Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Privacy Security

Tin Foil Passports? 264

Daedala writes "The debate over contactless chips with biometric information in passports continues. Vendors have been chosen for testing in the U.S. and Australia. Privacy advocates are still arguing about the measure, as are security reporters and bloggers. The specs themselves are interesting, to say the least. The EETimes says that in interoperability tests, the potential chips could be read from 30 feet away. However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.' Don't they know that the whole tinfoil hat thing is supposed to be a joke?"
This discussion has been archived. No new comments can be posted.

Tin Foil Passports?

Comments Filter:
  • by paganizer ( 566360 ) <thegrove1&hotmail,com> on Saturday November 27, 2004 @12:07AM (#10929328) Homepage Journal
    A charged layer of tin foil will block most electromagnet signals, AKA Farrady cage.
    a simple layer just won't cut it, though.
    • by paganizer ( 566360 ) <thegrove1&hotmail,com> on Saturday November 27, 2004 @12:13AM (#10929357) Homepage Journal

      I can't believe I spelled it farraday. did I think those measurements I was taking all the time were in farrads? sheesh.
      I was in a rush to get first post. some example FARADAY cages are here [hollandshielding.be], here [unitedstatesaction.com] and here [edinformatics.com].


      • by gladbach ( 527602 ) on Saturday November 27, 2004 @02:36AM (#10929783)
        actually, shoplifters have been using this method for a while now. same kind of concept.
        • actually, shoplifters have been using this method (wrapping in tinfoil) for a while now. same kind of concept.

          Can anyone confirm if this really works?

          My mother has one of those electronic passes for the toll highway she takes to work and back. The pass comes with a metallized plastic bag into which the user is supposed to place it when she does not want the toll booth to automatically detect and charge (as in money) the pass.
          I am not sure if that device uses RFID, but the basic principle is simil

          • She noticed that the way the tollbooths (both entering and leaving the highway) responded differently when she had the pass in the bag than when there was no pass in the car.

            Different how? All I've ever seen tollbooths do is say "EZ Pass. $x.xx. OK" and then raise the barrier. Did start to raise the barrier, hesitate, bring it back down and then say "Um. yeah. no ezpass. wink wink"?

            • Different how? All I've ever seen tollbooths do is say "EZ Pass. $x.xx. OK" and then raise the barrier. Did start to raise the barrier, hesitate, bring it back down and then say "Um. yeah. no ezpass. wink wink"?
              Not all that far off. The tollbooth gave some message that meant that it had detected the Transpass (I don't remember the details of the message), but did not charge the trip to the transpass, and my mother had to pay in order to get through.

              --Mark
          • I can confirm that this works. My day job is as a smart card consultant for a very large computer company. I have a large stack of dual interface (ISO 7816 contact and ISO 14443 type A contactless) cards sitting next to me. If you cover a card in tin foil it no longer can communicate contactlessly. One layer on one side of the card seems to be plenty.
    • by quarkscat ( 697644 ) on Saturday November 27, 2004 @12:24AM (#10929410)
      A tin foil wrapper should actually work,
      as well as a lead foil wrapper. Better
      still, save the metallized ziplock bag
      that your video card probably came in,
      and use it. Dual purpose -- keep RFI
      out, as well as moisture. If you have
      money to burn, buy a nice gold or silver
      cigarette case of the right dimensions.

      BTW: I don't think that you would actually
      need to drag a chain behind you to stay
      at earth ground -- that's what the Faraday
      cage does. Old fashioned Faraday cages did
      have problems -- they generally use a wire
      mesh of some particular size, which doesn't
      stop ALL RF signals. That is why all the
      "spooks" use walk-in steel safes ...
      • by dougmc ( 70836 ) <dougmc+slashdot@frenzied.us> on Saturday November 27, 2004 @01:59AM (#10929707) Homepage
        Better still, save the metallized ziplock bag that your video card probably came in, and use it. Dual purpose -- keep RFI out, as well as moisture.
        The anti-static bags that computer cards come in do very little to stop RF. Doubt this? Put your cell phone in one, then call yourself. It'll work fine. Tin foil will work *much* better, and no, it doesn't need to be grounded. (In fact, grounding will have no effect.) Again, this is very easy to test -- just wrap your cell phone (or any other radio) in tin foil -- it will not work.

