American Passports to Have RFID Chips 668
pr1000 writes "Wired is reporting that the State Department is planned on adding RFID chips to new American passports, starting with diplomat's passports in January. Those worried about the privacy concerns of RFID should take notice, as this rollout could set a precedent."
Bruce Schneier (Score:5, Informative)
Bruce Schneier has made some interesting observations [schneier.com] on the RFID passport plans. Somehow, I do not see how this could possibly make us "safer".
Simple solution (Score:5, Informative)
Little step for the state, medium step for slavery (Score:2, Informative)
The target of a proposed solution usually it is driven by a defined utility: to speed up a procedure or whatever. But in this case, do will really speed up or improve something? What about passport authentication? For sure can not be 100% automated, as soon as RF ID chips can be, at least, cloned (from the sophisticated data retrieval via millitary X-Ray uC inspection or via amateur hacking, or whatever).
Summary: a cop/inspector will be still needed to validate your passport, then, there will no be "bottleneck solving" or whatever other problem was intended to be solved.
This too much control may irritate my civil rights chip... soon here at Europe. Regards.
Re:Law Enforcement (Score:4, Informative)
Schneier's Take (Score:3, Informative)
Re:Tracking... (Score:2, Informative)
Re:RFID Worries... (Score:5, Informative)
New U.S. passports will soon be read remotely at borders around the world, thanks to embedded chips that will broadcast on command an individual's name, address and digital photo to a computerized reader.
Any questions?
Comment removed (Score:5, Informative)
Re:RFID co-channel interference? (Score:5, Informative)
It might be more of a problem if there are RFID _readers_ all over the place. They might interfere with eachother's attempt at scanning for RFID chips. I have no idea whether the protocols allow for this.
Terror (Score:3, Informative)
What if some terrorists connected such a transponder to an explosive device?
Imagine placing a bomb in some public place. A bomb that is totally harmless until a certain number of american passports are in close proximity and then BOOOM!
I hope someone in counter-terrorrism has thought of that and found a way to prevent it. If not they should do so ASAP.
Re:Law Enforcement (Score:3, Informative)
Basically, an RFID "chip" is a passive, unpowered radio tranceiver. When it receives a radio transmission of a certain power level and frequency, the antenna resonates, inducing a current within the circuitry. This current is passed through filters - AND/OR/XOR/NOT gates or what not, I'm nott 100% sure - which are unique to the data contained on the chip. By this process, the output power levels and frequency can be modified in accordance with what information the implementers want to be transmitted back. (This is nearly identical technology to the proximity cards and readers many of us have used at work, parking garages, dormitories, etc.)
The problem is, the chip will respond to any proper wavelength and dB, so there is no practical way (not yet anyway, though the technology is being developed for crypto-enabled RFID) to control to whom the chip will respond. This means that anybody can request the data contained on the chip (or perhaps more importantly, whether or not a chip is present!).
What's more, the chip simply outputs a certain radio frequency which any radio receiver in the propagation sphere can receive. It's been demonstrated that a properly tuned and sensitive receiver can read the resulting broadcast from an RFID chip from several, if not tens, of meters away.
There's a rather good article on the subject of RFID passports at Bruce Schneier's blog [schneier.com].
Block the tag w/ a foil bag (source cited) (Score:5, Informative)
RFID Hack Could Allow Retail Fraud [eweek.com]
Most of the concern seems to be around unauthorized person reading the RFID chip. According to this article blocking RFID chips is very easy to do if you have physical posession of the chip. Just wrap it in tinfoil. It would seem that someone would make a bag/box/pouch that would store your passport and protect it from being read w/o authorization. When you were in an area that required that you show your passport, the airport for example, you would just take the passport out of the bag. Sounds like a $19.95 solution to me.
I guess if you took your passport out at the hotel or some other place like that you could be "vulnerable". Maybe this solution [wired.com] from RSA woul help?
It does seem like the solution here is not to say "no RFIDs in the passports", but actually to ensure that there is a way to easily control when the tag is read. And there seem to be several solutions available.
