How can my parents protect themselves from RFID stripping?
July 12, 2009 11:45 AM   Subscribe

Pound it with a hammer. It'll disable the RFID and the passport will still be valid. You'll have to know the location of the RFID tag for this to work, though.
posted by torquemaniac at 11:53 AM on July 12 [1 favorite]

Wrap it in metal, like tinfoil
posted by idiotfactory at 11:56 AM on July 12

The issue I see isn't that you need to somehow disable the RFID or even totally block it...you need to convince THEM its blocked.

Get them a wallet like this. If hey believe the sensational news, then they will believe sensational marketing.

Freaking Reader's Digest.
posted by hal_c_on at 11:56 AM on July 12 [1 favorite]

don't worry: your parents can safely bank on the knowledge that government bureaucrats have selected the absolute cheapest RFID chip available. I have the very same chip (at least that's what my government tells me) in my german passport and the customs folks have to practically rape their scanners in order to get it to register. it does not like to communicate. or take my london underground oyster card. it's nearly impossible to swipe through a wallet. casual scanning? I doubt it. that's sort of like the local news "your microwave could eat your cat" stories.

and let's talk about data theft: do you seriously think I need to crack your encrypted passport data to get your SSN? that's like entering a car through the trunk. any decent criminal would just swipe your mail for a week or pick up your trash. something will fall through the cracks.
posted by krautland at 12:12 PM on July 12

As far as damaging the chip goes, as long as you're careful with your hammer and don't leave any obvious marks on the passport, there will be no evidence of the chip being purposely disabled and you can just play dumb when it won't scan. I have first-hand experience of this causing no problems after multiple boarder crossings; most custom agents go right to the back-up barcode after a few failed scans.
posted by bizwank at 12:57 PM on July 12

do you seriously think I need to crack your encrypted passport data to get your SSN? that's like entering a car through the trunk. any decent criminal would just swipe your mail for a week or pick up your trash. something will fall through the cracks.

you are not accounting for the efficiency of passive data collection capabilities.

Eg. hidden sniffers where new passport holders are likely to be present can theoretically collect hundreds of passport IDs. This is a really really stupid thing and when I get the new passport I will keep it in an EM-protected wallet, microwave it, take a hammer to it, anything required to disable any trace of its RFID functionality.
posted by @troy at 1:13 PM on July 12

What's your goal here? If it's to keep your parents 100% safe then give up, there is no such thing as absolute safety unless your'e dead.

If it's to temper their fear, get them a RFID blocking wallet. They work pretty well and will prevent theft from all but the most determined thief. In which case the thief is not skimming your passport, he's where you aren't stealing your credit cards.

If it's to empower them and turn them into people who can deal with perceived threats give them a hammer so they can decide if they want to smash their own RFID chips, legal or no.

And it would be good to have a talk with them about the effect that the news is having on them and how to deal with that.
posted by Ookseer at 1:15 PM on July 12

I apparently didn't read your followup closely enough:

And buying one of the FUD-inspired "emporer's new clothes" products isn't going to actually protect them.

Actually it will. I've got a little "fun with RFID" kit here in my lab and putting one of the tags inside by RFID blocking case keeps it from being read.

Do you have a source on your conclusion or are you as news-addled as your parents?
posted by Ookseer at 1:18 PM on July 12

I've heard that accidentally running over it with a car will do the trick as well. Frankly, as crimes go carefully disabling the chip seems pretty small potatoes and next to impossible to prove barring obvious hammer marks.

The answer comes down to a few options:

1. Tell them not to worry

2. Get a RFID blocking case

3. Let them know the chip can be disabled with:
a. Hammer
b. Microwave
c. Car
d. Other?
and be discreet.

4. Combination of any two or three above.

They can be targeted, it is unlikely but possible. AFAIK there are not legal means of disabling the chip (other than say RFID case perhaps) so options are limited.
posted by edgeways at 1:38 PM on July 12

I wouldn't destroy the RFID chip! The next time a customs person tried to read it, and it doesn't work, they will pull you over and ask you a lot of questions. Then they may tell you that you need a new passport.
posted by musofire at 1:43 PM on July 12

Guys, I think he's not looking for help dealing with the potential security problems of the new passports. As a geek that's played with RFID himself, thinks it's probably not a good idea for these until we get more amazing crypto, and likes to tell people about how badass he is, I'd take the hammer to it. There's really no risk of anything bad happening if you do this. You could always say you sat on it too hard or something silly. But I wouldn't hammer it out of fear.

I think the poster just wants some tips on how to get his parents to quit worrying and move on, not advise on how to deal with the RFID chips. The actual individual chances of something bad happening to them through RFID with respect to their passports are horribly low and it shouldn't be something anybody actually worries about. I say it's magnitudes and magnitudes less likely than dying in a fire on the highway in a car crash. His parents seem to have disproportionate worry going on. He just wants help getting them back to a reasonable baseline. Their unfounded worries probably aren't limited just to RFID either.

