Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Government Security Politics

Fatal Flaw Weakens RFID Passports 281

fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.
This discussion has been archived. No new comments can be posted.

Fatal Flaw Weakens RFID Passports

Comments Filter:
  • by phpm0nkey ( 768038 ) on Friday November 04, 2005 @10:59AM (#13950465) Homepage
    Time to don the full body tinfoil armor!
    • Thanks, but I actually prefer my +5 Skyclad Armour. :)
    • by Anonymous Coward

        Time to don the full body tinfoil armor!


      You must have missed the announcement that all tin foil manufacturers have started putting rfid chips in their products.
    • Instead of wearing the tinfoil armour, i suggest you look into the mirror, understand that most of the world really doesn't give a lama's ass about where who and why you are. If people are capable of scanning/tracking your rfid chip, they probably are talented enough to do much more profitable stuff.

      Dont let that ego cover you up in tinfoil, try to get in touch with reality for a second ... (and they tell me that i with my 128 bit encryption am being paranoid ... ha!)
  • by n76lima ( 455808 ) on Friday November 04, 2005 @11:00AM (#13950468)
    So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?

    --We don't NEED no stinkin' sig!
    • by UTPinky ( 472296 ) on Friday November 04, 2005 @11:04AM (#13950520) Homepage
      Yep... because tampering with federal documents is always the smartest thing to do...
      • by Marillion ( 33728 ) <ericbardes@nosPAM.gmail.com> on Friday November 04, 2005 @11:39AM (#13950869)
        If the destruction can appear as innocent "wear and tear" one can always feign innocence. It wouldn't put a foil lined document in a microwave, however.

        I'm not too worried about the data that's on there. The level of sophistication required to acquire and decrypt my details is pretty high. I'd be more worried about a lightning strike.

        This is the scenario that give me the willies: The "ping" scenario. Most of us know about the internet tool called ping. A terrorist (or anyone else with strong motivations against the US) is walking down the streets of Paris or Frankfort or Cairo or wherever looking for Americans. He doesn't care who the American is, he just cares that someone is an American. He walks down the street getting within a foot or two of people until he gets an RFID ping.

        RFID Ping == American.
        American == Target.

        I've yet to hear anyone adequately appease this concern.

        • by bastion_xx ( 233612 ) on Friday November 04, 2005 @11:53AM (#13951002)
          Well, you could always keep your passport locked in the hotel safe.

          Of course, the supposed terrorist could always check:

          a) Does the individual wear white tennis shoes (black socks and shorts optional)?
          b) Speak in a loud and/or abrasive manner?
          c) Stands to the left on an escalator (or any other cultural misqueue)

          Being an US citizen and traveling abroad quite often to Europe, it's not too hard picking out my compatriots.

          The same can be said for European's in the US. European males -- LOSE THE MAN-CAPRI'S PLEASE! :)
        • RFID Ping == American. American == Target.

          I've yet to hear anyone adequately appease this concern.

          Don't walk around with your passport open?

        • RFID Ping == American.
          American == Target.

          I will do you one better, RFID seaking missile.

          Have a nice damn day.

        • RFID Ping == American.
          American == Target.


          Wouldn't it be easier just to identify the grotesquly overweight pasty white individual in a hawaiian shirt, jean shorts, cowboy hat, and aviation glasses, who is taking an average of 6.3 photographs per second?
  • TFA is inconsistent (Score:5, Informative)

    by Agelmar ( 205181 ) * on Friday November 04, 2005 @11:01AM (#13950488)
    TFA is flawed and inconsistent with its own citations. RFID chips in passports can not be read from a distance of 69 feet. If one reads TFA, it links to a Washington Post blog about RFID tags being read from 69 feet at Defcon. If you actually follow the link [washingtonpost.com] and read the story, however, you see:
    Los Angeles-based Flexilis set the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card -- covering a distance of more than 69 feet. (Active RFID -- the kind being integrated into foreign passports, for example -- differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)
    The author is misrepresenting articles that he cites! wtf?
    • by Goaway ( 82658 )
      What, are you expecting sensible, informed or balanced reporting on RFID to appear on Slashdot?
    • by starrift ( 864840 ) on Friday November 04, 2005 @11:05AM (#13950533)
      The RFIDs in the passports are passive. They were to be active but that was canceled. I think you may be "misrepresenting articles."
    • That may be, but I'm not taking my tinfoil hat off yet.