Privacy Act of 1974? (Score:1, Informative)
IANAL
Actually, it's just stupid. A contact-based chip is clearly better for the same purpose.
Is this a case of the tail (RFID Industry) wagging the dog?
Re:Biometrics imposed on the world (Score:3, Informative)
And crap (well even more crap than the usual crapulatity of biometrics) biometrics at that. BBC report about tests of the system [bbc.co.uk].
What I can't work out is the motive for enforcing face recognition biometrics. Human beings are so good at face recognition and machines so bad at it that it's hard to believe anyone would propose such a system unless there was some other payoff, but I can;'t think what it might be.
Re:RFID Worries... (Score:3, Informative)
Quote from the article:
"Security experts said the U.S. government decided not to encrypt the data because of the risks involved in sharing the method of decryption with other countries."
Man, if some people would just RTFA, the world would be such a better place...
Re:Or, on the other hand for target selection (Score:4, Informative)
I grew up in Texas and continue to live there (in an oil-rich area, no less), and though I occasionally see people wearing cowboy hats and big belt buckles, I don't know any one personally who would.
That bit about everything being bigger in Texas was a nice touch. Everyone who's been THROUGH Texas probably believes we all think that. All the gas station/gift shop places lining the interstates are filled with merchandise supporting that conclusion. But, again, I've never met anyone who actually cares. It's just tourist bologna.
Re:Tracking... (Score:3, Informative)
Re:Biometrics imposed on the world (Score:3, Informative)
Well for the UK government the reason is 'because it's new and a very nice man from [insert name of big IT company] told us that everyone would want it next year.'
The British government must be the World's largest consumer of bad IT projects - a magistrates' courts system that had to be abandoned, a procurement system for the Ministry of Defence that didn't procur, passports not being issued, tax refunds not paid, child support payments being delayed that people were left in poverty, an air traffic control that failed basic HCI requirements, the current NHS IT system which could work out so expensive there won't be money to treat patients...
About the only good thing that can be said about the British government's ability to deliver IT is that the ID card system is probably going to be DOA.
Best wishes,
Mike.
Re:Bit OT but... (Score:3, Informative)
I did a bit of googling and came up with this page [apocalipsis.org]. It gives a few different theories and possible explainations, from seemingly credible sources.
Search for "v16" on the page to find the beginning of the discussion about the mark.
Re:looking for a US citizen abroad? (Score:2, Informative)
stay out of chains or anything in very touristy area, they suck.
Re:Or, on the other hand for target selection (Score:5, Informative)
1. Like I said, Americans are loud. If you don't want to stick out, shut up.
2. Don't wear jewelery, especially in countries where it would be an obnoxious display of wealth, not to mention it automatically makes you a target.
3. If you still want to blend in, don't wear shorts, plaid, flannel, sneakers, or baseball caps. In some countries jeans too, but especially in Europe bluejeans are a fashion statement so your cut up old Levi's won't cut it
4. Say you're from Canada if you get into a sticky situation. Most anti-Americanism is directed at the government, but alot is not. It may sound funny, but seriously, and especially if you drink (alcohol+antiAmericanism=not good), you can diffuse a potentially explosive situation if you say you're from Canada. Eh?
5. Ask a travel agent. I know they're quickly becoming a thing of the past (with on-line booking), but they know what they're talking about. They'll have a lot better tips then I'll ever have.
6. Learn metric. You automatically sound much smarter. If you frequent pubs as much as I like to do (ok I'm a lush), people will ask you were you are from and then how far it is away from a major city. Pittsburgh? Oh maybe 500km west of Philadelphia. Don't know philly? 200km southwest on NYC. Just ballpark it. And when getting directions be prepared to hear meters.
7. Be careful of colloquialisms, people won't understand you. Use plain language.
Re:It's all in the mind (Score:3, Informative)
Not strictly true. In the UK you can be made to give your fingerprints if you are arrested. That is not the same as being caught breaking the law, since plenty of innocent people get arrested. Now, once upon a time this didn't matter a great deal, since the police could only keep your prints if you were subsequently convicted and since most innocent people who are arrested are not convicted the odds were that your prints would be destroyed.
