E-Passport System Test This Week

An anonymous reader writes "ZDNet has a story covering another Homeland Security test of the E-Passport system, a biometric program designed to stop counterfeit identification." From the article: "The passports contain biometric information such as a digital photo, as well as biographic information. The technology being tested promises to read and verify the electronic data when those carrying the e-passports attempt entry into the countries via participating airports. U.S. diplomats, Australian and New Zealand citizens and Singapore Airlines officials are among those who have been issued the e-passports. These people will also undergo normal screening procedures at the international airports."

Great Idea - Already in use in certain areas

[Nerd Systems]

I've had encounters with similar systems to this E-Passport just recently on my honeymoon cruise. My wife and I were each issued a "Sea Pass" card, which didn't have our picture on it, but had our names printed on it, and a magnetic swipe. Whenever we wanted to buy anything on the ship, we would swipe our card and it would identify us and no cash was needed throughout the entire cruise. For shore excursions, we swiped our cards as we left, and it noted that we no longer were on the boat, keeping track of everyone out on shore excursions and what not. On our return, we swiped our cards, it pulled up for the security guard our information as well as a picture, which he was able to verify our identity with, and let us back on the boat. I'm glad for this, as it stops people from trying to steal those cards, as they are useless if your not the same person, and since the data is stored in a central registry, can't be easily falsified, like a current passport could be. I like the idea of an E-Passport, as it can guarantee a person's identity a lot more easily then a traditional passport, which can be forged easily enough these days with all the technology out there, as well as making travel safer in foreign countries, as well as for our own country. I can't wait though for them to implement something such as an RFID tag inside of these, so we can just walk through customs, having it tally up all our items purchased, collecting duties as we walk, and have the whole ordeal be a lot less painless, instead of having to wait in long lines while you get questioned over and over... would be nice to just have the RFID tag identify you as you go through a turnstile, and have that be the end of customs... Either way, this is going to make travel a lot easier and safer...

Re:Great Idea - Already in use in certain areas

[Anonymous Coward]

Yep, and once someone works their way into the database, they'll know who you are and what you've been upto.

Re:Great Idea - Already in use in certain areas

[Anonymous Coward]

John Q. Doe..

Bought 4 steaks
Left the ship at 3AM and came back at 7AM
Has a 4 week cruise package

I'm scared shitless.

Re:Great Idea - Already in use in certain areas

[Stiletto]

I hope you meant:

John Q. Doe
1234 North Oak Lane
Los Angeles, CA
(123)-456-7890

Work contact:
5666 Johnson Industrial Park
Los Angeles, CA
(123)-098-7654

[PHOTO HERE]

Filed credit card 1# 2345 9999 1234 0543 Exp 04/09
Filed credit card 2# 1555 4599 9876 1234 Exp 05/10

Drivers licence number: D520 302216004

Bought 4 steaks
Left the ship at 3AM and came back at 7AM
Has a 4 week cruise package
Teenage daughter is often alone in her room (number 45)

[Click here to charge something to customer's account]

You don't actually thi

Re:Great Idea - Already in use in certain areas

[Andrzej Sawicki]

I'm scared shitless.

I guess so, being the coward that you are...

Mod parent "scary", please!

[Anonymous Coward]

Exactly the reason why I would NOT want this!

Re:Mod parent "scary", please!

[kfg]

I would, but I'm too busy having the shakes and a cold sweat.

In line with current FOTD:

C'est magnifique, mais ce n'est pas une bonne idée.

(And I can't help but wonder how many people here on Slashdot "get" that particular FOTD)

KFG

Re:Mod parent "scary", please!

[zippthorne]

wow. four paragraphs explaining the joke and you forgot to explain the joke. please ruin it for the rest of us.

Did he actually check your picture?

[Anonymous Coward]

http://www.zug.com/pranks/credit/ [zug.com] describes one guy's attempts to get someone (anyone) to actually look at his credit card signature. So when I hear about the "picture and information" that the security guard is supposed to be looking at, I have my reservations, especially when he probaly has to process at least 3/4 of the ship in that day. Did he actually check your picture to see that you were the real owner, or did he just waive you through?

