert Bruce Schneier writes on his blog: "Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity. Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily -- and surreptitiously -- pick Americans or nationals of other participating countries out of a crowd."
There are no plans to encrypt the data on the tags in passports. "This is a dangerous, inappropriate device to be installing in U.S. passports," says Scannell, who imagines terrorists overseas identifying Americans by their passports when picking targets to bomb. "Which cafe do we lob the grenade into? Ping, ping, ping. There are 21 Americans in there." The tags could also be used to identify people who walk into an abortion clinic, a mosque or a political meeting.
