Passport Chip Could Attract High-Tech Muggers 348
Orangez writes "Wired.com reports that 'business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.' and that 'The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture.'"
Tin foil wrapper (Score:5, Funny)
Re:Tin foil wrapper (Score:2)
I think I'm going to expand our line of geekwear from tinfoil hats to reselling designer jeans with wire mesh sewn into the pockets.
Can you guess what country I'm from?
Re:Tin foil wrapper (Score:2, Informative)
Re:Tin foil wrapper (Score:2)
Doh! I was kidding, but I guess there really is a market for that.
Oh, there's an extra trailing slash on there.. but I saw it. Very cool!
Actually that might be part of the plan (Score:5, Interesting)
My question at that point is: why not use another technology? The whole point of RFID is that it is readable from a distance without jumping through any hoops. If TFA is correct they are negating the whole point of RFID and fighting it's inherent nature to do so. It seems that some kind of optical technology would be perfectly suited to do exactly what they want to do with RFID.
Re:Actually that might be part of the plan (Score:3, Insightful)
RFID is and will be considerably cheaper than an equivalent optical solution or any other present technology.
Re:Actually that might be part of the plan (Score:5, Insightful)
I know, a mag stripe can have its data changed. But wait! So can an RFID tag! So you're going to end up doing public key crypto signing of the data anyway. Why not use technology that is proven to be cheap, safe, and reliable instead of something that is potentially expensive, dangerous, and has no real history of reliability that requires additional expensive hacks to prevent abuse?
Re:Actually that might be part of the plan (Score:5, Insightful)
My question at that point is: why not use another technology?
Because they want to be able to read them from more then 8cm. They know perfectly well that, with the right equipment, these 8cm devices can be read up to 10m away and they intend to use that feature themselves - they even talk about the ease of tracking people in airports and such as part of the justification for this implementation.
So, you have what basically amounts to spin control. Enough of the general public has latched onto the meme that RFID is a danger to their privacy. So instead of working to eliminate the entirely valid risks that RFID brings to this particular application, they are just trying to cover them up - literally and figuratively.
Your tax dollar at work...
Re:Actually that might be part of the plan (Score:3, Interesting)
New terrorist plan: walk around an airport with some sort of high-frequency emitter in a briefcase - frying everybody's RFID passport chips.
Make for a wonderful day at Customs, I'm sure.
Then you'd have to have security guys wandering around the airport with RFID detectors trying to spot excessively powerful transmissions (or hardware in the building to do so and alert security.)
Alternate plan: walk around with the same sort of long-range detectors the state obviously wants to use and suck all the data o
Re:Actually that might be part of the plan (Score:3, Interesting)
State Department contractors are looking to include some shielding
My best friend's husband works for a French company called A.S.K. that makes smart cards, and induction cards, and RFID cards, and he was telling me about the process, and how they're bidding for the American Passport contract.
When I mentioned about the tin foil, he said that none of the samples they've delivered to the U.S. have any shielding, and that there's been no talk at all of shielding of any kind.
<Tinfoil Hat>I truly think
Re:Actually that might be part of the plan (Score:3, Insightful)
The genesis of RFID had to do with automation. Instead of making a *really* smart robot that can identify & figure out the physical objects it ha
Re:Tin foil wrapper (Score:2, Informative)
http://www.paraben-forensics.com/catalog/product_
When will people realise that remotely readable... (Score:5, Insightful)
If they government can read it for legitimate purposes, other people can read it for illegitimate purposes.
Re:When will people realise that remotely readable (Score:2, Insightful)
They can just sit at the door of the airport and scan everybody comming in and out ! Without you even knowing so you won't report it !
Re:When will people realise that remotely readable (Score:3, Informative)
Re:When will people realise that remotely readable (Score:5, Insightful)
Re:When will people realise that remotely readable (Score:5, Informative)
Re:When will people realise that remotely readable (Score:2)
Re:When will people realise that remotely readable (Score:4, Insightful)
Why biometrics are bad: (Score:5, Informative)
Re:When will people realise that remotely readable (Score:5, Insightful)
There are plenty of legitimate reasons to not want people to be able to identify you. There are plenty of legitimate reasons to circumvent the system as well.
At what point did the unwilling martyrs at the twin towers win the balance against the millions of lives willing sacrificed so that we could taste freedom? It wouldn't matter if planes were crashed into building every day, it is no reason to take away freedom.
