Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy United States

American Passports to Have RFID Chips 668

pr1000 writes "Wired is reporting that the State Department is planned on adding RFID chips to new American passports, starting with diplomat's passports in January. Those worried about the privacy concerns of RFID should take notice, as this rollout could set a precedent."
This discussion has been archived. No new comments can be posted.

American Passports to Have RFID Chips

Comments Filter:
  • Bruce Schneier (Score:5, Informative)

    by Ann Elk ( 668880 ) on Friday October 22, 2004 @05:12AM (#10596354)

    Bruce Schneier has made some interesting observations [schneier.com] on the RFID passport plans. Somehow, I do not see how this could possibly make us "safer".

    • Re:Bruce Schneier (Score:4, Insightful)

      by stoney27 ( 36372 ) * on Friday October 22, 2004 @06:22AM (#10596629) Homepage
      He had some great points about why the Bush Government would want this.

      My first question is there a way I could make/buy a shield that mask the RFID signal? I can see a case like I have my palm in that would shield my passport until I gave it to the Custom Agent.

      I wonder it my new passport will have this I just sent in my renewal paperwork...

      -S
      • Re:Bruce Schneier (Score:3, Insightful)

        by jellomizer ( 103300 ) *
        Ok you wait in line to have your passport checked. I will happily go threw the reader with my passport safely on my person. With a little green light that says it is OK for me to enter the US or even other countries.
        • Re:Bruce Schneier (Score:5, Insightful)

          by stoney27 ( 36372 ) * on Friday October 22, 2004 @06:56AM (#10596781) Homepage
          Ok you wait in line to have your passport checked. I will happily go threw the reader with my passport safely on my person. With a little green light that says it is OK for me to enter the US or even other countries.


          Of course nothing stopping me from walking up to the reader and opening my shielded case and walking through.

          But while you walk around with a non shield RFID the CIA will know exactly who you are and able to add notes to your passport with out your knowledge.
          -S
      • by LincolnQ ( 648660 ) on Friday October 22, 2004 @07:38AM (#10596988)
        You can build an RFID tag that will DOS the system, but you first need to know how RFID works.

        The RFID tag is simply a sequence of bits. You can ask about portions of its tag -- "do you start with sequence X". There is no way to communicate with only one tag; if you send a request, all tags in range hear it and send an affirmative signal if they do start with that sequence (and nothing otherwise).

        When a reader needs to scan many RFID tags at once, it sends a signal saying 'Whose next bit is a 1?' and 'Whose next bit is a 0?' and counts the chirps for each response. When it gets zero chirps, it knows to stop (there are no tags with that ID). If it gets only one chirp, it has found a unique tag and records it. Otherwise, it recurs down both trees.

        If you build a device that always says 'yes' to both questions, the reader will have to recur down both trees 'forever' or give up until you leave range.

        This seems to have the desired effect of preventing RFID scans without your knowledge, and it would certainly be handy to be able to turn it off at will.

        LincolnQ
        • Hmm. I think I know what the next million-dollar key-fob will be...

          RFID-be-gone anyone?

  • by joelethan ( 782993 ) on Friday October 22, 2004 @05:13AM (#10596358) Journal
    October 2005: The State Department announced it was going to add RFID chips to all new Americans.

    And you thought it was just a Vitamin K shot.

    /joelethan

    • by gerddie ( 173963 ) on Friday October 22, 2004 @06:02AM (#10596555)
      Revelation 13 (16-17)
      And it causes all, both small and great, rich and poor, free and bond, to receive a mark on their right hand, or in their foreheads, even that not any might buy or sell except those having the mark, or the name of the beast, or the number of its name.

      The bible always makes a good reading - not that I am a beliver, or so.
      • Well, when the government starts mandating that all passports be stapled to the bearer's forehead, I'll start worrying.

        RFIDs are getting us further from Amageddon. No longer will they be stamped on out foreheads or right hands, but they will be able to read the number of the beast straight from our pocket. Thus, we will have averted Armageddon.
  • Tracking... (Score:5, Interesting)

    by spagetti_code ( 773137 ) on Friday October 22, 2004 @05:14AM (#10596363)
    I'm a frequent US visitor who has been fingerprinted and photographed. It didn't feel good, but its not like we have a choice.