Re:Great Idea - Already in use in certain areas

[jackb_guppy]

1) System is not simular.

2) You described a credit card that the ship owners want you to think it is an ID.

3) Lastly it can tell if you are on or off the ship. Knock you, take your card, toss you overboard, then walk off the ship as you, person walks back on ship with his card and bitches about the readers not working.

eh?

[tuxette]

as well as making travel safer in foreign countries

Since when was it unsafe? Unless of course you're one of those dumbasses who wears bright white sneakers and a fanny (!!) pack when travelling to foreign countries...

Re:Great Idea - Already in use in certain areas

[daliman]

"I can't wait though for them to implement something such as an RFID tag inside of these"

In the New Zealand passports, they already have. At the same time, they doubled the cost and halved the duration of the passport to five years. There was no period for public comment, it was presented as a fait accomplit, as they were concerned that there would be a rush on the non-rfid, cheaper, long duration passports. Well, duh.

The NZ passport data is not encrypted in any way, although they claim the passports

Mark of the Beast?

[dakarius]

"He also forced everyone, small and great, rich and poor, free and slave, to receive a mark on his right hand or on his forehead, so that no one could buy or sell unless he had the mark, which is the name of the beast or the number of his name. This calls for wisdom. If anyone has insight, let him calculate the number of the beast, for it is man's number. His number is 666." - Revelation 13:16-18

Re:Mark of the Beast?

[The Only Druid]

Of course, the number is actually 616 (as determined by later-recovered copies of earlier instances of the text).

Re:Mark of the Beast?

[HTH NE1]

Of course, the number is actually 616 (as determined by later-recovered copies of earlier instances of the text).

Well the people of Michigan cities Holland, Grand Haven, Greenville, Grand Rapids, and Ionia have been living with 616 as their area code for quite some time. (Kalamazoo, Saugatuck, Hastings, Battle Creek, and Sturgis to Lake Michigan to a lesser degree, splitting out to become 269.)

BTW: 6.100.60.6 == IP address of the Beast

Re:Great Idea - Already in use in certain areas

[symbolic]

This is how they sell a new monetary cashless system.

Funny you should mention this - I stopped into gas station not to long ago and they would not accept my cash. I've posted about this before, but this experience just sent shivers up my spine. I will not buy from anyone if they do no accept cash. It is the last bastion of any sense of dignity that we have left. It is the one kind of transaction that cannot be stored, profiled, abused, and otherwise attached to your identity for all eternity.

Re:Great Idea - Already in use in certain areas

[Red Flayer]

"It is the one kind of transaction that cannot be stored, profiled, abused, and otherwise attached to your identity for all eternity."

Not so much as you'd think. I recently had to withdraw over $10k cash for employee holiday bonuses, and had to provide identification so that the bank could let the US Government know

(1) My name, address, and occupation (including full company name and job title)
(2) The fact that I had received over $10k cash
(3) The serial numbers of the bills I received

So, for now

Re:Great Idea - Already in use in certain areas

[Anonymous Coward]

"since the data is stored in a central registry, can't be easily falsified, like a current passport could be."

This statement is contrary to reality. If data is stored in a central registry, it can be easily (and untraceably) falsified by anyone with access to the central registry.

It can also be easily stolen by anyone with access to the central registry. The bigger the system, the more people have access to the central registry. With something like a national passport, a huge number of people get one con

Re:Great Idea - Already in use in certain areas

[NanoGator]

"This statement is contrary to reality. If data is stored in a central registry, it can be easily (and untraceably) falsified by anyone with access to the central registry."

Why would the opposite sort of system be better, then?

Re:Great Idea - Already in use in certain areas

[imipak]

Please, go away and read some Bruce Schneier. He's the one of the authors of the AES crypto suite, the one developed by/for the USG, amongst many other things, and he has some very interesting things to say about post-911 security. Go read some issues of Crypto-Gram - the Jan 2006 issue just came out - and realise how wrong you are. Never mind, well done, now you get it....

