RFID, Biometrics and the flaws of both
RFID and biometrics are two of the most important features behind both the new passports and the new identity cards which we will be forced to have in the UK. They extend beyond just the UK though and they are being introduced the world over as an attempt to “crack down on terrorism” and “make transport quicker and safer”. I never really had a problem with ID cards on a civil liberties point (although I'm sure you're aware of the objections from that camp). What has been increasingly worrying me, on practical points, is the fact that it seems like they might actually make the job of killing people easier for terrorists and make us all less safe. The first I saw of this is from a Cambridge professor of maths who claims that if you use two methods of biometrics to attempt to verify someone's identity, where one is “stronger” than the other, the result is less sound. Basically; if you verified someone's identity by using their retina scan (strong) and a fingerprint scan (week) then the results on average would be less accurate than using just the retina scan… unfortunately there seems to be plans to use both to see who someone is.
The second, and perhaps more worrying of the two items that I saw on this topic over the last week has been the discovery that RFID chips (we have these in our library cards and they will be in the new passports/identity cards of a lot of countries) can be hacked from a distance AND can get viruses. The ability to hack means that (and this has been proven to work) is that if you are within 10 meters of someone you could download all the information from their passport and steal it. This information would be more than enough to steal their identity and then a significant amount of their money. On RFID being able to get a virus this might seem less worrying. It's not. What this means is that you could have your passport infected, at the same time as “they” are stealing your identity, and then whenever you used your card it could infect the machines and the databases it is used with. This becomes more worrying when you consider that airports are beginning to use RFID chips in order to let frequent flyers get through security faster “because they'd never be a terrorist”... A virus could be used to delete all the information on an airports computer system. Again this might not seem too big of a problem. The airport stops for a while whilst the backups are run and then it all starts again. But if someone wrote a virus that made the RFID chip think that the person called, say, “John Smith” wasn't a terrorist, when he was, he would be able to walk through the security checks far easier and be on his way to killing thousands of people… all this because the government is trying to make us “more safe”... shurely shome mishtake?