Cruising Fisherman's Wharf For New Passports' Serial Numbers 276
schwit1 writes "Fox News has an AP story on a hacker in San Francisco driving around and needing as little as 20 minutes to be successful in acquiring a passport number: 'Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic US passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet. ... Meanwhile, Homeland Security has been promoting broad use of RFID even though its own advisory committee on data integrity and privacy warned that radio-tagged IDs have the potential to allow "widespread surveillance of individuals" without their knowledge or consent.'"
Nothing to worry about... (Score:5, Interesting)
You just need to buy an RFID shield [rfid-shield.com] for your passport and you can put your mind at ease. Unless, of course, you want to worry about how they don't work [youtube.com].
Poor encryption (Score:4, Interesting)
Passports use BAC [wikipedia.org] encryption, which is obviously pretty weak.
Comment removed (Score:5, Interesting)
Re:Gosh... (Score:4, Interesting)
The U.S. doesn't make any passing attempt at running an efficient health care system. For people that can afford it, spectacular care is available here.
So the well off have plenty to fear from government intervention, they face the potential for higher taxes and the potential for lower availability of care (vast amounts are spent on extreme measures in the U.S.).
Sure, it would probably be healthier for us as a society to provide a more equitable system, but let's not pretend that it is going to be better for everyone.
Passport RFID borders on criminal negligence IMHO (Score:5, Interesting)
I cannot imagine that even a SINGLE conversation with someone mildly conversant in basic security, no, just having common sense, would not have indicated that uncontrolled ID reading from a distance was a VERY VERY bad idea. It suggests to me that such a conversation was either not had, someone has a LOT of shares in RFID manufacturing or there is something else behind this rush to promote even more ID theft.
You can read ID from a distance which means it's now possible to create hidden bombs that lie dormant until there are enough people of a certain nationality nearby, it's possible to clone an identity and I suspect it won't be long before you can edit the biometric, making the theft of your LIFE complete because of "the 'pjuter is always rite" syndrome.
In the process other associated idiots are building up databases which are unnecessary (it works prefectly without) and which are a reversal of approach - normally your identity is only collected AFTER you have committed a crime, not BEFORE. You're now guilty until you prove it wasn't you who left a cloned identity behind. All of that without you noticing someone has been near to your passport, you no longer have control over who sees the data. Hello girls, welcome to stalking v2.
Actually, if you want political emotional scare stories, as the EU has now made one passport per person mandatory, it's also "Hello kids, welcome to 'brief your local paedophile'".
It would be really good if the clowns who dream up such stuff would be the first to suffer the consequences, all of them. Because I don't think they will learn otherwise - this is causing risk, not fixing identity issues. /rant
Comment removed (Score:4, Interesting)
Re:Passport RFID borders on criminal negligence IM (Score:3, Interesting)
The cards discussed in this article strictly provide a number, so they are just being used as a glorified barcode (maybe they have some security features that a barcode doesn't, but the guy scanning the numbers already knows how to bypass them, so they are irrelevant); a barcode is just as easy to link to a government database and introduces all the same problems with securing the database, so the only additional threat created by the RFID here is the ability to track the person holding the card (leakage of identity info is the same with a barcode, and there are no biometrics to edit on the card).
Still, it doesn't seem like the chip adds anything, and it certainly sucks for people to be able to automatically identify the card (not the person, just the card) at a distance.
Re:Gosh... (Score:3, Interesting)
truly spectacular care is in Europe these days, sadly the US healthcare system has defeated itself due to the cost of doing business here for most physicians. What America has is the _perception_ of good healthcare, however, just because sombody has a specialist for every ailment doesn't mean they're getting remotely good healthcare. in the US there are typically around 12 Doctors involved in the average Americans healthcare. have you ever been to a doctors office? do you know how busy- especially a decent specialist- is? do you think any of them really know _any_ of their patients well from a physicians standpoint? more to the point, do you think these doctors actually communicate? i know theres a lot of citation needed for a post like that but i'm too burned out on the issue to gather the facts, having worked in the medical field as a healthcare professional for a while i've seen firsthand the fiasco that is the US heathcare system. sorry folks, you arent getting "the best healthcare in the world" not even close. in fact
http://www.photius.com/rankings/healthranks.html [photius.com]
the US fares pretty abysmally.
while its true the above WHO report does have a slight bias to social medicine due to cost being factored in (which isnt a bad thing) there is no denying that the outcomes for patients in the US are certainly not world class.
