A computer researcher demonstrated late Friday what some experts have long suspected — the data inside new electronic passports that the State Department is introducing this year can be copied, opening the door for criminals to pass themselves off as other travelers.
German security researcher Lukas Grunwald of DN-Systems showed how the information stored on a radio frequency identification (RFID) tag could be copied and transferred to another card, using an inexpensive RFID reader, software and a smart card writer.
State Department officials have repeatedly insisted that the new passports are secure, and the U.S. will begin issuing them to millions of Americans in October to phase out the old passports that are not chipped.
While the State Department has continued to push its plan for RFID, a Department of Homeland Security committee said the plan makes no sense.
RFID may be fine for tracking merchandise, “but for other applications related to human beings, RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity,” the DHS Emerging Applications and Technology Subcommittee concluded in this report.
Passports need digital (machine readable) technology, just not RFID, the report said.
“RFID offers no anti-forgery or antitampering benefit over alternatives such as contact chips, bar codes, or pixelization.”