Passport Chip Could Attract High-Tech Muggers

Orangez writes "Wired.com reports that 'business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.' and that 'The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture.'"

Solution

[Anonymous Coward]

Kill all muggers.

security

[zerkon]

the article states having a barcode or some other form of security that must actually be read, how about encrypting the data on the rfid and putting the key on the barcode?

just a thought

hmm...

[catbertscousin]

Now they don't even have to steal my passport before they can use all my info. That's an improvement. If I get a new passport, I think I'll carry it in an aluminum foil pouch.

This is a dupe - no, wait ...

[Redshift]

Well folks, it's a dupe.

http://yro.slashdot.org/article.pl?sid=05/02/28/11 28248&tid=158&tid=17 [slashdot.org]

Or is it a trip?

http://yro.slashdot.org/article.pl?sid=04/12/23/23 25238&tid=158&tid=126&tid=17 [slashdot.org]

A quad? (Quap?)

http://yro.slashdot.org/article.pl?sid=04/11/27/00 26222&tid=103&tid=158&tid=172 [slashdot.org]

Quint? Penta?

http://yro.slashdot.org/article.pl?sid=04/10/22/02 29221&tid=158&tid=103&tid=1 [slashdot.org]

So .. can anyone find Sex for me?

Re:why are travellers worried?

[Anonymous Coward]

Human beings are funny like that. We're members of the animal kingdom and animals, for whatever natural reason, just don't like being followed or tracked unless it's by their children and/or mate or they're traveling in a coordinated herd. Attempting to rationalize a violation of basic natural psychology by invoking security isn't going to invalidate primal instincts. If mother nature has instilled us with an instinct that dislikes being tracked or followed there's probably a very good reason for it. It's probably because, whatever the rationalization is, the truth is that animals track and follow prey. Very rarely is the stranger following you interested solely in your welfare for no selfish reason of their own.

Stalking is illegal for a reason. Even if no physical contact is ever made it constitutes harassment. Harassment leads to a degradation of the quality of life, poor performance at work, and after extended periods of time can lead to a psychological breakdown. Creating a population of paranoid schizophrenics isn't all bad. Once they come apart at the seams we can lock them in a cell with a bicycle and use them to produce energy, thus breaking our dependence on oil and negating the need for nuclear fuel. It'll also solve the overpopulation problem if we keep the sexes separated. In the end it'll allow some members of the population, who aren't being harassed or seem to be immune to natural instincts (are they even human then?), to live a life of leisure using the energy of those we have harassed and then locked up.

disabling chip?

[LM741N]

What are the implications of disabling the chip? A huge dose of ESD would probably do the job without harming paper and ink. You could just claim ignorance.

Here's a link to the standard

[Muad'Dave]

Document 9303 at the ICAO [icao.int]. Note that it's the international Civil Aviation organization that defined the standard and is pushing it. Note that they intentionally do not encrypt the data so that it's simpler and easier for third world governments to read.

Re:Blame the terrorists.

[__int64]

"The terrorists have already won"

Exactly, because despite popular opinion they're goal is not to go out and kill every single American. Their goal is to go out and make every single American afraid of them, afraid to live their lives.

And Mission Accomplished.

They have successfully reduced my dad, into a withered old man afraid to ever leave the country, who does nothing but curse these damn 'rag-heads'. "We need more legislation and more intrusive government, cause those bastards are everywhere. They want to kill us all. So we need to get em first. Nuke those bastards. We need to kill any and all of them, cause they're all rag-heads and they all want us dead with their 'Islam'."

Who's the real terrorists again dad?

Submit your Comments to the State Department

[journalistguy]

http://rfidkills.com/action.html [rfidkills.com]

Actually that might be part of the plan

[overunderunderdone]

From the article:

State Department contractors are looking to include some shielding, such as metal fibers in the passport cover, to keep the chips from being read when the passport is closed.

They are also, supposedly "designed only to be readable from 8 centimeters (about 3 inches) away when the passport is open."

My question at that point is: why not use another technology? The whole point of RFID is that it is readable from a distance without jumping through any hoops. If TFA is correct they are negating the whole point of RFID and fighting it's inherent nature to do so. It seems that some kind of optical technology would be perfectly suited to do exactly what they want to do with RFID.

Sweden getting this as well

[Nevtje(hr]

Sweden is going to introduce these state-of-the-art passports with microchips in them sometime in the autumn. i was planning on getting one first, but apparently a Visa will do just as fine should i ever want to visit the States, plus the microchip one is supposedly alot more expensive

so, im getting a new "regular" passport tomorrow... my current expires in july, no rush, but this new one will last 10 years so why not have it done with

Re:disabling chip?