However, all that changed when Blair and his cronies got into power. First, (a few years ago) the law was changed so that your prints were kept if you were charged. Yes, that's right. You go to court, the jury says "Not guilty" and the police still keep your prints on file! When I was a lad, if you were found not guilty it meant that you hadn't done the crime. Now the government assumes that you did commit the crime, but they just can't prove it.
Many of us thought it couldn't get worse, but we didn't count on jackboot Blunket who has now allowed the police to keep the prints of anyone who is arrested. Since the police can arrest anyone they want for practically anything, they can now get and keep the prints of anyone they don't like the look of.
Of course, this is all a moot point since Blunket's proposed compulsary ID card scheme will use fingerprints. Now, when I first heard about this I assumed that they would record perhaps two or three fingers from each person like we do for the readers on some of the secure computers at work, but no, apparently the trials currently being run involve taking all ten prints. Funny that!
Re:Law Enforcement - RFID RANGE (Score:3, Informative)
The simplest RFID is the magnetic foil in the "don't steal me" package in stores. It has no information, but just notes that "I'm here" by absorbing some power from the transmitter.
The "smart" RFID with information to send back, receives power from the external interrogator transmitter, turns on, decodes up to 128 bits (privacy) from the incoming signal to determine if it should respond, reads some or all of its memory, and responds as requested. The amount of memory is not limited, so fairly detailed pictures could be there. Units that turn on like a radio receiving signals need a battery. They can potentially transmit longer distances since they contain their own transmitter.
Circuits on the device must protect from too much received power and turn off until the power decreases.
The range is based on the frequency and the size of the receiving and /transmitting coil along with the method of operation. Passive types modulate the received signal by drawing power from it. Larger antennas are needed for longer distances, and that is the reason for the big antennas you walk through next to doors in stores. Units with their own battery can transmit further, but are limited by battery life.
There is obviously a lot more to this, but I just wanted to give a little more information.
Re:Or, on the other hand for target selection (Score:1, Informative)
ICAO specifications for the biometric passports (Score:1, Informative)
Here [icao.int]
Now go and read into it.
Your lack of vigilance for freedom is disgraceful (Score:1, Informative)
That is not a reasonable tradeoff to me. If you want to make that tradeoff for yourself, fine, but the government forcing everyone else to make that trade-off makes the country a prison for people who want privacy. The nation's founders fought and died specifically for freedom from excessive government searches among other things. You might as well be pissing on their graves by what you say. Thanks to them, saying it is your right, but, it's disgusting to see a stooge unwittingly pissing away what they fought for you to have.
My government carefully watching, screening, and fingerprinting its own citizens is unconscionable.
Wake up! Fingerprints are now required for drivers licenses in California, Colorado, Georgia, Hawaii and Texas. California and Texas are over a fifth of the US population.
Don't buy it (Score:3, Informative)
Re:ID... (Score:2, Informative)
Despite my knowing that an RFID is sending only the serial number (and only for a few inches and no further), I am still against this. It provides little, if any, benefit and opens up additional levels of exploitation.
With these new, so-called "safeguards" in place, the customs agents could get to trust that when they see their database show up with the same information as is on the passport that they are looking at the proper person. It offers nothing but a false sense of security. False senses of security are often exploited.
Re:ID... (Score:2, Informative)
RFID is sending out a number only. It is the serial number of your passport. The reader would then have to look this number up in a database for any info. RFID does not and can not send "name, age, photo and home address".
FTFA:
The RFID passport works like a high-tech version of the children's game "Marco Polo." A reader speaks out the equivalent of "Marco" on a designated frequency. The chip then channels that radio energy and echoes back with an answer.
But instead of simply saying "Polo," the 64 Kb chip will say the passport holder's name, address, date and place of birth, and send along a digital photograph.
While none of the information on the chip is encrypted, the chip does also broadcast a digital signature that verifies the chip itself was created by the government. Security experts said the U.S. government decided not to encrypt the data because of the risks involved in sharing the method of decryption with other countries.
That's not at all what it sound like to me.