Comment

Dangers exist in radio passport - but is it really the radio, or the passport?

Electronic passports:
http://www.nytimes.com/2005/04/27/politics/27passport.html aren't as secure as they thought. But is that really important?

The idea that your passport might be "snooped" by a privately operated RFID reader, operated by hostile forces, is the reddest of red herrings, and almost dumb enough to seem like proof of a conspiracy theory. Public hacking - that's not the problem with "electronic passports."

According to the New York Times, the State department
"intends to modify the design so that an embedded radio chip holding a digitized photograph and biographical information is more secure."

The danger the American Civil Liberties Union (ACLU) perceives is simple: "ACLU has questioned whether the chips truly can be made to relinquish their data only in such close proximity to a reader. The group has cited press reports claiming the tags can be read from up to 30 feet away. The ACLU said it had acquired its own reader and found that the tags meeting the international guidelines were readable from at least one meter away, about 3¼ feet," according to GovExec

But the problem with electronic passports remains a problem, even if the data in it is held in a barcode or a machine-readable text strip. The problem is that the Government which issues the passport is centralising its data relating to citizens.

When the risk was first raised, "the Government first claimed that the information could be read only within inches of the passport," summarised Stephen Wellman of Fierce Wireless. "But tests showed the information could be easily picked up by readers at a distance of three feet or more. This means that unauthorized individuals with the right equipment could engage in electronic pick-pocketing -- mingling with passengers in airport lounges and unobtrusively download vital personal information from these passengers' digital passports."

The ACLU thinks the passports "could leave Americans open to identify theft, to terrorists interested in singling out Americans travelling overseas,"- which really isn't the point. Correctly, ACLU then goes on to say: "… or to the emergence of routine tracking by the government or private sector "

That is not a danger - it's an inevitability.

Once a database has your passport data, you only have to use that passport once to prove identity for another transaction, for the two identities to be linked. Before much time is gone, links can be traced from passport to credit card, from credit card to retail loyalty card, from loyalty card to travel pass for rail, and from travel pass to frequent-flyer database.

Anybody who - like a Government - is prepared to push the law to its limit, will be able to track an individual's movement and activities - not just in the past, but probable activities in the future.

It really doesn't matter if the passport is read deliberately by a passport officer, or surreptitiously by some loon, wandering around airport lounges with an RFID reader (seriously, how likely is that?). As long as the data gets into the system, you've provided a tracking trail.

And what you decide is a good, and worthy purpose may be seen by today's Governments as subversive and dangerous - because it threatens them, rather than the country.

Of course, that could never happen here...