Yes and no (Score:5, Interesting)
I live in Finland and we do have a public healthcare system here. That doesn't mean that here wouldn't also be private healthcare available. Those who dislike the public system (which works pretty well but is underfunded so waiting lines can be hours long in any non non-emergency case) can go to the private clinics. In addition to competing with each other, private clinics also need to compete with the public health care. It sets some kind of a status quo of "If you don't manage to offer extremely good service, people will just use public healthcare".
So I don't think that the wealthy do need to worry about potential for lower availability of care. Public healthcare just gives best of both worlds... In theory.
Recently (within the past decade) right wing government has been trying to change the way that public healthcare works here. Instead of having doctors who work for the government they try to have government buy services from private companies. In practice this works horribly.
Government buys from the company that offers services for cheapest but that lowers the quality. And even those companies have higher prices than what government would pay directly to the doctors as the companies try to make profit. So it is slowly changing from "The best of both worlds" to "The worst of both worlds".
One example of this is a hospital near me (Peijas in Itä-Vantaa). It used to be managed by the government but then there was a decision to privatize (if that's a word) the emergency duty. Now, if you go there complaining that your chest hurts, you might still need to wait four hours in the lobby before a doctor sees you but if they deem that you need further care and send you to the main part of the hospital... You get EKGs taken, evaluations from several doctors and so on, all for completely free of charge. (Speaking from experience here.)
So even with the "worst of both worlds" it works somehow (which is good because I really couldn't have been able to afford the treatments in a private clinic). I just fear what happens if the rest of the hospital services will be bought from private companies too.
Public healthcare can be done very well or very poorly depending on how it is implemented.
As for taxation... Yeah, it raises. Can't deny you there. As a rather decently earning programmer I pay nearly half of my wage as taxes (then again, that is more than free healthcare. It includes, among other things, that government funded my university education and insured my student loan). You are wrong to assume it will hurt the wealthy, though. It uses the people who don't use the services.
Whether you are wealthy or not, having higher taxes that provide services that you use are fine. Higher taxes hurt those who rarely have to visit a doctor, they hurt those who don't go to an university and so on. Others would have had to pay that money anyways, it just wouldn't have gone to government but directly to the private companies that provide the services. And the result might not have been any better.
Comment removed (Score:2, Interesting)
Re:Dupe of a dupe of a dupe. (Score:4, Interesting)
There's even a YA novel (Little Brother) by Doctorow that has this issue as a plot point; somehow I doubt that the people in charge are going to read it...
Re:You pay for other's poor choices as it is (Score:1, Interesting)
Read the plan: As obama intends, you will always pay for the govt insurance (through increased taxes). If you want your choice, you have to pay for it as well as the govt insurance. *You*. Not your employer, as they will be dumping you into the govt insurance. And you can't deduct the costs anymore (the employer used to be able to deduct the costs; this is likely to go away as well).
So, for real health care, looks like you're going to have to take one of those "medical vacations" to South Africa or India--or wait 2 years for the knee surgery...
Re:Security (Score:2, Interesting)
Re:Passport RFID borders on criminal negligence IM (Score:5, Interesting)
I wrote about RFID landmines here [slashdot.org] on Slashdot, about five years ago.
It's nice to see that someone else besides me is sufficiently realistic to understand that this can be a real problem. And it's cheap: I don't know what RFID standard passports are using, but various readers on Ebay don't seem to creep much above the $50 mark. Add a microcontroller and some code (which, of course, can be open-sourced amongst other terrorist organizations), along with a little supporting hardware, and you've got yourself a trigger for a device for less than, say, $200 and a few days/weeks of study by an aptly-minded person.
That $200 isn't much money at all, even for a third-world organization, for an attack which is nearly guaranteed to kill one or more civilians of any country which institutes standardized RFID identification. And the best part is, they get to pick and choose which country is the enemy this week when deploying the things.
I, for one, am not very happy about this.
Re:Security (Score:5, Interesting)
Here in the Netherlands we have to be able to prove our identity any time the police asks for it. The only way accepted by them is to show your passport, so we officialy HAVE TO carry our passports with us any time we are outside.
Thank you America and your 'War on Terror' to give our political creeps an excuse to put that one through our throats!
You really found a way to blame your country's [perceived] fascism on another country thousands of miles away? Congrats.
Re:Nothing to worry about... (Score:3, Interesting)