Passport Chip Could Attract High-Tech Muggers 348
Orangez writes "Wired.com reports that 'business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.' and that 'The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture.'"
Re:When will people realise that remotely readable (Score:3, Informative)
Re:Tin foil wrapper (Score:2, Informative)
http://www.paraben-forensics.com/catalog/product_
Why biometrics are bad: (Score:5, Informative)
Re:why are travellers worried? (Score:4, Informative)
Any passport issued in any country is not your property. It's the property of the issueing government.
In Canada, even our health cards carry that infomation on the back. It says 'card is property of Minitsty of Health, issued to be used by:' and your name + address.
Sorry no 'property rights violations' here. Whatever those are.
Re:When will people realise that remotely readable (Score:5, Informative)
Re:why are travellers worried? (Score:5, Informative)
Re:Tin foil wrapper (Score:2, Informative)
the system is secure, stop the FUD (Score:3, Informative)
The authentication is based on the MRZ (Machine Readable Zone) in the passport (this is text that is read through OCR and not visible unless you open the passports photo page). The MRZ-data is hashed by SHA-1 and the high 32 bits of the hash is taken (this reduce the risk of someone computing the MRZ-data backwards (actually guessing) which MIGHT be possible if you have the hash and the basic structure of the MRZ-data). The hash is sent as an authentication code to the RFID-chip in the passport, if the hash is wrong the RFID responds with a "no valid authentication" message and refuse to send any data.
A state may decide to ignore such measures in their passports (but this is unlikely for the EU and the US). And such states have the option to include metallic jackets for the passport.
The range of the RFID transmission will be around 10 cm. IIRC it weakens with the power of 6 to the distance.
Further, it is not practical to have contact chips in a book-formed passport. It is more practical in ID-cards.
While I dislike this in general and would prefer a passport free world, try to avoid spreading untrue FUD about the technology being used, the data is secure and no person is going to get within 10 cm from your passport, and try an average of 2^31 different hashes without you noticing it. Of course, if the person manage to "borrow" your passport, he will use the MRZ to obtain the key, but in that case, he can take the passport to a photocopier as well (and that is probably cheaper).
Re:why are travellers worried? (Score:3, Informative)
All that, waiting for someone to just bump into me on a train or in a subway or getting off the airplane. Unlike a normal passport, I'd never know it was "stolen", since it'd still be in my pocket afterwards! By the time I get back to my country, I'd probably be thousands of dollars in debt, with 50 credit cards in my name.
Re:hmm... (Score:3, Informative)
Stuff it in an old aluminized mylar potato chip bag, roll it up and stuff it in your pocket. If asked, say it was raining cats and doga at my last stop. I didn't want it to get wet. The added advantage is the tag is unreadable inside the folded up bag.
Re:disabling chip? (Score:4, Informative)
Re:Actually that might be part of the plan (Score:2, Informative)
www.ibutton.com
Re:When will people realise that remotely readable (Score:2, Informative)
I really don't get it and have yet to see a good argument for what is suposedly so borken about paper docs.
Biometrics are good for a large number of things. But they are *not* good for IDs (passports, DLs, ICs those kind of things). This is because for them to be used that way they must be passed over a network. Once you start passing things over a network it becomes very possible to steal that persons biometrics and use them to be him/her.
CFP2005 sesssion on RFID chipped Passports (Score:3, Informative)