Jesse Brown on the problems with Canada’s new ePassport

And why the Canadian Passport Office’s defence of them is just plain silly


Elvis Lives! As a cloned ePassport.

Forget that Canada’s new ePassports come with a hefty price-bump. Forget as well that they glorify a storied Canadian feminist who also happened to be a bizarre racist. The real problem with our new enhanced travel documents lies in their enhancement. Namely, each one includes an RFID (radio frequency identification) chip, a technology traditionally used to track cattle and Walmart goods.

RFID passports are notoriously insecure. In 2006, German hackers cloned them. In 2008, a hacker from the group called THC (the hacker’s choice) also cracked RFID passports and whipped one up belonging, it seemed, to one Elvis Aaron Presley. The anonymous hacker had it scanned at a self-serve kiosk at the Amsterdam airport.  Sure enough, Elvis lived.

In 2009, ethical hacker Chris Paget bought a cheap RFID sniffer (you can get them online) and amped it up with signal-boosting antennas. He stuffed the whole kit (assembled for under $250) into his car and took a drive around San Francisco. Soon he had the personal passport data of two strangers, which he could have then cloned if he’d wanted to. Luckily, all Chris wanted was to prove that this kind of thing could be done, so that the world would think twice about issuing ePassports. This part of his experiment failed.

The Canadian Passport office is doing somersaults to explain how theirs isn’t that kind of RFID. For one thing, they explain, it’s not a tracking device, because it is “passive, which means that it does not have a power source. It cannot transmit signals over long distances”. This is just silly. All (Update: Many) RFIDs are “passive” in the sense that they don’t emit signals on their own. When an RFID reader (sniffer) is pointed at an RFID tag from an appropriate distance, it emits an electromagnetic field that charges the tag, which then sends a signal. So no, it’s not like a self-powered GPS chip that constantly communicates its whereabouts.  But yes, it can and is used as a tracking chip that tells you it’s there when it comes into contact with a reading device. Whether you’ve tagged cows or boxes or Canadian citizens with RFIDS, you did so explicitly to track them, and others could potentially track them as well.

But don’t worry, says our Passport office, because our new ePassports can only be sniffed at very close range; 10cm, they say.  But in a subsequent demonstration, Chris Paget displayed techniques for long-range RFID sniffing, from distances of over 200 feet. Might these techniques be used to extend the range of transmission on our new passports? To the question “Can someone read the information on my ePassport without my knowledge?” the Passport office is careful not to commit to anything definitive, saying instead that this is “extremely unlikely”. After all, they explain elsewhere, “the personal information stored on the chip is privacy protected by basic access control (BAC),” which they call a “secure mechanism”. But BAC was hacked in 2006.

Since all of these breaches were publicly known years ago, the Passport office had a chance to subject our new ePassports to rigorous testing before issuing them. Sure, hackers are always finding new vulnerabilities, but at least known bugs can be tested for.  Ideally, the results of such testing would be included in the information provided by the Passport office, but there’s no sign of anything like that on their announcement website.  I asked them if they had done any independent security testing at all, and they said they’d get back to me. They haven’t yet, but if they do, I’ll update this post with their answer.

One thing they will be unable to assure me is that the ePassport is totally secure. That’s reasonable-  a 100% fraud-proof passport is an impossibility, with or without an electronic element.  Adding a potentially hackable chip may bring Canada in line with international standards, but doing so in the name of increased security is dubious. While RFIDs make passports harder to counterfeit through traditional methods, they invite all kinds of new malfeasance from crooks and fraudsters. Of course, the real danger may not lie in illegitimate uses of the ePassport, but in their intended application.

The ePassport’s RFID chips also contain digital copies of Canadian travellers’ passport photos, explicitly collected to be read by facial recognition software. This software is arguably more hackable and less reliable than RFIDs, but let’s put that aside for now.  Whether it works or not, facial recognition is the first toe our government is dipping into the world of biometrics, and the establishment of a national biometric database is a major undertaking, fraught with privacy, safety, and civil liberty concerns, and we’re entering into it without much conversation.

Professor Andrew Clement of the University of Toronto’s Faculty of Information has been ringing alarm bells on biometrics for years. I asked him about the ePassports, and he had this to say:

“While the 10cm readability remains a 3rd party sniffing concern, in my view the creation of massive, on-line databases of biometric facial images in combination with facial recognition techniques, all done without any substantive independent threat, risk and social impact assessment nor public debate, is overall a much bigger concern.”

Follow Jesse on Twitter @JesseBrown


Jesse Brown on the problems with Canada’s new ePassport

  1. Any red-blooded conservative should be concerned about this. Did the government stop tracking their long guns so that they could track their passports? What can we do to convince this government that we don’t want to be tracked in this manner?

    • Farmers don’t care about passports, therefore most of the Conservatives party does not care either.

  2. There’s a growing market now in passport cases and wallets that are able to block RFID signals. I suspect simply wrapping your passport in foil would also work, but much less stylish (not to mention funny looks from airport security?)

    • a valid point and I thought of the same thing. But when you unwrap or take the passport out of it’s container when presenting it it will be subjected to these vulnerabilities, and as posted in the article someone could be situated nearby with an amplified setup scanning passports at 200 feet away.

  3. Good article. Since I’ve slammed you in the past, I thought I should say as much.

    • Jesse is great on most topics. It’s really only on Julian Assange, as far as I have seen, that he loses his perspective.

  4. “massive, on-line databases of biometric facial images in combination with facial recognition techniques”… facebook?

  5. Ugh! Given into retinal scanning and thumb print at US border, now our government plans to equip us with tags to follow us. Big brother I don’t want.

  6. The threat to democracy has been lamented at length re voter ignorance, the increasing effect of big money on elections, etc. with some posters even suggesting democracy as a source of problems — when democracy gives way to some fascist replacement in a few decades this type of technology will come in very useful.

  7. What, exactly, is the threat of these facial recognition databases?

    Did the government not keep the records of our pictures before? Because you have to send in that portrait for the old passports as well. If the government was going to become oppressive against a particular individual, was it impossible for them to distribute pictures to various security people that already work in airports?

  8. Show us how to remove the chip from the passport

  9. If the picture is on the RFID, that would be incredible stupid. Putting the first part of a RFID as a password along with a pin, thumbprint or picture that is all stored centrally that the user knows would be smart.

    The problem is not that the can be hacked. It’s that the result will be treated as gospel by those that should be scrutinizing them.

  10. RFID is here to stay, both Govt, business & financial institutions have rolled out this technology and poured billions of dollars into its infrastructure regardless of the vulnerabilities surrounding transmitting data via RFID tags. Yes there are many passive RFID blocking wallets out there & ‘passive’ being the type. It has been documented by ethical hacker Kristin Paget and bench tested the effectiveness of these passive RFID blocking wallets*

    I have recently personally had concerns about the RFID tags being used in my credit cards, debit cards & passport so did a bit of research looking for the best way to protect my data. I found a product called Armourcard which actively jams all RFID signals and appears to be a great convenient solution to this problem. I have two, one for my wife and the other for me. They seem to work well as have tested them against a RFID reader, which it gave the blue screen of death, so it worked well.

    I’m all for protecting your own identity in this tech age. I want to know I’m protected. If you want they are located at http://www.armourcard.com.au

    *Credit Card Fraud – The contact-less Generation | Kristin Paget | Chief Hacker, Recursion Ventures

Sign in to comment.