Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Privacy Government Security Technology Your Rights Online

Germany To Roll Out ID Cards With Embedded RFID 235

Posted by Soulskill
from the meine-Brieftasche-ist-radioaktiv dept.
An anonymous reader writes "The production of RFID chips, an integral element of the new generation of German identity cards, has started after the government gave a 10-year contract to the chipmaker NXP in the Netherlands. Citizens will receive the mandatory new ID cards starting from the first of November. The new card allows German authorities to identify people with speed and accuracy, the government said. These authorities include the police, customs and tax authorities and of course the local registration and passport granting authorities. There are some concerns that the use of RFID chips will pose a security or privacy risk, however. Early versions of the electronic passports, using RFID chips with a protocol called 'basic access control' (BAC), were successfully hacked by university researchers and security experts."
This discussion has been archived. No new comments can be posted.

Germany To Roll Out ID Cards With Embedded RFID

Comments Filter:
  • by Anonymous Coward on Sunday August 22, 2010 @04:24AM (#33330392)

    The passports already have RFID. This is about the identity cards. (which is only a card, compared to the passports that are too big to carry them around with you all the time).

  • time to buy (Score:4, Informative)

    by zerothink (1682450) on Sunday August 22, 2010 @04:36AM (#33330412)
    It's time to buy RFID-blocking cover/wallet/bag/whatever. Or feel free to have some fun with aluminum foil - http://www.rpi-polymath.com/ducttape/RFIDWallet.php [rpi-polymath.com]
  • by Anonymous Coward on Sunday August 22, 2010 @04:39AM (#33330426)

    Germans must be able to identify themselves with either a passport or an ID card. There is no obligation to have either of those with you at any time.

    The new cards do not use classic RFID chips but near field communication, which is much harder to attack from a distance (if at all).

    Anyone who wants to sit this out can get a new ID card before November. The old ID cards cost 8 EUR and are valid for 10 years.

  • Re:EU passports (Score:3, Informative)

    by Anonymous Coward on Sunday August 22, 2010 @04:48AM (#33330460)

    On the contrary. Since the new EU passports contain fingerprint data and a digital version of the picture, much of the contention about the new passports revolved around the creation of a central database of biometric information. If the passports were just an index into the database, then that database would be inevitable.

    It is important that technology-minded users learn not to apply the usual centralist approach to everything. We are not cattle.

  • by think_nix (1467471) on Sunday August 22, 2010 @04:56AM (#33330506)

    Germans must be able to identify themselves with either a passport or an ID card. There is no obligation to have either of those with you at any time.

    The new cards do not use classic RFID chips but near field communication, which is much harder to attack from a distance (if at all).

    Anyone who wants to sit this out can get a new ID card before November. The old ID cards cost 8 EUR and are valid for 10 years.

    I guess you have never lived in Germany and heard of Ausweispflicht ? Which by law requires any citizen to be able to identify his or her self. Even only being there on holiday as a visitor you must still be able to identify yourself , been there done that. The authorities do not take it lightly if you "forgot" your ID either, depending on the situation. Although I will credit you the sitting out part, if they get the new ID now then they can wait it out. Although didn't the Germans already implement biometrical Passports (not to be confused with ID cards)?

    Anyways looking at http://www.personalausweisportal.de/ [personalausweisportal.de] really is weird if you cannot speak German then I suggest translator of some sort . They talk about new "Identity Management" and "Online Identification functions" etc etc . Sounds more controlling/keep track than anything else. I really feel bad for the German's at times. But hey you know there is a saying: "The Germans will never complain or demonstrate to any problem because they is a sign saying it is forbidden"

  • Re:Awesome... (Score:5, Informative)

    by think_nix (1467471) on Sunday August 22, 2010 @05:12AM (#33330580)

    True to that check this out:

    http://www.personalausweisportal.de/cln_164/DE/Neue-Moeglichkeiten/Online-Ausweisfunktion/online-ausweisfunktion_node.html [personalausweisportal.de]

    The new online functions! If you dont understand german try google translate, here a quick translation

    Identification on the Internet and on machines can in the future be done with the new identity card. This is simple and safe as the presentation of your previous card today.
    Even without being personally present you can use the online identity function (also: eID function) authenticate everywhere (where personalized services - are consequently offered and directly tailored to the individual user). With your new personal ID and your 6-digit PIN you can prove your identity in the electronic world simple, safe and reliable.

    That is just the first paragraph , better than the Sunday comics !

