Skip to main content

What a shock: Your e-passport isn’t secure after all

Backtracking from earlier claims that e-passports are “totally secure,” the U.S. State Department is now urging travelers to keep their RFID-chip enabled passports in “radio-opaque sleeves” to protect owners from having their information skimmed by unauthorized readers within a 30-foot range.

The State Department’s warning comes with the caveat that “hackers won’t find any practical use for data,” because personal information is encrypted. But that encryption has already been cracked.

So now the data and the accessibility of the chip have been compromised. Why are we using this technology, again?

Implementation of this technology means more hassle, more concern about your data, and, frankly, less convenience. Great.

As Marc Rotenberg, executive director of the Electronic Privacy Information Center, notes, “By obliging Americans to use these sleeves […] the government has, in effect, shifted the burden of privacy protection to the citizen.”

And while this is a completely remote possibility for everyday travelers…

In 2006, a mobile security company, Flexilis, conducted an experiment in which the transponder of a partially opened e-passport triggered an explosive planted in a trashcan when a dummy carrying the chipped passport approached the bin. A video of the experiment was shown that year at a security conference.

I like the old, non-IED-triggering plain-vanilla passports better.

The whole RFID controversy is so frustrating because it’s completely unnecessary. You don’t need a chip to create a counterfeit-resistant document in the first place. But by addressing one problem — counterfeiting — it creates a swath of new problems.

If you want to be sure, remember that there’s really only one surefire way to prevent your e-passport from broadcasting your personal information: Break the chip. Pound it with a hammer.