RFID-Reading Passport Scanners Installed

Kozar_The_Malignant writes, "Electronic passport scanners have been installed at SFO. Ten of the scanners were received last week and have now been put in service. Various creative responses have been discussed here before."

Faraday Cage Suit

[corroncho (1003609)]

I knew that farady cage suit would come in handy some day!!!
___________________________
Free iPods? Its legit [wired.com]. 5 of my friends got theirs. Get yours here! [freepay.com]

This is only an interim measure...

[$RANDOMLUSER (804576)]

...until they can implant the RFID chips in your head.

Re:

[garcia (6573)]

I wouldn't put it past them and I'm sure no one would care...

I just recently took a trip to Winnipeg so that I could get around any passport requirements they might put up in the near future. I *refuse* to travel abroad with a passport that has RFID technology inside. Just like I will not give my SSN out to anyone, I will not allow my passport to be read via RFID.

The individuals I was with on this trip told me I was paranoid and shouldn't let something as little as an RFID tag stop me from traveling where

Re:

[hcob$ (766699)]

Well, lets go through the usual arguments...

RFID tag is stored in the passport(which is a faraday cage when closed.

The data is a hash value that is used to look up information to verify that you are who you say you are.

And yes, you are paranoid about it.

Re:

[NDPTAL85 (260093)]

Your friends were right. You are in fact paranoid. The overwhelming majority of people will suffer no ill consequences from having their passports read by an RFID reader.

The burden is on you to show what bad things will happen.

Re:

[twistedsymphony (956982)]

well, tinfoil hats are soooo much cooler then tinfoil passport protectors.

can they be opened with a Diebold key or bar key?

[speculatrix (678524)]

anyone tried to open them their hotel mini-bar key?

Various Creative Responses

[Tackhead (54550)]

> New U.S. e-Passports contain a 64 kbit RFID chip with personal information about the passport holder.

After reading last night's [slashdot.org] thread, I suppose encoding ~250 copies of the string "Kip Hawley is an idiot. Michael Chertoff is also an idiot" into an off-the-shelf 64kbit chip, putting the chip in a small wad of gum, and then swallowing the gum, is no longer an option.

Well, so much for my weekend.

Re:

[in2mind (988476)]

After reading last night's [slashdot.org] thread, I suppose encoding ~250 copies of the string "Kip Hawley is an idiot. Michael Chertoff is also an idiot" into an off-the-shelf 64kbit chip, putting the chip in a small wad of gum, and then swallowing the gum, is no longer an option.

First of all,why would you want to do that?
Two,the passport RFID reader needs to be within 10 cms from the chip to be able to read. So sont worry.You can swallow whatver you want to. :p

Range can be increased

[Bruce Perens (3872)]

There is a time-honored tradition of making RF signals go as far as possible. It's the first thing any kid tries with a walkie-talkie: how far can it go? It's possible to make RFID devices read from farther than designed by using higher power to energize the RFID and a higher-gain antenna to read its response. Certainly it will be practical to read these things as people walk through a door frame, with the proper equipment.

Bruce

Range is a function of the reader

[everphilski (877346)]

In this case, the readers are rather limited. 10cm, give or take.

Re:

[mrchaotica (681592)]

The reader at the airport is limited. The reader being surreptitiously carried by the American-tourist-targeting mugger/kidnapper/whatever in whatever foreign country you're going to won't be.

Re:

[SatanicPuppy (611928)]

The antenna part is obvious to me...I remember a while back an article about some people snooping those RFID gas cards using a high gain antenna, and it only makes sense that you're going to be able to pick up a radio signal with a sensitive antenna, once that signal is in the open.

I'm not as clear on the "energizing" process. I understand that you get a stronger signal based on the amount of energy imparted to the chip, same as you would with any other radio transmitter. But what kind of upper limit exists

Re:

[hcob$ (766699)]

Is there any way to energize an unshielded card from more than, say, 5 feet away, or is the danger primarily from people with readers brushing up against you for a reading?

Sure, all that possible. If you leave your passport open(closing it completes the faraday cage in the cover). Of course, people can also read all the data on your passport whenever they open it using this ancient technology called "eyes". And if you want to extend their range, you just have to get a few "lenses" and you can see it a

Re:

[Em Adespoton (792954)]

Is there any way to energize an unshielded card from more than, say, 5 feet away, or is the danger primarily from people with readers brushing up against you for a reading?