This probably should have been posted under human relations.
posted by floam at 2:07 PM on July 12

I would also just recommend one of those Faraday cage wallets/passport holders. Cheap and effective. One of my previous day jobs actually involved industrial RFID applications, and I can tell you from experience that the reality of getting a reading from RFID tags is quite different from what Hollywood or the conspiracy nuts would have you believe. Lots of things can interfere with getting a good read, like the tag's orientation relative to the reader's antenna, nearby objects, material it's encased in/attached to, etc.

As Ookseer above mentioned, any of those blocker products will work, since it's basic physics. If you're skeptical, you can order one and perform a quick test. Take the blocker and put your cell phone inside it, close it up and try and call your phone. If you can't get through it's good.

As far as disabling the tags themselves, if you really want to do it and have it done without marks, put your passport in a microwave on top of a coffee cup for 3 - 4 seconds should do the trick. But as others have pointed out, this might be a troublesome thing to do if you plan on actually using said passport and the customs agents can't get a reading from the tag.
posted by barc0001 at 2:18 PM on July 12

Actually, maybe I'm wrong. The title is "How can my parents protect themselves from RFID stripping?"

The answer is hammer the chip.
posted by floam at 2:18 PM on July 12

I wouldn't destroy the RFID chip! The next time a customs person tried to read it, and it doesn't work, they will pull you over and ask you a lot of questions.

No, they won't. Half the bloody things don't work anyway, and so the agent will just scan the barcode or type in the number when it doesn't. I've stood in line and watched many, many of these things fail.

It's exactly like when a supermarket item doesn't scan: nobody assumes it's YOUR fault.

So nthing the hammer (with a board or book on top to prevent the telltale circular dent) or a short vacation in the microwave. Just not long enough to singe the paper.

RFID passports are one of the stupidest ideas ever.
posted by rokusan at 2:43 PM on July 12

Feds recommend use of radio sleeves for Passports.
posted by rokusan at 2:59 PM on July 12

A Faraday Cage is a special case of EM shielding. You can have shielding without grounding it. It's not a Faraday Cage in that case, but it would do just as well for your purposes.

Basically, if you do not ground the shield, it will act as a passive antenna and re-radiate the signal if it's not a completely enclosed surface. However, the re-radiated signal will be weaker than the original, and will probably be scattered in a different direction (I'm not sure what the radiation pattern is on the RFID antennas; I assume they're fairly directional though).

You don't need to contain the signal completely, you just need to weaken and/or scramble it up enough so that the reader can't interpret it correctly. In a scenario where someone is trying to read the chip covertly from 20 feet away (like in the recent article about the guy doing the 'drive-by' passport scanning in San Francisco) it probably doesn't take more than a few negative dB before you've put the signal in the noise floor.

Just as an example of a situation where this works, up in New England where we have a lot of toll roads, there's a system called E-Z Pass that uses active RFID transponders that you affix to your windshield. When you get the transponder, you get a little metalized bag, similar to the kind that hard drives come in. If you don't want the transponder to be read for some reason (you just want to pay cash that day, or maybe the transponder is your company's and you're on personal business, or vice versa), you put the transponder in the bag and fold over the edge a couple times. I have done this and it works just fine; transponder doesn't scan when it's in the bag, even if it's sitting on the dash.

I also tested using one of those bags on an RFID contactless door-key system; it greatly decreases the distance that it works over. Whether this is due to attenuation of the received power signal or the transmitted code I'm not sure (that's the problem with passive RFID, you have two signals to deal with, and you can block either one to stop it from working).

So if you have a bunch of those metallized anti-static bags lying around from hard drives or RAM, feel free to hand them out. Tinfoil, if you fold up the edges securely, ought to work just as well if not better.

I don't know about the anti-RFID wallets — they seem like "tiger repellent" to me — but it would be easy enough to test one if you were really concerned about its efficacy.

Personally I don't really care about anyone scanning my RFID door keys and such, but if/when I get one of the new RFID passports I'll probably keep it in a metal-foil bag or something when I'm carrying it around, if I don't decide just to nuke the sucker and fry the chip completely.
posted by Kadin2048 at 3:11 PM on July 12 [1 favorite]

Silly question: what kind of data is actually IN the rfid chip? Surely it is just a number. And not the important number like CC# or SS# or PP#. Just a random number that identifies that specific chip. So the Evil Doers would have to have access to the various databases in order to get any information at all. Otherwise it's just a number.

I'm not sure what the goal of these anti-RFID people is, but they are morons and are scaring people needlessly.
posted by gjc at 3:27 PM on July 12

A story telling how easy it is to read the chips.