Re:Great Idea - Already in use in certain areas

[seifried]

No, Bruce has nothing to do with designing AES (aka Rijndael), that was Joan Daemen and Vincent Rijmen.

Re:Great Idea - Already in use in certain areas

[JimBobJoe]

If it's such a great idea, then why are passport holders *forced* into having one?

Oddly enough, I could see a congressman introducing a bill here in the US making the RFID enabled passport optional.

why passports in the first place?

[fantomas]

bottom line - why passports in the first place? a fundamental discussion of this would help the specific discussion about RFID tags in passports/ biometric data etc. Probably we'd find the same general arguments coming out? - true identity, state monitoring of individuals, notification of individuals convicted of criminal activity passing state borders? might be worth tunnelling down to the basic discussion about the concept and purposes of passports...

Re:why passports in the first place?

[The Conductor]

There does finally seem to be a bit of groping around on this question. California has decided to issue "non-resident" driver licenses, that would be accepted for driving, but not by the feds to get on a plane. The feds forced the issue, by announcing their intended refusal to accept Calif licences at airport security because illegal aliens oculd get them. But Calif doesn't want to certify immigration status for drivers licenses (or all those aliens will be driving around with no license at all, probably

Re:Super idea

[Timesprout]

Less of the sarcasm, we all know nothing is safe from the uber gummybear crackers.

Just in time

[Anonymous Coward]

Yeesh, as a holder of an Australian Passport, it looks like I arrived in the US just in time to avoid being used as a guinea pig in the test, being falsely identified as a terrorist suspect when it malfunctions and being locked away for an undetermined number of years without trial ;P

Someone's got to make the easy jokes.

[Eevee]

Well, if you're Australian, then we already know you're a criminal...

Re:Someone's got to make the easy jokes.

[daliman]

Oh, come on mods, that's a joke! Mod funny!

I'm a New Zealander and I mod the sheep jokes funny :D

A man passing through Australian customs is asked if he has any criminal convictions. He responds "I didn't know it was still a requirement to get in!".

Re:Someone's got to make the easy jokes.

[mattjb0010]

Oh, come on mods, that's a joke! Mod funny!

It's lame, tired, and woefully ignorant. The only humour that can be derived is to laugh at the Americans who continually try the joke (almost certainly ignorant of America's use as a prison by the British).

Re:Someone's got to make the easy jokes.

[daliman]

So are the sheep jokes. *Shrug* Mod overrated or redundant if you think the joke is overused, but troll wasn't really a fair call.

Re:Someone's got to make the easy jokes.

[Eevee]

As somebody had as their sig: Just because it's a joke doesn't mean it's not a troll. It's one of the risks of posting humor here. It's no big deal; I can't remember the last time I had mod points, so it doesn't matter one way or the other how I'm modded.

And speaking of sheep jokes, true story. I was in England a number of years ago to install some computer equipment. One weekend, a bunch of us were doing the tourist bit driving out into the country when we came across a flock of sheep grazing by the side

Re:Someone's got to make the easy jokes.

[daliman]

I give it a couple of days before someone retrofits your true story to make it a joke about New Zealanders :D

Re:Someone's got to make the easy jokes.

[Eevee]

(almost certainly ignorant of America's use as a prison by the British)

Lame and tired, perhaps, but not made in ignorance of the Crown pushing convicts onto the colonies; in spite of laws designed to stop or slow down the transporting being passed by Virginia and Maryland. Yes, we did cover this in school. It's a trade-off: Americans get to make jokes about Prisoners of Mother England and the Austrailians get to drink good beer.

Not quite the American colonies, but if you're a swashbuckler fan you shoul

Re:Someone's got to make the easy jokes.

[1u3hr]

Errol Flynn as a convict

More typecasting -- Flynn was Australian...

But you can keep Mel Gibson. He was born in the US anyway.

Re:Someone's got to make the easy jokes.

[1u3hr]

that's a joke! Mod funny!

If it were original, maybe. But some cunt posts it every fucking time a story about Australia is posted. Thus my distinct lack of appreciation.