    This new step is another step towards control - remember, that is what this is all about. Bad guys get around the system - the 9/11 guys were all bona-fide visitors. Good guys, which is everyone else, gets tracked and watched.

    I'm glad I'm outside the country 8+ months of the year.

    • Re:Tracking... (Score:5, Interesting)

      by isorox ( 205688 ) on Friday October 22, 2004 @07:24AM (#10596921) Homepage Journal
      I dont mind the Yanks fingerprinting us. I just think that we should return the favour. Arrive by plane (to the UK), three queues:EU citizens (10-20 minute queue, quick glance), World Citizens (few more questions), Americans (5 hour interrogation, lock you up as a potential terrorist if you have a cowboy hat on overnight and send you back)

      Do as to others etc. Not that Blair would ever upset Bush though, I wonder what will happen if Kerry gets in...
      • Re:Tracking... (Score:5, Interesting)

        by arivanov ( 12034 ) on Friday October 22, 2004 @08:32AM (#10597317) Homepage
        Russians tried it. They have it as a law. Any visa or entrance measure is strictly bi-lateral. If a country enforces additional checks on Russian citizens, the Russian government has no other choice, but to implement the same checks reciprocally within 1 year. So watch for Russians taking american fingerprints till the end of the year. That will be fun. Almost as fun as around the end of the Clinton administration when the americans introduced an additional 100$ processing fee for Russians. Russians immediately replied. Americans retalliated by raising it to 300$. Russians replied. IIRC Americans raised it to 500$ for a few weeks before waiving it completely. I had to travel to the US (visa payed by my american employer) at the time. The dept director was close to "having kittens" after getting the demand for 300$. I think it reached as far as the company writing a letter to some congresscritters and the State Department to get a grip on reality and stop the pissing match.
  • I don't know this for sure, but wouldn't the RFID just bust out a number as an anti-counterfeit device? I mean, it's not like you're going to be broadcasting your personal information... right?? Are we worried about people replicating the rfid in fake passports? Because if we are, I just see it the same way I see any of the replicable content of the US passport.
    • Re:RFID Worries... (Score:5, Informative)

      by frdmfghtr ( 603968 ) on Friday October 22, 2004 @05:38AM (#10596469)
      From the article:

      New U.S. passports will soon be read remotely at borders around the world, thanks to embedded chips that will broadcast on command an individual's name, address and digital photo to a computerized reader.

      Any questions?
  • Failure (Score:5, Interesting)

    by ttys00 ( 235472 ) on Friday October 22, 2004 @05:15AM (#10596368)
    What happens when these chips fail? Do you get locked up for tampering with a Federal document, or some crap like that?
    • Re:Failure (Score:5, Funny)

      by Hadlock ( 143607 ) on Friday October 22, 2004 @05:18AM (#10596382) Homepage Journal
      Exactly! I mean, I've been known to toss my passport in the microwave with my easy mac from time to time - if that RFID tag gets toasted, it's not my fault!
    • Re:Failure (Score:4, Interesting)

      by selderrr ( 523988 ) on Friday October 22, 2004 @05:28AM (#10596428) Journal
      That is not the core problem. The issue is that IF the gov claims these tags to be secure (which they will), and your tag gets copied by someone (which, if ever feasible by criminals, can be done wirelessly, so you can't protect yourself unless you start wrapping foil around your wallet. But that would beat the purpose of the RF in RFID) you have very little means left to protect yourself.

      And even worse : who will be blamed if your tag is stolen ? You ? The gov ? Certainly not the crooks as they usually get away with everything. My guess is that the new passport will carry a EULA that shifts all responsabilities to the carrier.
      • Re:Failure (Score:4, Interesting)

        by mpe ( 36238 ) on Friday October 22, 2004 @06:30AM (#10596669)
        The issue is that IF the gov claims these tags to be secure (which they will), and your tag gets copied by someone (which, if ever feasible by criminals, can be done wirelessly, so you can't protect yourself unless you start wrapping foil around your wallet. But that would beat the purpose of the RF in RFID)

        There has never been a document which cannot be forged. Even if such a mythical document could be created there is still the problem of criminal gangs getting a foothold in the issuing of "real" documents, through either getting a job with the issuing agency or bribing/blackmailing existing employees.