The issues seem to be the following:
1) RFID chips are activated by the EM energy delivered from the reader.
2) When closed, the passports in question are contained in a complete farraday cage, blocking any EM radiation from passing between the inside and outside of the passport.
3) When open, the regular rules of electromagnetic radiat

Wrapping your passport in Tinfoil?

[Yahma (1004476)]

There is the ever present theory that wrapping something in tinfoil will prevent RFID communications from working. Does anyone know if this is true or has been tested? If it works, just wrap your passports in tinfoil.

Yahma -- BLASTProxy.com [blastproxy.com] - A public anonymous proxy server that allows you to bypass firewall restrictions at home and work and surf safely.

Re:

[Bruce Perens (3872)]

Look up "Faraday Shield". It works, but I can think of some approaches to get through it, although I doubt that any current RFID device uses them. Testing is always a good idea. And aluminum foil is not the most attenuating material, just the cheapest and by far the most easily available one.

Bruce

Re:

[hcob$ (766699)]

There is the ever present theory that wrapping something in tinfoil will prevent RFID communications from working. Does anyone know if this is true or has been tested? If it works, just wrap your passports in tinfoil. I guess I'm going to be saying this often today. All you have to do is close the passport, there is a faraday cage in the cover that is completed when the cover is closed.

Re:

[It'sYerMam (762418)]

Everyone knows that tinfoil AMPLIFIES the signals, not reduces them!

Passport Cases Now Become Important

[Bruce Perens (3872)]

I have a passport case and will be sure to line it with mu-metal (not just aluminum foil) when I get a new passport in a few years. I'm sure that similar things will be up for sale. Indeed, if there's a manufacturer out there who wants to work on this, and knows sewing better than technology, write to bruce at perens dot com.

Bruce

Re:

[in2mind (988476)]

I have a passport case and will be sure to line it with mu-metal (not just aluminum foil) when I get a new passport in a few years.

I think thats dumb thing to do.When the security guys at the airport read your mu-metal'ed passport with their reader,it wont work & they would think its not a valid passport & you will be in trouble.

Re:Passport Cases Now Become Important

[Bruce Perens (3872)]

I guess this is something that not everybody understands yet. Of course you'd take the passport out of the case when there's a legitimate occassion to read it, like going through immigration security at some country (which I do a few times a month). The problem is that people can read it while it's in your pocket, with the right equipment, wherever you go, all the time, hundreds of times per day. And having it in a mu-metal case when you do not expect it to be read would be a good security practice. Is that more clear?

Thanks

Bruce

Still ....

[wsanders (114993)]

- I mean it doesn't have personal information, even if decoded, so what use is it to anyone, except that it identifies you with a big random number like a cookie does.

Although I do hear there were plans to put this into the data in clear text:

"YOU'LL BE SORY THAT YOU MESSED WITH THE U.S.of A.
'CAUSE WE'LL PUT A BOOT IN YOUR ASS IT'S THE AMERICAN WAY"

OK, maybe the case isn't such a bad idea after all.

Re:

[SydShamino (547793)]

I mean it doesn't have personal information, even if decoded, so what use is it to anyone, except that it identifies you with a big random number like a cookie does.

Wherever you go, anywhere in the world, anyone who gets within a few feet of you can conclusively identify you as a U.S. citizen if they so wish to. (I assume there is some common code that identifies it as a U.S. passport.)

I've never seen the state department do anything that jeopardizes the safety of American travelers as much as this will.

Re:

[Muad'Dave (255648)]

I mean it doesn't have personal information, even if decoded, so what use is it to anyone, except that it identifies you with a big random number like a cookie does.

Huh? You mean all of this personal info [icao.int] (PDF, see page 16) ??? You'll note that encryption is optional, but data integrity via a 1-way hash is mandatory.

Re:

[hcob$ (766699)]

The problem is that people can read it while it's in your pocket, with the right equipment, wherever you go, all the time, hundreds of times per day. And having it in a mu-metal case when you do not expect it to be read would be a good security practice. Is that more clear?

I guess I'm going to be saying this often today. All you have to do is close the passport, there is a faraday cage in the cover that is completed when the cover is closed.

