Slashdot Mirror
RFID Drivers' Licenses Debated
meganthom writes "How would you feel about having an RFID chip in your driver's license? Virginia is considering just such a measure, largely because several of the 9/11 hijackers were licensed there. Civil rights advocates are obviously unhappy with this turn of events, and it seems the ACLU has already taken the case. Proponents claim it would help law enforcement determine that you are who you claim to be and would make forgeries less common. The Federal government is also considering uniform 'smart card' standards."
I don't particularily like the Big Brother idea, but I have no qualms about this. You carry your licence so that people know who you are, and this would just provide a better way to verify that information. It would also be a nice way to lower the costs of corporate identification systems. I have a few workstations I manage for students to use at my college in the Physics office. I had gotten some old card readers and just set people's passwords to the raw string of text that their driver's licence would read out. It worked really well to keep them secure and the make it easy for people to log in, and if RFID tags were in our driver's licences it would make keyless entry systems and RFID based computer security systems a lot less expensive to get started with if there was enough secure information on the RFID tag.
Of course there are problems with the fact of how much data would be on there. Could I walk past a pillar in a mall that would read my address and phone number off my licence and sign me up to receive unsolicited calls and mailings? Also, would the data be secure enough if it were to be implemented in a security system? If these concerns were taken care of (well, the security system one less so, probably actually not that feasible, that's just the old hobbiest ticking inside me), then I wouldn't have a problem at all with a more secure and harder to forge driver's licence.
Can you imagine how quickly wallet manufacturers would come out with new wallets that either sandwich your drivers license between two pieces of metal (aluminum foil I guess) or shield the entire wallet? I don't usually get too excited about privacy issues because I don't believe we have any these days. But, it is way too easy to imagine thieves walking around with readers and harvesting drivers licenses numbers and info in crowds. A drivers license often has all you need to get a credit card, especially if your state uses your social security number as your drivers license number (do any states do that anymore?).
http://www.busyweather.com/
You'd think that the possibility for walk by ID theft would stop them from considering this. Either way, RFID tags aren't exactly difficult to counterfiet, and they do nothing more than take another step towards massive civilan survelience.
yeah all this may be great, but who is to say if the police pull you over and they scan it, well it is a computer and it is always right. so when people clone this could it be more "trusted"
I mean they are already proposing chips so you can breeze through airport checkin, but how long before that is cloned and people buzzword("terrorists") can breeze on through...
trusting technology to solve all problems is a problem
Is there some simple (metal?) case that you could slip your RFID-equipped license into that would block snoopers from scanning you until you deliberately removed the license from the case?
Sure it's different - as long as I leave my driver's license in my pocket, no one can read that mag stripe off the back. And, frankly, I don't give my driver's license to anyone who doesn't have the legal authority to compel me to give it to them. Cashiers get to look at it. They don't get to touch. With RFID, anyone and everyone can read my driver's license number (or a number that corresponds to my driver's license number). There have been times in my life when anonymity was important to me; there will be times in the future when it will be also. /frank
And the worms ate into his brain.
Just the other day I went to Beverages and More to buy some booze. The cashier asked me for ID, so I showed him my license inside the clear plastic flap of my wallet. He asked me to take it out, so I did so and handed it to him, not realizing what he was about to do... He swiped it through a mag strip reader! I have no idea what's on the strip, but now BevMo's computers have that information. If my street address is in there, it's probably going to be used to spam me with junk mail. But who knows how slimy they are? They might sell that information to life and health insurance underwriters, or worse. The possibilities are endless.
Anyway, I promptly ran my license through a degausser after that incident. If they start embedding RFID tags, I guess I'll have to take similar measures.
Loading...
200,000 volt stun gun will tune that puppy up.
I took my current DL and bulk erased the mag stripe, then threw it on the concrete and stood on it and twisted my foot, grinding the barcode up so that it is no longer machine readable.
Visually, my DL still functions, it shows my ID correctly, it just can't be read by a machine.
If they want to check it against some DB, they have to call it in the old fashioned way.
"Sir, your DL is damaged, you need to have it replaced" "Gee, imagine that, I guess I better do something about that huh?" and that's that.
Resistance is NOT futile.