        And even worse : who will be blamed if your tag is stolen ? You ? The gov ? Certainly not the crooks as they usually get away with everything.

        When it comes to identity theft the "crooks" include foreign governments. Even when they get caught, as recently happened in New Zealand, all they got was a few months in jail...
      • Re:Failure (Score:3, Funny)

        by viktor ( 11866 )

        [...]unless you start wrapping foil around your wallet. But that would beat the purpose of the RF in RFID

        And here I was, thinking that "RF" meant "wRapped in Foil"...

  • Simple solution (Score:5, Informative)

    by polysylabic psudonym ( 820466 ) on Friday October 22, 2004 @05:15AM (#10596369) Journal
    Turn your bag into a faraday cage [wikipedia.org], keep your passport in your bag.
    • Re:Simple solution (Score:3, Interesting)

      by Anonymous Coward
      In my country, such faraday-cage bags have been out-lawed in several cities. As they (might) block your personal information from traveling outside of that bag, they allso block the signals of anti-theft RFID components going the same way.

      The reasoning is that if you (want to) block those signals, you're probably out attempting to steal something ...
    • by maxwell demon ( 590494 ) on Friday October 22, 2004 @05:31AM (#10596443) Journal
      Or just carry your passport in your tinfoil hat.
  • Schneier's Take (Score:3, Informative)

    by Anonymous Coward on Friday October 22, 2004 @05:19AM (#10596388)
    Bruce Schneier's latest CryptoGram newsletter [schneier.com] has an intelligent take [schneier.com] on the idiocy of this idea.
    RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that anyone carrying around an RFID passport is broadcasting his identity.

    Think about what that means for a minute. It means that a passport holder is continuously broadcasting his name, nationality, age, address, and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers, and terrorists can easily -- and surreptitiously -- pick Americans out of a crowd.
    (Personally, I find the garish clothes, arrogant demeanour and lack of any interest in speaking local languages enables us to do this pretty easily anyway).
  • by mrjb ( 547783 ) on Friday October 22, 2004 @05:20AM (#10596397)
    When you show your passport at the airport or as means of identification at a bank, for instance, the same privacy issues arise, RFID or not.

    Sure, RFID can be read from a distance, but many of us seem sooooo worried about RFID and yet happily keep carrying a mobile phone, willingly pay by card or withdraw money from an ATM, and get in view of security cameras. No tinfoil hat is going to protect against that.

    If there are privacy issues, it is because someone decides to abuse the technology, RFID or not.

    If you want privacy, pay cash only, stay home, don't use phones, and don't do anything that requires identifying yourself.
    • by Space cowboy ( 13680 ) * on Friday October 22, 2004 @05:55AM (#10596530) Journal
      Whereas I think the addition of RFID chips to passports is simply another incremental step, and passports are in fact there to identify you anyway, if you take a step back and read your last paragraph
      If you want privacy, pay cash only, stay home, don't use phones, and don't do anything that requires identifying yourself.
      What part of that is 'freedom' ? When did the USA go from 'the land of the free' to the 'spy on me any which way you want' ?

      Hell, it's your country, your politics, your ideals, and your decision; I don't really care - it's mainly a curiosity for me that sociological values can change so rapidly.

      I've just obtained a visa for the US, and had to give my fingerprints - I was curiously antagonistic towards this, and again it's nothing more than another incremental step. After thinking about it for a while I realised it's nothing to do with privacy, it's that I mentally associate being fingerprinted with being a criminal.

      I felt I'd been judged and summarily convicted of something (what, I don't know, being an alien perhaps). As a reasonably law-abiding citizen (ok, I admit I sometimes exceed the speed limit on a motorway :-) it offended me at some deep level mainly because of that association - you *never* have to give fingerprints in the UK unless you've been caught breaking the law... Of course if "Stalin" Blunkett gets his way, that will all change...

