RFID Invades the Capital
Wired News | March 7, 2005
By Mark Baard
WASHINGTION -- A new smartcard, the type privacy advocates fear because it combines biometric data with radio tags, will soon be one of the most common ID cards in Washington.
Department of Homeland Security workers in May will begin using the new ID card, called the DAC , to gain access to secure areas, log on to government computers and even pay their Metro subway fares.
The DAC, which stands for Department of Homeland Security Access Card, will carry a digital copy of its bearer's fingerprint and other personally identifiable information. It will use radio-frequency identification and Bluetooth technologies to communicate with reader devices at the department's offices.
"The card provides one type of authentication for all forms of access (physical, wired and wireless)," said DHS Director of Authentication Technologies Joseph Broghamer, who participated in a wireless technology conference in Washington, D.C., last week.
The DAC will feature a high-resolution image of its bearer and a hard-to-duplicate holographic image. The key identifier stored on the DAC, however, will be a record of the bearer's biometric data (in this case, a fingerprint) that can be read by special devices attached to DHS computers.
For example, rather than entering a user name and password, DHS workers will log on to their computers by sliding their DAC into a special keyboard and pressing their finger on the keyboard's fingerprint-reader pad. The keyboard will then authorize workers by comparing their physical fingerprint to the card's fingerprint record.
The DHS will issue approximately 40,000 of the new cards to its employees and contractors this year. The DHS is just one of many departments (the Department of Defense is another) responding to a White House directive calling for new ID cards that are "strongly resistant" to terrorist exploitation and "can be rapidly authenticated electronically."
The DAC's use of fingerprint records makes it more secure than previous ID card technologies, because it authenticates both the card and its bearer, said Broghamer, and its use of wireless communication makes it more convenient for DHS employees.
DAC's RFID and Bluetooth capabilities (some DAC holders will be testing Bluetooth-enabled cardholders in May) will show "how wireless can get around the form factors," said Broghamer, referring to incompatibilities among devices that read ID cards by making physical contact with them.
But the DAC's RFID chip and its Bluetooth-enabled holder will make it a target for hackers and spies with wireless readers, who could be lurking in commissaries, coffee shops, bars and subway stations around the Capitol.
The tens of thousands of people carrying DACs around Washington this year will also help to prove or discredit predictions by privacy advocates that the RFID tags will be used to track individuals in public and private places.
"We don't see any sensible and offsetting reason for using RFID technology instead of another technology in identification cards and documents," said Cedric Laurant, policy council at the Electronic Privacy Information Center , "except for surreptitiously tracking people's movements with reader devices."
DAC carriers may also be targeted by identity thieves.
RFID tags, the small chip-and-antenna combinations used in wireless toll-pay systems and payment devices such as the ExxonMobile Speedpass key-chain tag, can be hacked by someone "with moderate technical expertise," said Thomas O'Flaherty, principal associate at Input , a consulting firm for government contractors.
One data security expert who has hacked into RFID chips worries that the government will rush to deploy RFID, and then try afterward "to bolt on" security measures to protect the fingerprint data.
"The U.S. government has a short track record with broad deployments of RFID and biometrics," said RSA Security principal research scientist Ari Juels . "There are many unknowns."
Juels and another RSA scientist helped researchers at Johns Hopkins University hack the RFID chips used for Speedpass tags and electronic vehicle immobilizers, which are a type of anti-theft device. The group successfully used the chips' data to purchase gas and override a car's anti-theft system.
So-called Faraday cages, the metal billfolds proposed as shields for RFID chips in electronic passports, will also be used by the DHS to help guard the data on the DAC between transactions.
But hackers will be able to eavesdrop on transmissions between the DAC and RFID readers every time the card is read, and at distances up to "tens of feet, potentially," said Juels.
The threat of passive eavesdropping will increase with each new use for the DAC, part of the evolution of device functions known as "function creep." DAC bearers will use their cards not just for entering offices and logging on to computers in controlled environments, but for other functions, such as paying their Metro subway fare. (The Metro function will not be available at first, said the DHS' Broghamer.)
RFID transmissions between the DAC and reader devices will be encrypted, to stop wireless snoops from making sense of the data, said Broghamer.
But many government workers and contractors at the wireless conference, who will be getting new cards similar to the DAC, worry that their employer plans to follow their every move, such as when they are riding the Metro.
"And it's not just us (government workers)," said an employee of the U.S. General Services Administration, who would only give his name as Patrick. "Soon it will be everybody."