Is there a difference between RFID-based ID cards and Homeland Security's new driver's licenses? The evidence would seem to say so. Other countries'national IDs and e-passports are using RFID tags that meet industry standards that are known as ISO 14443. This is being used only for the identification and payment cards, and has a prominent level of security and privacy protection installed in it. On the contrary, the U.S. border cards use an RFID standard known as EPCglobal Gen 2; this is a technology that was calculated to track goods in warehouses, where the objective is not security but greatest ease of readability.
Where the ISO 14443 standard has elementary encryption and requires tags to be close to a scanner in order to be read (a distance measured in inches rather than feet), Gen 2 tags characteristically have no encryption and negligible data safeguards. To browse the data from an encrypted ISO 14443 chip, you would need to uncover its encryption code, but no unusual knowledge is needed to skim a Gen 2 tag; the only thing you need is a Gen 2 reader.
Readers such as these can be purchased anywhere and indeed are used in warehouses all around the world. What could prevent any hacker or criminal with a bit of knowledge of computers to scan a border card from across a room, straight through a purse or even through a wall?
In China the amount of personal information that is encoded into their ID cards is enormous; they include health and reproductive history, employment status, religion, ethnicity and the name and phone number of the person's landlord. Worse still, these cards are only part of an even larger scheme to cover the cities in China with high-tech surveillance. China Public Security Technologies, which is a confidential firm that provides RFID cards for this endeavor, was described by its vice president Michael Lin as "a way for the government to control the population in the future."
A United Nations agency called the International Civil Aviation Organization (ICAO), whose function is to direct world passport regulations, has approved the production of RFID's in passports. ICAO now has decreed the endorsement of all such scannable "e-passports." Now almost every country in the world requires RFID passports, and as we know, that includes the United States.
These new passports have caused quite a commotion since they were first introduced, both on the privacy and security level. Even so, an ICAO official reported in 2006 that new encryption policies would exercise a "level of protection (that) should reassure the most anxious passport holder that his personal data cannot be read without his knowledge."
However, experts in security have said that the contrary is true. In 2007, a British security consultant named Adam Laurie, broke an encryption code on a U.K. passport and read the personal information that it contained – all while it was sealed in its mailing envelope! At about the same time period, German security consultant Lukas Grunwald copied data from a German passport's embedded chip and encoded it into a different RFID tag to create a forged document that could fool an electronic passport reader. Investigators from the Charles University in Prague, found similar vulnerabilities in Czech e-passports and stated that it was "a bit surprising to meet an implementation that actually encourages rather than eliminates (security) attacks."