This will guarantee you an anal probe

[wsanders (114993)]

I know everyone understands PKI, right, but isn't this is equivalent to someone trying to spoof any random SSL-enabled web site with a CA_signed cert? (assuming the gov't doesn't screw up.) OF COURSE you can break it or spoof it, if you break the CA.

It isn't designed to guarantee that the photo and the chip match, we can look at your face for that. It's to weed out the paranoid asshats who've tinkered with them, or, worse, have fake passports. Just like your browser throws up a warning if it can't figure ou

Re:Passport Cases Now Become Important

[kevin_conaway (585204)]

It already has a cover [state.gov]

Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed;

Re:

[Bruce Perens (3872)]

Uh-huh.

I think I am going to trust the cover that I provide.

Bruce

shielded cases for 18 dollars

[fantomas (94850)]

http://www.difrwear.com/products.shtml [difrwear.com]

looks like somebody's already selling them Bruce!

To the conspiracy wonks - entertain me

[Quiet_Desperation (858215)]

Oh, please do try and foil (pun intended) the RFID readers. Please. And bring a friend with a video camera so we can watch the resulting hilarity on YouTube.

TravelTags

[EssTiDee (784920)]

This really isn't all that horribly different from the TollTags, EasyPasses, and basically every other scannable devices that identifies the device-holder. Your passport is the property of the government -- has been, and will continue to be. If they want to make it easier to check / scan / whatever, so be it. While I worry about the security of their online database, it's not really any less secure than it has been in the past. I say there's no real change taking place here, except maybe if not too many

Re:

[TubeSteak (669689)]

This really isn't all that horribly different from the TollTags, EasyPasses, and basically every other scannable devices that identifies the device-holder.

Ummm... The Government doesn't require me to have a "TollTags, EasyPasses" if I want to leave the country.

Until "basically every other scannable devices that identifies the device-holder" is required by the gov't, then it really is horribly different.

If you haven't gotten/renewed your passport, I told you so. Mine is good for another 10 years and doesn't

Re:

[hcob$ (766699)]

This really isn't all that horribly different from the TollTags, EasyPasses, and basically every other scannable devices that identifies the device-holder.

Yeah, but those dont' have built in faraday cages...

Fine by me

[lawpoop (604919)]

I have no problem with RFID in the passport, as long as it is implemented in an intelligent manner. I don't see it as any more of an invasion of privacy than the personal photo and address information, and also the log of my recent travels.

I plan on having an aluminum foil carrying case for my RFID passport, when I get one, so it can't be read without being opened. Recently I saw a link to a company that makes wallets with a metal foil already embedded in the leather, so RFID chips can't be scanned remotely. The also sell a foil insert that goes in the bill area. I acn't remember the name though -- I thought it was a wordplay with 'wallet' and 'magnet', perhaps the word 'envelope'?

The only thing I don't want is an RFID implant. You might wear a farraday armband, but the whole idea reminds me too much of Jews getting serial numbers tatooed shortly before they were shipped into the death camps.

Already foil'd

[everphilski (877346)]

Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed [state.gov]

My main issues:

[mitchell_pgh (536538)]

- I wonder how long it will take to break the security? [it's going to happen]
- I wonder from what distances the RDIF card will be able to be read? [I hear a few inches to a few yards and beyond]
- I wonder what interesting ways people will use this information. [I'm in marketing and can already think of a few]

aluminum cases through security anyhow?

[192939495969798999 (58312)]

Has anyone actually tried to take an aluminum foil wrapped anything through airport security? I assume that would look suspicious to anyone, i.e. why the hell is it in foil, is it a bomb, etc. Did you get harassed at all? I actually just got a passport and am travelling far, far away, so I *could* try it...

Schneier says "rewew NOW"

[MrAtoz (58719)]

For what it's worth, Bruce Schneier [schneier.com] is recommending that everyone renew their passports now so that you can avoid having a chipped one for another 10 years:

The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance a

Typical Response without knowing the facts

[unPlugged-2.0 (947200)]

Come on slashdot-folks I expected better than all these comments about tin-foil hats.

It's bad enought that I have to put up with this any time I talk to any non-techie about the fact that I work for an RFID company and no I am not evil and do not wish to track their every move and alert someone that they are using the bathroom too much.