Hey, make a Simpsons' reference about how the toilets flush the wrong way! That's sure to get a laugh!

Re:Someone's got to make the easy jokes.

[BrokenHalo]

It might have been funny the first time it was said; now it's just boring. That's what -1: Redundant is for.

oooh

[tuxette]

Remind me to buy lots of Gummi Bears at the Tax-Free Shop ;-)

Re:oooh

[Dachannien]

The passports contain biometric information such as a digital photo,

I don't think they make Gummi Bears the size of your face.

Problem is...

[Tavor]

The biometric chip may be ultra-hard to forge, but the human element attached to it isn't. Remember the T-Mobile hacking incident with celeberties? It wasn't the hardware at fault, but the hardware's human masters. There will be a human making these passports, typing in the name, and writing the info to the chip. If the human is given bad information (Drivers License, Birth Cert, etc,) the information written to the chip will be bad, and voila - system failed: forged info on the chip. Even if the fingerprints and iris scans are correct, the name will be wrong and terror watch lists consist mosty of names and pictures - we all know how reliable that can be.

Re:Problem is...

[tuxette]

It's not just that. All it takes is for someone with a sick sense of humor or otherwise disgruntled employee to fuck with the data. You know, switch thing here and there... and we're all screwed...

Re:Problem is...

[BrokenHalo]

It doesn't even take any particular malice to fuck up the database. Three months ago, my wife applied for, and duly received her Australian passport. Last week, her sister attempted to do the same, and was foiled by the fact that some dyslexic moron had in that short interval managed to scramble the letters of her mother's maiden name on the database and consequently she was regarded as some sort of unperson.

Needless to say, it took a pile of statutory declarations and other depositions to sort the mess out

Stop identification

[bobthemuse]

...a biometric program designed to stop counterfeit identification...

Yeah, we wouldn't want to stop counterfeits, or identify them. As long as we stop counterfeit identification, we can proudly announce to the nation that there are no counterfeit passports.

Re:Dear Americans

[meowsqueak]

Actually, it makes no difference if NZers decide to visit the USA or not. The passport upgrade is (eventually) mandatory for all NZ citizens who want to carry one, because there's no such thing as a separate NZ passport for US entry. So the original poster is correct - we're all paying far, far more for our new passports. Let's hope these new passports operate smoothly and speed up international transitions.

Re:Dear Americans

[Zaatxe]

This is not necessarely true all the time (or for all people): as a spanish citizen who has an "old-model" passport, I would have to either 1) get a visa to enter in the USA or 2) get a new passport, regardless my current one is valid until 2015. Then in my case, I need to get a new passport if I want to have the benefit of the visa waiver agreement between Spain and the USA. By the way, the spanish passport issuing offices have posters saying something like "If you want to go to the USA, you probably need

Re:Dear Americans

[meowsqueak]

Yeah, same in NZ, which is why I said 'eventually' :)

Re:Dear Americans

[Anonymous Coward]

that's OK - it works both ways, we wont require the e-passports, but we are ordering extra anal-probes to handle the um backlog

Re:Dear Americans

[TheDugong]

I DO NOT want to go/come to the USA because of the current regime (not the average septic ;o) ), however, I have still been forced to have one of these passports.

I called up the passport office to ask what would happen if I was in a foreign country and the chip failed, the answer:

"It will not happen".

I called twice, same f%&kin' answer!

I went into some detail about microwaves etc, but the monkette on the end of the phone was as dumb as dog do do, so it was a waste of time.

She did however say that

"...it

Re:Dear Americans

[TheDugong]

Whoops: Monkette: "So, it can get damaged?" Should have read: Me: "So, it can get damaged?"

Re:Dear Americans

[mdwh2]

I DO NOT want to go/come to the USA because of the current regime (not the average septic ;o) ), however, I have still been forced to have one of these passports.

Indeed, here in the UK, biometric passports are being introduced "because they're needed for the US".