I hate you (Score:4, Funny)
If you really loved America, you would know that only terrorists fear having their freedoms taken away. Real, law-abiding, god-fearing, red state Americans have nothing to hide!!!!!!!!one one
Re:When will people realise that remotely readable (Score:5, Insightful)
If the government can read it for legitimate purposes, then the government and other people can read it for illegitimate purposes.
You'd need a smarter RFID. (Score:3, Interesting)
Still, that would leave at least five system weaknesses obvious to even cursory glances:
1) It's still a Mark
why are travellers worried? (Score:3, Funny)
Re:why are travellers worried? (Score:2, Insightful)
Re:why are travellers worried? (Score:2)
Re:why are travellers worried? (Score:2, Insightful)
Re:why are travellers worried? (Score:5, Insightful)
Re:why are travellers worried? (Score:5, Informative)
Re:why are travellers worried? (Score:4, Insightful)
Why would a terrorist want your passport information? They have perfectly reliable ways to get entirely legitimate papers of their own. If they want to kill you, they will, and pick up your passport from your body later as a souvenir, whether it has RFID or not. On the other hand, thieves, swindlers, identity thieves could very well take an interest in your vital statistics. Why do TERRORISTS!!!! have to be part of every security discussion?
Re:why are travellers worried? (Score:3, Insightful)
They only want to kill you if you are american.
Your RFID passport is a dead giveaway (at a distance).
With a remote readable passport, someone could design a smart motar shell which specifically homes in on american passports. The motar shell only needs to broadcast that it is a passport scanner and detect the replies from american passports.
Sensing the existence of an RFID can be
Re:why are travellers worried? (Score:5, Insightful)
Because terrorists/kidnappers can set up a remote reader to look specifically for people carrying this type or passport. Kidnapers can use it to find people from specific other contries that they think are richer than they are and ransom them off for big bucks. Terrorists can use it to find people from specific nationalities. Bin Laden said to kill all americans everywhere, not just americans in the US. This gives them a leg up in finding people carrying around their passports when overseas.
That said, if they go through with this, they definitely need to build in a faraday cage into the passport case.
Re:why are travellers worried? (Score:5, Interesting)
Stalking is illegal for a reason. Even if no physical contact is ever made it constitutes harassment. Harassment leads to a degradation of the quality of life, poor performance at work, and after extended periods of time can lead to a psychological breakdown. Creating a population of paranoid schizophrenics isn't all bad. Once they come apart at the seams we can lock them in a cell with a bicycle and use them to produce energy, thus breaking our dependence on oil and negating the need for nuclear fuel. It'll also solve the overpopulation problem if we keep the sexes separated. In the end it'll allow some members of the population, who aren't being harassed or seem to be immune to natural instincts (are they even human then?), to live a life of leisure using the energy of those we have harassed and then locked up.
Re:why are travellers worried? (Score:2)
Re:why are travellers worried? (Score:3, Informative)
All that, waiting for someone to just bump into me on a train or in a subway or getting off the airplane. Unlike a normal passport, I'd never know it was "stolen", since it'd still be in my pocket afterwards! By the time I get back to my country, I'd probab
Re:why are travellers worried? (Score:4, Informative)
Any passport issued in any country is not your property. It's the property of the issueing government.
In Canada, even our health cards carry that infomation on the back. It says 'card is property of Minitsty of Health, issued to be used by:' and your name + address.
Sorry no 'property rights violations' here. Whatever those are.
Re:why are travellers worried? (Score:2)
security (Score:5, Interesting)
just a thought
Re:security (Score:2)
If you have anything on you that can be used remotely to identify you as a USian, your personal security has been compromised, even if the specific details aren't available. In that case, the mere presence of the chip provides a hostile party with information that can be used to make you a victim.
Even if the information on the RFID chip is encrypted, it will respond to a query by returning the encrypted
Re:security (Score:3, Insightful)
That sounds like an excellent idea. The Bali bombers thought they were blowing up a bunch of Yankee infidel in Kuta, actally most were Asustralians. Us non-American white people would really prefer not to be collateral damage in your War on Terror (though sadly our dickweed prime minister has dragged us into it and made us targets).
hmm... (Score:3, Interesting)
Re:hmm... (Score:5, Funny)
255 bytes: First name
1 byte: Middle initial
255 bytes: Surname
1 bit: Boolean true if user checked the 'Member of Terrorist Group' checkbox
7 bits: CIA National Boxcutter Purchase Monitoring flags
16KB: ASCII-art depiction of tubgirl courtesy of frustrated intern
16KB: Excerpts from Book of Revelation
1 byte: Flags for previous visits to Iran / Cuba / North Korea / Syria / Lebanon / Pakistan / Libya / Yavin
30KB: XML representation of above flags
Re:hmm... (Score:3, Informative)
Stuff it in an old aluminized mylar potato chip bag, roll it up and stuff it in your pocket. If asked, say it was raining cats and doga at my last stop. I didn't want it to get wet. The added advantage is the tag is unreadable inside the folded up bag.