      We have radio telescopes that can see objects billions of light years away. Folks can build antennas that let them boost the range of their wi-fi reception to a mile on the cheap. I'm sure a motivated wrongdoer can put together a device that can talk to passport RFID chips from a greater distance than intended.
      • We have radio telescopes that can see objects billions of light years away. Folks can build antennas that let them boost the range of their wi-fi reception to a mile on the cheap. I'm sure a motivated wrongdoer can put together a device that can talk to passport RFID chips from a greater distance than intended.

        Motivation can't change the laws of physics. Inverse square law pretty much ensures that if someone is trying to read your passport from across the street, they'll need to point a 6 foot dish at you

      • Picking up the signal from the RFID is not a problem although it is still difficult if you want to do it discretely without a dish reflector. The bigger problem is safely beaming enough energy to the RFID to power it up from a significant distance.
    • TFA is by Mr Cryptology and he doesn't make that kind of stupid mistakes. He quite clearly says they FIXED that and one other problem, but left in a third problem because the people in charge are technically ignorant.
    • by SiliconEntity ( 448450 ) on Friday November 04, 2005 @12:28PM (#13951367)
      Los Angeles-based Flexilis set the world record for transmitting data to and from a "passive" radio frequency identification (RFID) card -- covering a distance of more than 69 feet. (Active RFID -- the kind being integrated into foreign passports, for example -- differs from passive RFID in that it emits its own magnetic signal and can only be detected from a much shorter distance.)

      This article (from the WaPost blog) is confused. Active RFID has a battery attached to the chip. It has MUCH higher power and MUCH higher range. It can be used for tracking animals in the field and similar purposes. You can receive a signal from hundreds of yards away or even more. It's really unlimited depending on how much power you use.

      Passive RFID has no internal power supply. It gets power from the radio signal that is used to query it. These chips have a much lower range. Generally, the power required to query a passive RFID goes as the fourth power of the distance. I can't imagine successfully querying one of these things from 70 feet. That is some pretty impressive antenna technology, either that or they were using a microwave beam so intense that it would be dangerous to get in front of it.

      AFAIK all passports would be passive RFID. Nobody has proposed to put batteries in them, because of battery lifetime issues among other problems.
  • What a surprise. (Score:4, Insightful)

    by iainl ( 136759 ) on Friday November 04, 2005 @11:03AM (#13950509)
    As with the UK's attempts to push through ID cards, the politicians in charge have at best a vague fuzzy idea of what the technology can do, but it sounds funky so let's do it anyway.

    Tiny details like monumental security problems and the things plain not working don't exist in the simplified pitch they get from their lobbyists, so they continue to push it through anyway, on the grounds that it's "Anti-Terror".

    You don't support Terror, do you?
    • You don't support Terror, do you?

      I'm glad you put that at the end of your post to highlight the stupid bumper sticker half-assed arguments that are used to shut critics up and to push through agendas.

      FTFA:It made a mistake designing this behind closed doors. There needs to be some pretty serious quality assurance and testing before deploying this system, and this includes careful security evaluations by independent security experts. Right now the State Department has no intention of doing that; it's alrea

  • So... (Score:5, Insightful)

    by LiquidCoooled ( 634315 ) on Friday November 04, 2005 @11:04AM (#13950523) Homepage Journal
    this magical RFID device needs to be opened manually, looked at, checked, optically scanned and then finally used as RFID to get the digital picture and print from the device?

    This is going to take 3x longer and be prone to more failures surely?
    This is a benefit how?

    Surely a 2d barcode would be better, or just use old tech mag swipe?

    Stupid mofo imbeciles.
    • Re:So... (Score:3, Interesting)

      by avdp ( 22065 ) *
      I don't think the handling speed is, or has ever been a concern. After all, they started taking pictures and finger prints of many passengers coming into the US. Hardly a speedy process.

      The point of the new passports are twofold: raise the bar on forgers (it's always a cat and mouse game) and carry verifiable biometric information. Just to make you really are who you say you are. Of course, how is that going to prevent terrorism is beyond me. But I guess Osama Bin Ladden will have a harder time comi
      • Re:So... (Score:3, Interesting)

        by llefler ( 184847 )
        There is no problem with putting biometric information into a 2d barcode. A PDF417 barcode can hold 1100-1800 characters of data. Datamatrix can hold about 2000 characters. And there is no reason why there couldn't be more than one barcode in the passport. If I remember the sizes correctly, probably 3-4 barcodes per page.

