Boiled passports leave a bad taste in the mouth of authorities

RFIDAccording to a recent issue of re:ID magazine, a Frankfurt man ran afoul of German authorities when they discovered that he attempted to damage the RFID chip in his government-issued identification card.

The story was originally reported in August in the Washington Post, which included videos which should convince even the most ardent privacy advocate of why microwaving an RFID card might this might be a bad idea.

Some folks have also tried boiling their passports in the hopes of damaging the RFID chip contained therein. The RFID chips inside most identity documents are only supposed to transmit when in very short range of receiving apparatus. However, many people remain concerned that the chips are more chatty than we might like.

I am a strong supporter of privacy. I have been known to play the "Who said it?" game with my friends and family, in which I offer a quote such as:

"Arguing that you don't care about the right to privacy because you have nothing to hide is no different than saying you don't care about free speech because you have nothing to say".

Were those the words of Benjamin Franklin, or Edward Snowden?

Yes, I am tons of fun at parties...

Our desire to balance privacy with liberty has to be tempered with methods that do not draw unnecessary attention.

This attempt at privacy reminds me of the the early days of fingerprinting.

Some criminals thought it would be a good idea to use acid on their fingertips to totally obliterate the fingerprints. (Clearly, many criminals are not very bright or safety conscious.)

Of course, few who destroyed their fingerprints didn't really do themselves any favours. Whenever there was a crime where only smudged fingerprints were left at the scene, the authorities would simply round up the few guys who were known to have obliterated the ends of their fingers.

If you are caught even one time tampering with a government-issued identification card, you join the ranks of the very few who are known for such antics, and every trip to the airport will be a new adventure in waiting - if you are allowed to fly at all.

Rather than damaging government property (yes, any government issued identification is the government's property, not yours), there are simple inexpensive and commercially available RFID-blocking sleeves and bags that you can use to keep RFID cards from disclosing your information.

That is probably a wiser choice than treating a passport like the chef's special.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

4 Responses

  1. drsolly

    December 17, 2015 at 2:17 pm #

    Wouldn't a bit of aluminium foil act as a Faraday cage? That doesn't damage government property, and keeps it safer from possibly harmful electromagnetic radiation.

    • Chris in reply to drsolly.

      December 18, 2015 at 12:01 pm #

      Aluminum foil also makes a rather natty hat in a pinch…

  2. Bob Covello

    December 17, 2015 at 3:47 pm #

    drsolly:
    Thanks for the comment. You make an excellent observation.
    Aluminium will indeed work, but I find that Aluminium is too fragile, and it requires careful testing for the full Faraday effect.
    The commercially available offerings are much better suited for the rigorous environment of a purse or backpack (where aluminium would be scratched or torn by keys or other items).
    Please also note that an anti-static bag is also insufficient to shield radio waves.

  3. coyote

    December 17, 2015 at 7:31 pm #

    Only people who support totalitarian regimes will argue with 'if you have nothing to fear if you have nothing to hide' and similar as if it is somehow valid. They might claim they don't but their argument contradicts their claim. This argument isn't valid; you should be afraid of many things about you being leaked. Many people have put it in similar words and I'm definitely not close to the first to suggest the below, but:

    If they really have nothing to hide why don't they fork over their banking credentials to me ? While they're at it they could hand over their ID, their fingerprints and other things that any rational person would definitely not consider doing (because it could ruin their lives and potentially take over their lives). This group includes the people who throw out this stupid argument (and frankly 'stupid' is rather nice) which means they are hiding their intentions (ironically and hypocritically).

    ("Hi Mr. Zuckerberg!")

Leave a Reply