[IP] [Politech] ACLU testimony before Virginia legislature on RFID tags in licenses [priv]
Testimony Before the Virginia Legislature on House Joint Resolution
162, Considering the Creation of Smart Driver’s Licenses
Madam Chairwoman, members of the committee, thank you for inviting me
to come before you today to testify about HJR 162.
My name is Chris Calabrese. I am the Counsel for the American Civil
Liberties Union’s Technology and Liberty Program.
The ACLU is a nationwide, non-partisan organization with nearly 400,000
members dedicated to protecting the individual liberties and freedoms
guaranteed in the Constitution and laws of the United States. The
Technology & Liberty Program’s mandate is to analyze the impact of new
technologies on our civil liberties.
I am going to talk today about the numerous very real and practical
problems associated with placing RFID chips in drivers’ licenses. They
include:
the major security problems associated with allowing identity to be
read remotely
the costly infrastructure that must be built in order to utilize these
chips
the probable lack of effectiveness of RFID chips in improving security,
and
the wide-ranging civil liberties violations made possible by RFIDs.
As you know, RFID tags are tiny computer chips connected to miniature
antennae that can be placed on or in physical objects. The chips
contain enough memory to hold an individual’s unique identification
information and a digital photograph or other biometric. When an RFID
reader emits a radio signal, nearby tags respond by transmitting their
stored data to the reader. With passive RFID tags, which do not contain
batteries, read-range can vary from less than an inch to 20-30 feet,
while active (self-powered) tags can have a much longer read range.
While these chips can have beneficial uses, installing them in drivers’
licenses would be a grave mistake.
Many unresolved security problems remain
RFID technology is very new. Its use involves a number of complex
engineering questions that center around the safety and security of the
information on the chip. Many of these questions have not yet been
solved.
The federal government is currently experimenting with the use of RFID
chips in passports. In a recent round of testing conducted by the
National Institute of Standards and Technology (NIST) in Morgantown, WV
a number of flaws in RFID chips were discovered. Those flaws included
smart card readers that couldn’t detect chips, readers that could
detect chips but couldn’t read them, and readers that did not know what
information to display. But perhaps worst of all, government testers
found that some readers were able to read the information on these RFID
chips from a distance of up to 30 feet.
Private individuals have also found it easy to exploit this security
vulnerability and read RFIDs at a distance. At a computer security
conference in August, a computer programmer demonstrated a program
called RFDump. This program enabled anyone with a card reader and a
laptop to read data from up to 3 feet away. I have attached two
newspaper articles that describe these problems in more detail.
The idea that a chip could be read from a distance is a security
nightmare. Personal information including your photograph, home
address, date of birth and signature would be available to anyone with
a reader. The potential for criminal conduct is staggering. It would
actually make some criminal conduct much easier, identity theft in
particular.
Identify theft is one of the fastest growing crimes in America.
According to the Federal Trade Commission more than 3,300 Virginians
were victims of this crime last year and the average loss was $6,700
per victim. Rapid deployment of RFIDs in drivers’ licenses would lead
to an explosion in this type of crime.
Identity thieves would never need to physically steal your documents.
Instead they would be able to secretly and electronically pickpocket
your information right through a wallet, pocket, backpack, or purse.
You would never know that you had been robbed. Worse, identity thieves
would have even more incentive to rob you for your license itself
because the presence of a chip would presumably make it more attractive
and valuable as an identity document.
In recent years a number of states have updated their laws, such as
shielding voter registration information, in order to make it harder
for stalkers to find out personal information. Now with a simple
electronic reader such a criminal could easily learn this personal
information.
Solutions have been proposed to some of these problems but none have
been perfected – let alone tested – in the context of driver’s
licenses. For instance, an RFID chip’s signal can be shielded by
placing it inside a foil wrapper. That solution may work for a booklet
that needs to be opened, like a passport, but it is hardly practical
for a drivers’ license.
Alternatively, the information on the chip could be protected through
computer encryption. It is unclear how this process would work,
however. How large a chip would it take to store this additional
information? What kind of infrastructure would it take to verify
information and distribute the encryption key to officials, such as law
enforcement, who would need it? And how would you ensure that these
keys do not fall into the wrong hands?
RFIDs present other technical problems beyond remote reading. In order
for them to be useful as identity documents, the information on these
chips must be secured in some way. If it is not, then anyone with some
technical expertise can alter or replace the information on the cards.