        Anti-static bags have high resistances. They're not completely insulators, but not good conductors either, and a Faraday cage needs a good conductor. Their high resistances allow static electricity (with many thousands of volts) to drain off, slowly. Tin foil *can* be used instead of an anti-static bag, but 1) if your circuit has potential somewhere (like a battery, or a charged capacitator) the tin foil will basically short circuit this, which is bad, and 2) it tends to look like a wad of tin foil, which may get thrown away as trash :)

        I don't think that you would actually need to drag a chain behind you to stay at earth ground -- that's what the Faraday cage does.
        A Faraday cage really has nothing to do with Earth ground. It certainly does not have to stay at the same potential as the Earth unless it's somehow connected to the Earth, and it'll equally as well connected or not connected to the Earth.
        Old fashioned Faraday cages did have problems -- they generally use a wire mesh of some particular size, which doesn't stop ALL RF signals.
        There's nothing `old fashioned' about any of this -- the first Faraday cage was built in 1836, and once the radio was invented, it was learned not long after that a Faraday cage will block any RF who's wavelength is much larger than the gaps in the cage. I'll bet this was known (and probably understood) long before 1930 or so. People use Faraday cages with a wire mesh today because it does what they need it to do. To do more would cost and weigh more, and might cause other problems (like not let air in, etc.) -- it's as simple as that.

        Faraday cages block *electrostic* fields, and you really don't need a tight mesh at all for this. Even your car makes a reasonable Faraday cage. Blocking RF is an added bonus, but for that, you need to make sure the mesh is a good deal smaller than the wavelength of what you need to block.

        So, if you need absolute protection against all frequencies of electromagnetic radiation, then you use something with no holes at all. If you also want to block magnetic fields (as the government will want to do to completely prevent TEMPEST attacks and such), then you'll make it out of something magnetic (mu-metal is ideal) and thick. And heavy, and expensive. But secure.

    • here's the inventor

      http://rave.ca/data/gallery/012596.jpg
    • I'm not sure which is more worrisome, one that they are so cavalier about leaving unencrytped biometric information one is force to reveal (to get a passport) or that they actually beleive tinfoil solves the issue.

      why does tin foil not solve the issue? well in most european countries you have to hand over your passport to get a hotel room. Presto, the passport reader can work.

      likewise their other solution, putting a printed password inside the passport is equally broken. Again the hotel has access t

      • They should use some optical mehtod...say, a picture, and printed text :P

        Seriously though, they could use some type of barcode system like the UPS and FedEx use..but with data compression, if it's not already. If they laminated it, and used big enough dots, it should be fairly robust.

        I'm not a fan of magnetic data storage since magnets are too common. Although, they could use a high coercivity strip...still though.
        • OCR-Line (Score:5, Informative)

          by Confused ( 34234 ) on Saturday November 27, 2004 @05:05AM (#10930041) Homepage
          I'm also totally baffled by this RFID craze.

          European Passport have at the lower edge a line printed with the OCR-B font which encodes all the necessary data from the passport. All border stations have a small OCR scanner to swipe passports.

          This system is simple, robust, easy to verify in case of inconsistency (eg the reader reads something else than the rest of the passport shows) and quite cheap to implement both on the passport and for the reader.

          To top it off, the system raises very few privacy concerns, as the content of the encoded line is the same as the human readable part and everybody can easily verify this. No secret data hidden there.
          • Re:OCR-Line (Score:4, Interesting)

            by h4rm0ny ( 722443 ) * on Saturday November 27, 2004 @09:51AM (#10930693) Journal

            I'm also totally baffled by this RFID craze.

            I'll offer two non-mutually exclusive reasons.

            First possibility: Someone can make money out of this. We therefore have an incentive for some parties to play up the supposed advantages of this technology.

