In a similar vein

Feds at DefCon Alarmed After RFIDs Scanned | Threat Level | Wired.com

Fools

RFID is the same as a magnetic strip - its all plain text

That depends one what format of RFID we're talking. Only the most basic of RFID systems use plain text/numbers. Most commercially available systems use a minimum of a 26bit key (read only) with more advanced products using variable bit length two way verification.

Much of that article is alarmist and based on ill informed speculation. Things arent quite as simple to crack as what they're making out. Secondly, any govt agency using an off the shelf 26bit Wiegand interface really needs a review of their security.

My drivers license has my name, photo, address, license number and date of birth, and anyone with a pair of eyes can get it all just by looking at the card. How is putting all this information on a RFID card any less secure? But I can see how it would be incredibly useful.

These cards don't need security because there shouldn't be anything on there that needs to be protected anyway.

It can be read remotely....

... which means if you put sensitive information (say a full copy of your passport) you can pose as someone else

So yeah

People are getting a little confused here. The UK national ID card is not an RFID card, it's a smart card just like new credit cards and mobile SIM cards. These can not be read remotely. They must be physically inserted into a reader.

Typical RFID cards do not hold personal information (saving a few exceptions). They simply hold a facility/site code and a user code. They're typically used for access control however more recent times have seen advanced forms of the technology used for applications such as the new Transperth Smart Rider System (which uses a proprietary version of the MIFARE format orginally developed by Philips). Any information relevant to the holder of the card is held on a database at the site the card is used at.

Even though it's possible to clone basic RFID cards, a cloned card will be of little use to anyone if the access control system at the site the card is used for is configured correctly. Features such as anti-passback ensure that once the card has been presented to enter an area of the site, the same card can not enter that area again until such time as it's badged out.

As for accessing personal information about the holder of the card, you'd require access to the on site EACSMS and be operating on the assumption that the site holds full information on it's users (usually, it's just a name). Such systems are usually attached to their own LAN which has no connection at all with the outside world or the everyday working LAN of the site, unless of course that site is has no need for alfoil hats.

Wrong - the new cards used in the UK use RFID. Same as passports and some of the new credit cards in the US.

merctom...just saying wrong doesnt make you right...back up info please....

A little further reading suggests I may indeed be wrong (one site only) however I'm yet to find anything that conclusively advises on the technology actually used in the final release of the card. Most sources suggest its a contact smart card. Even so i'd still not be too concerned about it being read remotely as the effective range of passive cards is very limited. Most contactless smart cards are developed under ISO 14443 which allows for communication upto 10cm. There is another standard which allows for comms upto 50cm.

my comment still stands....may not be a computer geek but sometimes these governments might leave a back door in their systems to trace the people that come for a look through their back door... but hey that means they actually think when they set up systems...... and these systems are set up by really smart guys and the nasty people that tell them what they want them to do on the side are always there......but hey i have no knowledge of that sort of stuff....just have several tinfoil hats......alledgedly