Feb 03 2009

Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

This should be no surprise to anyone.  Pasport cards and electronic drivers licenses (EDLs) for US citizens, like the RFID-enabled I94 (entry-exit) forms that foreign visitors are required to carry throughout their stay in the US, were deliberately designed to ensure that they could be read at this range, and from inside a car.  The idea was for border guards to be able to read the chips for all the passengers in an approaching vehicle, before the vehicle reaches a border checkpoint.  In practice, they’ve been plagued by readability and reliability problems, so they haven’t served this purpose at the borders.  But they have made it possible for third parties to track people carrying these cards, from a distance.

RFID “passport cards” and RFID drivers licenses were a response to popular outrage at the imposition of passport requirements, as part of the “Western Hemisphere Travel Initiative” (WHTI), for US citizens crossing the Mexican and Canadian borders, whether by air or by land or sea.  (We filed formal protests of both these rules as a violation of travelers’ civil liberties and human rights, as guaranteed by the Constitution and by international treaties.)  As a sop to those whose only complaint was about the passport fee, not the infringment of rights, the government offered an option to individual travelers to obtain a passport card, and for states to offer an optional “electronic drivers license”.  (These are currently available in Washington and New York, two of the most populous states on the Canadian border.)  While the fee for a passport card or the surcharge for an electronic drivers license is less than the fee for a passport, the tradeoff for card holders is that both passport cards and EDLs contain longer-range RFID chips than those in RFID passports.

ICAO document 9303, which sets the standards for passports (including “e-passports” with RFID chips), includes specifications for credit card-sized travel documents (passport cards or national ID cards used as travel documents). These specifications are contained in the portion of ICAO Document 9303, Part 3, Voluime 2 for “Size 1 Machine Readable Official Travel Documents”. (“Size 2” is a passport-sized card.)

As clarified in the latest (2008) edition of this portion of Doc. 9303, the ICAO standards require these cards to use ISO 14443 type RFID chips — the same short range “proximity” RFID chips used in RFID passports:

13.10 Contactless IC and encoding. The contactless ICs used in MRtds SHALL conform to ISO/IEC 14443 Type A or Type B and ISO/IEC 7816-4…. The read range (achieved by a combination of the eMRtd and the reader) should be up to 10 cm as noted in ISO/IEC 14443.

(The ICAO standards for the logical data structure (LDS) of the RFID chips on these ID cards, like the LDS specified in Doc. 9303 for the RFID chips in passports, also reserve memory for future use for storing what is decribed only as travel records (Data Group DG19).  That would enable anyone who could read the chip to know not only your identitifying information but your most recent movements (places, dates, and times where the card was read and written), from the chip itself without the need to access any central server or database.)

In practice, ISO 14443 chips have been demonstrated to be readable from at least 3 feet (1 m) with the crudest equipment, but they are still considered to have a relatively short range.

Instead of following the ICAO standards for short-range ISO 14443 “proximity” RFID chips, the Departments of State and Homeland Security specified longer-range ISO 18000-6C “vicinity” RFID chips for passport cards and EDLs.  These are supposed to be readable from at least 10 m (30 feet), although presumably with suitable equipment they could be read from much further away.  The government knowingly and deliberately prioritized the enabling of longer-range surveillance and tracking over compliance with ICAO standards.  Long-range surveillance and tracking is a feature, not a bug.

Getting a booklet-style e-passport with an RFID chip is no protection: RFID passports can’t be read from quite as far away, but they could still be easily read by equipment that would fit in (for example) a piece of luggage rolled through an airport by an idenity thief. The only way to avoid being tracked wherever you go is (1) not to carry an e-passport, passport card, or EDL, (2) wrap it in metal foil whenever you aren’t actually required to be displaying it or exposing it for reading, or (3) get the Obama Administration and/or Congress to end the passport requirment and the use and deployment of RFID chips in identity documents.