            Second possibility: Some people at "the top" aren't very tech savvy and are easy prey for the former group.

            Third possibility: Some people at the top are under constant pressure to be doing something, even if we now have a system that works as well as can reasonably be expected (there comes a point when the resources required to achieve 100% are less than the damage 0.5% that get through). However, if you have to be "doing something" when there is nothing to be done, then you're going to start going backwards.

  • by www.whitehouse.org ( 628354 ) on Saturday November 27, 2004 @12:09AM (#10929339) Homepage Journal
    They laughed when I wore my tinfoil hat.

    They tried to have me committed when I said the government was tracking me.

    Now they all want to buy my sporty Faraday Cagewear (TM) line of geek clothing, made of fine woven nylon and copper wire.

    Bwahahaha!
    • by Alwin Henseler ( 640539 ) on Saturday November 27, 2004 @12:56AM (#10929543)
      They laughed when I wore my tinfoil hat.

      Maybe then you can put your new passport on your head? Or no, that wouldn't work, because... "they" put the tinfoil on that passport, so *that* tinfoil would surely allow mind-control rays to pass through.

      (For uninformed /. readers: for good shielding from "them", you need to make your own tinfoil from raw material)

      Now they all want to buy my sporty Faraday Cagewear (TM) line of geek clothing..

      Where can I buy some? I need some new underwear, and a couple of T-shirts. Have them in black? Oh yeah, and some socks too. Strange... never seen that brand in a shop... "they" had it removed from the shelves, I suppose?

    • Now they all want to buy my sporty Faraday Cagewear (TM) line of geek clothing, made of fine woven nylon and copper wire.

      Hey, I'd buy that! Sounds cool to be Tazer-proof!

  • by stratjakt ( 596332 ) on Saturday November 27, 2004 @12:13AM (#10929358) Journal
    Have been lining their purses/trenchcoats/whatever with foil for years to avoid those little tag detectors at the door.

    I was watching it on TV, you saw this lady open up her purse and could see the tinfoil.. She shoved a waffle iron or some such thing in there and out she went.
    • He ain't kiddin'. (Score:4, Informative)

      by Moofius.the.Cow ( 828077 ) on Saturday November 27, 2004 @12:45AM (#10929495) Journal

      I've actually seen one of these things in use during after-Christmas returns season. We were standing in the excessively long line, an' this guy comes up to one of the clothing racks. He opens up his shopping bag lined with foil and duct tape, stuffs a sweater inside, and walks off through the security gate without setting it off. Clerk was busy, it was done at an oblique angle from the security cameras, and 5 minutes later he looks just like some regular bloke walkin' the mall.

      All he'd have to do after that is pull the tags and trash them, and he could pick off any store he wanted.
    • by NiTr|c ( 130325 ) <hackop@@@inumbrate...net> on Saturday November 27, 2004 @12:51AM (#10929518) Homepage
      Bit off topic, but I wouldn't say professional shoplifters use this technique. It's more of something an amateur would do, that they probably saw on TV or read on the internet. The professionals are the ones who get the managers to walk out with it and help them to their cars ;).
  • by Nailer ( 69468 ) on Saturday November 27, 2004 @12:16AM (#10929374)
    But perhaps the joke re: tinfoil hats is that the government isn't really trying to comtrol your mind?
  • 10 bucks says... (Score:5, Insightful)

    by ilyanep ( 823855 ) on Saturday November 27, 2004 @12:17AM (#10929376) Journal
    That in about 5 years or so they'll implement this technology and we'll see a story, "Identity Theft On The Rise As Biometrics Are Stolen From Traveller's Passports".
  • why (Score:5, Insightful)

    by Anonymous Coward on Saturday November 27, 2004 @12:18AM (#10929387)
    why do they need to read passports from miles away?

    The whole point of the biometrics (even the lowly photography) is that you confirm the data in the passport with the person in front of you at a booth as you check everyone as they go through.

    There is no reason to broadcast this info at ALL.

