Wireless credit cards aren't ready. Avoid them.

(Image used under: Creative Commons 3.0 [SRC])

From the CASPAIN newsletter:

A member of the Senate Banking Committee denounced RFID "no-swipe" credit cards at a press conference Sunday. Senator Charles Schumer (D-NY) said contracts for the cards should have warning boxes disclosing "the known weaknesses of the technology." He cautioned cardholders about their vulnerability to identity thieves, commenting you "may as well put your credit card information on a big sign on your back."

RFID is an extremely dangerous technology if left unregulated and businesses are rushing to get it to the market before people know what's happening. That's why situations like this happen:

CASPIAN demanded a recall of RFID credit cards last month after the New York Times reported that a team of security researchers found that virtually every one of the "no-swipe" credit cards it tested was vulnerable to unauthorized charges and put consumers at risk for identity theft.

(Image used under: Creative Commons 2.0 [SRC])

Katherine Albrecht, the world's leading RFID privacy expert and co-author of the book Spychips - How Major Corporations and Government Plan to Track Your Every Move with RFID writes:

Former U.S. Secretary of Health and Human Services Tommy Thompson is considering a run for president in 2008…

As head of Health of Health and Human Services, Thompson oversaw the scandal-ridden FDA when it approved the VeriChip as a medical device. Shortly after leaving his cabinet post, he joined the board of the VeriChip Corporation and wasted no time in using his clout to promote the company's glass encapsulated RFID tags.

These tags are injected into human flesh to uniquely number and identify people. He also suggested implanting military personnel with the chips to replace dog tags.

Thompson has an option on more than 150,000 shares of VeriChip stock. Right now those options aren't worth much. Security flaws and public squeamishness have hurt the company's sales, resulting in losses of millions of dollars.

Even if he remains chip-free as we hope, the American people should still be wary of him.

If you spend millions to deploy an encryption system, maybe you should make sure it's robust first?

(Image used under: Creative Commons 2.0 [SRC])

New RFID passports are supposed to make identity theft more difficult and to make it easier to spot fake passports like the ones used by the perpetrators of the 9/11 attacks.

First, making the data remotely secretly readable without every possessing or otherwise coming into contact with the passport hardly makes it more secure against identity theft. Second, it's hard to make fake documents, but easy to fake 1's and 0's. Last I checked your electrons look just like mine.

Besides the very obvious flaws in this idea, all it would take for the "secure passports" to turn into a nightmare of unprecedented proportions would be for the encryption to be broken. Oops, it's been done… and in under 48 hours of effort.

In the article, they mostly talk about the dangers of cloning passports, but I submit that the real danger is being easily, quickly, and remotely identified as a foreigner while you travel. Either way, they said it best in their final paragraph:

It may be that at some point in the future the government will accept that putting RFID chips in to passports is ill-conceived and unnecessary. Until then, the only people likely to embrace this kind of technology are those with mischief in mind.