{"id":32,"date":"2008-01-13T23:31:00","date_gmt":"2008-01-13T22:31:00","guid":{"rendered":"http:\/\/www.tapper-ware.net\/blog\/?p=32"},"modified":"2010-07-11T12:04:39","modified_gmt":"2010-07-11T10:04:39","slug":"if-i-had-a-hammer-or-why-rfid-in-passports-is-a-really-bad-idea","status":"publish","type":"post","link":"https:\/\/www.tapper-ware.net\/blog\/if-i-had-a-hammer-or-why-rfid-in-passports-is-a-really-bad-idea\/","title":{"rendered":"If I had a Hammer OR Why RFID in passports is a really bad idea\u2026"},"content":{"rendered":"<p>First things first: I actually do have a hammer and I know how to use it when it&#8217;s time to get my new RFID-enabled passport. It&#8217;s a fairly easy method to disable this ugly tracking device.<\/p>\n<p>The more important question is why should I do it? Well there are a couple of reasons, so let&#8217;s make a list:<\/p>\n<p>Let&#8217;s start with the basic problems of any encrypted data:<\/p>\n<ol>\n<li>I don&#8217;t want the state to identify me&#8230; sure they say the data is encrypted, but there was no way for officials to read it, then we wouldn&#8217;t have to carry it around&#8230; so the key is somewhere and let&#8217;s face it: If any part of our state has this key then it won&#8217;t take long until every single policestation or whatever has access to it.<\/li>\n<li>I don&#8217;t want others to identify me &#8230; if the key is available somewhere, then it won&#8217;t take long until it leaks out.<\/li>\n<\/ol>\n<p>\nBut are there other scenarios where the chip could reveal your presence. Even if the encryption was not compromised?<br \/>\nHell yes. With RFID anybody can track you, even without the encryption key. This is by far the most interesting point. Lets assume for a moment that the data is stored 100% perecent secure and that the key is not available to anybody (I know, it&#8217;s difficult but let&#8217;s try). Then the chip is still sending out the encrypted data which may not be readable by itself, but it&#8217;s still a unique identifier. It says that person XY was last seen going to a bank, then going to a chemical supply firm and finally after a brief visit to Starbucks boarding a flight to Saudi Arabia (at least if there&#8217;s a RFID scanner at all these locations&#8230;. this probably isn&#8217;t the case now but it&#8217;s still a possiblity we&#8217;ll have to deal with). Maybe you can&#8217;t find out who person XY is, but you sure can find out what he&#8217;s been doing as XY has left the same digital fingerprint at all these locations. And if XY has used another identifier, let&#8217;s say a credit card, at at least two locations with an RFID scanner, we even know that this person is me.<\/p>\n<p>Now this may all be very useful when trying to catch a criminal (eventhough it violates about every privacy law we&#8217;ve got), but this kind of information is available to anybody who can afford an RFID scanner. Let&#8217;s assume a group of stores agrees to exchange RFID information&#8230; not with any other authority, just among themselves. Sounds pretty harmless doesn&#8217;t it? But from this information alone, combined with the list of items bought while you were at the store and matched across multiple shopping sessions and some easy statistical analysis they&#8217;ll get something like this:<\/p>\n<p>Usually around 1pm at store A, usually buys sweets, pizza, Coke and bathroom acessories. around 6pm either at store B or C. This is only a tiny bit of what they could derive but already they&#8217;d know where you live, where you work and what you buy, just like that.<\/p>\n<p>And this would only be the &#8220;normal&#8221;, &#8220;marketing&#8221; way of analysing your data. Criminals are much more inventive&#8230;<\/p>\n<p>I&#8217;m not asking you to do anything but think about it how your privacy gets a beating with RFID passports.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>First things first: I actually do have a hammer and I know how to use it when it&#8217;s time to get my new RFID-enabled passport. It&#8217;s a fairly easy method to disable this ugly tracking device. The more important question is why should I do it? Well there are a couple of reasons, so let&#8217;s &hellip; <a href=\"https:\/\/www.tapper-ware.net\/blog\/if-i-had-a-hammer-or-why-rfid-in-passports-is-a-really-bad-idea\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">If I had a Hammer OR Why RFID in passports is a really bad idea\u2026<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/posts\/32"}],"collection":[{"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/comments?post=32"}],"version-history":[{"count":1,"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/posts\/32\/revisions"}],"predecessor-version":[{"id":166,"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/posts\/32\/revisions\/166"}],"wp:attachment":[{"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/media?parent=32"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/categories?post=32"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tapper-ware.net\/blog\/wp-json\/wp\/v2\/tags?post=32"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}