    It's like having two computers next to each other (2 meters apart) in a "security" installation and using 2 wifi cards to link them instead of cat5.

    1) it's more expensive to use wifi
    2) you have no need to broadcast due to range
    3) not only do you not need to, there are now a pile of security problems you have to deal with which aren't needed.

    When will these fucktards learn to stop pissing taxpayers money away on "futurists" to help enslave us with at worst crappy overbearing over intrusive government leaning toward fascism, at the least they are wasting our money and enslaving us with red tape.
    • The reason they put forward is that if they require electrical contacts to read the data, the contacts will wear away. I don't quite understand the reasoning: the chip-and-PIN credit and debit cards recently introduced in Britain use metal contacts, and most people use their credit or debit cards more frequently than their passports.
  • by Mulletproof ( 513805 ) on Saturday November 27, 2004 @12:20AM (#10929392) Homepage Journal
    Tinfoil shielding? While that may work, why not just design it to be readable at a shorter range?? I mean, it can't be that hard, can it? Over-engineering strikes again...

    Oh, and let me guess... I'm going to have to remove this from my person as well just to pass through the metal detector unmolester, right?
    • by Anonymous Coward
      The distance from which you can read an RFID chip depends almost entirely on how much power you're willing to run through your transmitter. The RFID chip is just a passive thing that runs on the correct frequency of radio waves coming in.

      Anyone trying to read your passport is likely to be less concerned about damaging your kidneys than you would like.
    • by Sycraft-fu ( 314770 ) on Saturday November 27, 2004 @02:12AM (#10929732)
      Because how far away you can read something isn't fixed by design. They can't make the radio waves suddenly stop propagating at a certian distance. So someone could just design a bigger, more sensitive antenna and read it from further away. They also want to make it strong enough so that the legit readers can be simple and small. A shielding just solves the problem. You can't read it period, unless it's open.
  • They stole my idea! I guess I should use a thicker tin-foil hat when walking around in public.
  • All it takes (Score:2, Interesting)

    All it takes is one person to steal someone's identity via this method and people will hopefully wakeup to the crock of shit this really is.

    Of course the first person to steal that data would most likely be labeled a terrorist and be...disappeared.

  • Cliche (Score:3, Funny)

    by jbfaninmo ( 540470 ) on Saturday November 27, 2004 @12:21AM (#10929397)
    So now I can walk around with a real life cliche in my pocket, and use it to enter foriegn countries?

    Now I just have to wait for the day that my PDA, phone and laptop can form a wireless Beowulf cluster that I can wear...
  • by Coryoth ( 254751 ) on Saturday November 27, 2004 @12:22AM (#10929399) Homepage Journal
    The what's wrong with cryptographic signing? Strong cryptography should have been used in passports a long time ago. The principle would be simple enough:

    The name, photo and other information is hashed and then signed by the issuing authority. Airport checks are then a matter of verifying the signature. You can't forge a passport without the private key of the issuing country (which I presume they will guard closely), and modifying an existing passport will invalidate the signature.

    The only tricky point here is photos: You can't scan the straight photo for the check because of all sorts of tricky alignment and scan quality issues, but that's what a chip might be useful for - it contains a hi res photo, along with the other data and signature. The hi-res photo from the chip is displayed on a terminal for the person checking the documents, along with signature verification.

    Yes, you still have to have people checking photos. No, that isn't foolproof. But realistically it is as good as what we have now, with the added bonus that forged, faked, or munged passports will display as invalid due to the signature check. That's pretty damn good, especially when the resulting passport is no more invasive than what we have now.

    Jedidiah.
    • Ain't gonna happen (Score:4, Insightful)

      by Anonymous Coward on Saturday November 27, 2004 @12:29AM (#10929434)
      Your proposal makes FAR too much sense to ever be implemented by a government.
    • are you suddenly faced with several billion passports that are no longer valid or what?
      • You could rotate the private keys based on the date issued and the suspect passports would eventualy expire.

        Still not perfect, but even if the cryptographic part failed completely it would still work as well as it does now.
      • are you suddenly faced with several billion passports that are no longer valid or what?