  • by think_nix (1467471) on Sunday August 22, 2010 @05:17AM (#33330594)

    Yeah I guess you are right:

    http://de.wikipedia.org/wiki/Ausweispflicht [wikipedia.org]

    Only if they ask for it , interesting , but still..

  • by think_nix (1467471) on Sunday August 22, 2010 @05:18AM (#33330602)

    Yeah I guess you are right:

    http://de.wikipedia.org/wiki/Ausweispflicht [wikipedia.org]

    Only if they ask for it , interesting , but still..

    Shit I meant this one (damn copy buffer) : http://bundesrecht.juris.de/persauswg/__1.html [juris.de]

  • Re:time to buy (Score:5, Informative)

    by MikeyVB (787338) on Sunday August 22, 2010 @05:26AM (#33330616)

    For the curious, it takes approximately 4 layers of aluminum foil to block a scanner from activating the RFID signal when your Al lined wallet is point blank from a standard scanner.

    (After receiving an RFID enabled ID card here in the Netherlands last year, I tested it on our office copy/scanner RFID reader, and then simply lined my wallet with double the number of layers it took to block the signal. Works like a charm!)

  • by Khyber (864651) <techkitsune@gmail.com> on Sunday August 22, 2010 @05:26AM (#33330622) Homepage Journal

    The full-sized US passport fits in my back pocket without any problem, my wallet sits comfortably in front of it.

    Too big, what? It's just over 3"x5" in size.

  • The US started it (Score:3, Informative)

    by rolfwind (528248) on Sunday August 22, 2010 @05:35AM (#33330654)

    After 9/11, the US mandated biometric passports for all (if you wanted to enter the US).

    Under legislation introduced after the September 11th attacks, the United States has tightened security measures for foreign tourists entering its country. The latest measure requires that by 2012, every traveler entering the United States who is part of the visa-waiver program must have a biometric passport or be forced to apply for a visa. ... ...
    Initially, Washington gave a 2006 deadline for the 27 countries in the EU and other visa-waiver countries such as Norway, Iceland and Switzerland, but then pushed the date back to June of this year to give these countries more time to prepare the technology needed to issue the biometric passports. The US State Department started introducing e-passports in 2006 and every passport holder in the US is projected to have one by 2017.

  • Re:The US started it (Score:4, Informative)

    by rolfwind (528248) on Sunday August 22, 2010 @05:36AM (#33330660)
  • Re:The US started it (Score:4, Informative)

    by Jane Q. Public (1010737) on Sunday August 22, 2010 @05:46AM (#33330688)
    Yes, but the law also states that a passport's RFID malfunctions, the passport is still legal. 10 seconds in the microwave is just about right.
  • by maxwell demon (590494) on Sunday August 22, 2010 @05:47AM (#33330696) Journal

    That said, if you use public transport, there is basically no way around taking it along with you.

    Really? I've never been asked to show my identity card. What you may required to show in certain situations (as in, when caught using the transport without a valid ticket, or in case of using a price-reduced personalized ticked), is an official paper with image ("amtlicher Lichtbildausweis"), but that doesn't have to be your identity card, your driving license should work anyway (I don't have experience with this, though, because I've never been asked to show it in public transport anyway, not even with personalized train tickets).

  • Re:EU passports (Score:1, Informative)

    by Anonymous Coward on Sunday August 22, 2010 @06:41AM (#33330858)

    Fingerprints are only optional in the ID card ("Personalausweis"). The comment was about the biometric passports, for which two fingerprints are mandatory (left and right index finger).

  • by agw (6387) on Sunday August 22, 2010 @06:53AM (#33330888)

    You have to actively go out, apply for an ID card and pay the fee to get one. You can live a long and productive live and never use your ID at all, unless you're a lawyer by profession or get arrested a lot...

    Not quite. You will have to use it if you want to get a bank account (and I assuem you want one). If you're younger, you will have to use it to get a driver's license, probably to sign contracts, to get into music clubs late night, to get alcohol, even to play the lottery and of course everytime you fly within the EU.

    So I say you can live a long and productive live alone in the mountains and never use your ID at all.

  • by Anonymous Coward on Sunday August 22, 2010 @07:16AM (#33330964)

    Actually, tests by various groups have shown that RFID chips are easily read from several METERS away.

  • by roman_mir (125474) on Sunday August 22, 2010 @07:20AM (#33330982) Homepage Journal

    You are mistaken as to what is freedom of speech in USA, nobody is allowed to make direct threats of murder for example, but one can have an opinion that abortion doctors must be killed, it's an opinion.