      Simon.
      • you *never* have to give fingerprints in the UK unless you've been caught breaking the law

        Not strictly true. In the UK you can be made to give your fingerprints if you are arrested. That is not the same as being caught breaking the law, since plenty of innocent people get arrested. Now, once upon a time this didn't matter a great deal, since the police could only keep your prints if you were subsequently convicted and since most innocent people who are arrested are not convicted the odds were that your

    • If there are privacy issues, it is because someone decides to abuse the technology, RFID or not

      Identity theft is already a serious problem, and RFID tags just make people more vulnerable. Imagine if someone copied your tag and then commited a crime.

      There's also abuse of the information by public officials. Throughout history there are instances of people abusing so-called private information. For example, a police officer accessing information on the cute girl who lives next door.

      The more centralized
  • by maxwell demon ( 590494 ) on Friday October 22, 2004 @05:26AM (#10596418) Journal
    From the article:
    Security experts said the U.S. government decided not to encrypt the data because of the risks involved in sharing the method of decryption with other countries.

    And those very same security "experts" obviously don't know that there are methods for secure encryption known throughout the world even now? You don't need to be an expert to know that!

    And no, I can't see any other explanation. It cannot be the possibility of unallowed reading of the data: That's even easier if the data isn't encrypted at all. And it cannot be the possibility of making forged passports: Having data not encrypted makes this not any harder than having it encrypted with a known encryption.

    Even in the worst case scenario, when the decryption key was made public by some other state, the situation couldn't get worse than without any encryption at all. Of course, the USA could just decide not to give the key (or any specification at all) to countries they don't trust. Those countries would then just have to do what they do now: Rely on the non-RFID portion of the passport (which is currently all that is in a passport).

    So there is really no excuse to store unencrypted data on the RFID chip.
  • by cardpuncher ( 713057 ) on Friday October 22, 2004 @05:29AM (#10596435)
    When your clothes have RFID chips and your passport and driving license and you're in an environment where everything else has been chipped, are the scanners going to be able to pick up anything but noise?
  • by doodlelogic ( 773522 ) on Friday October 22, 2004 @05:31AM (#10596445)
    As US passport authorities are indirectly forcing the rest of the world's governments to include biometrics in their passports (otherwise they will be denied the Visa Waiver Program).

    Seems only fair that similar invasions of privacy should be imposed on Americans too. What's good for the goose...
    • US passport authorities are indirectly forcing the rest of the world's governments to include biometrics in their passports

      And crap (well even more crap than the usual crapulatity of biometrics) biometrics at that. BBC report about tests of the system [bbc.co.uk].

      What I can't work out is the motive for enforcing face recognition biometrics. Human beings are so good at face recognition and machines so bad at it that it's hard to believe anyone would propose such a system unless there was some other payoff, but I can

      • What I can't work out is the motive for enforcing face recognition biometrics.

        Well for the UK government the reason is 'because it's new and a very nice man from [insert name of big IT company] told us that everyone would want it next year.'

        The British government must be the World's largest consumer of bad IT projects - a magistrates' courts system that had to be abandoned, a procurement system for the Ministry of Defence that didn't procur, passports not being issued, tax refunds not paid, child sup

  • by ForestGrump ( 644805 ) on Friday October 22, 2004 @05:35AM (#10596458) Homepage Journal
    I'll just microwave my passport like I do with my cash. [prisonplanet.com]

    Grump
  • by a24061 ( 703202 ) * on Friday October 22, 2004 @05:38AM (#10596473)
    As I said last time this was mentioned, this will let terrorists to create a bomb triggered by the presence (within the RFID's readable range) of someone of a specific nationality.

    So the US government is making it easier for people to target its own citizens. Nice.

  • by newt ( 3978 ) on Friday October 22, 2004 @05:43AM (#10596490) Homepage
    RFID chips can be read from up to 50 feet away. Sure, most readers only work from a few inches, but there is off-the-shelf equipment available for a moderate number of dollars with a much, much greater range.

    So, lets assume that the RFID chips in US Passports will be readable from "a long way away". Doesn't matter if it's 10 feet, 20 feet or 50 feet. Lets just say it's more than a few inches.

    What does this mean? It means that a bomber with a moderate budget could build a detonator for an explosive device which goes off when it can detect the presence of an RFID chip.

    It doesn't need to actually read the chip (lets assume the passport data is encrypted), it just needs to know it's there.