        Presumably each country has it own keys, and potentially a large number of keys each. If one key gets compromised the number of passports invalidated is reduced to a manageable size. You can create a new key pair whenever you need to, so potentially a single key might only cover 10,000 people or so.

        But yes, compromise of a key would be a very serious issue indeed, even with those measures. That just means that prot
    • by Jebediah21 ( 145272 ) on Saturday November 27, 2004 @01:03AM (#10929556) Homepage Journal
      It would never have popular support. Many people don't have a clue about crypto and this would mean nothing to them. Look at air port screening. Everybody here knows it's bullshit but it makes the clueless feel safer. Each flight attendant would be made to hold a yellow balloon the entire flight if it made people feel safer.
      • by Sycraft-fu ( 314770 ) on Saturday November 27, 2004 @01:08AM (#10929572)
        Well it's not normal people that need to know or care, it's the governments, since they issue them. Normal people woldn't even need to know what the new string of letters and numbers meant. It's not about making people feel safe, it's a really good suggestion for making passports very hard to forge. I'm actually kind of supprised it hasn't been suggested before. I mean unless the algorithm in use was broken or something like quantum computers comes out, it'd be unbreakable. You could not modify a passport and produce the correct signature.
        • It's a good idea, no doubt. The thing is it costs money to do and won't make people feel all warm and fuzzy. Take the newer $20 bill for instance. That serial # helps track and prevent counterfitting but it's the shiny 20 in the corner or redish color that everybody notices.

          In summary if the crypto could be pretty it would have a better chance of being implemented.
      • by Coryoth ( 254751 ) on Saturday November 27, 2004 @01:41AM (#10929664) Homepage Journal
        Really the people don't need to know or understand the crypto. They just need to be told that a lot of very smart people made sure that you can't fake a passport and still have the green "verified" symbol show up when you get checked. You'd be surprised how many people aren't interested in asking "why?", or "really, how?" when told "it works, trust me" as long as the person saying "trust me" is the government.

        And what of all the people who don't trust the governments word? Well the paranoid are exactly the people that will know and understand the crypto, so it's not a problem.

        I think the real issue is that it would actually involve real change, and odds on if they did do it they'd make a complete mess of the crypto used, there would be outcries from those in the know, and everyone else would just blindly assume it worked perfectly.

        Jedidiah.
    • Most passports are valid for at least 5 years. In the USA, adult passports are valid for ten years. Do you really think that we could come up with a good crypto today that would be virtually unhackable over a ten year period of time? Think about how much more powerful home PCs will be in 10 years . . .

      Of course one could start issuing passports with a shorter expiration time . . .but then one must get into a cost benefit analysis of replacing passports on a much more frequent timeframe . . .

    • what's wrong with cryptographic signing?

      There's nothing wrong with cryptographic signing, nothing at all. In fact, it would be a pretty good thing for precisely the reasons you gave, and I would even extend it to banknotes.

      But what I strongly object to is contactless transmission, including any kind of RFID.

      Nowadays everybody and his dog can read out RFID chips. They don't have to decipher it, they don't have to forge it - it's bad enough they can read it. It's just none of their business! Back in 189
  • by Hanji ( 626246 ) on Saturday November 27, 2004 @12:22AM (#10929403)
    With airport metal detectors, if you ask me. You know most people are gonna forget to remove their *passport* before going through the scanner ... after all, what the hell would be metal in there, and most people are uneasy about letting their passports out of their possession, even just for a trip through the metal detector.
  • by bluntyetsharpe ( 762256 ) on Saturday November 27, 2004 @12:22AM (#10929405)
    It's one thing to get a reader to gather all my personal data, but at what distance can equipment detect the presence of one of these chips? Is the US the only country using them? I don't like the idea of walking around with a US Passport emitting signals to advertise my nationality.
    • Blunkett wants to have them in British passports too. The signals transmitted will probably include nationality, though, so don't let that make you feel safer.
    • Is the US the only country using them?

