Another Blogger Confuses the RFID Issue

Robin Harris, a blogger on ZDNet, claims RFID passports will lead to your being captured by a terrorist. He hasn't got a clue.
Published: July 21, 2009

Yesterday, I wrote that articles that distort the facts about radio frequency identification in order to scare people about potential privacy issues, such as a recent one by Todd Lewan, do more harm than good (see AP Hack Strikes Again). I didn’t need to wait long for the evidence. Yesterday, Robin Harris posted a blog on ZDNet entitled “RFID passports: a tragedy waiting to happen.” In that blog, Harris suggests Americans will be identified and kidnapped by terrorists reading RFID tags in passports. He cites Lewan’s article.

But Harris, whose bio says he “writes, consults, coaches and lives among the mountains of northern Arizona,” doesn’t know what he’s talking about, and his carelessness with the facts is evident in the fourth sentence, which states: “In a recent article, Todd Lewan accompanied ethical hacker Chris Paget as he found chipped tourists around San Francisco’s Fishermans Wharf—from a van.” Actually, Lewan watched a months-old video on YouTube.

The big problem with Harris’ blog is that he has confused a PASS card, which has only a random serial number on it and no security measures, with an RFID-enabled passport, which contains personally identifiable information and biometric data designed to match the stored image of the passport holder with the person standing in front of an immigration official. The whole reason for using RFID was to make it possible to confirm the person issued the passport or PASS card is, in fact, the person using it. (This noble goal never gets mentioned in articles, for some reason.)

PASS cards utilize RFID transponders based on the ultrahigh-frequency (UHF) Electronic Product Code (EPC) air-interface standard, instead of more secure high-frequency RFID tags that support encryption. The reason UHF was chosen was that the card would carry only a random serial number linked in a database to a person’s information and photo. As a car approaches a border checkpoint, the driver holds up the card, and the system reads it. By the time the vehicle arrives at the checkpoint, the driver’s information is called up on a screen. The border agent looks at the person’s face and picture on the screen, and allows him or her to enter the country if they match.

Passports use more secure RFID technology, which supports encryption. U.S. passports include a shield in the cover to prevent the transponder from being read when closed. Some passports also contain a bar code that must be interrogated to capture a key that unlocks the digital biometric data. Some “critics” feel these measures are not enough, but so far, there have been no problems with electronic passports.

The problem is with people spouting off about something without bothering to check their facts. Harris disparages “paranoid mid-level bureaucrats” who, he says, “were given free rein to ‘innovate,’ and guess what popped up? RFID tags in your passport.”

It might be more accurate to say paranoid bloggers have been given free rein on the Internet, and guess what popped up? Articles full of misinformation.