Click the play button on the video window to the right to see the storyRadio frequency identification, or RFID, is nearly invisible and used to track everything from what you buy, eat, even where you go.
An RFID tag looks like a computer chip, but it works by transmitting information from tiny antennas inside the chip.
A reader device, often the size of a remote control, then picks up the information broadcast from those tiny antennas.
Some retail stores use RFID tags to track inventory and purchases. It is also used in some credit cards.
Privacy experts say it can also be used against you.
Marc Rotenberg is the Executive Director of the
Electronic Privacy Information Center, or EPIC, in Washington D.C.
He said credit card numbers, personal information, if you they are stores on an RFID tag, could be open for the taking.
Watch this
video featuring the "Ethical Hacker" Chris Paget as he uses a computer and an RFID reader to capture passport card numbers on the streets of San Francisco (courtesy Dan Goodin).
“It's used to spy on [people] or to conduct identity theft or other types of criminal activities,” said Rotenberg. “One of the reasons is its broadcast capability.”
Some RFID signals can reach as far as 70 feet.
“It’s possible to pull information off an RFID tag from further and further distance,” he said.
Experts said all it takes is an inexpensive reader and a computer to gain access to all sorts of personal information.
“It could reveal your identity to others that have no business knowing who you are,” Rotenberg said.
Now, the government has signed on, and that has Rotenberg worried.
“The issue comes up a lot at the border,” he said.
The U.S. State Department put RFID tags in all e-passports and passport cards.
“It creates the risk that people who have no need or right to get access to that information will now be able to get access to it,” Rotenberg said.
The U.S. State Department sent ABC15 the following statement:
“We do not believe this is an accurate statement and don’t believe the collective attribution of this view to privacy experts is correct, either. Regarding the passport card, there is no personal information, none at all, in the RFID chip on the card. Only a reference number that appears nowhere on the face of the card and is not use for any official record keeping purpose. This reference number allows the Department of Homeland Security to look up information in a secure database. As no personal information is on the RFID chip of the passport card, there is no possibility of personal information being compromised by reading the chip. If people are nevertheless concerned about the RFID chip being read, they should use the attenuation sleeve provided with the card, which is proven to block the signals of RFID readers.
As for the e-Passport, that uses a different RFID architecture from the card. It is a proximity-read chip that cannot be read from a distance and contains several layers of security features that limit use of the card to officials’ purposes. The chip contains Basic Access Control, which requires the passport to be “swiped” before the chip can be read. The identification number of the chip is randomly generated each time it is read. The cover of the U.S. passport book also contains material that blocks RFID reading, so the book must be opened before it can be read. Many millions of e-Passports are in use, not only in the United States, but also in every major country in Europe. The basic architecture of e-Passports is laid out in documents approved by the International Civil Aviation Organization.”
Privacy experts said there is no telling what someone can do with that information.
“They don’t want to draw attention to it,” Rotenberg said.
