New York Issues RFID-Encoded Drivers Licenses 288
JagsLive passes along the intelligence that New York has become the second state to issue drivers licenses with RFID tags (Washington was the first). The new "enhanced drivers licenses" cost $30 more than the old ones. They can be used instead of a passport for entry into the US by land or sea (not air) from Canada, Mexico, and the Caribbean. Authorities say no personal information will be stored or transmitted by the chip, only an ID number that will be meaningless to anyone but DHS. Citizens of New York who prefer not to carry an identifying RFID chip can still get an old-style license.
optional for how long? (Score:5, Interesting)
remove the chip? (Score:4, Interesting)
What are the legalities of defacing the ID by removing the chip?
Microwave it? (Score:2, Interesting)
What's the consequence of getting the RFID one and just microwaving it?
Hold on.. (Score:5, Interesting)
"Citizens of New York who prefer not to carry an identifying RFID chip can still get an old-style license."
Wait a second here.. the RFID licenses are $30 more expensive than regular licenses, yet the residents have the option to get the cheaper RFID-free license? Who's going to choose to willingly pay more to be tracked more effectively?
Let me guess. The state isn't telling them that they can choose to get the cheaper older style of license? Brilliant!
Aero
You'd be Wrong (Score:5, Interesting)
1. All the talk about "tracking" is nonsense. An RFID anything has a range measured in inches normally. Stuff it in your wallet sandwiched in between more cards and it pretty much won't work.
2. $30 is about right after all is said and done. No one is getting rich making these cards. There's secure printing, personalization, etc.
3. What's the application though? If it is just border crossings, then do border crossings have the infrastructure to process a contactless card?
4. Accidentally leaving the card inside a microwave oven while you are warming coffee would harm the chip, so don't ever do that.
quite useful for upstaters Re:Not by air? (Score:3, Interesting)
You are already being tracked (Score:5, Interesting)
Worrying about the tracking boogeyman is ridiculous.
I'm not sure why you labor under the illusion that your activities aren't tracked now. Most of your activity is in one way or another and then packaged and sold to any willing buyer including Government entities.
Credit Score? Tracking
Medical Records? This is a murky area, but I'm sure the U.S. health insurance co's would love to trade patient health scores. No. HIPPAA didn't outlaw this.
Communication? Done. FISA, Telcos, NSA, Etc.
Debit transations? Tracking.
Other finance tracking? Done. It's called taxes.
There's lots of worthy things to contribute your personal energy to. This isn't one of them.
Re:Meaningless? (Score:3, Interesting)
Because then when the DHS lost their data it would not only include your name and address, but also a meaningless RFID serial number? I don't understand how this increases the threat of DHS stupidity.
Thanks to Bill Clinton and a Republican congress all SS#'s are in our drivers lisences.
Check out the Illegal Immigration Reform and Immigrant Responsibility Act, and the Personal Responsibility and Work Opportunity Reform Act (known as welfare reform) passed in 1996.
The illegal immigration law prohibits the use of state driver's licenses after Oct. 1, 2000 unless they contain Social Security numbers as the unique numeric identifier "that can be read visually or by electronic means." (Section 656(b)) The act requires all driver's licenses to conform to regulations promulgated by the Department of Transportation, which published its proposed regulations on June 17. (Federal Register, vol. 63, no. 116, pp. 33219-33225)
Re:You'd be Wrong (Score:3, Interesting)
An RFID chip Normally has a ranged of Inches
that is limited by the stock reader that is designed to normally work with it
Enter High gain receivers antennas , digital signal processing and a function called integration
with that, the data stream is No longer limited to inches.
With such a setup in minutes , It can read RFID chips very far away even miles away
We must think beyond normal and think about what the military, governments and bad ass terrorists can do.
An RFID reader is a radio transponder is normally very insensitive. However, with a good antenna and a well designed receiver and integrator it can be received very far away.
Re:You are already being tracked (Score:1, Interesting)
All that shows is more proof that the main thing to be learned from history is how little humans learn from history. There are reasons the Bible showed evidence of the ancient fear of being tracked which began the very first day man walked the earth. This ancient fear even prompted the founding fathers to include in the constitution that a census be only "a simple head count", it is hardly one today. During WWII the Germans used records captured from foreign governments and businesses to capture Jews and send them to deathcamps. Governments care only to increase their power and not worry what would happen to the people if they should fall. Corporations only want to turn their information into money. Both are inherently untrustworthy.
The records you mentioned should be terminated with prejudice and the census returned to "a simple head count". The ancient cavemen were in some ways wiser then us, they knew from personal experience that privacy meant to hide their shit, their leftovers, their tracks and to keep their backs covered while keeping themselves out of sight as much as possible. When your being hunted their are only a few options for survival, such as running away, hiding, or turning to face and hopefully discourage, incapacitate or kill your hunter(s). Remove the first two options due to high level fast tracking and only the fight option remains.
Actually he's right -- check out the REAL ID card (Score:3, Interesting)
1. All the talk about "tracking" is nonsense. An RFID anything has a range measured in inches normally. Stuff it in your wallet sandwiched in between more cards and it pretty much won't work.
Until the next technology comes along -- then you can be tracked with all the range they want. But by then it will be too late to argue about it and you would just look like one those "tinfoil hat" types or a "conspiracy kook" if you questioned it. All Americans want to be tracked to help their government fight "terrorism", don't they?
3. What's the application though? If it is just border crossings, then do border crossings have the infrastructure to process a contactless card?