        RFIDs typically hold 2k (or less) data. And there is nothing special about RFID that will stop counterfeiting.

        But hey, if it's good enough for Walmart.... Only terrorists need privacy. A
        • It is harder to duplicate/create a RFID than a 2D barcode which you can print with any laser printer. Not impossible of course. That's what I mean with cat and mouse game. Just like with paper currency - it's just one more watermark, one more embedded silver threat in the paper, one more micro-print. It will thwart the casual forger, but it's only a temporary setback for the hardcore ones. But it doesn't mean that they should just give up and not bother with any of these things.
      • Nah, Usama can just sneak across the US border from Mexico with a forged South American passport, get arrested by the US border patrol, get processed, and then released in the US because he is "persons other than Mexican" and then he can drive to Disney World. Then, while at Disney World, the Border patrol finally figures out that the fingerprints they obtained from the processing are Usama's. You see, persons other than Mexican are not deported immediatly due to costs. Mexicans are bussed back to Mexico
    • This is a benefit how?

      You're right of course, it isn't a benefit at all. In fact I would say that RFID is a poor technology for use in an ID document. You've gotta wonder how the brainstorming session went:

      Boss: We need machine-readable data on this passport. But we only want it to be read by someone actually holding it. Like RFID that only works when you touch it . . .

      Underling: I've got it! RFID with a shield around it.

      Every advantage of RFID is a liability in this application. Almost any kind o

      • Every advantage of RFID is a liability in this application. Almost any kind of contact or optically readable format would be preferable.

        Nonsense. "Optically read" formats can be forged with a printer. Contact-based things like smart cards or mag stripes are subject to mechanical wear and operator error. The RFID option has the advantage of 1) being fairly tamper-proof and difficult to duplicate, and 2) mostly idiot proof in that the customs goon need only wave the open passport under a magic wand.

        • Re:So... (Score:3, Interesting)

          by 87C751 ( 205250 )

          "Optically read" formats can be forged with a printer.

          The format can be, but the data contained can be encrypted/signed, making it difficult to do any more than duplicate an existing barcode. Creating "new" records would be difficult, and given biometric data, duplicating existing ones would be of limited use. Besides, the new plan includes an optical barcode, which carries the key to the encrypted data on the RFID chip.

          Contact-based things like smart cards or mag stripes are subject to mechanical wear

    • my understanding... (Score:5, Interesting)

      by YesIAmAScript ( 886271 ) on Friday November 04, 2005 @11:57AM (#13951055)
      I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.

      From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.

      Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.

      All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.
    • Re:So... (Score:3, Interesting)

      Surely a 2d barcode would be better, or just use old tech mag swipe?

      According to the State Department [state.gov] the chip will contain a complete electronic picture of the passport holder. Neither barcodes (even the 2D variety) nor mag stripes store information at high enough density to make this practical.

      Fortunately, there is some middle ground here: smart cards that require direct electrical contact to read the data. This isn't an instant panacea by any means, but it certainly eliminates a lot of the most o

  • by pintpusher ( 854001 ) on Friday November 04, 2005 @11:04AM (#13950525) Journal
    I only travel by climbing fences and digging tunnels.

  • Tracking (Score:3, Interesting)

    by kevin_conaway ( 585204 ) on Friday November 04, 2005 @11:05AM (#13950543) Homepage
    RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip.

    Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD?
    • The unique ID is tied to the passport. The passport is tied to you. So, it's a step harder to tie the ID to you. One, small, step harder. All it takes is access to one database.
    • The ID is tied to you in that it's your passport, and that ID number will travel anywhere you and your passport go. Any time you're asked to indentify yourself (and that includes not just border crossings, but banks and Internet cafes) and you show your passport, the ID number can be secretly taken and tied to whatever info the person seeing your ID can type in.