Aus Passe (Score:3, Insightful)
I don't get it. I mean, they State Dept. could easily have a reader connected to a network which passes along some hash which is stored on the card, to a server which would verify what passport they should be looking at. Slow? Wtf kind of technology are they using where 64K of stuff would take any time?
"Only contractors who sign up to our foreign policy will be allowed to bid -- We welcome your bid, Halliburton Vacuum Tube Company!"
Re:Aus Passe (Score:2)
Creating a device with a Public/Private key encryption system, creating a new key each year and supplying that key to thousands of passport readers isn't difficult.
(new key each year would mean that if a key were broken it would invalidate passports issued in that year, but it would restrict the number of keys which would have to be added to the passport devices to 1 per year. obviously if the method of adding keys were simple enough it could be possible to add a new
Re:Aus Passe (Score:2)
I would disagree. I tend to think that the security of my identity takes precidence over anyone being able to ascertain it. If passports cannot be secured it would be better to abolish them and leave travelers unidentified to leave an unsecured system in place.
Am I the only one who sees freedom as being more important than stopping terrorism? If being free means there is a possibility o
Re:Aus Passe (Score:3, Insightful)
They'd have to be supplied ot passport readers in every country in the world. So two days after this comes into effect, bootleg readers are on sale next to cable TV decoders, but unlike cable TV, passports stay valid for at least 5 years, so changing the encryption isn't an option, so why bother at all.
Re:Aus Passe (Score:4, Funny)
Thank you...I'm here all week! (mostly due to pesky bosses)
No encryption for a reason: (Score:2)
The passports must be easily readable by scanners in foreign countries, under local control.
Given that the scanners will be widely distributed, it seems pointless to encrypt the data. All it will do is slow down processing while the hash is validated.
Okay, I might as well post it... (Score:4, Funny)
Think "Windows ME".
Remember, this is the U.S. Gov.
When will the learn (Score:3, Insightful)
Years from know they will probably say "We made the best decision with the information we had at the time".
Re:When will the learn (Score:2)
Another problem (Score:5, Insightful)
Rather pushing it... (Score:2, Insightful)
Seriously, you're pushing your cred here. What kind of burglar is going to be hanging out in airports looking for departing victims? An intelligent burglar would spend more time casing a ta
Re:Another problem (Score:4, Insightful)
They could run their scanners in the ticketing area but they couldn't do it for long periods without looking suspicious. Guys standing around in bulky coats to hide the equipment will probably draw some notice.
Since these passport chips are claimed to have a very short range (inches) to be read, guys in bulky coats dry humping tourists trying to get a scan would draw even more notice.
Re:Another problem (Score:2)
you know people traveling somewhere often have alot of bulk with them and it isn't suspicious at all.
Re:Another problem - don't be simple (Score:5, Insightful)
In 60 minutes of sniffing they could easily collect a dozen or more candidate "known gone" families, then use that as a short list of houses to check.
Maybe the regular readers will have a range in inches, and 802.11 has a range of 100ft. With the right antenna 802.11 can be extended by a factor of 50. I would not count on tags being unreadable from 24", a nice polite personal space distance.
I'm not saying this will ever happen, but it certainly is a lot easier than your deliberately ridiculous example.
What it really comes down to is...
If the passport issuing officials want a system that keeps a secondary reference copy of your information in a difficult to forge format, that is only readable with a special reader and is encrypted to prevent unauthorized use, then there is no reason to use a remotely readable device. A high resolution two dimensional barcode of encrypted data will do a nice job of it without exposing people's data to risk additional risk.
Sounds like the next big thing... (Score:3, Funny)
Not that I have any naked pictures on my passport chip... yet.
Blame the terrorists. (Score:4, Insightful)
Re:Blame the terrorists. (Score:2)
Re:Blame the terrorists. (Score:2)
Re:Blame the terrorists. (Score:2, Interesting)
Exactly, because despite popular opinion they're goal is not to go out and kill every single American. Their goal is to go out and make every single American afraid of them, afraid to live their lives.