    Of-course one person's opinion may lead to another person's action, but the correct thing to do is to hold the one who takes action as the responsible party, not the one who says he has an opinion.

    I am not American, in fact at this very moment I am in Germany, though I am Canadian, born in the former USSR.

    I hold every single thing that government says or does as suspicious, I don't trust government at all, in any single one thing ever, and I am not an American.

  • by Anonymous Coward on Sunday August 22, 2010 @07:34AM (#33331026)

    The old German identity cards are 105 x 74 mm,
    the new ones will be 85.6 x 53.98 mm.

    i.e. 4.12 x 2.93 inch old and 3.37 x 2.12 inch.

    I.e: you can put your identity card into your
    wallet. (especially as it is only a card and not
    multiple sheets of stuff).

    The passports are 104 x 78 mm. That is only slightly larger, but too large (and also too thick) for most wallets.

  • Fry it (Score:5, Informative)

    by mwissel (869864) on Sunday August 22, 2010 @07:39AM (#33331044) Homepage
    What TFA forgets to mention is, that the ID card remains valid when you kill the RFID chip, as it still allows a person to be identified. Also, the fingerprint is a voluntary information to be stored. Most people won't know or bother and just let them store it anyway, though. For my fellow citizens: get yourself a new ID card w/o RFID just now (it is only a few Euros more expensive when you "loose" your current ID). If you have to get, for some reasons, an ID card with RFID on it, just put it in the microwave oven for a minute or so. Chaos Computer Club has proven this to kill the chip reliably.
  • by Anonymous Coward on Sunday August 22, 2010 @08:36AM (#33331334)

    I find the most intriguing part of this whole thing is the decision to outsource the chips to a Dutch company

    NXP is the research division (now independent) of Philips, still considered to be one of the world's leading companies in the electronics department. It would be equally intriguing to see European governments turning to a certain US-based software company for their desktop software.

    This is the same company responsible for the Mifare [wikipedia.org] series of travel cards, which are used in the London Underground and Dutch public transportation. And in Moscow, Bucharest, (all of) Slovakia, Seattle (WA), Minneapolis (MN), Boston (MA), Brisbane, Melbourne, Montreal, ...

  • by ewanm89 (1052822) on Sunday August 22, 2010 @09:35AM (#33331638) Homepage
    Is 96ft (~29m) far enough away, that's the Defcon record. Blackhat USA 2010 has beat it don't know the practical distance achieved but the paper gives a theoretical maximum of 565ft (~172m). Want to change some of those assumptions? It's a radio, distance is based on three things transmitter power, receiver sensitivity and atmospheric conditions the first 2 can be controlled very easily.
  • by Anonymous Coward on Sunday August 22, 2010 @10:50AM (#33332094)

    They just spoofed, they haven't talked to the TAG at all!

    ISO14443-A and other NFC tags simply don't work like this:

    You need a two way communication. From the reader to the tag, and from the tag to the reader. The ISO14443-A tag is not capable to actively send out answers. Instead it loads down the magnetic field that powers it. This load is measured on the side of the reader and interpreted as answers from the tag.

    If I remember right the tag must be able to pull about 10% of energy out of the magnetic field to transmit data.

    And this puts a simply physical constraint on the range:

    You can't simply make the reader put out a stronger magnetic field. This would increase the range from the reader to the tag, but it would also make it almost impossible for the tag to answer because it can't remove that much energy anymore. If you lower the energy of the field the tag doesn't has enough power to operate.

    The 15 cm

    In the lab you can get a longer distance than 15 cm... Maybe up to half a meter or so. To do so you have to calibrate the resonant frequency of the tag and the reader so that they are almost perfectly coupled. And you have to do this in an RF shielded room because every disturbance in the RF field would interfere the transfer.

    What the Defcon guys did was to listen to a running communication between a reader and a tag from afar. That is indeed possible up to such a range.. That will not tell you anything interesting except the fact that a tag was read because the first thing the pass does is to do a Diffie-Hellmann key exchange (part of the PACE protocol). Oh - you get the ID from the tag, but as I wrote earlier the ID is random ...

    Not much gained..

        http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange

  • by Shoe Puppet (1557239) on Sunday August 22, 2010 @02:53PM (#33333928)

    Americans are NOT required to carry ID at all times.

    Neither are us Germans (yet), we only have to own one. Most people do carry it, though.

Real Users find the one combination of bizarre input values that shuts down the system for days.

Working...