The federal government has concluded that the best way to provide this
security is to use a technology known as digital signatures. This
technology uses a private code or “key” to scramble the information,
and a widely distributed “public” key that can be used to descramble it
and make sure that it hasn’t been changed. This process requires that
every time a card is read the person doing the reading (or the reader
itself) must contact a central database and find out what the
particular public code is that deciphers the information on the
particular chip in question.
Finally, because RFID technology is so new, there are no long-term test
results demonstrating how long RFID chips last and how high their
failure rate is. It is unclear as to how durable these chips will be.
Drivers subject their licenses to all types of wear and tear – from
accidentally running them through the washing machine to subjecting
them to extremes of hot and cold. If RFIDs are anything like other
electronics, they will not hold up consistently under this type of
treatment.
RFIDs in driver’s licenses will require a costly infrastructure
Of course all of these technical problems will be very costly to solve.
Even more costly will be upkeep of the infrastructure necessary to
maintain this system.
At a minimum, the state of Virginia will have to pay to figure out how
to protect the information so it cannot be read from distances of up to
30 feet. This is a problem that the federal government and
international authorities have not solved.
It will then have to create an entire infrastructure to support this
system. That involves buying the chips themselves, redesigning the
Virginia driver’s license to hold them, and then placing them in the
$1.4 million Virginia licenses issued every year. It involves buying
readers and placing them everywhere – from police cars to DMVs – that
they might be needed. These readers cost anywhere between $700 and
$1100 each. The DMV must then build the internal IT system necessary
to program these chips and maintain the public and private codes
necessary to assure the accuracy of this information. Finally there
will have to be a way for every person using a reader to gain access to
the public key necessary to access the chips. I have attached a chart,
labeled Appendix A, that lists this infrastructure.
Believe it or not, these are the minimum standards that would be
necessary to secure the information on these chips. It is likely that
as time passes greater and most expensive security will be necessary
because RFIDs have enormous commercial potential as a way to track
products. Wal-Mart is already experimenting with using them in
shipping pallets. So it is very likely that as these chips become
commonplace, the technology for modifying and altering them will also
become more widely understood, not only by legitimate businesses, but
by criminals as well.
RFIDs in driver’s licenses unlikely to be effective at making us safer
But perhaps more significant than any of these problems is the simple
truth that even if it were possible to overcome all these problems,
placing RFID chips in driver’s licenses would do nothing to improve
these documents as tools to demonstrate identity or help law
enforcement.
RFID will do nothing to solve one of the biggest problems with identity
documents – fraud at the point of origin. This is a problem that
Virginia is familiar with. A driver’s license or RFID chip will only
display the information placed on them by the Department of Motor
Vehicles. But if an individual uses a false birth certificate or other
“feeder document” to gain a driver’s license, that will simply be
reflected in the RFID. Similarly, if a DMV employee is corrupt, they
can easily distribute legitimate licenses that are completely
fraudulent.
Further, many people do not carry any identification at all or claim to
not have a license if stopped by police. RFIDs will do nothing to
solve this problem.
Nor will a chip help identify a person with an out-of-state license.
As I noted before, there is no single standard for RFID chips, and in
government tests even chips that were suppose to be created using the
same standards had major reader problems. It is likely that even if
other states adopted smart chips they would use different venders.
That would mean these chips are not interoperable with other state’s
readers, rendering them worthless.
RFIDs raise enormous privacy concerns
RFID also present a host of civil liberties problems beyond the ones I
have discussed because they enable people to be remotely tracked.
Pocket ID readers could be used by government agents to sweep up the
identities of everyone at a political meeting, protest march, or
Islamic prayer service. A network of automated RFID listening posts on
the sidewalks and roads could even reveal the location of all people in
the U.S. at all times. However, there is no point in discussing these
problems in detail until it can be demonstrated that there is actually
a security benefit to installing these chips. If you would like to
learn more you can visit our website at HYPERLINK
"http://www.aclu.org/news/
..\\..\\..\\Documents%20and%20Settings\\ccalabrese\\Local%20Settings\\Te
mporary%20Internet%20Files\\OLK8D\\WINDOWSTEMPwww.aclu.orgprivacy" \t
"_blank" www.aclu.org/privacy.
In sum, the use of RFID chips in driver’s licenses is likely to be a
costly proposition that involves significant technological hurdles, and
has little practical value. It is also likely to make Virginia drivers
both less safe and less free.
I thank the Committee again for its time and would respectfully urge
you to release a negative report on the possibility of placing RFID
chips in drivers’ licenses.
PAGE
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/