      No. The EU is also discussing this, and most likely, other countries are as well.

      I don't like the idea of walking around with a US Passport emitting signals to advertise my nationality.

      This is also the reason why Bruce Schneier thinks terrorists will love this technology: [schneier.com] if they want to specifically target a certain nationality (e.g. US), they can easily find people of this nationality in a crowd.

    • No offense, I'm an American too, or was until a few months ago, but odds are you're already broadcasting your nationality to the world. We all do, in the way we dress, the way we talk, the way we act. You don't need an electronic transmission to do this.
  • by webender ( 834902 ) on Saturday November 27, 2004 @12:28AM (#10929429)
    The new passport is smaller, lighter, more durable and contains more information than any previous passports, however the lead carrying case kind of makes it a wash.
  • Good Times (Score:2, Funny)

    by Alex Belits ( 437 ) *
    Good Times email-borne virus was a joke, too.

    Then Microsoft "blessed" the world with Outlook Express.
  • Warning: (Score:5, Funny)

    by lawpoop ( 604919 ) on Saturday November 27, 2004 @12:53AM (#10929526) Homepage Journal
    If you feel you need a tinfoil hat, do not use aluminum foil. Make sure you use actual tin foil. Aluminum foil hats actually broadcast your thoughts to anyone who might be attempting to... intercept.
  • by YouHaveSnail ( 202852 ) on Saturday November 27, 2004 @12:59AM (#10929549)
    However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.'

    Well that's just a fantastic idea. Now I don't have to worry about someone surrepticiously snagging my personal data as long as my passport is closed. Of course, my passport isn't actually useful if I can't let someone open it.

    RFID is an interesting technology with a lot of potential, but passports are a stupid, stupid application for RFID. There are much better technologies for passports. Magnetic stripes and bar codes both do the same thing RFID does, but only at close range and with the permission of the document's holder. There are some 2D bar code symbologies out there that store more than enough data for this application and which are highly redundant, therefore resistant to dirt, wear, etc. Bar codes can be read very quickly and require no contact, which means less wear on both the documents and the readers.

    The main thing that RFID gives you over bar codes is the ability to read them without the document holder's knowledge, and that makes me very suspicious of anyone who insists that we must have RFID in passports, drivers licenses, etc.
  • Valid ten years (Score:5, Informative)

    by morcheeba ( 260908 ) * on Saturday November 27, 2004 @01:09AM (#10929577) Journal
    I've been tracking this for a while, so I waited to make sure I got one of the last non-RFID passports. It's valid for 10 years [state.gov], and hopefully people will have solved the privacy problem by then. Hopefully.
  • There really isnt anything wrong with our passports right now. It curreny isnt much of a security/privacy concern to anyone. so why would they want to make passports more convinent when it can cause these concerns?
  • by foobar77 ( 664261 ) on Saturday November 27, 2004 @01:33AM (#10929642)
    Just zap that little chip

    either as a social protest, or just to convert it back to a paper-based document.
    • But then, when they actually applied the intended use of the RFID, your passport would appear invalid.

      An invalid passport should be only as good as no passport at all. Your social protest would have little more success than holding you up, and then, you would need to get a new RFID-enabled passport before you could do anything for which a passport is needed, and you would be back exactly where you started.

      I doubt that they are putting the RFIDs in for the hell of it; they probably actually intend to use
      • by Anonymous Coward
        I'm guessing that the chips in the passports aren't indestructable(people WILL accidentally put them in washing machines, chrush them, etc.).
        Since there's no way a normal person can test whether their passport works or not I'm guessing a lot of people will be stopped at the airport for not having a valid passport even though they believed they had.
        How would you feel if you were on your way home for the holidays and they didn't allow you to fly just because of a damaged chip, a problem that didn't exist just
  • Move over Britain, your former penal colony is attempting to usurp your position a little yip dog fawning over the big lumbering hound. I haven't seen Australia manifest one national opinion independent of the US status quo in over two years. What has happened there?
  • A fundamental security principle with client/server architectures is that the client should never be trusted. That is, the client is "the enemy".

