5172235
story
Comments: 276 +- Your Rights Online: Cruising Fisherman's Wharf For New Passports' Serial Numbers on Sunday July 12 2009, @07:02AM
Posted
by
timothy
on Sunday July 12 2009, @07:02AM
from the sub-exactly-because-for-even-though dept.
from the sub-exactly-because-for-even-though dept.
background: url(//a.fsdn.com/sd/topics/topicprivacy.gif); width:71px; height:53px;
privacy
background: url(//a.fsdn.com/sd/topics/topicstorage.gif); width:48px; height:51px;
storage
background: url(//a.fsdn.com/sd/topics/topicgovt.gif); width:57px; height:80px;
government
background: url(//a.fsdn.com/sd/topics/topicnews.gif); width:60px; height:66px;
news
background: url(//a.fsdn.com/sd/topics/topictech2.gif); width:60px; height:80px;
technology
schwit1 writes "Fox News has an AP story on a hacker in San Francisco driving around and needing as little as 20 minutes to be successful in acquiring a passport number: 'Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic US passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he'd "skimmed" the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet. ... Meanwhile, Homeland Security has been promoting broad use of RFID even though its own advisory committee on data integrity and privacy warned that radio-tagged IDs have the potential to allow "widespread surveillance of individuals" without their knowledge or consent.'"
Related Stories
Necessity is a mother.
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.
Security (Score:5, Insightful)
It's strange that politicians and other managers seem to have a totally different idea of the meaning of the word 'security' than other people.
Re:Security (Score:5, Insightful)
What the heck do you think they intended the RIFD passports for? They are meant to be used to track people. They are working as intended.
InnerWeb
Parent
tracking (Score:4, Insightful)
Yeah, and I'm less concerned about passports being counterfeited than I am about people carrying US passports in other countries being targeted for mugging. Those passports are valuable, you know.
Parent
Re: (Score:3)
Re: (Score:3)
Not in the US. I'm not sure how that is handled in other countries though. I know a lot of international students in the US voluntarily surrender their passport to the dean's office, which will hold them in a secure place, since students tend to lose important documents like that easily. I've taken more than a few couch surfers out drinking only to realize their government issued ID is in Lousiana, California, or D.C. due to this.
Re:Security (Score:4, Informative)
Who the Hell carries their passport around all day in their home country? Most of the time I imagine it would be sitting in a safe place at home.
Here in the Netherlands we have to be able to prove our identity any time the police asks for it. The only way accepted by them is to show your passport, so we officialy HAVE TO carry our passports with us any time we are outside.
Thank you America and your 'War on Terror' to give our political creeps an excuse to put that one through our throats!
Parent
Re:Security (Score:5, Interesting)
Here in the Netherlands we have to be able to prove our identity any time the police asks for it. The only way accepted by them is to show your passport, so we officialy HAVE TO carry our passports with us any time we are outside.
Thank you America and your 'War on Terror' to give our political creeps an excuse to put that one through our throats!
You really found a way to blame your country's [perceived] fascism on another country thousands of miles away? Congrats.
Parent
Re:Security (Score:5, Informative)
Sadly, Poingggg is voicing an ever more common popular Dutch adage: "most of the world's current problems are America's" fault. And an American making a quip about it will probably garner little more than a "Typical" from the likes of Poingggg.
Being Dutch myself, I would like to add that Poingggg is wrong, or at least woefully incomplete. We -are- required by law to be able to show our ID, however we are not by law required to carry it. This may seem silly, since you need to carry it to be able to show it, but what it means is that police are not allowed to ask for ID unless you are under suspicion of some other offense (that is, other than not carrying your ID).
Also, the ID produced does not have to be a passport. Dutch driver's license or Dutch identity cards are also accepted valid IDs. Additionally, the law only applies to people over the age of 14.
So, the only people at serious risk from getting their ID's copied as described (when not using a tinfoil wallet) are people in the age range 15-18 (impossible to get a valid driver's license), foreigners (only a passport, or some specific documents pertaining to asylum and long-term stay will do) and people unable or unwilling to get a driver's license.
And sofar, the only people fined for not being able to produce the ID have been - to my knowledge - people who refused to produce it (even when allowed to retrieve it from elsewhere) or people who committed some other punishable offense in addition to not carrying the ID.
