Information-security expert Lukas Grunwald is not reluctant to share his opinion of the radio frequency identification (RFID) technology that is now a mandatory security feature of American passports.
“This whole design is totally brain damaged,” Grunwald told Wired magazine. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”
RFID chips or tags are tiny data storage units, generally the size of a grain of rice, equipped with radio transmitters. The new “e-passports” issued by the U.S. government have a passive RFID chip embedded in the back containing personal information, including a digitized photograph and, in the future, a fingerprint. The chip is activated by passing it in front of a reading mechanism that transmits the appropriate radio signal.
Under a U.S. law passed in 2002, the 27 countries participating in the Visa Waiver Program—most of them European—are required to install RFID chips in their passports. U.S. citizens returning from abroad must now present a passport to customs officers, and since Jan. 1, 2007, the U.S. government has issued e-passports to Americans renewing travel documents or obtaining them for the first time. The State Department insists that the new digitized passports are more secure. Experts like Lukas Grunwald strongly beg to differ.
During last August’s Black Hat security conference in Las Vegas, Nevada, Grunwald, a consultant with DN-Systems Enterprise Solutions in Germany, demonstrated the ease with which the RFID-enhanced e-passports can be hacked and cloned. Along with an associate named Christian Bottger, Grunwald developed a cloning program that can duplicate an e-passport’s digital information in roughly five minutes using an RFID reader he purchased on eBay. The cloned passport chip is completely indistinguishable from the genuine article.
Grunwald was neither the first nor the only techie to expose the vulnerabilities of e-passports. In January 2006, the Dutch security firm Riscure conducted a similar experiment for “Nieuwslicht,” a television news program in the Netherlands. Using a personal computer and a commercially available radio receiver, Riscure was able to read the digital information of a prototype Dutch e-passport (which uses the same RFID chip and encryption scheme as the new U.S. passports) from a distance of about 30 centimeters. With that information, Riscure cracked the e-passport’s password in roughly two hours and thus gained full access to the RFID chip’s contents, including a digital picture, fingerprint, and other personal information.
“Nearly every country issuing this passport has a few security experts who are yelling out … ‘This is not secure,’” Grunwald points out. “This is not a good idea to use this technology.’” British computer security expert Adam Laurie of Bunker Secure Hosting expresses that view in more colorful terms, comparing the supposedly ultra-secure e-passport system to “installing a solid steel front door to your house and then putting the key under the mat.”
Laurie himself has rigged a device that can swipe an e-passport’s information from a distance of slightly less than eight centimeters. That distance is “enough if your target subject is sitting next to you on the London Underground or crushed up against you on the Gatwick Airport monorail, his pocketed passport next to the reader you have hidden in a bag,” writes Steven Boggan of London’s Guardian.
A technical study performed in 2005 demonstrated that it’s possible to eavesdrop on an RFID passport from greater distances. Using an electronic “leech,” researchers were able to read personal data from about 50 centimeters and then relay it to a second device called a “ghost” up to 50 meters away. A relay system of this sort in a crowded travel node—an airport, bus station, or subway—would make it possible for information thieves to harvest countless digital profiles from e-passports.
What use could be made of a cloned e-passport? Wouldn’t it be easier to simply steal a physical passport, as defenders of the new system maintain?
According to Grunwald, the biometric features that supposedly make the RFID-enhanced passport more secure may actually benefit terrorists, smugglers, and others in the market for phony travel documents, in large part because those features make stealing physical passports unnecessary.
Although a cloned chip cannot be altered to add new biometric information, such as a new fingerprint, Grunwald contends that there are “established ways of making forged fingerprints” that can fool automated security systems. And electronically stored photographs would pose only minor obstacles to terrorists. As the Guardian’s Steve Boggan points out, “if a terrorist bore a slight resemblance to you—and grew a beard, perhaps—he would have a good chance of getting through a border. Because his chip is cloned, with the necessary digital signatures, and because you have not reported your passport stolen—you still have it!—his machine-readable travel document will get him wherever he wants to go, using your identity.”
