Saturday, September 16, 2006

Don't be a beta tester for the government: Get a new passport now

If you don't have a passport, go apply for one right now. If you have one that's more than a few years old, renew it.

That's advice from security expert Bruce Schneier in an opinion piece in today's Washington Post.

This isn't because things are getting so bad you may want to leave the country fast, or even because you now need your passport to enter countries that used to let you in with a driver's license.

It's because most countries are about to start putting radio frequency identification chips -- usually called RFIDs -- in their passports. The US is already putting them in passports issued through the Colorado passport office and expects to have them in all passports by the end of the year. Other countries are following suit.

According to Schneier, you don't want to be a beta tester for RFIDs.

The problem isn't that border crossing officials can read all the data on your passport without even looking at it -- after all, you're required to show the passport to those people anyway.

The problem is that anyone equipped with a reader can collect all that information -- and you'll never know it happened. As Schneier explains:
RFID chips don't have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship.
Plus, RFIDs are electronic devices, meaning someone will figure out how to hack them. (One researcher has already cloned a chip.) Passports are good for ten years, so the chips need to last that long and remain secure. As Schneier puts it:
It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time.
Schneier knows his stuff. He's one of the most respected security experts in the business. His bio is here. To get a sane, professional take on the security issues of the day, check out his blog or subscribe to his free Crypto-Gram email newsletter.

No comments: