Threat of “Spy chips” in ID cards
The Mirror is claiming an exclusive for its front-page story on RFID chips in ID cards:
Plans to fit radio transmitters in identity cards were greeted with fury last night as opponents claimed they could be a spy device.
Angry MPs and pressure groups said the cards might lead to a Big Brother state by tracking the movements of innocent people.
But the Government insisted the chip was being used to comply with international identity card rules.
The story is based on a leaked letter from Home Office minister Andy Burnham saying (in part):
… a travel document such as an identity will need to incorporate a “contactless” or “proximity” chip. This will require the card to use radio frequencies to allow the card to be read at a very short distance.
The paper’s editorial is unequivocal in its condemnation:
ID CARDS AN INTERFERENCE
Law-abiding citizens will be horrified at the prospect of being electronically tagged like criminals on parole.
Today’s disclosure that ID cards are to carry radio transmitters is a dangerous move towards a Big Brother society.
Few doubt possession of the plastic passes will be made compulsory unless the Government is halted in its tracks.
Home Office minister Andy Burnham plays down the snooping threat yet we all know technology and policies change.
January 27th, 2006 at 15:51
All you need to do is look at the way that the driving licence, from being a piece of paper stating that you have the ability to drive, has turned into a tax collecting totalitarian stick to force people to comply with Britain’s most rediculous laws.
The whole idea of an id card is that, in the future, it will be your credit card as well. Tax, fines, government charges etc. will be deducted from your bank account and there will no longer be any such thing as money. What the government fail to realise is that if they are actually successful in this aim, it will bring about civil war.
January 27th, 2006 at 17:40
If the Mirror thinks that’s exclusive its parliamentary correspondent clearly doesn’t bother reading Hansard. Unless of course it’s just discovered that “contactless” = radio. Outstanding.
Still, on the basis that ill-informed outcry is often more effective than the well-informed variety, carry on chaps. (-:
January 27th, 2006 at 20:25
*Sigh* yet more un-researched speculation about RFID.
While I do think that making ID card data readable via RFID is a *bad* idea, I wouldn’t mind a *wee* bit less of the hysteria, lest it taint what is a valid argument.
Anyway:
1) RFID is (generally) a passive device, not a transmitter. You need a specific reader in close proximity.
2) Generally, the area of the transmitter needs to be at least the square of the distance from which it’s read. So general scanning of crowds without being bleedin’ obvious is unlikely. Not that it’d be impossible to build a reader into (say) tube barriers. The data analysis requirements for making any useful sense out of the travel habits of the tube-travelling public does strike me as putting it into the range of prohibitively difficult.
Didn’t the US govt propose this for their passports, and then suggest that the passports would then have a metallic lining to prevent skimming? Because if you think about it, 3rd party readable RFID-enabled ID Cards are *heaven* for identity thieves…
January 29th, 2006 at 02:30
martinb: If RFID tags can only be read at close proximity, why are the American government telling us that they can be read from several yards away in new ID cards? Source: http://www.latimes.com/news/nationworld/nation/la-na-border18jan18,0,1125973.story?coll=la-headlines-nation
Even that range on RFID readers is only limited by radio-frequency emissions legislation; if you’re prepared to ignore that, you can get much larger range. I’d not heard anything about the area of th transmitter before, do you have any good sources?
“Schneier on Security” http://www.schneier.com/blog/ is a good read for news on RFID and other aspects of security and privacy.
January 30th, 2006 at 13:38
RFID tags are *not* passive, they are a powered device that transmit data upon request. They use the RF field generated by the reader to power the transmitter. If the device is constantly in the presence of a strong enough RF field of the correct frequency, it will be powered and ready to transmit data on request.
To say;
2) Generally, the area of the transmitter needs to be at least the square of the distance from which it’s read.
Is absolute rubbish, the author of that comment has adequately demonstrated that ‘A little knowledge is a dangerous thing’ The author is misapplying the Inverse Square law, there are some excellent examples and explanations of this on the web.
Commonly used RFID tags can be read from several metres away, Things like the Dart Tag or other such subscription Toll systems are a perfect example.
It would be trivial to mount RFID readers at strategic points around city centres and monitor a person’s movements.
It would also be trivial to build a portable reader which could be concealed about a person’s clothing, harvesting data as said person walked around (providing the, hopefully, strong encryption could be broken)
January 30th, 2006 at 20:43
Some points on the whole discussion:
- aren’t there already RFID readers in tube barriers?
- don’t they already undertake useful data analysis based on the movements of individual tube travelers?
- Who says you have to be discrete about surveilling crowds? Police forward intelligence units are pretty blatant aren’t they?
- Encryption? Who said the data was encrypted?
- It was my understanding (from Spy blog) that the range was typically 30 meters.
SJG
February 3rd, 2006 at 11:09
It also seems like the chip can easily be hacked. See here:
http://www.theregister.co.uk/2006/01/30/dutch_biometric_passport_crack/
So, potentially a one-stop-shop for identity theft, and you might not even have to have possession of the card in the first place!
Well done HMG!
March 7th, 2006 at 15:42
The point seems to be that the technology exists to track people’s movements when they go in different shops for example. So it’s not going to be just making sure that you don’t nick anything. I myself envisage it to be something like creating a log of every movement a person makes in his or her life. Going abroad for example. I suspect men who are having affairs may have a very hard time explaining why instead of staying in London the whole business trip they have been found in Southampton.
IT companies will probably use data mining techniques to find out people’s life patterns and the government will eventually change restrictions on data and just sell it on to third parties.
There are of course concerns over adding data fields to these chips.
Imagine the use that somebody like Hitler, Himmler or Heydrich would have made of this technology. And we are asked to just trust them with it — like the DVLC info.