RFID Wardriving

Posted by Keith McMillan

February 4, 2009 | Leave a Comment

A copule of years ago, governments around the world began deploying RFID enabled identity documents, including passports and drivers licenses.  Knowing this was coming, I renewed my passport before RFID was included.  I’m a paranoid geek, but then I’m an IT security guy, so paranoia is part of the job description.

Last week, Geeks are Sexy reported that a fellow in California decided to prove the point.

By hooking a $250 Motorola RFID reader and an antenna to his laptop, Chris Paget was able to easily harvest and clone multiple RFID identity documents while driving through San Francisco.

It’s certainly convenient for travelers and for governments to be able to read passports and other identity documents without us having to present them, but this sort of thing violates one of the basics of information security, namely confidentiality.  If the information in question is out there in the open, without any sort of controls on who can read it, should we really be surprised when someone decides to read it?  Geeks being who we are, we’ll do this sort of thing, or bluetooth sniping, or some other unintended but obvious use of the information that’s floating around.

I’d like to think that governments would have a stake in making sure that our identity information is secure, but most of my arguments seem pretty hollow in my ears. Does it cost them money in lost tax revenue? How about investigative costs? Aren’t they supposed to uphold law and order?  My fear is that all of these pale in comparison to the ability to monitor people without their being bothered.  My more paranoid self says that RFID enabled passports, drivers licenses, and cell phones could be turned into an awesome tool of a police state.  Your location would be known at every moment.  Heck, every month I print out my iPass tollway traffic so I can expense it for the business.  Who else has access to this information?

Advocates of government surveillance frequently ask us “what do you have to be concerned about if you’re not breaking the law?”  They say “We’ll only use our powers for good.”  My latest response has been to point them to the reports last year regarding NSA eavesdropping on American soldiers calling home and having steamy conversations with their significant others.  In fact, here’s a good case in point.  We have a policy of “Don’t ask, don’t tell” in the armed forces.  Homosexuality is not technically illegal, but if it comes to light, a soldier can be discharged.  What would happen if the NSA eavesdropped on a call between a male American soldier and his boyfriend back home?  I’m sure it would be great consolation to him that the government only eavesdrops on us for our own good.


RSS feed | Trackback URI

Comments »

No comments yet.

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.