Anyone still think RFID passports are a good idea?

Sometimes the most unlikely of my musings on this blog become big hits instantly attracting hundreds of page views, while others that I’ll sit up considering into the early hours fail to draw the attention. Ironically, one of the most read of my postings is one I slung together in a few minutes back in January on the theme of RFID passports (see here).

The latest news as reported in todays Times about the vulnerabilities present in the e-Passport is a continuation of the story. While we were previously concerned about the chips being read from a distance, the attention is now focused on the apparent simplicity of hacking the chip itself.

The risk of course is that an individual, a terrorist perhaps, could fool the system and pass himself off as somebody else.

Steve Boggan of The Times does a great job of exposing the flaws. The question is not whether the new passports are better than the old ones, or whether the risk of forgery is reduced to a level where it’s considered to be acceptable, but whether or not the technology being used is fit for purpose. In my opinion, if it’s delivered with easy to find flaws then it isn’t.

Of course, the passport is one of many layers of security that travellers are subjected to, but it is the most fundamental. It’s also not used solely for travel purposes. Here in the UK, with our lack of a national id card it’s also a commonly requested proof of identity.

Criminals, terrorists and the like will be quick to learn how to make the most of vulnerabilities in any technology they can exploit to hide their true identity. So, it’s essential the flaws are addressed and fixed. The Times article goes on to state that the Home Office has yet to see evidence of someone being able to manipulate data in an e-passport. This most probably means that they have yet to find somebody doing rather it than an assumption that is hasn’t been done.