--Now for the Facts--

There are two main categories for RFID systems on the market today. These are near field systems that
employ **inductive coupling** of the transponder tag or Smart Label to the reactive energy circulating around the reader antenna, and far field systems that couple to the real power contained in free space propagating electromagnetic plane waves.

The passports are (repeat after me) *inductive* which means that they are activated by a magnetic field which is amplified by that metal loop you see to provide power to read the memory on the chip. The claims that someone could build a reader to read your tag from even 10 or 20 feet away is ridiculous. It would require the creation of such a big magnetic field that it would probably zap all magnetic material (such as hard drives, floppy discs, usb keys) that I am sure someone would notice. Also in order to read the reflection of the magnetic field which is what determines the response (RFID works like an echo you yell at something and wait for the echo to figure out what the id is) you would need such a big receiver (note this is still for 10 - 20 feet only) that you would literally look like someone out of the verizon commercial.

I know us techies are generally oblivious to the outside world but I think if you saw someone like this within 10 feet you should generally notice. Also you should run because that magnetic energy will probably fry your nads among with other crucial body parts you may never use (sorry couldn't resist).

The only real danger is that some hot woman with an rfid reader decides to bump into you and just happen to place her hand where your passport is. If you foresee that happening a lot then I suggest you get a tin-foil cover. However if that happens to you a lot then you are probably not on slashdot and reading this anyways.

Sorry but I am a little sick and tired of hearing about all these security concerns by people who don't know how these systems actually work. Can you tell?

Re:

[Ludedude (948645)]

"Sorry but I am a little sick and tired of hearing about all these security concerns by people who don't know how these systems actually work. Can you tell?"

Sorry, but I am a little sick and tired about hearing about how there are no security concerns from the people who don't care about anything but selling their products to a government that wants more control over its people. Do you care?

Re:

[NeutronCowboy (896098)]

Good points. However, there are two issues with electronic passports:
1) Someone can still read it remotely, and get access to all kinds of personally identifying information. Yes, you have to get close, but it still is quite possible. Ever seen pickpockets at work? They manage to *remove* your wallet without you noticing it. Considering the potential damage that can result from someone getting their hands on your passport, I'd rather not make it easier for people to access them.

2) You don't know what's on y

Re:Do passports already have RFID's in them?

[in2mind (988476)]

from the prev Slashdot article :

State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports -- about 13 million will be issued in 2006 -- will contain such chips

Re:

[erroneus (253617)]

Yeah until you try to go somewhere and they take your address location down and send you a new passport voiding your old one. It'll come in the form of a convenient service to you.

Re:

[Firehed (942385)]

You own a microwave, right? Obviously you didn't want the thing to get cold during those long winters in wherever you're headed, so you decided to warm it up for a few seconds first. Draw your own conclusions about what will happen, since me posting them is probably a violation of the DMCA or something.

Re:Do passports already have RFID's in them?

[malsdavis (542216)]

My mate got a new British passport a couple of weeks ago. The 2nd last page or so has a chip and a large rectangular loop of wire shaped in it. From what I remember, the rectangular loop of wire measured about 8cm long by 2cm high or so.

Here's a smallish picture of what the RFID bit looks like: http://www.telegraph.co.uk/news/graphics/2005/11/1 8/npassport18.jpg [telegraph.co.uk]

Re:

[TubeSteak (669689)]

The 2nd last page or so has a chip and a large rectangular loop of wire shaped in it. From what I remember, the rectangular loop of wire measured about 8cm long by 2cm high or so.

Is that something that can be resolved using a hammer?

Even though I'm normally a fan of Opt-In systems, I'll mute my complaints if a hammer allows me to Opt-Out.

Re:

[955301 (209856)]

No, a rock won't do, nor will paper. Scissors wins!

Re:

[lcsjk (143581)]

I did some initial design for an RFID system last year. The credit card size unit has a microchip with memory and a coil of wire around the edge of the card (about 7cm x 5cm). THe coil is the secondary side of an air-core transformer and the reader (receiver) has the primary side. Note that it is not RF as in radio or telephone. It is a magnetic field. The reader has to send enough AC power through the air to the RFID coil so that a capacitor can be charged to give an operating voltage. When the volta

Re:

[voice_of_all_reason (926702)]

Are there any arguments in favor of RFID as opposed to chip-cards? Yes, it makes (some group) (rich/powerful).