|
*NOTE TO THE MODERATORS - this is printed in full due to the fact that it is an email only newsletter*
Conspiracy theorists and civil libertarians, fear not. The U.S.
government will not use radio-frequency identification tags in the
passports it issues to millions of Americans in the coming years.
Instead, the government will use "contactless chips."
The distinction is part of an effort by the Department of Homeland
Security and one of its RFID suppliers, Philips Semiconductors, to
brand RFID tags in identification documents as "proximity chips,"
"contactless chips" or "contactless integrated circuits" anything
but "RFID."
The Homeland Security Department is playing word games to dodge the
privacy debate raging over RFID tags, which will eventually replace
bar-code labels on consumer goods, said privacy rights advocates
this week.
An RFID tag is a microchip attached to an antenna, which transmits
unique information to a reader device that can be anywhere from a
few inches to several feet away. The technology, with its many
names ("contactless chips" has been around for some time), is used
in security access cards, E-ZPass automatic toll-paying devices and
ski-lift tickets.
Computer scientists and data-encryption experts, the editors of an
RFID industry journal even the makers of the contactless chips
themselves all agree that the Homeland Security Department is
using RFID technology.
But the Homeland Security Department is very carefully avoiding use
of the term "RFID." The department, along with Philips, is also
backing a trade group that is branding ID documents with RFID tags
as "contactless smartcards."
Joseph Broghamer, Homeland Security's director of authentication
technologies (see bio below)
"We'd prefer," said Joseph Broghamer, Homeland Security's director
of authentication technologies, "that the terms 'RFID,' or even
'RF,' not be used at all (when referring to the RFID-tagged
smartcards). Let's get 'RF' out of it altogether."
The Homeland Security Department this spring will begin issuing
RFID-tagged employee ID cards (which include fingerprint records) to
tens of thousands of its employees. Homeland Security's employee ID
card has "contactless" technology to speed workers' access to secure
areas, said Broghamer. He also wants to replace conventional reader
devices, because their metal contacts break down after repeated use.
The department is also evaluating technology pitches from several
RFID tag manufacturers, including Philips, for an RFID-tagged
passport containing biometric data. The government's plan will earn
billions of dollars for the RFID suppliers while helping security
officials track individuals more effectively by detecting their ID
documents' radio signals in airport terminals, or wherever reader
devices are present.
The Homeland Security Department and Philips said they worry that
the public will confuse the RFID tags in ID documents with those
used by retailers, such as Wal-Mart, to track consumer goods.
Contactless chips, said Broghamer, are more sophisticated than
retail RFID tags, because they can carry more information and can
better protect sensitive personal information.
But there is another problem with the "RFID" name: Many people
associate the term with radio chips "that blab personal information
indiscriminately" to any reader device, said Lee Tien, senior staff
attorney at the Electronic Frontier Foundation.
Privacy rights groups such as the EFF, the American Civil Liberties
Union and CASPIAN have for years argued that RFID tags on consumer
goods could be used to spy on individuals.
That is why Homeland Security is engaging in doublespeak, to dupe
Americans into accepting RFID tags on their passports, said Barry
Steinhardt, director of the ACLU's Technology and Liberty Program.
"It's a frightening, Orwellian use of the language," said
Steinhardt, referring to the "contactless" branding effort.
Steinhardt called the RFID tags the Homeland Security Department is
using, which have faster processors and more storage capacity than
retail tags, "RFID on steroids."
Government agents will use reader devices to track individuals
wherever they use their RFID-tagged identification documents,
Steinhardt and Tien said.
"They can call it a contactless chip," said Tien, "but it is still
RFID. And it shares virtually all of the same vulnerabilities."
Identity thieves will be able to lift an RFID-tagged passport
holder's personally identifiable information with reader devices
that can be purchased for less than $500, said Steinhardt.
Terrorists could also track down and kidnap Americans oversees by
secretly reading their chipped passports.
"Let's say you are in Beirut, carrying a passport with an RFID tag,"
said Steinhardt. "A terrorist with a portable reader device could
easily tell who is the American (in a public space)."
University of California at Berkeley assistant professor David
Wagner, who researches computer security and cryptography, has
reviewed engineering studies of the type of RFID tag that will be
used in passports. Wagner called Steinhardt's terrorist scenario
"absolutely conceivable."
"And," said Wagner, "unlike an ID with a bar code or magnetic strip,
you'd never know your card has been read."
Homeland Security's Broghamer insisted that the contactless chips
for ID documents are vastly different from RFID tags used in retail
supply chains, because contactless chips must be held very close to
a reader device to be activated and to transmit their data.
RFID manufacturers are typically making radio tags for ID documents
that comply with ISO/IEC 14443, the contactless chip industry
technology standard. This standard limits transmission ranges to a
distance of about 4 inches. Other RFID tags can be read at
distances up to 30 feet, making them easier targets for identity
thieves trying to capture their data, said Broghamer.
Broghamer would not admit to something engineers testing ISO/IEC
14443-compliant chips have demonstrated, however: that electronic
eavesdroppers up to 30 feet away can capture data (including
biometric records) while it is being sent by the chips to an
authorized reader device.
ISO/IEC 14443-compliant chips can also be read directly over much
longer distances by specially built devices, according to a Tel Aviv
University study (.pdf).
Broghamer seemed eager to stay on-message about the Homeland
Security Department's name for its RFID technology, despite its
apparent vulnerabilities.
"I nearly fell out of my chair," Broghamer said, when he read a
Wired News report that the Homeland Security Department's employee
ID card will include an RFID tag. "I never used the term 'RFID,'"
said Broghamer, describing a presentation he made at a technology
conference last month. "I only used 'contactless chip' or
'proximity chip' to describe it."
A Philips sales executive, however, testifying last summer to the
House Committee on Energy and Commerce, called contactless
smartcards "RFID systems with advanced computing power, storage and
strong encryption accelerators, offering advanced services with
enhanced security and privacy protection."
The Homeland Security Department's employee ID card will use
state-of-the-art authentication and encryption systems to protect
the department and its employees from identity thieves and spies
with unauthorized RFID tag readers, said Broghamer.
But the chips in passports will not have any of those digital
security features, said Homeland Security Department spokeswoman
Kimberly Weissman. "We want it to be compatible," she said, "with
as many reader devices used by other countries as possible."
Until next issue stay cool and remain low profile!
Privacy World
-----------------------------------------------------------------------------
To subscribe, send a blank message to PrivacyWorld-on@mail-list.com
|
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