    Furthermore, it could count the number of unique RFIDs which are currently in range, and only detonate the explosive when enough of them are seen at the same time.

    It could be planted days, weeks or months in advance, and it'd sit there until its batteries ran down waiting for the right moment to go off.

    The result is a bomb which only goes off when a sufficiently large density of American citizens is present.

    - mark


    • Why wait? They could do it now with the RFID in $20 bills. Hey, by counting number of unique IDs, they could target only wealthy Americans.

    • by Fantastic Lad ( 198284 ) on Friday October 22, 2004 @10:17AM (#10598298)
      People who still believe in the illusion of 'terrorists' at this point are being willfully blind.

      The 'terrorists' upon whose actions all of this insane police state nonsense is based were funded and manipulated by both the U.S. and Israel specifically because the psychopaths in power want to stay in power so that they can have all the money, power, sex and cocaine. Having to work for a living, or serve in the military [rense.com], is scary for them, and so they choose instead to trick all the trusting citizens into believing in 'terrorists'.

      Anybody who looks at the details clearly will see the manipulation.

      Remember the 'terrorist' passport they, 'found' on top of the smoking remains of the WTC?

      That is just one of a hundred loose threads, and if it doesn't get your brain ticking, then you are either sleeping or dead, and you richly deserve the hell you are seeing rise around you.

      "Oooh. But Conspiracies don't exist! It's impossible for a large number of people to keep a secret!"

      Yeah? What the heck does that prove? NEWSFLASH: Conspirators do not NEED to keep secrets when the populace has been brainwashed into constantly looking the other way whenever a piece of evidence pops up.

      People would rather fight and yell and argue in favor of the psychopathic manipulator rather than deal with the truly awful possibility that they are being raped. This, in fact, is exactly the reason psychopaths are so dangerous. Normal people are hardwired into certain behavioral traits which make them excellent marks for this sort of manipulation.

      Any 'terrorist' who uses RFID passports to blow up Americans will be doing so with the consent of the military industrial complex, and your spreading of fear is making those jerks giddy with the joy of a mind-job successfully executed.

      I have to live in this world, too, and imbeciles like you are contributing to the misery smart people also have to deal with. Arrogant? Gee, sorry. I'll just quietly go off to a barbed wire camp so you don't have to feel like an idiot.


      -FL

  • by Serious Simon ( 701084 ) on Friday October 22, 2004 @05:44AM (#10596492)
    If no encryption is embedded in the RFID tags, and the signature is done as a secret calculation on the data, you could copy all the data including the signature.

    Of course it will be difficult to change the data and create a fake passport, but you could copy the tag from someone else's passport (without their knowledge) and use it in identity theft.

    A complication would be that blank RFID tags cannot be obtained with the same serial number (current RFID tags mostly have unique serial numbers that are pre-programmed by the chip manufacturer). I would expect that the serial number is included in the signature calculation.

    However, you could still build your own functionally equivalent "RFID tag chip" using off the shelf logic components and program any serial number you like. It would not be as compact as a real RFID tag, but it could be used in situations where the tag would be read without being visible.

  • by RotHorseKid ( 239899 ) on Friday October 22, 2004 @05:45AM (#10596496) Homepage
    Does anyone else smell a business opportunity for Radio-shielded passport sleeves?

  • by Ingolfke ( 515826 ) on Friday October 22, 2004 @06:19AM (#10596617) Journal
    Wrapping a tag in aluminum foil blocks the radio waves and prevents a tag from being identified. -
    RFID Hack Could Allow Retail Fraud [eweek.com]

    Most of the concern seems to be around unauthorized person reading the RFID chip. According to this article blocking RFID chips is very easy to do if you have physical posession of the chip. Just wrap it in tinfoil. It would seem that someone would make a bag/box/pouch that would store your passport and protect it from being read w/o authorization. When you were in an area that required that you show your passport, the airport for example, you would just take the passport out of the bag. Sounds like a $19.95 solution to me.

    I guess if you took your passport out at the hotel or some other place like that you could be "vulnerable". Maybe this solution [wired.com] from RSA woul help?

