'RFID tag' - the rude words ID card ministers won't say
Lengthy descriptions of duck, but no d-word. ..
When it comes to RFID, is MP Andy Burnham lying or drowning? If it's lying, then in principle the Home Office Minister is no more lying than other people are - the US Department of Homeland Security, the EU's Justice & Home Affairs Committee and impressive numbers of RFID, sorry, contactless, proximity chip vendors. But if he's not, the drowning act is pretty convincing.
For over six months now Burnham, pursued doggedly by MP and ID card opponent Lynne Jones, has been peddling the bizarre conceit that RFID and 'contactless' or 'proximity' chips are entirely different beasts. So, in July, he confirmed that for the UK ID card to be used as a travel document in Europe, "the card will need to meet standards established by the International Civil Aviation Organisation (ICAO), which require the card to be contactless".* Presuming the information will not be moving across the air gap between the card and the reader using, say, smell, it's pretty obvious how that works, isn't it?
The contactless chips that will be used in ID cards and passports are amazingly like RFID tags. Place an RFID tag in the vicinity of a reader, and the reader can read data from it. Place an ID card or a passport in the vicinity of a reader and... you get the idea. Proponents and vendors of biometric ID however have noted that the general public seems to have some kind of privacy issue with the term "RFID", for some reason fearing that RFID ID documents involve them becoming tagged and monitored crates in the homeland security industry's supply chain. So, as Wired explained last year, the strangely RFID-like chips in biometric ID are instead to be called contactless or proximity chips.
And that's the brochure Burnham has been singing to Parliament from. He flew close to the wind in December, when he told Lynne Jones: "There are no plans to use radio frequency identification tags in ID cards... suppliers were asked for their views on the durability and costs of contact, contact-less, dual interface and hybrid cards. This survey concluded that a 10 year life for a contact-less card, incorporating a secure smartcard chip with a radio frequency contactless interface, was feasible." Got that? So the Home Office isn't using RFID tags, but is using a "chip with a radio frequency contactless interface".
Jones played this with a dead bat and returned in January: "There are no plans to use radio frequency identification tags," Burnham told her. "They would serve no purpose which is relevant to the identity cards scheme." Aside from doing precisely what the not-an-RFID-tag that's already going into ID cards will be doing, that is.
Last week however the Mirror grasped (albeit somewhat shakily) the import of this and deduced that "spy chips" in ID cards "carry radio transmitters" and will mean "law abiding citizens" will be tagged like criminals on parole." In its defence, the Mirror has managed to get to pretty much the right answer via a slightly esoteric route, and it does seem to have seen a letter from Burnham where he concedes that radio is somehow involved: "a travel document such as an identity card will need to incorporate a 'contactless' or 'proximity' chip. This will require the card to use radio frequencies to allow the card to be read at a very short distance."
The people-tracking aspect was picked up by the Sunday Telegraph with some help from No2ID, and the Telegraph also suggests Burnham has been misleading Parliament and the public. Lying or drowning? You decide...
Burnham's bobbing and weaving over RFID has certainly helped him avoid getting to the whole truth about contactless (if you like, Andy...) chips in passports and ID cards. Which is approximately as follows. RFID tags can be read at quite a long range, this being helpful if you happen to be using the technology to handle. say, pallets of gear in warehouses. Contactless chips in passports and ID cards work just like this, but obviously you only want them to be able to be read when they're a couple of centimetres from the official reader. The other thing you want is that they be sufficiently secure for them not to be read by unauthorised readers, so with ID documents you're likely to need to implement some form of encryption. This wouldn't generally be necessary for the tagging of stuff in warehouses.
Last February, Immigration Minister Des Browne gave details of the chip for the passport in an answer to Mark Oaten: "The biometric passport will contain a radio frequency contactless integrated circuit that conforms to ISO 14443 in accordance with ICAO (International Civil Aviation Organisation) recommendations on biometric travel documents. It will be a close proximity type chip that can only work within 0–2 cm from a reader." At that stage Browne claimed that no decision had been made on making the ID card similarly contactless. In October and December Burnham said the Home Office was "considering" (oddly, given that he'd pretty much confirmed it in July) using contactless chips "which contain radio frequency chips" and that "We will ensure that sensitive data on the chip is encrypted and are aiming to do this through adoption of emerging International Civil Aviation Organisation (ICAO) standards. These provide significantly more security of data than exists today." It's not entirely clear that any emerging ICAO security standards have emerged yet, or in what senses data on the new card will be significantly more secure than is the case in the current situation, i.e. not having an ID card to have data on. The ID cards programme, however, has "reviewed technical methodologies for anti-skimming measures for contactless cards which are compliant with International Civil Aviation Organisation (ICAO) recommendations for machine-readable travel documents."
The "anti-skimming measures" being considered are likely to be akin to those proposed for the US biometric passport, where the binding includes a barrier layer, meaning the passport's chip can only be read when the passport is open. An ID card implementation would need to use a tinfoil sleeve or similar, so that it could only be read when the bearer had removed it. But yes, well-spotted - if as Browne says the chip can only be read from 0-2 cm, what do they need anti-skimming for? Or indeed, security, which they still haven't told us about?
Because, fortunately, they don't really believe the chips can only be read from 2 cm. Various independent tests have demonstrated that with the right equipment, these chips can be read from considerably greater distances. There aren't enough biometric passports out there yet for anybody to have bothered making a serious stab at subverting them, but we'd be wise to anticipate that when there are, snoopers will put effort into reading them (and in our case, ID cards) from greater distances than have been achieved so far. Being able to read the chip doesn't get you far if you can't crack the security and read the data, but the omens on security aren't particularly good either. Last year, Bruce Schneier explained how the collision avoidance system in RFID chips including, erm, "the ones specified for US passports" conforming to ISO 14443A (see Browne's answer, above) provided a route to subvert any access control system the chip's passport application might have. They're insecure by design, because the basic design is intended for vast numbers of cheap chips labelling everything in Walmart. And just last week it was demonstrated that the Dutch passport, one of the first biometric passports to ship, could be snooped and its security cracked.
It does rather seem as if there aren't any simple answers to the questions the Home Office isn't answering, doesn't it? And, if we go back to the Mirror's outrage on tagging and tracking of innocent citizens, we have another one worth considering. We can, for the next few years anyway, reasonably discount the notion that a network of surreptitious Government readers will be monitoring our every move, because while it's probably feasible to snoop on cards from a reasonable range, there's not really a huge pay-off from doing so for the outfit that already controls the network. The Government will however log your travel when you have to run your card over a reader, and have a record of all of the transactions you conduct with it, so will be able to put together a pretty fair picture of your life and movements. But that's the network and the database, nothing to do with the RFID tagging. ®
* There is, we think some UK Government obfuscation we haven't covered much. As far as we're aware there is not yet an ICAO standard for an ID card format document to be used as an international travel document, and mutual recognition of ID documents for travel within Europe is a matter for the EU. The US is also looking at card-style travel documents to be used at its own land borders. It's logical that biometric ID cards used for travel should use the same readers as passports, and hence be compatible with the ICAO passport standards, but as an EU standard for biometric ID cards does not yet exist (it has been proposed, by, er, the UK), there clearly can be no biometric requirement of any description for ID card-based travel within the EU. We could of course be wrong about ICAO not having a standard yet, and if we're not, we feel sure we will be, Real Soon Now.
Sponsored: Becoming a Pragmatic Security Leader