A blistering report on the effectiveness and privacy concerns of using RFID technology for identification purposes (i.e. allows criminals to lift personal data from documents such as the new copy-friendly US Passport) is being deliberately ignored by the very agency that commissioned it.
To quote the report itself
"RFID appears to offer little benefit when compared to the consequences it brings for privacy and data integrity. Instead, it increases risks to personal privacy and security, with no commensurate benefit for performance or national security."
In response to the suggestion that Homeland Security has deliberately buried the report, a spokesman had this to say;
"The committee is still soliciting input and the draft report is on its website, so I guess they are proceeding."
The reality is the report fails to acknowledge that RFID technology is already being used in the new US Passport, and has also been recommended for use for State Driving Licenses - despite Homeland Security's own experts advising "RFID be disfavored for identifying and tracking human beings."
A copy of the report can be found here.
So why the concern about RFID?
Well I've gone into more detail in an earlier posting, but the reality is there are several reasons why using this technology is an extremely bad idea.
The most obvious is that security personnel will become overly dependent on technology to identify people of interest. This is a particularly bad idea because as demonstrated recently, it is entirely possible - using freely available software, as well as publicly available Passport Templates and RFID scanning equipment - to lift a person's ID from such passports and make your very own copy. Anyone who thinks Al Qaeda can't afford the few hundred bucks it costs to acquire this equipment is naive to say the least.
The second reason is that quite obviously this will require some sort of central ID database for validation purposes. Aside from the fact that the data entry itself is almost certain to include input errors from those keying in everyone's information (the wildly inaccurate No Fly List is evidence enough of such errors), there is no such thing as a 100% secure way of transmitting data to the outside world. Yes data thieves will be able to hack such a database, and yes the database would include financial information despite the denials of Government officials.
So apart from the risk of ID theft, either by lifting the data from the Passport as it's being scanned or by lifting the data from the RFID scanner itself (both techniques have been demonstrated successfully from discreet enough distances to avoid detection) - the very real threat exists that terrorists will also be able to identify American tourists and businessmen abroad.
But Homeland Security is too invested in the corporates contracted to produce these documents to halt production now just because a few Americans may be ripped off or killed. No it is far more important that the backhanders authorized by Republican Congressional Committees reach the companies they have personal financial interests in; or those run by the associates of lobbyists that have paid in full for their Congressmen.
Therefore instead of releasing this report in the summer, it has been shelved for a more convenient day - preferably after any election affecting those authorizing the production of said passports, and at a time it will definitely be too late to do anything about it.
Sources
US.gov tunes out scathing RFID privacy report
Feds Leapfrog RFID Privacy Study