      Moreover, even without tying it to your name, it's still a unique number that identifies your passport as being distinct from somebody else's passpo
    • Re:Tracking (Score:2, Interesting)

      by Chrononium ( 925164 )
      No, because if I wanted to track people, but didn't necessarily care about their specific identities, then this flaw would still let me do it. Say that I wanted my buddy and I at the arrival airport to rob someone in first class once they departed the airport. All that I have to do is stand next to the terminal (presumably I would be boarding the plane on coach) and scan all those first class suckers going by. Get all those unique IDs and when we land, we'll just follow one (or two) of the many IDs we colle
    • Just like these tracking cookies from doubleclick.com (and other advertisers) do not contain personally identifiable data. But all it takes is for a personally indifiable transaction to occur WHILE you're holding that passport for that anonymous id to be associated with your name. Use your credit card, or give your name to someone, and now in some database someone knows at 123456789 is Kevin Conaway (if that's really your name) ans where you've been for the last 5 years.

      I am not saying I believe in the co
  • RFID bandwagon? (Score:4, Insightful)

    by phorm ( 591458 ) on Friday November 04, 2005 @11:09AM (#13950575) Journal
    The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches

    I've got to wonder why, in this case, they don't use Magcards instead of RFID. Older technology, yes, but not any more limited for the use given, and a bit more secure as they require contact with the card to read. If they're supposedly going to limit the RFID to magcard limits, why not just use a magcard?
    • Probably because it's not new and cool and hip? Most of us have been conditioned to believe that old technology = bad, new technology = good. RFID = good...
    • Or a smart card, you know, built-in encryption and all...
    • Or how about microchip smart cards? You know, exactly like RFID, but you need to physically connect the contacts to read it? They've existed for over 20 years now, and are pretty darn reliable. They also aren't prone to demagnetizing.

      Why be tagged like a pack of twizzlers at WalMart?
      • Or how about microchip smart cards? You know, exactly like RFID, but you need to physically connect the contacts to read it?

        Smart card contacts need to be aligned with the reader contacts somehow. This is easy with a stiff, thin card, but it's a lot to ask of what amounts to a cardstock booklet. RFID has the advantage of being idiot proof in that the customs goon need only wave the book near a reader. No destined to be ignored warnings of "Do not crease or rumple passport", "insert this way only, this si

    • It sounds like they want to store a picture and probably a fingerprint template.

      A mag-stripe doesn't have enough storage to do this.

      IMHO a contact smart card is a much better idea, but it seems they want to keep the same passport format. Mifare is already deployed embedded in paper tickets so that's a big bonus to them.
    • Mag stripes are very easy to copy. Some number of years ago, a contest was held (at MIT IIRC) to see how quickly a mag stripe on a credit card could be duplicated without the use of a card reader. The winners were able copy a mag stripe in something like 4-seconds. The applied heat with a new mag stripe touching the original. The electrons were excited and jumped to the new stripe. A copy was made.

      Anyone that believes mag stripes provide viable security are simply living in the past. Besides, mag stri
  • by NelsonM ( 906317 ) on Friday November 04, 2005 @11:09AM (#13950576)
    "A demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet."

    Is this anything like the BlueSniper [esato.com]?
  • by digitaldc ( 879047 ) on Friday November 04, 2005 @11:10AM (#13950591)
    "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed."

    Well there has to be better protection for identity theft than having the passport closed all the time. You may not know whether it is open or closed, but it should have some way of notifying you if it is unsecured. How about having the passport just become a single card with some kind of flash memory built in?

    There are many other scenarios where the RFID tags could be exploited, but you will first have to put on your tinfoil hat in order to even conceive of any of these conspiracies.
  • Add another layer... (Score:3, Interesting)

    by asphinx ( 921110 ) on Friday November 04, 2005 @11:11AM (#13950600)
    Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance?
  • by davidwr ( 791652 ) on Friday November 04, 2005 @11:11AM (#13950605) Homepage Journal
    Get or renew your passport now and it should be RFID-free for the next 10 years.
    • davidwr recommends: Get or renew your passport now and it should be RFID-free for the next 10 years.

      That's what I did. But you really can't expect your average slashdotter to get out of their chairs and actually go down to the passport office to do this? They'd much rather sit on their butts and whine.

      Thad
  • From the summary:

    The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches, but a demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet.