    It does seem like the solution here is not to say "no RFIDs in the passports", but actually to ensure that there is a way to easily control when the tag is read. And there seem to be several solutions available.
    • by commodoresloat ( 172735 ) on Friday October 22, 2004 @06:31AM (#10596671)
      It does seem like the solution here is not to say "no RFIDs in the passports", but actually to ensure that there is a way to easily control when the tag is read. And there seem to be several solutions available.

      Yes; there's a solution called the "bar code," and it doesn't require any damned RF technology. Why bother using RFID if it isn't to be able to read the thing at a distance? If you're going to have to take it out of the pouch to deliver the information, they might as well have to run a barcode scanner over it as well.

  • by Advocadus Diaboli ( 323784 ) on Friday October 22, 2004 @06:24AM (#10596633)
    Sorry for the "stupid" question in the subject line, but so far I (as an European citizen) was told that the USA is a democratic system. So I guess that the US citizens should be able to express their discomfort about RFID tagging in the upcoming elections. Just a thought of a naive European...
    • by AK Marc ( 707885 ) on Friday October 22, 2004 @12:18PM (#10599669)
      So I guess that the US citizens should be able to express their discomfort about RFID tagging in the upcoming elections.

      That isn't an option. We can't tell our representatives what to do, only select from the slate provided and pick one. We may tell them what we would like, but they are not required to do it. So no, we have absolutely no direct say on such topics. And since most Americans care more about whether we will allow use of stem cells for medical research or whether abortion will be a medical proceedure or if the puritanical elements get it relegated back to the alleys, we will never see such issues at the forefront. In fact, any candidate that comes out in opposition of the RFIDs will be branded a traitor to America that is soft on crime and terrorism that will get us all killed if elected. I hope this insight into the American political process helps. RFIDs are here to stay. The businesses like them, and they run the US, not the people that vote.
  • by Fantastic Lad ( 198284 ) on Friday October 22, 2004 @06:25AM (#10596641)
    that my leg was hurting. I had this zit-like sore. When I looked at, a light started blinking under the skin.

    Horrified, I dug out the offending material. It was one of those RFID chips the "Size of a grain of rice", --but in my dream it was more the size of a glass bean. It was also filled with lots of scary techno-bits and pieces whirring and blinking inside. Special effects in dream scapes tend to be a little over the top.

    Heil Shrub.


    -FL

  • by reallocate ( 142797 ) on Friday October 22, 2004 @06:59AM (#10596794)
    Let's see...I use my credit card to buy a two-week tour package to Europe. The package includes airline reservations, hotel and restaurant reservations, a seat on a tour bus, and tickets to a couple of London shows. How's an RFID chip going to affect my privacy?

    BTW, it's an especially good idea to add the chip to diplomatic passports. Passports can be, and are, counterfeited, so the chip will help to ensure authenticity.
  • UK too (Score:3, Interesting)

    by t_allardyce ( 48447 ) on Friday October 22, 2004 @07:23AM (#10596916) Journal
    Were getting the same thing in the UK starting 2005. I put my passport in the wash the other day so need to get a new one and I wasn't sure what the deal was with biometrics, I vowed not to get one if they already had fingerprint or iris data, I just feel that's totally uncalled for, especially since fingerprint theft could involve cutting off someone's fingers. So far its only going to be facial recognition which I don't really care about - passports already have your picture on them and this is basically just a very very expensive system to do exactly what a human does already. Its already a failure [bbc.co.uk] and the money has probably already been spent (the new trend these days is to spend £150M on some new system and then have the company say "erm it doesn't work, sorry, thanks for the money". I got a very big-brother-esq leaflet with my forms that told you exactly how to look for your photo - remember DO NOT smile, DO NOT frown, Look directly into the camera with a neutral expression and think about 9/11 damit! Hopefully they won't be dicks about it, if I go through check-in and the computer says I don't look like myself WTF are they going to do? Look at my photo and say "hmm you look like the photo but the computer says no, im sorry"

    The data should be covered by the DPA so if I ever get a passport with a chip i'll be sure to ask for a printout of what's on it. I don't know if these will be RFID chips or not, i'd hope not, it will only be a matter of time before someone's passport is stolen while its still in their pocket.
  • by AWhistler ( 597388 ) on Friday October 22, 2004 @07:47AM (#10597029)
    If you're worried about the RFID tags being detected wherever you go, consider this...