    Given that the passport document is in the hands of an untrustworthy source, it seems that placing trust in the passport is a bad thing, regardless of what information is encoded and how it is stored in the passort. If I put the name "George W. Bush" in my forged passport, stored with my RFID encoded image, iris scan, and fingerprints (which I would have no diffi

    • If you're going to have biometric scanners, why not lookup the information in a networked database to determine who the person is, regardless of what piece of paper they are carrying?

      Absolutely! It's far easier to forge documents that people are required to show, than that networked (hopefully heavily secured) database.

      Of course, this won't stop a determined attacker from compromizing the database using classic techniques of wetware hacking, corruption etc... It's always possible (given enough resourc

    • So you're happy with the idea that every place you use your ID will be tracked and stored in a central database?

      The UK ID card scheme proposes just this. The Government wants private sector organizations to use the ID card and the database (called the National Identity Register). So everything you do with your ID card gets tracked.

      Am I the only one who is a teensy bit troubled by this proposal?

      K.

    • 'the client is "the enemy".'

      You're a Best Buy manager, aren't you?

  • by dexterpexter ( 733748 ) on Saturday November 27, 2004 @03:20AM (#10929860) Journal
    Actually, if you wanted to be really clever about it and doubted the quality of tin foil (although it should be noted that most people unknowingly actually use aluminum foil), you could use a copper mesh and wrap the passport several times. Copper shielding is rather hefty.

    The problem is that a shielded passport, if the RFID is applied correctly, would be an invalid passport. It therefore should do you no good since the identification methods (which should not be set to allow all until a problem comes up) should flag you for coming through without being read. Otherwise, the only ones they would likely catch are those who aren't smart enough to know how to shield their ids, which is something someone with the motive to do something would make it their business to know, thus rendering this measure ineffective. Also, if one has to remove their passport from the shielding to be read, then it is exposed (if briefly), and that invalidates the measures taken if you subscribe to the privacy concerns that someone with a reader (which you will be suprised to know are very accessible and fairly cheap for someone who stands to benefit from having one, and can actually be built practically by someone with enough know-how) could use that time to lift the information.

    I am hoping that there is strong encryption involved with this implementation of RFID; not all RFID implementations are very secure and, the sad truth is, from my experience, that most are not.

    This reminds me of a story I was once told by someone who did work that brought in all kinds of conspiracy nuts claiming that they were reading these people's minds. This woman came in every day with an aluminum foil hat folded on her head. Every day they would sort of shrug her off, feigning interest in what she had to say. Well, finally one day one of them decided to have a little fun with her and said "You know, we can read your mind because your little hat there isn't grounded." The next time she came by the desk, she had a chain of paperclips from the hat, dragging the ground. heh heh. Needless to say, it provided a bit of amusement for some time.
  • There are some rather nice materials on the market that can keep any rfid device from being detected.

    The materials vary, from resistive carbon and film laminates (super-cheap, short-lived) to to ferrite-embedded epoxies (very cheap, very hard, brittle, very long-lived) to amorphous magnetic alloys (cheap, stiff, useless-if-bent, very long-lived) to nanocrystalline magnetic metals (expensive, hard, stiff, bendable, very long-lived) to magnetic nanocystalline-embedded plastics (pricey, soft, flexible, not to
  • by Serious Simon ( 701084 ) on Saturday November 27, 2004 @03:50AM (#10929915)
    I design RFID readers similar to those that would be used to read these passport tags, so I might be able to add some useful insights.

    First of all, I agree it's unlikely that a reader could energize an ISO14443 tag from much farther than about 4 inches. It's possible to use a stronger field than allowed by local EM regulations, but with magnetic coupling antennas such as ISO14443 systems use, the field strength drops approximately with the third power of the distance, and the power needed to get that field is the square of the field strength. To read at 4 inches, a power of about 100 mW is needed. So to read at 40 inches, you would need some 10,000W, and trying to operate a reader for 400 inches would be like detonating a bomb...

