US Gov Helps Identity Thieves UPDATED
I annoy the lovely people down at 24 Hour Fitness mightily. The company issues membership cards you have to present to enter the gym. However, the membership card has no photo on it, so you have to present a photo ID as well. This annoys me. Mightily. Why don't they issue you a membership card with a photo on it, so you don't need to present a photo ID?
When I enter the gym, I make a huge drama out of having to show my drivers license as well as my membership card. While I'm doing this, they tell me that they'd be thrilled to photocopy my drivers license and stick it into a clear plastic pouch for me along with my membership card, so that I don't have to fish out my wallet every time.
Nowadays, I just say no, thank you, but occasionally I'll still bother to explain to them that:
1. Identity Theft is the US's fastest growing crime,
2. The information contained on my drivers license (or on a photocopy thereof) is all an identity thief needs to steal my identity for a multitude of purposes,
3. The whole point of photocopying my drivers license is to make it more easily accessible to me, which necessarily means it's more easily accessible to a pickpocket,
4. I've lost my gym membership card (which has my name and gym membership barcode on it and nothing else) twice and suffered no ill effects and I'd like to keep it that way.
I could also tell them (but never do) that 24 Hour Fitness's consumer base is in the 18-29-year-old and the 30-39-year-old groups (I belong, of course, to the latter. Yes, I know, you'd never have guessed). These are, respectively, the most, and second most identity thieved demographic groups. I could also point out that San Francisco is the seventh most identity-stealin' city in the country. (Data from here.) But I don't need to, because after two or three such encounters with me, any given staff member is apt to just roll their eyes and wave me in. Thus I get through my life, and, so far, my identity has never been stolen.
Too bad you can't do the same at border control.
You see, the US gov, that bevy of brains, has finally gotten around to adding RFID (Radio Frequency Identification) chips to the passports they're issuing, an action mandated by law in those rational days of 2002. RFID chips, which store all the information printed on your passports, are remotely readable, which means that anyone possessing the right technology can read the information in your passport as you walk by, without opening, or even touching your passport. It also means that anyone with the right technology can "eavesdrop" on the government reading your passport remotely. Basically, once your info is put on an RFID chip, you have no more control over who gets at it -- and neither does the government.
Right now the chips are only in diplomats' IDs (and that's scary enough!), but they'll be adding them to regular customers'-- I mean citizens' in October. In the Netherlands, a private company has already succeeded in hacking into Dutch passports, causing a bit of a ruckus. (You'd think there'd be a ruckus here, too, but then you'd think the same thing about hackable voting machines after 2000 and 2004, or about our president lying to us so that he could have his war ... and guess what? No ruckus.) My passport is good for the rest of the decade or so, but after that, will I have to bare my info to a world that is already four or five years more sophisticated at stealing it?
So, what to do? Some German hackers, concerned about the RFID tags in consumer products, developed an RFID-zapper, which deactivates any RFID tags it finds in the vicinity. But presumably, zapping your passport will only render it invalid. At the moment, all you can really do is protest. Here's an article with the names of organizations in the US and UK actively protesting the use of biometrics in such a manner.
I also might do some digging and see if I can find out what rights we have with regard to our passports, and if it's possible to refuse to allow our information to be put on an RFID chip and still get issued a passport. Does anyone out there know the law regarding passport rights?
I just saw this on the Making Light blog: this guy decided to test the theory that thieves could apply for your credit card using an application you tore up and threw in the trash. And yes, indeed, thieves can, even if you have them send the card to a different address and use a cell phone number for your contact number. Scary.
Oh, great. Thanks to Jose's tip in the comments below, I just read that RFID chips can carry viruses, although they don't spread from chip to chip, but rather attack the database. I agree with Jose that tech is the tech of da fewchoor, but, like lasic surgery, you should let other people do it first, and then wait twenty years, before forcing everyone to have it.