Parent
Re:Security (Score:4, Insightful)
You act as if they were interested in your security at all. :)
Which just shows how effective their strong twisted reality is. It even affects you to the point where you believe they would be acting ouf of the interest of the people.
Don't worry, we all fell for it. As long as we learn from it, that is ok. :)
Parent
Re:Security (Score:4, Funny)
Parent
Dupe of a dupe of a dupe. (Score:2, Offtopic)
Re:Dupe of a dupe of a dupe. (Score:5, Insightful)
Parent
Re:Dupe of a dupe of a dupe. (Score:4, Interesting)
There's even a YA novel (Little Brother) by Doctorow that has this issue as a plot point; somehow I doubt that the people in charge are going to read it...
Parent
Nothing to worry about... (Score:5, Interesting)
You just need to buy an RFID shield [rfid-shield.com] for your passport and you can put your mind at ease. Unless, of course, you want to worry about how they don't work [youtube.com].
Re: (Score:2)
Enough to zap the chip, not enough to toast the paperwork.
Done and done, job well done.
Re:Nothing to worry about... (Score:4, Insightful)
Good luck trying to cross the border with your "forged" passport.
Parent
Re: (Score:3, Funny)
She didn't get the joke, which was just as well I suppose.
Re:Nothing to worry about... (Score:5, Informative)
Parent
Re:Nothing to worry about... (Score:4, Insightful)
Parent
So what does work? (Score:2)
If these RFID shields don't work, does anyone know something that does?
Re:Nothing to worry about... (Score:5, Insightful)
Parent
Re: (Score:3, Insightful)
Were you kidding?
If US passport data can be easily acquired in San Francisco (where US citizens generally don't carry them), then it follows that said data will be abundant in areas where people are likely to carry passports. Somalia was just an example. Replace it with your favorite vacation getaway spot, if you like.
blackraven's comment is +5 insightful IMO.
Re:Nothing to worry about... (Score:5, Interesting)
Well, as Fisherman's Wharf is a tourist attraction, I would think that the majority of the people are tourists.
And about the part that says about what people should do, people should design a secure system where one of the factors is that people WILL carry them around on Fisherman's Wharf. Do not blame the users for usage, blame the designer for not putting it in the design.
The 'stupidity' of the users is well known and well documented. Persons are smart, people are stupid. If you deal with security, that is what you have to think about. If you don't, your design will be flawed.
Parent
Re: (Score:3, Informative)
In at least some states (Massachusetts for one) out-of-state ID isn't accepted for alcohol purchases, but federal ID like a passport is. Not sure if California is like that though.
Re: (Score:3, Insightful)
In at least some states (Massachusetts for one) out-of-state ID isn't accepted for alcohol purchases, but federal ID like a passport is.
Whenever I've run into that, I've pointed out that it is clearly unconstitutional (Article IV, Section 1; full faith and credit clause).
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
The joke among bouncers evidently is: the guy who shows up with a passport probably lost his license for too many DUIs.
Or prefers to present his passport because it doesn't get scanned (magstripe), and doesn't have your home address or even home state printed on it.
Gosh... (Score:3, Funny)
Re:Gosh... (Score:4, Insightful)
[sarcasm]Yes, heaven forbid the United States catch up with the rest of the developed world and get a system that works better [photius.com] while costing less [photius.com].[/sarcasm] Passport security and health systems have nothing to do with each other, please let you brain do the thinking, not your mouth or your gut.
Parent
Re:Gosh... (Score:4, Interesting)
The U.S. doesn't make any passing attempt at running an efficient health care system. For people that can afford it, spectacular care is available here.
So the well off have plenty to fear from government intervention, they face the potential for higher taxes and the potential for lower availability of care (vast amounts are spent on extreme measures in the U.S.).
Sure, it would probably be healthier for us as a society to provide a more equitable system, but let's not pretend that it is going to be better for everyone.
Parent
Yes and no (Score:5, Interesting)
I live in Finland and we do have a public healthcare system here. That doesn't mean that here wouldn't also be private healthcare available. Those who dislike the public system (which works pretty well but is underfunded so waiting lines can be hours long in any non non-emergency case) can go to the private clinics. In addition to competing with each other, private clinics also need to compete with the public health care. It sets some kind of a status quo of "If you don't manage to offer extremely good service, people will just use public healthcare".