    The poster apparently did not carefully RTFA (skipped page 2, is my guess). The 69-foot detection range does not apply to the RFID chips in this case, because of that 'Tin Hat' (the passport is radio-shielded when closed); Schneier was referring to RFID chips in general when he broug
  • by mpapet ( 761907 ) on Friday November 04, 2005 @11:24AM (#13950721) Homepage
    The Benefits:
    For the average bad guy, a contactless module will make much harder to fabricate an identity.

    Ideally, gov'ts have a better idea who is coming and going from a country and in a much more efficient manner.

    For the average person, this doesn't affect them at all.

    For the average dissident, the gov't still going to give them a hard time, so this might be one more way to make life difficult.

    The Bad:
    Bad guys can "collect" information. It's unclear to me what they would do with a unique identifier. They need much more than just the unique identifier. They would need to associate the identifier with (one assumes) the right identity. You don't need to be a bad guy to do that. You can buy most of it from totally legal companies right now. Please explain if I'm missing something here.

    Epensive! Understand that it's not just about a passport that will be at least 10x more expensive to make, but the infrastructure to make it work at least half-way decent is a huge project. I submitted my passport information at my local post office. Now, every agency that can accept passport applications has to be somehow connected to the place where the passport is made. Then how do the airports "know" the passport is authentic? More new infrastructure.

    The gov't collects information.
    Well, they do that already except they buy it from private enterprises. They watch the bad guys. They watch people that they view as threatening. I don't see what changes here. Furthermore, anyone that's been on /. for a little knows how easy collecting personal data can be.

    Am I missing something?
  • Passports (Score:2, Interesting)

    by Mr.Fork ( 633378 )
    As a Canadian fed agent, I emphasise with our US neighbours in their attempts to improve the security on the passports. It's a challenge to make passports secure, even with the best of technology. Canadian passports are one of the most forged in the world, and the safest to use from a suspicion point of view. With over 10% of our population landed immigrants, and a huge multicultural population, we represent one of the most diverse cultures in the world.

    I'm sure they could devise an XYZ technology for the
    • Something is better than nothing.

      Not necessarily. You wouldn't tatoo your ATM PIN on your forehead if you kept forgetting it, would you?

      This is a case of someone coming up with an idea that sounded cool. Silver bullet for citizen identification problems. But when people started pointing out the flaws, rather than looking for a better solution they dug in their heals. Bad guys can read it? oh, we'll make a special cover to block the signal. What about when it's open? oh, we'll encrypt the data. How will var
    • passport security is only a problem because government is stupid, every passport should include a crypto smart card, that way the data loaded has to be digitally signed by the gov't in order to be considered valid including the photo which will show up on screen when swiped. also data exchange and identificaiton would be done with assymetric crypto so you can prove your validity to an untrustworthy entity without compromising yourself.
  • by flutkatastrophe ( 866004 ) on Friday November 04, 2005 @11:25AM (#13950734)
    Edited for accuracy.

    Don't lie to us like that.....not all of us are N00bs
  • by davidwr ( 791652 ) on Friday November 04, 2005 @11:28AM (#13950768) Homepage Journal
    As someone else pointed out, many countries make you show your passport as identification.

    It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.

    Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.

    Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.
  • German passport (Score:4, Interesting)

    by Crouty ( 912387 ) on Friday November 04, 2005 @11:31AM (#13950795)
    Under US pressure and the general terrorism FUD the German government decided to introduce new passport documents with RFID starting from Nov 1st 2005. I got me an old one without RFID that will be valid until 2015 and every day I am more sure I did the right thing.
    • Re:German passport (Score:4, Informative)

      by slavemowgli ( 585321 ) on Friday November 04, 2005 @12:05PM (#13951135) Homepage
      If you want to visit the USA, you just may have to get a new one soon, anyway (considering that they implemented this in order to still be eligible for the visa waiver program) - either that, or apply for a visa, which isn't exactly a wark in the park, either.

      Case in point: I have a friend who lives in Sweden who once needed a visa. Outside of having her photo taken by a photographer certified by the US embassy (a regular photo used for passports etc. wouldn't work), she also had to come to the embassy in Stockholm in person to be interviewed - a six-hour train drive, FWIW, and the fact that they gave her an appointment at 8:30 Monday morning meant that she had to arrive on Sunday already, too (so in addition to the train ride, she also had to pay for a hotel room for one night). The interview itself was pretty much straightforward, from what she told me, but relatively long - more than half an hour. And the security measures were rather tight, too; for example, she had brought a bottle of water, and she actually had to drink that before being allowed to enter. And not just some of it, in order to prove it wasn't poison or whatever they suspected it might be - all of it.