The application is -- you guessed it -- remote tracking. The newest U.S. Passports as of July of this year all have RFID chips in them as well. It's not perfect, but yet another baby step on the way to "total information awareness" on citizens, just like the East Germans had but without all the fancy technology. It's a pilot program, testing the waters regarding citizen resistance, and inching it into general acceptance. There was a huge revolt [slashdot.org] against the REAL ID program, so think of this as a "reboot" of that program.
4. Accidentally leaving the card inside a microwave oven while you are warming coffee would harm the chip, so don't ever do that.
That's right. As soon as they get enough of these things in circulation, you will need them to get on airlines, go in government buildings, or maybe pass "illegal immigrant checkpoints". If your RFID chip was disabled, that might mean that you are an illegal immigrant, or a terrorist, or that you just like standing in long lines and being searched thoroughly.
The REAL ID [cnet.com] program would have gone into effect on May 11 of this year, except that it was such a tremendous threat against the rights of our citizens that many states openly revolted against it. The REAL ID was an "enhanced drivers license" and you would have needed it to get on airplanes or enter government buildings nationwide by now. The Department of Homeland Security had a deadline of May 13 of this year, and yes, they were planning to put an RFID chip in the REAL ID card as well. Google it -- it's everything that you are arguing that this identical program is not, and it was a planned nationwide program before it got derailed.
Re:You'd be Wrong (Score:2, Interesting)
Here's a tip:
The credit card companies WANT their cards to be insecure.
They profit when someone steals your card, since most people don't notice, and thus fail to report it / report it in time. Most people don't remember what/when/what amounts they charged.
The illusion of security makes people less vigilant. When people are less vigilant, you can more easily steal from them and go unnoticed.
I can't find my credit card. Oh well, I'm not liable for fraudulent charges. 3 weeks later I still haven't found it, so I do the responsible thing and report it lost/stolen. They go through my list of charges since the time I estimate I bought it. Did I get pizza that week? I think I did...?
These 3 numbers on the back mean that no one can use my card online or over the phone without actually having my card. What? A lot of places store these numbers anyway, even though the point is to never store them? And a business doesn't even need those numbers to charge my card? Oh well, I only shop at places that don't store it and do require it! No thief would shop at a disreputable place.
Shops aren't allowed to verify my signature anymore? I can't be asked to sign for anything under $20? How convenient!
I signed up for Verified by VISA, yet no site in the world taps into it? One less password to remember!
That seedy looking waitress, who I gave shit to for the past hour, just took my credit card to the back? I'm sure she's trustworthy!
Now with RFID someone can read my card without it ever being out of my sight? I could have a kung-fu death grip on it and it'll still be read? Arthritis: 17. Me: 4!
Japan has this shit built into cellphones? They're always a step ahead! I hope I can at least get a mini copy to go on my keyring!
Re:You'd be Wrong (Score:1, Interesting)
wouldn't a barcode or magstripe accomplish the same thing, AND be MUCH more secure?
At least theoretically, as an RFID chip can do processing, it is possible to implement a challenge-response type system, along the lines of PGP signing. You send a random challenge text, and get back a license number and cyphertext. If the cyphertext checks out against the public key in the database for that license ID, it's a pass. If the private key is stored appropriately (think FPGA), it'll be impossible to clone without an electron microscope. With magstrips/barcodes what-you-see-is-all-there-is, so they're easy to clone. If done right RFIDs are more secure against cloning.
If done right. -- This is a government endeavor, so I expect they're sending the ID in plain-text with no challenge-response. So no, there is no benefit over magstripe/barcode.
Businesses WILL abuse it (Score:4, Interesting)
If the card can be read without my permission, it will be. They try it now, even though it has no RFID. All it takes is cross-referencing the number to be very dangerous.
I "accidentally" damaged the barcode on my licence AND one of two digits of the printed number on the front. And for this exact reason. I will give you one of MANY real-world (actually happened to me) examples why:
I tried to return a shirt to a store s: store m: me
s: We will be glad to offer you an exchange or refund. We need to see your ID.
m: Here is my driver's license to prove I am who I say I am.
s: (looks at license and IMMEDIATELY starts keying my number into the register)
s: Oh, your number is damaged, could you please tell me the missing digits.
m: Sorry, but you need to verify who I am. I didn't give you permission to record my number into a computer.
s: But we have to have it to prove we saw your ID.
m: Um, having the number doesn't really prove anything.
s: But we have to have the number.
m: No you don't- you have to know I am who I say I am, now you know. My name matches the receipt. You do not need to record my DRIVER'S LICENSE number to return a shirt at a retail store.
s: But the license is invalid.
m: No it isn't. You can see the picture. The watermark is intact. My name and address are on the card. It is not expired. I paid money for it. I passed the required tests. I assure you, it is authentic.
s: But what if you get pulled over by the police?
m: Then I will happily tell them the number. If I refused, it would be no different than if I didn't produce my license at all. If I lied (which I would not do), they would know immediately, also.
s: Well, it is our policy, so I can't offer you a refund or exchange without the number.
Get the idea? And what happens when your "ID" is used to get into a club? Or buy alcohol or whatever? They have need to verify my age, not record my identity in some computer that can then be searched, stolen, cross-referenced, whatever. With RFID, the problem is even worse- your info could be recorded into a database without even knowing it. You will have NO control over what is done with the information or how long it is retained.
The only way to protect your privacy is ACTIVELY, it cannot be done by trusting others will do the right thing. Privacy has nothing to do with "if you have nothing to hide" and everything to do with "what MIGHT you lose".