Schneier on Security
A blog covering security and security technology.
« Airport Screeners Still Aren't Any Good |
| Online ID Theft Hyped »
November 1, 2006
DHS Privacy Committee Recommends Against RFID Cards
The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security recommended against putting RFID chips in identity cards. It's only a draft report, but what it says is so controversial that a vote on the final report is being delayed.
Automatic identification technologies like RFID have valuable uses, especially in connection with tracking things for purposes such as inventory management. RFID is particularly useful where it can be embedded within an object, such as a shipping container.
There appear to be specific, narrowly defined situations in which RFID is appropriate for human identification. Miners or firefighters might be appropriately identified using RFID because speed of identification is at a premium in dangerous situations and the need to verify the connection between a card and bearer is low.
But for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security. Most difficult and troubling is the situation in which RFID is ostensibly used for tracking objects (medicine containers, for example), but can be in fact used for monitoring human behavior. These types of uses are still being explored and remain difficult to predict.
For these reasons, we recommend that RFID be disfavored for identifying and tracking human beings. When DHS does choose to use RFID to identify and track individuals, we recommend the implementation of the specific security and privacy safeguards described herein.
Posted on November 1, 2006 at 7:29 AM
• 39 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
That actually sounds sensible. Are you sure it's from the DHS?
There is too much money involved -- the report will be buried.
What about HSPD-12? FIPS 201 mandates that all wings of the fed are to be issuing RFID cards as of last month.
Way to think that one through.
@Daedala - It's not from the DHS. It's from an advisory committee reporting to the DHS. Such committees are often convened to give the appearance of considering all alternatives to a decision that's already been set in stone. Their reports are printed and widely disseminated. The official copies sent to the decision-makers are filed. Later they're crated, trucked off to a warehouse in Virginia, and carefully stacked between the Lost Ark and the preserved corpse of the alien. Never are they read.
Moreover, this one is so very embarrassing that every parliamentary move is afoot to make sure that the final version of the report gets toned down, or buried - I don't know what the committee's local rules are, so I don't know if the vote has to be called at any specific time. It appears, however, that the pro-RFID forces are trying to make sure that the RFIDs in newly-issued passports are a fait accompli before the committee agrees that the report represents its position.
As always PERSONAL SAFETY gets left out of the argument.
RFID's in peoples pockets turns them into targets for criminals and leaves them open to acts of violence. Just having a readable RFID in your pocket markes you as being more affluent than those who don't so acts as an easy way to identify a "Rich Picking" to a mugger.
It might (just) possibly also turn them into targets for terrorists as well (but that is a lot less likley).
It is a very real and significant risk which appears to be always overlooked, which is odd as it is the most likley vector for abuse against an RFID carrier...
I'm pretty sure I just read a (wired?) article that said that yes, this report was pretty much being ignored. Seeing as how the RFID stuff was already in the works.
I really hope that one day we get a government that realizes that facts discovered via Scientific method are more reliable than some rich jerk's opinion.
The government wants them in - their comming in....- Logic is out.
You mean the one he linked to in the post?
cynic is right, this isn't about a gov't too stupid to listen to expert opinion. This is about a gov't which sees gain, either monetary or political (or both), and won't let anything stand in the way of that gain.
Personally I'd rather be able to blame it on stupidity. I'd rather be the victim of an idiot than of a thief.
Personally I see a new business opportunity out of all this RFID non-sense: the sale of foil lined wallets and purses. Imagine the millions I will make.
There are already foil type baggies you can purchase for exactly this kind of application. In fact, a German fellow at Defcon kept his passport in it, because he had a brand new German passport. These now come with RFID chips standard issue. Guess who requires it? That's right, the good ol US of A! Yeehaaawwww!
Sure the US required it, but the German Minister of the Interior was eager to comply. The German equivalent of the DHS loves RFID in ID documents, too...
I'm happy that I renewed my passport a few months before they introduced these chips, so I have another 9 years or so until I have to get a new one.
The problem with the foil paranoia-pouch for RFID shielding is that it isn't paranoid enough. If I'm paranoid enough to shield my passport/credit card/etc, I would want an RF detector and display to show me how long it's been since a signal has been received that could have triggered the RFID chip.
A security measure that invisibly protects against something that may or may not happen is using the placebo effect. There has to be a way to detect that an attack has occurred for the value of the security measure to be demonstrated.
Findings aside, if we assume that US passports will have RFID chips, does anyone have information on what will happen if the chip is unreadable? Does anyone know of proposed penalties for the bearer?
A chip can become unreadable for any number of reasons, so backup procedures are a must, but I fear the tendancy of the beauracracy will be to assume some ill intent on the part of the bearer. Keep an eye out for proposed penalties, both explicit and de facto...
I was trying to be hopeful. Now my hopes are dashed. Dashed, I tell you.
"The Data Privacy and Integrity Advisory Committee of the Department of Homeland Security"
Just the name of the committee sounds like something written by George Carlin.
