On July 8, I wrote about the fallacy of identity thieves guessing your Social Security number. Despite misleading claims in the news media, the fact remains that thieves have only a one-in-ten thousand chance of decoding your Social Security Number, the same as making random guesses.
Of course, thieves don't use random guesses as there are easier methods of stealing your identity information. A recent news article describes how Chris Paget cruised the streets of San Francisco and in twenty minutes found identifying information of six Americans without having to guess any Social Security Numbers. In fact, he never left his car. The process apparently was simple. The information was freely given to him by government documents.
You can read the full story at http://www.google.com/search?hl=en&q=%22microchipped+PASS+cards%22&btnG=Search&aq=f&oq=&aqi=.
Government bureaucrats seem intent on locking up access to public domain information, such as birth, marriage, and death records, as well as Social Security Numbers of deceased individuals. But those same government bureaucrats also seem to ignore the far greater security problems – those created by government bureaucrats.
The news report describes how Chris Paget read the identification stored in microchips in all newer U.S. passports. He also was able to read microchipped PASS cards.
NOTE: The U.S. Passport card or PASS (People Access Security Service) card, a new credit card-sized travel document, is now being issued by the federal government. A poor cousin to the standard passport, it is more compact and less expensive, but valid only at land and sea points of border entry into the United States, not for air travel.
In addition to passports and PASS cards, four states now issue drivers' licenses that contain RFID chips that can be read remotely: Washington, Vermont, Michigan, and New York. However, Chris Paget did not encounter any of those drivers' licenses on his recent drive around San Francisco. Of course, a drive around any town or city in one of those four states would have produced different results.
RFID chips are designed to hold personal information about you, sometimes including your Social Security Number. They typically contain information about your home address, your date of birth, color of eyes, color of hair, and more. The information is stored in the tiny RFID chips in an unencrypted manner; any inexpensive RFID reader can access that information. RFID readers are readily available for purchase from any number of sources.
When originally designed, RFID chips were thought to have a wireless range of only two or three feet. However, soon after, several companies produced readers that could decode information from RFID chips twenty feet away or even further. Chris Paget was able to read the chips of strangers walking along the sidewalk or riding in nearby cars, even though he never got out of his automobile.
RFID chips were placed into passports at the recommendation of the Department of Homeland Security. The same department is recommending that all states use RFID chips in drivers' licenses. Yet the same Department of Homeland Security's own advisory committee on data integrity and privacy warned that radio-tagged IDs have the potential to allow "widespread surveillance of individuals" without their knowledge or consent.
In its 2006 draft report, the committee concluded that RFID "increases risks to personal privacy and security, with no commensurate benefit for performance or national security," and recommended that "RFID be disfavored for identifying and tracking human beings."
The next time your local legislator starts making noises about locking up access to public domain records, please ask him or her to do a bit of reading first in order to locate the TRUE potential causes of identity theft.
What's in your wallet?
Seems to me big brother is watching............
Posted by: Bev Martin | July 21, 2009 at 07:44 AM
It appears that some of the government bureaucrats can not see or think "any further than their noses" or even that far! Would this "small detail of a possible breach in security not be evident? Duh?
Posted by: R Nell Nichoslon | July 21, 2009 at 07:54 AM
Wrap the PASS or Passport in aluminum foil. The rf signal cannot enter and exit with your info.
Posted by: John Hile | July 21, 2009 at 08:37 AM
Is there any kind of slip case you can purchase for a driver's license or passport that would block someone from reading the RFID chip?
Posted by: Cathi Desmarais | July 21, 2009 at 09:27 AM
I have no way to try this, but maybe one of your readers could. Would wrapping the passport or PASS card in aluminum foil thwart this scheme?
Posted by: George Anderson | July 21, 2009 at 09:29 AM
The State of Washington supplies a foil-lined protective case along with the new enhanced driver's license. It's up to the holder to use it.
Posted by: Karen Struve | July 21, 2009 at 10:09 AM
http://www.passport-stronghold.com/products.html
Posted by: Carolyn | July 21, 2009 at 10:52 AM
New York State also provides a protective case. I thought it was to prevent info from accidentally being erased, but now I learn it prevents theft of the info. Thank you for your always informative news.
Posted by: David | July 21, 2009 at 02:21 PM
I spoke with someone I thought would know about this and here is what he said,
"All that is stored in the RFID chip is a 1024 bit RSA encrypted serial number. The ID information is stored on government computers, not on the chip itself. Since RSA is a public key encryption/decryption system, having your RSA encoded serial number gets the hacker nothing. They'd have to gain access to the government system that holds the other half of the key in order so see your information. Even at the port of entry the CPB officials aren't accessing your information through the RFID - it comes from the optical strip located along the bottom edge of the photo page (or on the back of the passport card). Included in that optical data is a checksum. The RFID tag has its checksum calculated and is then checked against the checksum encoded in the optical data - simply to confirm that the passport is genuine.
You stand a much greater chance of ID theft from having the passport stolen that from having the RFID skimmed."
Posted by: Karen West | July 23, 2009 at 10:03 AM
---> You stand a much greater chance of ID theft from having the passport stolen that from having the RFID skimmed.
So how did Chris Paget remain in his automobile and obtain the names and personal information of six Americans in twenty minutes? All without leaving his automobile and without stealing any passports? Something doesn't add up here.
Please ask the "someone I thought would know about this" to read the article at http://www.google.com/search?hl=en&q=%22microchipped+PASS+cards%22&btnG=Search&aq=f&oq=&aqi= and explain how Chris Paget did that in front of witnesses.
- Dick Eastman
Posted by: Dick Eastman | July 23, 2009 at 10:09 AM
I read a few of the articles on Chris Paget and the articles only say that he obtained the identifiers (what Karen West called serial numbers) from the RFIDs he skimmed. I couldn't find any articles that said that Chris Paget was able to obtain names or personal information from the RFIDs.
Posted by: Stephen J. Danko | July 23, 2009 at 06:45 PM
As far as tracking our movements goes, we already carry our own personal tracking device - the cell phone.
I am not defending RFIDs, just saying that we are already tracked in hundreds of ways - through our internet searches, credit card purchases, checks, debit cards, supermarket savings cards. As of now, they are much more potent sources of personal information than RFIDs.
I appreciate the article because I was not aware of RFIDs on passports and DLs, but at this time I don't believe names, addresses or SS numbers can be gleaned from them
Posted by: Karen West | July 24, 2009 at 05:41 PM