So I don't think that the wealthy do need to worry about potential for lower availability of care. Public healthcare just gives best of both worlds... In theory.
Recently (within the past decade) right wing government has been trying to change the way that public healthcare works here. Instead of having doctors who work for the government they try to have government buy services from private companies. In practice this works horribly.
Government buys from the company that offers services for cheapest but that lowers the quality. And even those companies have higher prices than what government would pay directly to the doctors as the companies try to make profit. So it is slowly changing from "The best of both worlds" to "The worst of both worlds".
One example of this is a hospital near me (Peijas in Itä-Vantaa). It used to be managed by the government but then there was a decision to privatize (if that's a word) the emergency duty. Now, if you go there complaining that your chest hurts, you might still need to wait four hours in the lobby before a doctor sees you but if they deem that you need further care and send you to the main part of the hospital... You get EKGs taken, evaluations from several doctors and so on, all for completely free of charge. (Speaking from experience here.)
So even with the "worst of both worlds" it works somehow (which is good because I really couldn't have been able to afford the treatments in a private clinic). I just fear what happens if the rest of the hospital services will be bought from private companies too.
Public healthcare can be done very well or very poorly depending on how it is implemented.
As for taxation... Yeah, it raises. Can't deny you there. As a rather decently earning programmer I pay nearly half of my wage as taxes (then again, that is more than free healthcare. It includes, among other things, that government funded my university education and insured my student loan). You are wrong to assume it will hurt the wealthy, though. It uses the people who don't use the services.
Whether you are wealthy or not, having higher taxes that provide services that you use are fine. Higher taxes hurt those who rarely have to visit a doctor, they hurt those who don't go to an university and so on. Others would have had to pay that money anyways, it just wouldn't have gone to government but directly to the private companies that provide the services. And the result might not have been any better.
Parent
Re: (Score:2)
So if government is paying for your education why do you have a student loan?
For myself personally I'd rather get taxed at 25% rather than 50% and be able to choose my health care.
Re: (Score:3, Interesting)
truly spectacular care is in Europe these days, sadly the US healthcare system has defeated itself due to the cost of doing business here for most physicians. What America has is the _perception_ of good healthcare, however, just because sombody has a specialist for every ailment doesn't mean they're getting remotely good healthcare. in the US there are typically around 12 Doctors involved in the average Americans healthcare. have you ever been to a doctors office? do you know how busy- especially a decent
Poor encryption (Score:4, Interesting)
Passports use BAC [wikipedia.org] encryption, which is obviously pretty weak.
Re: (Score:2)
Sorry to reply to my own post. The article only says:
Zipping past Fisherman's Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians' electronic U.S. passport cards
So all he got was serial numbers? meh.
WHAT!? (Score:3, Funny)
Yes, but do we really need it in passports and identification cards?
thats not a warning... (Score:2)
thats a endorsement for continual increase in use.
I wonder how long it will take before credit companies, homeland security and other rfid pushers join forces to create a implantable credit card/passport/whatever-service-you-can-think-of rfid chip. For your own protection and convenience, honest...
Passport RFID borders on criminal negligence IMHO (Score:5, Interesting)
I cannot imagine that even a SINGLE conversation with someone mildly conversant in basic security, no, just having common sense, would not have indicated that uncontrolled ID reading from a distance was a VERY VERY bad idea. It suggests to me that such a conversation was either not had, someone has a LOT of shares in RFID manufacturing or there is something else behind this rush to promote even more ID theft.
You can read ID from a distance which means it's now possible to create hidden bombs that lie dormant until there are enough people of a certain nationality nearby, it's possible to clone an identity and I suspect it won't be long before you can edit the biometric, making the theft of your LIFE complete because of "the 'pjuter is always rite" syndrome.
In the process other associated idiots are building up databases which are unnecessary (it works prefectly without) and which are a reversal of approach - normally your identity is only collected AFTER you have committed a crime, not BEFORE. You're now guilty until you prove it wasn't you who left a cloned identity behind. All of that without you noticing someone has been near to your passport, you no longer have control over who sees the data. Hello girls, welcome to stalking v2.