Draft report? What draft report?
Thanks for highlighting this issue, Bruce. The Committee meets next in Miami December 6th. When available, information about that meeting will be here: http://www.dhs.gov/xinfoshare/committees/... I encourage everyone to pay attention to what happens. There is an e-mail address on the page for communicating with the committee as well.
Like all other commenters, as it seems, I have no doubts that RFIDs will be forced on us. The people behind the government and it's various agencies want to track and spy on everyone. Information is power, money, the ammunition of the future.
And of course they don't mind if the RFID industry rewards them for moving all that money into their pockets while some children in the US are starving.
The government wants to break our privacy, and does not care for our safety. Hence RFIDs are the logical decision for them. They know that they will have devices to track and read RFIDs from ever larger distances, just like the TEMPEST sniffers they use today.
If too many people shield their RFIDs effectively, that will simply be made illegal. Just like really working TEMPEST-protection tents are not available to the general public.
What is scary is the thought about the statement "when it is necessary to identify individuals."
It's nice to learn I'm not a citizen but an inventory item.
The RFID devices are unimportant, it's the vast database required to hold the personal data that everybodies attention should be addressed.
Take the example of a miner. If rapid identification is needed, someone must have a portable RFID reader plus either a copy of the database on DVD or a real time link to a remote database. In either case the security of the service is reduced to the security of the local interface -- in most cases the physical security will be close to zero.
The hardware is the easy part, creating a secure system is difficult and expensive.
When did Germany begin embedding RFID chips in its passports? "German guy", do you know? Thanks.
Regarding miners and firefighters:
The use of an RFID isn't to identify *that firefighter* - the point there is for the case of "we're missing 2 miners/firefighters, and we have 3 piles of rubble". You ping all 3 piles, and if one pile has 2 things that ping back, you're probably pretty safe in ignoring the other two piles and concentrate on digging that pile out *fast*. If you get one ping back from each of 2 piles, you can still ignore one pile. It's similar to the radio beacons carried by some skiers in avalanche areas - just so they know where to dig if something goes horribly wrong.
(This of course assumes that the RFID is attached to a dog-tag or similar item that is fairly certain to remain on the person..)
AFAI remember Germany introduced RFID chips in passports spring this year.
What are you guys all bitching about? Its only in documents; wait a couple of years and the government will want to imbed RFID chips in YOU!
I wonder what's the simplest way to determine whether a given passport contains a chip or not.
My outfit designed a little cel phone detector for the exact same use. As this was quite simple, we did it free for a group of Hams we had done other business. With a little coffee can sized antenna, it's fairly long range and directional. The phone only has to be on for it to work. You listen to it talking to the tower, which it does every so often for location tracking and so on. The hams wanted this thing for their emergency response truck which they intended to drive to disasters (like building collapses, they were thinking of 9/11) and find people in the rubble by their phones. The range was good enough for this, and one wonders why DHS doesn't have it, nor do the prisons (they built a system that costs literally a million times this and complain they can't afford it) or the DoD -- seeing a cel phone signal in the middle of empty desert should be a hint of an IED being present.
According to this blog, there is an internationally agreed symbol on the passport cover:
Anybody who is interested in RFID chips in passports may find this article interesting.
That's solid gold! Thanks. I will "read the whole thing", as they say.
I hope this is not too off-topic, but I just got my passport updated. Hence I have one of the new RFID passports. Does anyone have any suggestions on how I can mitigate my risk?
I also just renewed my passport. How do I tell if I have an RFID in this thing? Nothing stands out that indicates there is one in the passport.
Passports with RFID have one page which is noticeably thicker than all the rest - containing the RFID chip and its aerial. That page usually has warnings not to bend or staple it.
Japanese passports have the RFID page in the middle of the passport, most other countries have it in the same page containing all the printed personal information (the last or second-to-last page.)
For the ICAO specifications for RFID passports, including the fields and tags defined and reserved in the data structure for logging movements on the chip, see:
And for the best chance at getting a new USA passport without an RFID chip, if you do so without delay, see:
Supposedly RFID chipped passports are being issued already by the Denver passport office, but I haven't yet heard of any being issued by any of the other passport offices.
General rule-of-thumb seems to be that if the RFID tag isn't working, it's no longer to be considered a valid document.
How long that policy will hold up probably depends greatly on the quality of the RFID implementation.
Hand or forehead?
Will 666 go to Ahmedinijinijini or Kim Jung-Il?
Questions questions questions...
Yes, other countries are implementing this nonsense in passports. They do so because US blackmailed them - either you do as we say (and dictated throug ICAO) or your citizens wont get into us without a visa.
It just proves that no country had the guts to stand up for freedom and security.
And then US government turned upon its own citizens.
This report is surprisingly objective in its analysis. As such it is likely not approved and will not get approved unless they realise that RFID cannot be used for peope as it will create identity theft and all sorts of crime and abuse.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.