On October 17, 2006, the U.S. Department of State announced a new Federal rule proposing the use of RFID chips in card-sized passports. There have been similar proposals for standard passports for a couple of years now.
As a person who travels overseas occasionally (generally once or twice per year), this is worrisome. I don’t want someone to be able to tell, from a distance, that I’m carrying a U.S. passport. I don’t want someone to be able to tell, from a distance, my name, passport number, and so-on.
Even though I have always traveled in places where it’s fairly safe to be an American, that may not always be the case. And even so, I’d prefer to blend in, and not stand out, due to an RFID signature.
Yet thanks to increasingly sophisticated readers, it’s easier to detect and read an RFID chip at a distance. (In theory, the passport’s supposed to “turn off” the RFID chip if its cover is closed. In practice, the switch doesn’t work reliably.)
Security expert Bruce Schneier has been blogging regularly about this issue. Today’s posting references an European document which concludes that RFID passports dramatically decrease security and privacy, and increase the risk of identity theft.
Let us hope that these ill-conceived plans for RFID passports are reversed. In the meantime, if I’m issued an RFID passport, I’ll invest in some sort of shield — lead foil or otherwise — to block the signals. And I recommend that you do the same.
>> Update 11/10: I’ve been informed that metalized Mylar bags will block RFID signals, and that they’re less expensive and more convenient than lead shielding. A quick Google search found a commercial product called MobileCloak, though it seems that most any metalized Mylar would do the trick. See this homebrew article on how to make your own RFID-blocking wallet out of aluminum foil and duct tape.