Actually, if you want political emotional scare stories, as the EU has now made one passport per person mandatory, it's also "Hello kids, welcome to 'brief your local paedophile'".
It would be really good if the clowns who dream up such stuff would be the first to suffer the consequences, all of them. Because I don't think they will learn otherwise - this is causing risk, not fixing identity issues. /rant
Re: (Score:3, Interesting)
The cards discussed in this article strictly provide a number, so they are just being used as a glorified barcode (maybe they have some security features that a barcode doesn't, but the guy scanning the numbers already knows how to bypass them, so they are irrelevant); a barcode is just as easy to link to a government database and introduces all the same problems with securing the database, so the only additional threat created by the RFID here is the ability to track the person holding the card (leakage of
Re:Passport RFID borders on criminal negligence IM (Score:5, Interesting)
I wrote about RFID landmines here [slashdot.org] on Slashdot, about five years ago.
It's nice to see that someone else besides me is sufficiently realistic to understand that this can be a real problem. And it's cheap: I don't know what RFID standard passports are using, but various readers on Ebay don't seem to creep much above the $50 mark. Add a microcontroller and some code (which, of course, can be open-sourced amongst other terrorist organizations), along with a little supporting hardware, and you've got yourself a trigger for a device for less than, say, $200 and a few days/weeks of study by an aptly-minded person.
That $200 isn't much money at all, even for a third-world organization, for an attack which is nearly guaranteed to kill one or more civilians of any country which institutes standardized RFID identification. And the best part is, they get to pick and choose which country is the enemy this week when deploying the things.
I, for one, am not very happy about this.
Parent
Re: (Score:3, Insightful)
You've obviously never travelled to a dodgy African country - there is NO way that you trust anyone to hold your passport as it's your only way out when the shit hits the fan.
Plus, theft is rife even in the 'nicer' hotels in some of these shitholes.
Mine is inside... (Score:2)
The anti-rfid wallet... ;)
Big Brother Concerns? (Score:4, Insightful)
I wonder.. (Score:2)
If these were passports or passport cards ? .. Most people here don't carry their passport around with them all the time.. However those new cheapo passport cards (for Canada, Mexico, the Caribbean, and Bermuda) are much smaller and more portable and I can see people keeping them in their wallet.
I realize that both are vulnerable.. Sadly I have to get a passport renewal in 2010, and not looking forward to having a chipped one. I'll be getting the full one again (can see the point in limiting travel possibil
Here, let me fix that for you (Score:4, Insightful)
Meanwhile, Homeland Security has been promoting broad use of RFID because its own advisory committee on data integrity and privacy warned that radio-tagged IDs have the potential to allow "widespread surveillance of individuals" without their knowledge or consent.
Fixed.
These aren't passports (Score:4, Informative)
Re:These aren't passports (Score:4, Informative)
Parent
Re:Fighting the wrong battle (Score:4, Informative)
You're right though, that you can't just type in "tell me where Joe Soap went on thursday afternoon" into the system and get an list of his/her whereabouts, but for targeted individuals, tracking without their permission has been available for some time.
Parent
Re: (Score:2)
"This is how surveillance societies like Britain tend to do it now. "
Citation needed.
Really, the UK has billions of cameras, but few people watching them and I'd be very, very surprised if they had anything approaching the level of sophistication you're talking about.
Re:Fighting the wrong battle (Score:4, Interesting)
Those billion cameras are primarily a reactive system, not proactive. While they were initially sold on the public as a crime prevention and safety thing, they don't exist that way any longer. I guess in many ways it is a good thing that there are just too many to be monitored in real time. This makes your simple trip to the store utterly irrelevant and not of interest to anyone - but if your trip happens to coincide with some idiot crashing his car in to the aforementioned store, knocking you down in the process, then someone, be it insurance, police, ambulance, or whatever, might dredge it up for review. All in all you and I are just lost in the noise while the only valuable signal makes the nightly news.
RFID is a pretty good filter if your aim is to create a choke point (i.e. immigration counters) - you can file people past a scanner, snap off their picture without them knowing, have a drone somewhere do a comparison with the databased image, or run it through your super computer in the basement to do it for you.
Parent