And Mission Accomplished.
They have successfully reduced my dad, into a withered old man afraid to ever leave the country, who does nothing but curse these damn 'rag-heads'. "We need more legislation and more intrusive government, cause those bastards are everywhere. They wan
Re:Blame the terrorists. (Score:3, Funny)
Because remember, they're everywhere. They're anyone, anyone who doesn't
Re:Blame the terrorists. (Score:2)
Must be a version of Godwin's Law (Score:2)
Hoi Polloi's Law: The time it takes before someone says that an act or an invention could be used by terrorists. Conversely, the time it takes before someone says it could be used to stop terrorists.
Re:Blame the terrorists. (Score:3, Insightful)
While I'm not a big Michael Moore fan, one thing Bowling for Columbine drove home was the "media of fear" idea. He certainly beat it to death, but there's no denying the prevalence of vague fear in todays (U.S.) media and government.
Re:Blame the terrorists. (Score:2)
The issue of fear-mongering aside, why would the Terrorists(TM) just decide to give up? They've made their point and have decided to just move on? Forget about it.
I'll agree that the idea is taken to extremes by some folks grandstanding or trying to sell something, but that doesn't make the actual threat any less real.
Some folks, when addressing the irrational fear most Americans have of the Terrorists(Tm), point out that you are more likely to die in a car crash
That word (Score:5, Insightful)
Re:That word (Score:2, Insightful)
that word that cannot be named (Score:3, Insightful)
Re:that word that cannot be named (Score:3, Insightful)
"Get over it"?
How about not letting them use their magic argument, instead of getting over it?
You got mugged? Get over it! Your government is using boogeymen to slowly turn your country in a police state? Get over it!
No thanks.
Re:That word (Score:2)
Me too, that's why I've begun calling them Green Pigs, 'cause you can't make Green Eggs and Ham without them.
Re:That word (Score:2)
IIRC the eggs are green but the ham is normal.
It's been a while since I looked, what with the kids being all grown up now...
Identity (Score:5, Funny)
I guess that's one more reason to get a passport
The Gov should slow down... (Score:3, Insightful)
This is a dupe - no, wait ... (Score:4, Interesting)
http://yro.slashdot.org/article.pl?sid=05/02/28/1
Or is it a trip?
http://yro.slashdot.org/article.pl?sid=04/12/23/2
A quad? (Quap?)
http://yro.slashdot.org/article.pl?sid=04/11/27/0
Quint? Penta?
http://yro.slashdot.org/article.pl?sid=04/10/22/0
So
Re:This is a dupe - no, wait ... (Score:3, Funny)
IM me when encryption is unbreakable (Score:2)
Something as valuable as one's identity should not be left up to a series of 1's and 0's to determine.
This leaves me looking to the Creator (that would be God to me) for an answer.
We already have a biometric key - called our DNA - that uniquely identifies our physiology (except in the case of identical twins - and perhaps triples+ but I don't know because
Re:IM me when encryption is unbreakable (Score:2)
As for DNA. Yes, identical twins and triplets and so on have identical DNA. As for using it for any form of security? That is a very bad idea.
Spoofing DNA (Score:2)
"Can DNA be spoofed?"
Not sure how much you'd need to copy but there is a thing called PCR [rug.ac.be].
RFID for passports - succumbing to a fad! (Score:5, Insightful)
However, all of the legitimate uses of the passport involve a human being handling the passport anyway - and using a non-RFID smart chip will suffice.
Tinfoil hats aside, the primary response of the RFID proponents to the question of why RFID tags are needed is "Why not?". This is a preposterous approach to implementing a system that handles sensitive personal data that could cause severe distress to the owners of that data, if compromised. Sensitive data belonging to thousands or even millions of people! Assuming the government still considers an individual as the rightful owner of their own personal data.
Some of the conspiracy theories regarding RFID in passports are a little over the top. But there is no denying the fact that the potential for abuse is definitely enhanced by using this technology in this way. Today the scope is for Americans to be targeted using this - either by their own government, or by criminals, or by other governments, or by terrorists. Tomorrow, when more countries follow suit, that scope expands, giving birth to a rich and varied mix of uses - all of which with the legitimate exception of border control are extra-legal or downright criminal. I hate to sound like a troll but the RFID chip in your little blue book could well become the new star of david sewn into your shirt.
disabling chip? (Score:4, Interesting)
Re:disabling chip? (Score:3, Interesting)
I will just keep mine wrapped in a few layers of aluminium foil until I am standing in line at immigrations thank you.