As for damaged cards - the UK's planned ID card (which will also be a passport) will even require you to notify the authorities if it is damaged, or you will face up to 51 weeks in prison ( http://www.defy-id.org.uk/bill_guide.htm [defy-id.org.uk] ).

Re:Dear Americans

[HTH NE1]

I called up the passport office to ask what would happen if I was in a foreign country and the chip failed, the answer:

"It will not happen".

If you are barred from leaving your country/entering a foreign country, that statement would be true. How that could be so may be because you ask too many questions about passport security devices.

Perhaps you found out more than you'd intended.

Re:Dear Americans

[Anonymous Coward]

Going from Ireland to the US you currently have to get a retina scan taken and recorded and a finger print done and also recorded. (of course no mention of how long this data will be retained for is given, most likely permanently (or atleast until the next revolution)). On top of that the assholes doing the privacy invasion charge you for the privilege.

Land of the free...

Re:Dear Americans

[sharat_sc]

Well IBM had come up with privacy preserving authentication some time ago. MIT Tech review article [technologyreview.com]

Re:Dear Americans

[alech]

OK, so who modded the parent up? I doubt that a retina scan is taken if you go from Ireland to the US. Let's see, who wrote it? An AC without any source. Oh yes, I am bound to believe this. As someone working in biometrics, I can tell you that retina scans are basically from old Bond movies. Noone really uses them anymore. The AC might have mistaken them with iris scans, which is something completely different and less dangerous (as a normal photo is taken). But still, I doubt that, as the "normal" procedur

Re:Dear Americans

[RMH101]

From recent experience flying into Philly:
1) Entering the US from Europe, you will be fingerprinted from both hands, and have your face photographed with what looks like a logitech webcam at passport control. It's not a retina scan though.
2) Retina identification is used in Europe in place of passports, although it's voluntary. SAS and other airlines operating out of Sweden have a frequent traveller programme where you can register your retinal scan with them once, and then when you fly next time you si

Re:Dear Americans

[ztransform]

Now that's a great idea!

The whole thing of being finger printed and retina scanned by the $%@wipe American government is disgusting. What gives that country the right to index everybody who needs to get a hub connection via the States?

I really don't want to visit the states or even fly via Los Angeles, the international hub airport purely because I do not want to be biometrically scanned, especially by a dangerous nation so willing to give George Bush (the communist) their support.

Interesting the comm

Re:Dear Americans

[routerguy666]

Laff, Bush a communist.

Re:Dear Americans

[Daysaway]

Last time I took an international flight, I had a layover in a foreign country. I did not need to cross customs, security, or anything since I was flying straight out on another international flight.

I am not sure if all airports are the same, but I would imagine so. Just because you fly through a foreign country, does not mean you have to pass through their customs.

Re:Dear Americans

[Anonymous Coward]

In the US you do.

Even if in transit all passengers entering the US must first clear immigration, then pick up their baggage, clear customs before moving on to their transit flight.

Re:Dear Americans

[taniwha]

It's actually worse than this - by requiring NZ to issue e-passports - the US is forcing EVERY NZer who gets a passport to get one whether they are travelling to the US or not - at $150 a pop it's a tax (used to be half that) the US is in essence applying to all of us who want to travel. I know most USAians don't have passports and don't travel much, but the rest of us like to and do it a lot

Re:Dear Americans

[Firethorn]

The USA isn't requiring anyone but itself to issue these new passports. However, it's promised more hassle to travelers without the new passports in the near future. There are a few other countries that have signed on as well. Thus, NZ has reached the conclusion that it's better to issue the new passports, easing a major segment of it's international traveler's transitions.

And cost should drop with time as well.

cost drop??

[Anonymous Coward]

i doubt the price of the passports will ever drop for the traveller.

The increase to $150 (from $80) for the new passports can in no-way be explained by additional manufacturing costs for the passports.

It's just a nasty excuse to get more money out of New Zealanders. The entire travel industry tries to rip you off constantly, this is just one more (official) way they do it.

I can't really see how the tags can speed anything up. They still have to open up your passport as you go through the gates, and have to

Stop counterfeit identification?

