Avoid US RFID Passports
Government officials continue to prepare new US passports with embedded RFID technology despite the risk that the passports can be cloned and propose other security/identity threats.
FoxNews reports that "Brenda Sprague, deputy assistant secretary of State for passport services, said the cards contain information identical to what is found in a standard passport, and are just as secure. About 850,000 cards have been issued nationally."
Ms. Sprague is either unaware or is in denial of how vulnerable the new US passports are. Both The Register and Engadget recently reported that a San Francisco hacker built a device, from components acquired on eBay, that is able to capture passport RFID information. After driving around San Francisco for just 20 minutes, the hacker was able to record the unique identifiers from two government-issued passports. His current equipment is only capable of capturing RFID information within 30 feet, but could be modified to capture information over a mile away.
The Register highlighted the significance of these unique ID's when it reported the following:
"To be sure, the RFID tags contain no personally identifiable information, but rather what amounts to a record pointer to a secure Department of Homeland Security database. But because the pointer is a unique number, the American Civil Liberties Union and other civil libertarians warn the cards are still susceptible to abuse, especially if their RFID tags can be read and captured in large numbers. Cloning the unique electronic identifier is the first step in creating fraudulent passport cards, they say."
"The cards also amount to electronic license plates that could be used to conduct clandestine surveillance. Law enforcement officials could scan them at political rallies and then store them in databases. The tags could also be correlated to other signals, such as electronic toll-booth payment systems or RFID-based credit cards, to track the detailed movements of their holders."
I would suggest avoiding US passports with RFID technology because it is just one more way for individuals to remotely (from a distance) access information unique to you. Proposals exist to also integrate this technology into our drivers licenses.