The potential usefulness of e-passports to terrorists goes well beyond merely making identity theft easier. Some privacy advocates and business groups are concerned that the new U.S. passports will leave Americans more vulnerable to violent crime abroad—from petty theft to kidnapping to murder.
The Business Travel Coalition worries that the RFID-equipped passports “will put American business travelers at risk of identity theft and physical harm.” Greeley Koch, president of the Association of Corporate Travel Executives, seconds that criticism. “The thought that your travel documents could be broadcasting your nationality to those with an interest in harming U.S. citizens is bad enough,” states Koch. “But it could also be pinpointing likely targets for pickpockets, thieves, and even providing information to steal.”
In a paper submitted to the State Department two years ago, information security experts Ari Jules, David Molnar, and David Wagner describe some terrifying potential uses for stolen e-passport data. One possibility is that captured data would “enable the construction of ‘American-sniffing’ bombs, since U.S. e-passports [do] not use encryption to protect confidentiality of data.” Another “unpleasant prospect,” as the authors put it, is the advent of an “‘RFID-enabled bomb,’ an explosive device that is keyed to explode at [a] particular individual’s RFID reading.”
In an April 4, 2005 submission to the State Department’s Office of Passport Policy, representatives of six privacy and cyber-security advocacy groups protested that “the proposed RFID passport unjustifiably endangers passport holders’ privacy and creates substantial security and other problems.” They also pointed out that the State Department had no statutory authority to issue the e-passport. The Enhanced Border Security and Visa Entry Reform Act of 2002 mandates that the countries participating in the Visa Waiver Program upgrade their passports with RFID technology, but as the State Department admits, “the United States is not mandated to comply” with that provision.
So in addition to making American citizens and their travel documents less secure, the e-passport program is technically illegal. Why did Washington make the program’s creation such an urgent priority? At least part of the answer is corrupt corporatist profiteering.
The watchdog group Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) obtained a December 2004 memo from the General Services Administration urging federal agency heads to engage in something akin to what the film industry calls “product placement” advertising on behalf of RFID technology.
The GSA, which administers federal procurement policies, instructed agency heads “to consider action that can be taken to advance the [RFID] industry by demonstrating the long-term intent of the agency to adopt RFID technological solutions. … [A]gencies need to determine how to best implement RFID technology on current or proposed contracts, grants, and cooperative agreements.”
Since that time, notes CASPIAN, “major RFID initiatives have been publicized by a number of government agencies, including Social Security, NASA, the Postal Service, and the Department of Homeland Security, among others.” “Buying needed equipment is one thing,” observes CASPIAN founder Katherine Albrecht, co-author of the RFID exposé Spychips. “Finding excuses to purchase and promote controversial technology at taxpayer expense is another.”
Former Homeland Security Czar Tom Ridge embodies the nexus between the growing RFID industry and the thriving federal Homeland Security apparatus. In April 2005, Ridge joined the board of directors at Savi Technology, a Silicon Valley RFID firm. A few months later, Tommy Thompson, who had been George W. Bush’s first-term Secretary of Health and Human Services, joined the board of Applied Digital, which manufactures human-implantable “VeriChip” RFID tags containing medical information and other personal data. Thompson did his part to promote the technology by “getting chipped” in his arm.
In countries like Mexico and Brazil, where kidnapping is rampant, thousands of people have been chipped as a personal security measure. Colombian President Alvaro Uribe, among others, has suggested that laborers migrating to the United States for seasonal work should be implanted with microchips, a suggestion that found favor with some immigration reformers on Capitol Hill. Two years ago, Brittain Elementary School in Sutter, California, mandated that all its students carry an RFID tag.
All of these developments and proposals may herald an era of what the Scientific American calls “Human Inventory Control,” an inescapable worldwide system of digital surveillance and pervasive personal insecurity. The architects of that system are already positioning themselves to cash in.
William Norman Grigg is editor-at-large for the website, The Right Source. (therightsourceonline.com).