[Zarxos]

...a biometric program designed to stop counterfeit identification... I guess we're doing too good of a job identifying those counterfeits right now...

A paranoid fantasy

[Harmonious Botch]

Mag stipes now, RFIDs later. They'll be merged with driver's licences. You'll have to show them to vote ( to preent voter fraud of course ). It's a slippery slope.
I'd like to welcome our new masters, but I'm not sure who they will be. They will surely know who I am though...

Re:A paranoid fantasy

[Vreejack]

I still have my voting card from Miami. It looks like something I could have printed out at home except that it would take effort to make it appear so amateurish. Besides, real live voters seem to be outnumbered by dead ones here.

So US diplomats are the first to use these cards

[Master of Transhuman]

I can't wait for the Ambassador to Iraq being detained as a terrorist suspect on arriving in Washington...

Any day now we'll hear the news.

That will make it clear how good the system is (insert sarcasm tag here)

NZ Passports Lack Encryption

[daliman]

From the Ars Technica article on the same thing - http://arstechnica.com/news.ars/post/20060114-5982 .html [arstechnica.com]

"The Department will also implement Basic Access Control (BAC) to mitigate further any potential threat of skimming or eavesdropping. [...] BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is vi

Re:NZ Passports Lack Encryption

[taniwha]

After the NZ govt announced the new E-passports I had an email exchange with one of the people involved with this process, he indicated:

• data IS encrypted using a printed machine readable key on the passport page
• it wont have an embedded woven shirld in the cover like the US ones do
• the polycarbonate page the chip is embedded in will make the passport much less flexible (I carry mine everywhere and depend on it sitting comfortably in a jacket pocket or occasionally seat pocket of my jeans) - I still worry

Re:NZ Passports Lack Encryption

[daliman]

Interesting; I had an email conversation with someone at the DIA as well. They said they had to refer it to a specialist who would answer my question. The specialist then said that no, they would not have encryption but that they would have shielding in the jacket. Sounds like they've got their stories crossed...

I have 4 point something left on mine, unfortunately...

Re:NZ Passports Lack Encryption

[daliman]

The exact quote from my exchange

Me: is the transmitted information encrypted en route or is it sent in the clear?

DIA: When information is transmitted between the passport and the reader the information is transferred in the clear although physical shielding is employed to minimise the risk of eavesdropping.

Re:NZ Passports Lack Encryption

[taniwha]

I think the contents are encrypted and can't be accessed unless you present the printed key (can't be accessed directly by the trash-can bomb as you walk down the street - so it can't tell what your nationality is, maybe just that you have an e-passport [and maybe as a result that you are a westerner]). But once unlocked the data is transfered in the clear.

So we probably asked slightly different things (as I understand there is a possibility of snooping at the reading station which is supposed to be shiel

What biometric?

[im_dan]

As an Australian citizen I just got one of these a month ago. I don't know what they are talking about biometric data being stored, I did not submit a thumbprint or undergo an Iris scan. It was just a regular passport application with only my name etc, so unless the government already has this information on file which I'm sure they don't. This e-passport is just a normal passport with my information on the chip.

Re:What biometric?

[TheDugong]

You are correct - if you read the documentation that comes with it (RTFM 8O) ), or at least did come with mine. Just mirrors your details incl photo. However, if you have dead chip or the chip contains incorrect data (which you cannot validate yourself) you are going to have to prove that you are not a forger and probably have your trip/holiday f&*ked.

Re:What biometric?

[Alioth]

Your photograph is a biometric. (To nit-pick, we have had biometric passports for decades because they've always contained this particular biometric).

Discussed before - lots of disadvantages

[markdj]

The security of biometrics has been discussed before here. Biometrics are not as safe or as authentic as they sound. There are two easy ways to fool biometric systems:

1. Create a reasonable facsimile of the biometrics that the target reader will accept. There is James Bond movie where he used a glass eye with the correct retina pattern in it.

2. Capture the digital stream of ones and zeroes that corresponds to a particular biometric and find where to plug that into the authentication process to have the i