Drive-by reader for RFID drivers licenses and passport cards

Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.

This should be no surprise to anyone.  Pasport cards and electronic drivers licenses (EDLs) for US citizens, like the RFID-enabled I94 (entry-exit) forms that foreign visitors are required to carry throughout their stay in the US, were deliberately designed to ensure that they could be read at this range, and from inside a car.  The idea was for border guards to be able to read the chips for all the passengers in an approaching vehicle, before the vehicle reaches a border checkpoint.  In practice, they’ve been plagued by readability and reliability problems, so they haven’t served this purpose at the borders.  But they have made it possible for third parties to track people carrying these cards, from a distance.

RFID “passport cards” and RFID drivers licenses were a response to popular outrage at the imposition of passport requirements, as part of the “Western Hemisphere Travel Initiative” (WHTI), for US citizens crossing the Mexican and Canadian borders, whether by air or by land or sea.  (We filed formal protests of both these rules as a violation of travelers’ civil liberties and human rights, as guaranteed by the Constitution and by international treaties.)  As a sop to those whose only complaint was about the passport fee, not the infringment of rights, the government offered an option to individual travelers to obtain a passport card, and for states to offer an optional “electronic drivers license”.  (These are currently available in Washington and New York, two of the most populous states on the Canadian border.)  While the fee for a passport card or the surcharge for an electronic drivers license is less than the fee for a passport, the tradeoff for card holders is that both passport cards and EDLs contain longer-range RFID chips than those in RFID passports.

ICAO document 9303, which sets the standards for passports (including “e-passports” with RFID chips), includes specifications for credit card-sized travel documents (passport cards or national ID cards used as travel documents). These specifications are contained in the portion of ICAO Document 9303, Part 3, Voluime 2 for “Size 1 Machine Readable Official Travel Documents”. (”Size 2″ is a passport-sized card.)

As clarified in the latest (2008) edition of this portion of Doc. 9303, the ICAO standards require these cards to use ISO 14443 type RFID chips — the same short range “proximity” RFID chips used in RFID passports:

13.10 Contactless IC and encoding. The contactless ICs used in MRtds SHALL conform to ISO/IEC 14443 Type A or Type B and ISO/IEC 7816-4…. The read range (achieved by a combination of the eMRtd and the reader) should be up to 10 cm as noted in ISO/IEC 14443.

(The ICAO standards for the logical data structure (LDS) of the RFID chips on these ID cards, like the LDS specified in Doc. 9303 for the RFID chips in passports, also reserve memory for future use for storing what is decribed only as travel records (Data Group DG19).  That would enable anyone who could read the chip to know not only your identitifying information but your most recent movements (places, dates, and times where the card was read and written), from the chip itself without the need to access any central server or database.)

In practice, ISO 14443 chips have been demonstrated to be readable from at least 3 feet (1 m) with the crudest equipment, but they are still considered to have a relatively short range.

Instead of following the ICAO standards for short-range ISO 14443 “proximity” RFID chips, the Departments of State and Homeland Security specified longer-range ISO 18000-6C “vicinity” RFID chips for passport cards and EDLs.  These are supposed to be readable from at least 10 m (30 feet), although presumably with suitable equipment they could be read from much further away.  The government knowingly and deliberately prioritized the enabling of longer-range surveillance and tracking over compliance with ICAO standards.  Long-range surveillance and tracking is a feature, not a bug.

Getting a booklet-style e-passport with an RFID chip is no protection: RFID passports can’t be read from quite as far away, but they could still be easily read by equipment that would fit in (for example) a piece of luggage rolled through an airport by an idenity thief. The only way to avoid being tracked wherever you go is (1) not to carry an e-passport, passport card, or EDL, (2) wrap it in metal foil whenever you aren’t actually required to be displaying it or exposing it for reading, or (3) get the Obama Administration and/or Congress to end the passport requirment and the use and deployment of RFID chips in identity documents.

14 Responses to “Drive-by reader for RFID drivers licenses and passport cards”

  1. RFID Passports Secretly Copied on a Lovely Sunday Drive - Page 2 - FlyerTalk Forums Says:

    [...] to coverage by The Identity Project see also: "Drive-by reader for RFID drivers licenses and passport cards", The Identity Project blog, February 3, 2009 __________________ Phil Add your own [...]

  2. Smartcardguy Says:

    Keep working, great job!

  3. Papers, Please! » Blog Archive » DHS considering hackable long-range RFID as “alternative” to REAL-ID Says:

    [...] these enhanced drivers licences and the passport cards that use the same type of RFID chips have succeeded in their design goal of being readable from inside or outside a moving car as it passes [...]

  4. Papers, Please! » Blog Archive » Today we’re all prisoners in the USA Says:

    [...] waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and [...]

  5. Today we’re all prisoners in the USA « The Ruthless Truth blog Says:

    [...] waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable [...]

  6. Today we’re all prisoners in the USA « Ancavge Says:

    [...] waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable [...]

  7. Today we’re all prisoners in the USA – Papers, Please! « Truth11 Says:

    [...] waters or airspace — unless the government chooses to issue us a passport, passport card, or“enhanced” drivers license (any of which “travel documents” are now issued only with secretly and [...]

  8. Granny Tasered & Arrested? - Lez Get Real Says:

    [...] waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable [...]

  9. Louis Says:

    rfid security…

    You have got to be kidding!…

  10. DyingHomeland Says:

    Total Bullshit Nazi Tactics

  11. Operation Mind Seed » Blog Archive » Today We’re All Prisoners In The USA Says:

    [...] waters or airspace — unless the government chooses to issue us a passport, passport card, or “enhanced” drivers license (any of which “travel documents” are now issued only with secretly and remotely-readable [...]

  12. Papers, Please! » Blog Archive » U.S. raising fees for travel credentials and permissions Says:

    [...] Department admits that they are deliberately keeping the cost of a passport card, which has a much longer-range RFID chip than a standard passport book, dramatically below cost, in effect giving travelers a large [...]

  13. Papers, Please! » Blog Archive » California considers “enhancing” drivers licenses with radio tracking beacons Says:

    [...] Drive-by EDL surveillance won’t be lmited to the government. No current state or Federal law places any restrictions on private reading of RFID chips, including reading of the unique ID numbers on EDLs and use or sale of these records. What business wouldn’t want to be able to identify regular customers as soon as they drive into the parking lot? If you show your EDL as proof of age to buy alcohol, the liquor store can legally scan your EDL, read the RFID chip number, and sell this information to a data aggregator who compiles a lookup table of chip numbers, corresponding name, age, and address information, and transaction and location history. [...]

  14. California considers “enhancing” drivers licenses with radio tracking beacons | Says:

    [...] Drive-by EDL surveillance won’t be lmited to the government. No current state or Federal law places any restrictions on private reading of RFID chips, including reading of the unique ID numbers on EDLs and use or sale of these records. What business wouldn’t want to be able to identify regular customers as soon as they drive into the parking lot? If you show your EDL as proof of age to buy alcohol, the liquor store can legally scan your EDL, read the RFID chip number, and sell this information to a data aggregator who compiles a lookup table of chip numbers, corresponding name, age, and address information, and transaction and location history. [...]

Leave a Reply