Follow-up to CFP debate on RFID passports

Lots of continuing reports and fallout from the panel and subsequent discussions on RFID chips in passports last week at the Computers, Freedom, and Privacy conference:

Fed and activist:, Computers Freedom and Privacy Conference, Seattle, 2005:

One man is balding, liverspotted, tie-wearing, and shouting. The other is wearing a long beard and rainbow scout belt and is taking notes. I wonder which is the fed and which the activist.

So says “Beelzebozo” in a comment on this photo of me with Frank Moss, head of the USA State Department’s Passport Office, posted by Cory Doctorow of EFF. (He’s also posted some nice photos of CFP’s night out at the Science Fiction Museum under the Space Needle for EFF’s Pioneer Awards.)

Elsewhere on the Web, Andrew Brandt of PC World has photos and audio clips from the RFID passport panel at CFP, as well as an additional photo (scroll down in the article) showing the on-stage refutation by the ACLU’s Barry Steinhardt of Moss’s claim that the chips couldn’t be read from more than 10 cm (4”) away. (At another demo, not shown in the photos, later in the day with the same reader, Steinhardt showed the read range to be at least a meter.)

And Fred Carter of Pyrik Photography has a comprehensive gallery of photos of all the CFP plenary speakers and some of the workshops; see the “Day 1” gallery for more photos of the RFID passport panel.

Today, Kim Zetter of Wired News, who was also at CFP, reports that Moss claims to be “reconsidering” whether to store the RFID passport data (including date and place of birth, digital photo, etc.) in publicly readable plain text.

Moss uses Zetter’s story to float a trial balloon that the USA might encrypt the RFID passport data with a key stored in optically-readable format on a page inside the passport (although it might also use that additional security as legitimation for eventually adding more info to the chip, most likely digitized fingerprints).

That’s a potentially significant step, but does little to address the risk of nonconsensual use of RFID passport data — especially as a globally unique, government assigned and administered, personal identifier for data aggregation and data mining — by domestic or foreign governments, or by commercial entities, that require you to have your passport scanned, or obtain data “shared” by entities that scan passports.

Also today, the ACLU filed requests with the State Department and the National Institutes of Standards and Technology (NIST) under the Freedom of Information Act for the results of their tests of the reliability of RFID chips in passports and the distances at which they can be read.

Stay tuned.

[Addendum, 26 April 2005: Also today, an editorial in the San Jose Mercury News — Silicon Valley’s newspaper of record — labels RFID chips in government identity credentials, including passports and driver’ licenses, An Orwellian invasion of privacy and concludes that, “Tagging cards such as passports should be stopped.”]