[chrispl]

This would probably be considered "tampering with an official document" and be against the law, or at least make it more difficult to travel when they notice your suspiciously "defective" passport.

I will just keep mine wrapped in a few layers of aluminium foil until I am standing in line at immigrations thank you.

I can also see, after the media catches on about identity theft via RFID passports some enterprising company will begin selling lead lined passport covers or something similar. This also begs the question why the covers are not lined with an RF blocking material so the chip can only be read when the passport is open in the first place.

Open Secrets

[Doc Ruby]

Bush's trillions spent to "protect Americans from terrorists" will be down the drain by the time someone can sit in an airport lounge, snarfing up copies of RFID passports. In keeping with the rest of Federal cyberInsecurity, they data won't be signed, so inserting new pictures or other data for identity fraud will be trivial - and rampant. I'm waiting for a terrorist, granted a White House press briefing day pass, to ask Bush the loaded question "Mr. President, what have I got in my pocket?"

Re:Actually that might be part of the plan

[tyresyas]

Well, I don't know about you, but my passport has been with me for quite some time and optical readers are no longer up to the challenge of reading it as it has taken quite a beating. Passing through Immigration lines was painful enough before, but now I have to sit there and watch them fight with the optical scanner for a few minutes. RFID tages would elminate that problem even were they readable from 8 cm away. And for those of you paranoid enough to think the government will start tracking your every move with your passport, do you think you are any safer everytime you swipe a credit card to pay for something? The point is that anyone could read the numbers off of your credit card and hav a field day with it. It is easily verifiable if these RFID tags respond to a challenge from any great distance, and I doubt they will in their final incarnation.

You'd need a smarter RFID.

[abb3w]

If they government can read it for legitimate purposes, other people can read it for illegitimate purposes.

...if the chip responds without requiring authentication, as current RFID chips do. If the RFID simply spits out its random Mark One RFID number on initial query, and only provides Mark Two grade information on recieving it's RFID back in a RSA signed query, it might mitigate the problem.

Still, that would leave at least five system weaknesses obvious to even cursory glances:

1) It's still a Mark One RFID initial response; to prevent traffic analysis from making identifying USAssholes (yes, I can say that, I am one) trivial for hostile entities, there need to be a lot more responding Mark One RFIDs chirping away out there.
2) The specific query to the RFID could be played back. This might be solvable by inclusion of a random number component with in the initial response.
3) Every Mark Two RFID query generator needs to have the signature capability; the system is only safe until one is stolen and reverse engineered. Giving each it's own marine guard [imdb.com] is liable to increase the expense of the deployment slightly. This might be obviated by an integrity-and-privacy secured uplink connection to a centralized query making server located at Fort Meade [nsa.gov].
4) This still implies US passport holders should trust the US government to be able to secretly and silently find out exactly who they are at any time. Survey says...
5) I'm betting the computation for signature checks exceed the RFID remotely powered capabilities; I suspect they don't have much more than needed to play "Marco!".... "Polo!"

Re:Actually that might be part of the plan

[dmayle]

State Department contractors are looking to include some shielding

My best friend's husband works for a French company called A.S.K. that makes smart cards, and induction cards, and RFID cards, and he was telling me about the process, and how they're bidding for the American Passport contract.

When I mentioned about the tin foil, he said that none of the samples they've delivered to the U.S. have any shielding, and that there's been no talk at all of shielding of any kind.

<Tinfoil Hat>I truly think this talk of shielding is just to pacify us until it's already a done deal, and it's too late to do anything about.</Tinfoil Hat>

Re:Actually that might be part of the plan

[Master of Transhuman]

New terrorist plan: walk around an airport with some sort of high-frequency emitter in a briefcase - frying everybody's RFID passport chips.

Make for a wonderful day at Customs, I'm sure.

Then you'd have to have security guys wandering around the airport with RFID detectors trying to spot excessively powerful transmissions (or hardware in the building to do so and alert security.)

Alternate plan: walk around with the same sort of long-range detectors the state obviously wants to use and suck all the data out of everybody's passport, burn it onto your fake passports (after looking up the individual's photo somewhere and copying that in - since I assume photos will remain the primary identity device in passports) and walk your terrorist army through any Customs.

Next problem: how do ordinary people get their passports with all this data in the chip? Obviously that data will have to be reported - or sucked out of some huge TIA database, right? So this is just to set up once again the "need" for the government to know EVERYTHING about you - so they can issue a fucking passport...