Biometric Passport – 1984 in 2006

The Guardian (Friday 17 November) reported that it had cracked the super-secure biometric passport in under 48 hours by using brute force password cracking and an RFID reader costing under £200.

This is, of course, the technology that will be used on the ID card, except that the ID card will have infinitely more personal information that can be be read by anyone with enough cash to buy a reader and a copy of a password cracker. Not that anyone with hostile intent will need to go to that trouble when everyone’s most private information will be available to a quarter of a million health service employees at the touch of a keyboard.

To be honest, the passport reading wasn’t quite as much of a victory over the password encryption technology as the Guardian presented it as. They said there was no capacity to change anything on the embedded chip but the article pointed out that it left the passwords open to cloning, as demonstrated by a German a month ago.

The Guardian article made the excellent point, which can’t be repeated often enough, but which never seems to get through to government – these ID technologies will be a godsend to identity thieves. They will be no major obstacle to terrorists or organised crime – in fact they may represent a revenue stream. They will threaten the liberties of everybody else.