As we reported last week, the US State Department is pushing to embed insecure radio-frequency identification (RFID) chips in all new US passports. These chips would broadcast your name, date of birth, nationality, unique passport number, and any other personal information contained in the passport to anyone with a compatible RFID reader.
Security experts have pointed out that because the new passports would indiscriminately expose your personal information to strangers, they could be used as "terrorist beacons," providing a terrorist, kidnapper, or thief with a means of covertly scanning a crowd at an airport -- or any other public place -- for American targets. But there are numerous other ways that RFID passports threaten your safety, privacy, and basic civil liberties.
This week, EFF, joined by EPIC, PrivacyActivism, Privacy Rights Clearinghouse, the World Privacy Forum, and privacy activist Bill Scannell, filed comments [PDF] with the State Department, providing a detailed critique of the RFID passport proposal and urging the Department to abandon it.
"RFID in passports is a terrible idea, period. But on top of that, the State Department is acting without the appropriate authority and without conducting any form of credible cost-benefit analysis," said EFF Senior Attorney Lee Tien. "It's asking Americans to sacrifice their safety and privacy 'up front' for a dangerous experiment that it hasn't even bothered to justify."
As our comments point out, under the State Department's plan there would be millions of RFID passports (and passport holders) and thousands upon thousands of authorized passport readers around the world. Each authorized passport reader would itself represent a threat to the privacy of passport holders and would have to be secured. Because the technology would be so widespread and persistent over time, the likelihood of reverse engineering and thus security compromise would be high. At the same time, because so many people would be carrying RFID passports, the magnitude of harm associated with security compromise would be large - and it is unclear how well the system would recover once it is compromised.