    If you put your passport in a static bag, wouldn't it act like a Faraday cage and shield your passport from being detected?

    If so, and I haven't tested this (anyone wanna try?), then if you upgrade the RAM in your PC you should be "protected" from these RFID privacy problems.
  • by hey ( 83763 ) on Friday October 22, 2004 @08:36AM (#10597340) Journal
    Schneier wrote [schneier.com]:

    The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners.

    Annoying.
  • by YouHaveSnail ( 202852 ) on Friday October 22, 2004 @09:09AM (#10597640)
    Maybe a way to deal with RFID is to take a page from Microsoft's playbook. We should "embrace and extend" RFID.

    Embrace it. Cover yourself in so many RFID devices that a scanner simply can't read them all reliably. I have no sense of how many that might be, but it would seem technically difficult to scan several thousand devices all at once. At a nickle per, you're really only talking about a couple hundred bucks even if you have to buy the devices yourself. With stores like Walmart essentially giving them away, you might not even have to do that. Sew them into your jacket or something so that when someone scans you, they're greeted by a cacophony of garbage signals.

    Extend it. It won't be long before someone figures out how to either a) make their own RFID devices or b) modify existing ones. And there will be a window of opportunity before Congress makes doing so illegal. If you can make a chip that matches another, you can appear to be someone else. Or to be in two places at once. Or to teleport across a store or a country in a heartbeat.

    Now, I certainly wouldn't suggest tampering with a device in a passport, of course, but the possibilities at Walmart are pretty interesting.

    Even if you just buy legit devices from existing manufacturers, RFID can and will be used to consumers' benefit. RFID chips could be hidden by investigative journalists in products returned to stores and then used to prove that the store turns around and sells the item as "new" again. Not a big deal for a book, perhaps, but interesting when the item is, say, a car or a mattress or a rump roast.
  • Don't buy it (Score:3, Informative)

    by deblau ( 68023 ) <slashdot.25.flickboy@spamgourmet.com> on Friday October 22, 2004 @11:17AM (#10599018) Journal
    I do believe RFID will make passports harder to forge. That seems clear enough. But why broadcast your name and address? Why not broadcast something like the passport number? Without looking at the info on the inside, they may be able to track you by number, but not get your name, address, or other personally identifying information without the kind of work that they'd have to do right now to get that information. In addition, countries could store databases of just the passport numbers that they want to watch (or pass thru), without the associate personal data. Everyone not in the database gets the standard interview questions.
    • Easier to Forge (Score:4, Insightful)

      by MonkeyCookie ( 657433 ) on Friday October 22, 2004 @12:21PM (#10599711)
      It seems to me that it will eventually make it easier to forge Passports.

      People are lazy and cheap.

      The government doesn't want to have to pay a bunch of agents to look at passports and agents don't want to have to look at passports all day long. I predict that with RFID chips embedded in passports, there will just be devices that you wave your passport near and they will check to see its validity. There will be a security guard nearby to jump on anyone that fails the scan, but nobody will be actually looking at the passports.

      Along come Mr. Forger. He no longer needs to concentrate on making special paper, holigrams, and the like: all he needs to do is make it look decent and put a good RFID chip inside.

      The only problem: where to get some valid RFID numbers. That's easy! Just hang out at the airport for a few hours with an RFID scanning device, brushing against people and scanning their passports. Then take home the numbers and create some RFID tags with them.

      This wouldn't work as well if a picture popped up on a security guard's screen so that they can verify the holder of the passport looked like what they had on file, but...people are lazy.
  • Dangerous? (Score:3, Interesting)

    by Steffan ( 126616 ) on Friday October 22, 2004 @11:29AM (#10599149)
    In many countries in which I have lived, as a U.S. citizen it is not always in your best interests to broadcast the fact. This technology could give potential adversaries information on who you are, and where you are, making it easier to target Americans, even those who are not acting / dressing like it. Potentially, it could even be used to track you in a crowd, etc., making possible more targeted muggings / robberies / kidnappings.

Trap full -- please empty.

Working...