Bruce Schneier advises his readers to renew their passports now. Why? Because RFID chips will soon be embedded in them, and that presents a security risk.
By itself, this is no problem. But RFID chips don’t have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship.
At first the State Department belittled those risks, but in response to criticism from experts it has implemented some security features. Passports will come with a shielded cover, making it much harder to read the chip when the passport is closed. And there are now access-control and encryption mechanisms, making it much harder for an unauthorized reader to collect, understand and alter the data.
Things might be different if the government had a good record of keeping your personal data secure. It doesn’t. Look at how abused social security numbers are. RFID chips that store your personal data are vulnerable to sophisticated criminals.
Whatever happens, if you have a passport with an RFID chip, you’re stuck. Although popping your passport in the microwave will disable the chip, the shielding will cause all kinds of sparking. And although the United States has said that a nonworking chip will not invalidate a passport, it is unclear if one with a deliberately damaged chip will be honored.
The Colorado passport office is already issuing RFID passports, and the State Department expects all U.S. passport offices to be doing so by the end of the year. Many other countries are in the process of changing over. So get a passport before it’s too late. With your new passport you can wait another 10 years for an RFID passport, when the technology will be more mature, when we will have a better understanding of the security risks and when there will be other technologies we can use to cut the risks. You don’t want to be a guinea pig on this one.
Hmm, the microwave idea sounds like a good one. Be careful though – that sparking can cause a fire. If you don’t believe me, put a CD you don’t care about in your microwave for 10 seconds and watch. I’m not responsible for toxic fumes or other damage that may result from doing so.
As technology continues to march your personal data will become less and less personal. It’s up to the individual to safeguard that data, since government has never been able to so in a responsible manner.