All they seem to get out of reading the chip, however, is an ID or serial number. It's not like it coughs up your name, address, birthdate, social security number, etc. (Those likely pop up on the screen when they scan at customs but that is because they are using the RFID's serial number look up all that data in their own database.)

So the issue isn't identify theft here, but rather the opportunity for surrepticious tracking--which can be done simply by recording which RFID serial numbers pass by certain points.
posted by flug at 3:28 PM on July 12

what kind of data is actually IN the rfid chip? Surely it is just a number. And not the important number like CC# or SS# or PP#.

Yeah, I don't have any knowledge on the matter, but I would sure as hell hope the number in the chip is essentially useless to an identify thief who doesn't also have access to the gov. database. Is this not the case?
posted by juv3nal at 4:16 PM on July 12

juv3nal, etc:

These biometric passports are used by lots of countries across the world. Just containing a hash would mean every country would have to share all this data with every other country.

Instead, these have actual information on them. At the very least, I'm pretty sure there's a photograph and the actual passport code. Maybe fingerprints.

Here's the system used to keep the data secret.
posted by floam at 4:28 PM on July 12

Oh, you should also know there's a shielded cover in the latest US passports, from what I've read. It's probably sufficient.
posted by floam at 4:30 PM on July 12

gjc writes "what kind of data is actually IN the rfid chip? Surely it is just a number. And not the important number like CC# or SS# or PP#"

The chips contain all the information printed on the passport. Why would you make it anything less? Expect future versions to include information not in the passport or of limited use in the passport like biometric information.

SpecialK that article is talking about passport cards which look like secure driver's licenses. Not only do they obviously not have shielded covers they also use a more vulnerable RFID system.
posted by Mitheral at 4:55 PM on July 12

In my experience crossing the border (and I do it every day) CBP doesn't use the RFID capabilities of the passports. Just tell your parents that you disabled the chip and then don't. They won't know the difference.
posted by lockestockbarrel at 5:59 PM on July 12

From what I know about Faraday Cages, they need to be grounded and energized to be fully effective against a targeted pulse -- otherwise they can act as either a slight damper or even an amplifying antenna

Your understanding is incorrect. Any continuous conductor that fully surrounds a region, grounded or not, will operate as a Faraday cage with respect to items inside that region. Also, any conductor that approximates continuity by not having gaps larger than a wavelength will act as a screen for electromagnetic radiation at that wavelength and longer.

Basically, if you do not ground the shield, it will act as a passive antenna and re-radiate the signal if it's not a completely enclosed surface

And if it is a completely enclosed surface, the only way it will re-radiate signal is outward. So, just fully wrap the passports in aluminium foil and stop worrying.
posted by flabdablet at 6:19 PM on July 12

Maybe fingerprints.

Fingerprints aren't part of a U.S. passport application.
posted by oaf at 7:35 PM on July 12

Any continuous conductor that fully surrounds a region, grounded or not, will operate as a Faraday cage with respect to items inside that region.

This is correct. The only things that matter are that whatever you're shielding be completely enclosed, that the size of any gaps in the conductor be less than 1/4 the wavelength or so, and that the conductor actually conducts well. I've done some EMP testing... Faraday cages work. They don't need to be grounded, they don't need to be energized.

If I were really worried about this, I would just buy some copper tape (www.mcmaster.com) and make myself a jacket that could be well sealed... one which ensures good conduction across the opening. Using a mesh instead of a solid conductor just decreases the conductivity, and I've also seen people use wire that was laminated so they really weren't making a Faraday cage at all.

Your first two answers were right... either break it, or wrap it in some sort of conductor.
posted by SAC at 8:55 PM on July 12

You have 2 choices: 1) leave the chip in working condition and, despite whatever counter-measures you choose, continue to run the risk (albeit partially mitigated, perhaps) of having your data stolen. 2) disable the chip and eliminate the risk.

Yes, as your passport states, it is illegal to destroy the chip. However if you place a towel over the passport and then hammer the chip, there will be no visible evidence that any malfeasance has taken place. In fact, even if customs ever were to question why your chip is malfunctioning (and, most likely, they never will, as they have the backup manual process that they've been using for decades now), there will not be any evidence to prove that the issuing office didn't in fact give you a malfunctioning chip in the first place.

If you have personal issues with pursuing this path, perhaps consider the following US legal documentation (emphasis mine):

When in the Course of human events it becomes necessary for one people to dissolve the political bands which have connected them with another and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. — That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, — That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness.

We Americans seem to have developed this frightening forgetfulness about the fact that our government works for us - not the other way around.
posted by allkindsoftime at 11:50 PM on July 12 [1 favorite]

« Older Netbook for a grad/med student...   |   Will ordering from online phar... Newer »