      The whole thing, IMO, was/is extremely idiotic, but considering that she needed the visa, she had to put up with it.

      I'm not sure, but if that's the price you have to pay in order to get a visa, even in a highly developed country like Sweden (or Germany, for that matter), then having an RFID passport almost sounds like the lesser evil - at least you can put that into a leaded box and leave it at home whenever you're not travelling. (When you are, to the USA at least, all bets are off, anyway; you'll be fingerprinted and photographed upon trying to enter, and I wouldn't be surprised if in a few years, they'd conduct random body cavity searches as well. The problem is that pretty much noone here actually cares - after all, it all just happens to foreigners, anyway.)
  • just put a little device under our skin, when we are born, with our all identity details. That would solve all problems!

  • by xlv ( 125699 ) on Friday November 04, 2005 @11:38AM (#13950861)
    Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner.

    If an optical scanner needs to be used to read the encryption key, doesn't that defeat the no-contact advantage of RFID as the passport then needs to be close to the scanner. Why not just use some smart card technology and avoid the radio part altogether?

  • Smartcard? (Score:3, Interesting)

    by frantzdb ( 22281 ) on Friday November 04, 2005 @11:50AM (#13950981) Homepage
    Is there ever a reason the wireless feature of RFID would be needed for passports? Wouldn't smartcards provide all the necessary forgery prevention and data storage without any need for tinfoil hats?
  • by Hugonz ( 20064 ) <[hugonz] [at] [gmail.com]> on Friday November 04, 2005 @12:46PM (#13951516) Homepage
    Although some have derided this as a tinfoil hat for passports, the fact is that it is indeed a fucking tinfoil hat!
  • by mmeister ( 862972 ) on Friday November 04, 2005 @12:49PM (#13951544)
    If the KEY is printed and thus has to be scanned, why don't they just print the information on there too? I mean, they are already planning to require you to put it across an optical scanner, so there must be another, unspoken, reason for using RFID.

    The reasoning behind using RFID Passports seems *VERY* flawed. I am suspect of any agency that is a proponent of such reasoning. I'm sure terrorists and boogyman will be mentioned several times in the explanation as to why we should have this technology.

    Someone is hiding something!!
  • But no one wanted to buy a passport protector, fine foil product when I offered 2 for sale on eBay earlier this year. They obviously don't have the following that Foil Hats for pets do.

    A picture of the Foil'ID Again is at the bottom of this page http://www.angelfire.com/mt/woodmtn/insight.html [angelfire.com]

    Now the US government is trying to improve upon my design by integrating the foil right into the cover of the passport. And I thought government wasn't supposed to interfere in start-up businesses.
  • by Irvu ( 248207 ) on Friday November 04, 2005 @02:15PM (#13952185)
    If they need to scan it optically in order to obtain the info, then why use RFID at all? Seriously, at best the only viable argument for RFID chips is that they might make those lines move a little faster. But noe, for sthe sake of security we have to a) have the passport open, and b) have it scanned by an optical scanner. At which point absolutely nothing is gained by using RFID.

    To review:
    • RFID:
      1. Can be scanned by anyone in a remote fashion (without holders knowledge).
      2. Supposedly this means the end of lines at passport offices.
      3. But, It necessitates countermeasures to ptorect it (tinfoil shield).
      4. Said shield is unlikely to be perfect. If you hold it open in your hand (while waiting in line), open it to check it elsewhere, let it fall open in your bag, etc, it no longer helps.
      5. To protect data said chip is encrypted requiring an optical scan to verify. Optical data is itself imperfect in that it too can be scanned, but now much closer.
    • Old Method:
      1. Data is stored in human or machine readable form on the passport requiring optical scan.
      2. Data cannot be efficiently scanned remotely (i.e. without the holder's knowledge).
      3. But we end up waiting in long lines.


    Am I the only one who is beginning to think that RFID is a problem in search of a different problem. This news today proves conclusively that nothing is gained by using the chips. They open up pointless security holes and provide not one bit of protection.

    What a damned waste.

The perversity of nature is nowhere better demonstrated by the fact that, when exposed to the same atmosphere, bread becomes hard while crackers become soft.

Working...