    So the likely scenario for reading at 30 feet would be "listening in" using a big antenna and sensitive receiver to the exchange of data between a legitimate reader that is much closer to the tag. Such an antenna could be mounted in a big suitcase, for example. As it would not transmit it would be difficult to detect.

    Secondly, I can confirm that any well-conducting sheet metal covering the tag will effectively short the magnetic field of the reader, so that the tag can not be energized, there's simply no way to read it. Aluminium foil would work perfectly.

    Thirdly, many ISO14443 tags contain support for public-key cryptography. The reason to include this is that the data exchange between the reader and the tag can be encrypted so if someone would be "listening in" it will be very difficult to obtain any useful information. Because of this security feature this kind of tag is often chosen for transport fare systems, access control, etc. It seems a shame not to use this, but I think the reason is that the tags should be readable worldwide, so that many readers containing the private key will have to be in existance. It would only be a matter of time before some wrongdoers get such a reader in their hands, and the private key contained in it gets out. Once an unauthorized party has the private key, the encryption will be practically useless anyway (compare this to the CSS encryption of DVD's).

  • Happy to Hear This (Score:3, Informative)

    by HeghmoH ( 13204 ) on Saturday November 27, 2004 @03:56AM (#10929924) Homepage Journal
    My objection to this entire scheme was that it would allow random people to read my passport from a distance without my permission. If it can only be read while open, that basically takes care of this problem. Hooray!
  • You may as well have some fun with it. Your tinfoil passport is going to set the metal detector off anyway, so take a page from Spinal Tap and wrap a cucumber in tinfoil and stuff it down your pants, too.

    Mmm bet I'll be on the TSA's shit-list after posting this...

  • For fucks sake, why are they even considering wireless chips? what is the mother fucking point? if these incompetent fools are the people in charge of security then we're all screwed. Someone please explain why they are doing it this way instead of with old tried and tested smart card chips? and don't bother spouting crap about 'contacts wearing out' thats bull and you know it, i use my debit smart-card every day and it works fine, and when it does wear out ill just bloody well get off my ass and get a new
  • They have been putting these chips into dental fillings for years...
  • by jridley ( 9305 ) on Saturday November 27, 2004 @09:30AM (#10930578)
    Our company has RFID security badges for going through doors. I figured I'd use the opportunity to test if aluminum foil will block the signal.
    With no foil, the card will read from 20 cm. With one piece of foil on the back side, it will read from about 1cm. With the foil on the front, it will read, eventually, if you rub it right on the receiver. With foil wrapped completely around, you can't make it read.

    I have no doubt that much more sensitive receivers could be built, but the foil does significantly reduce the read range.

    Also, keep in mind that a reader has to transmit an RF pulse strong enough to power the chip for a fraction of a second, and the transmitted power is going to obey the inverse cube law. If the chip is shielded and the RF power pulse has to get through that, if you want to read from 20 feet away, you're going to be carrying around (or mounting if you're part of the establishment) a not-insignificantly-sized battery pack, transmitter, and directional antenna in order to get enough power cranked out to power that chip inside its foil wrap.

    In fact, it may be so much power that it would be hazardous if someone stepped in front of it near the antenna.
  • I think the original point was to have electronic versions of biometric data on the passports. Not sure what the point of making that information wireless if they still have to stamp the bloody thing every time you enter and exit a country. If you scrapped the wireless bit, you could actually use a smartcard concept to store not only info on the person, but the travel details in a much more useable form. I'm six stamps away from my third passport expansion (where they add extra pages again) - and there i
  • A simple layer of foil isn't going to stop Jack Schitt, but what these Jack Hasses want to do is fool the public into thinking that it does something to make everyone safe. But it doesn't do Jack Schitt. They want to know where everyone is. They'll put sensors everywhere. It's going to be very dangerous. 1984. War is peace. Freedom is slavery. Ignorance is strength. We're all gonna die!!!!!

As the trials of life continue to take their toll, remember that there is always a future in Computer Maintenance. -- National Lampoon, "Deteriorata"

Working...