I can also see, after the media catches on about identity theft via RFID passports some enterprising company will begin selling lead lined passport covers or something similar. This also begs the
Re:disabling chip? (Score:4, Informative)
Here's a link to the standard (Score:3, Interesting)
Document 9303 at the ICAO [icao.int]. Note that it's the international Civil Aviation organization that defined the standard and is pushing it. Note that they intentionally do not encrypt the data so that it's simpler and easier for third world governments to read.
Re:Here's a link to the standard (Score:2)
Here [icao.int] are some very interesting additional Annexes. Page "16 of 16" of "Logical Data Structure(LDS) version 1.7" gives a good one-page overview of the data on thr RFID chip.
But, but, but... (Score:2)
Submit your Comments to the State Department (Score:2, Interesting)
So zap the stupid thing (Score:2)
Sweden getting this as well (Score:2, Interesting)
so, im getting a new "regular" passport tomorrow... my current expires in july, no rush, but this new one will last 10 years so why not have it done with
wtf (Score:2)
the system is secure, stop the FUD (Score:3, Informative)
The authentication is based on the MRZ (Machine Readable Zone) in the passport (this is text that is read through OCR and not visible unless you open the passports photo page). The MRZ-data is hashed by SHA-1 and the high 32 bits of the hash is taken (this reduce the risk of someone computing the MRZ-data backwards (actually guessing) which MIGHT be possible if you have the hash and the basic structure of the MRZ-data). The hash is sent as an authentication code to the RFID-chip in the passport, if the hash is wrong the RFID responds with a "no valid authentication" message and refuse to send any data.
A state may decide to ignore such measures in their passports (but this is unlikely for the EU and the US). And such states have the option to include metallic jackets for the passport.
The range of the RFID transmission will be around 10 cm. IIRC it weakens with the power of 6 to the distance.
Further, it is not practical to have contact chips in a book-formed passport. It is more practical in ID-cards.
While I dislike this in general and would prefer a passport free world, try to avoid spreading untrue FUD about the technology being used, the data is secure and no person is going to get within 10 cm from your passport, and try an average of 2^31 different hashes without you noticing it. Of course, if the person manage to "borrow" your passport, he will use the MRZ to obtain the key, but in that case, he can take the passport to a photocopier as well (and that is probably cheaper).
Re:the system is secure, stop the FUD (Score:3, Insightful)
We can see the remains of the big bang and could detect the light of a firefly beyond pluto.
Range means nothing to directional high-gain antennas. Sure no one is going to retarget Jordell Bank or the deep space network to snoop for pasport id's but that does not mean someone could not get 10m or more gain from an antenna hidden on the back of truck driven through the airport arrivals zone.
Secure? (Score:3, Insightful)
Advertising applications (Score:2)
With a tie-in to ChoicePoint, products you'd be interested in would be displayed. Just like Minority Report.
Why include the info on the chip at all? (Score:4, Insightful)
Authorized custom agents could then pass a reader over that chip, which would take the number, connect to a US government's computer, input the number which would return photo, fingerprints, etc. etc.
There seems NO need to put all the sensitive information on a chip, when all you need is a number. Keep the sensitive information on more secure computers, accesible only by valid custom agents.
Re:Why include the info on the chip at all? (Score:3, Insightful)
This does open up the possibility of fishing -- remote customs database clients sending info requests for the passport info on people who are not actually present.
There's an easy fix for that risk -- embed a smartchip in the passport with public ke
The nazi's tried the same thing with the jews (Score:4, Insightful)
This system worked very well. It insured that second class citizens could properly receive the proper treatment as such. i.e.: forced to walk in the gutter, rather than a side walk etc. Attend at labour and death camps etc.
Now the american government wants americans to only travel abroad on the condition that they effectively wear electronic armbands identifying them as "AMERICAN" to anyone with a simple detector.
America is at war, and the American government wants its citizens to be required to advertize their status to all possible enemies.
At least the NAZI's were fairly transparent about their desire to oppress and harm jews.
How is electronically broadcasting american citizenship for all to see, going to help americans be safer.
Why not just make a law requiring all american citizens to wear armbands with the Star of David.
Would that be obvious enough for the morons in the whitehouse to wake the fuck up!
CFP2005 sesssion on RFID chipped Passports (Score:3, Informative)