You put RFID in licence plates and give it a good range, Police could automatically find stolen cars, ones who's registration is up, even potentially who's driving without insurance.
God spoke to me:
www.geocities.com/James_Sager_PA/love3
God spoke to me.
I understand just fine. Perhaps you dont understand the danger? Unless my RFID card does on the fly two-way communications with pass-key encryption, all someone would need to do is CAPTURE that 200 digit 'unique identifier' and clone it. You can viewed 'remotely' as me if you walk by a scanner. Or worse, knowing my name/address, you could construct a pretty convicing fake ID with your picture on it...
According to numerous polls the majority of the population in the US is against RFIDs to begin with. RFIDs have an inherent and horrifying potential of abuse and this if probably the worst scenario you can imagine. If our government is actually oppressive towards the democratic opinion it would be acting more like a totalitarian government and not like a democratic one. I hope we will not loose any more civil liberties than we have lost already under the current administration.
RFID in drivers licenses means that the license information can be read from a short distance away, say in a turnstile or any other narrow entrance. This would enable someone to determine everyone who attends events, night clubs, etc. Someone with an appropriate RFID receiver could walk through a crowd and record who is present.
While such a system would make life easier and safer for police, it would make anonymity a thing of the past. How long would it be before our current representatives, who are completely gung ho on helping business, would allow businesses to use the RFID to identify customers entering and leaving businesses? The businesses could use the information to run credit checks. Businesses could determine how much money you have to spend the moment you walk in the door.
I don't know about the rest of you, but I think the potential abuses of this technology far outweigh the benefits.
It is a shame that we in the U.S. have reacted to 9/11 the way we have. The world is a dangerous place and it makes sense to put reasonable security procedures in place, but no amount of protection will protect us 100%. There will always be a risk, especially in a free society. Personally, I accept that risk and embrace it. That risk is the price of freedom.
The terrorists that attacked us sought to destroy our way of life and make us afraid. They win each time we accept another limitation on our freedom in the name of security. Don't let them win.
-All that is gold does not glitter - Tolkien
www.ra
This seems a popular theme amongst geeks, the exodus is upon us! Wonder if scientists and engineers in Nazi Germany felt the same way when they fled to America? Will Germany accept a mechatronic engineering student who would be more than willing as contributing as a citizen to a country that is more free?
An Education is the Font of All Liberty
Proponents claim it would help law enforcement determine that you are who you claim to be and would make forgeries less common.
Hogwash. I'm a cop (and a Libertarian, believe it or not) and an RFID chip would not make one, single bit of difference with regards to verifying that someone is who their ID says they are. All an RFID chip would do is verify that the signal given to the RFID reader matches what the reader expects. Given than any signal can be intercepted and copied, that doesn't tell me anything.
Plus, I don't think we need to get any further down this slippery slope of training new police officers to rely on technology! My rookies learn how to talk to people, how to interview people, and how to try and determine whether or not people are being truthful! Good interviewing skills are what find deception, not good technology.
Besides, do you know how many very worn, very damaged driver licenses I get? They're legal, they're vaild and I can still use them to check ID.
THIS law enforcement officer neither NEEDS nor SUPPORTS the use of RFID chips.
Virginia government officials need to keep reading this until they get it:
THE 9/11 HIJACKERS HAD VALID DRIVERS LICENSES.
I'm not sure how "has a known identity" became conflated with "is known to be sane." What the lawmakers are really looking for is an identification card which is linked to a psychological examination.
Oh, I really shouldn't have said that out loud.
Now, you attach 9/11 to it. No matter how disconnected. Fight it, and you clearly support terrorism.
Just my opinion, but I have serious problems about ANY form of identification that doesn't need to be PHYSICALLY viewed/handled...To what end? If it's another layer, and you STILL need to pull out your ID, how does this help? Perhaps as a replacement for the mag strip? I doubt this would be more efficent or accurate... At least with the mag-strip, you can hawk-eye your cards as someone handles them and you can SEE if they swipe it with some type of hand-held reader... It would be kind of hard to do that with RF if they had a scanner in their pocket they never had to remove...
Dont get me wrong, you brought up some interesting points -- but nowhere near close enough to convince that this is or can be a 'good' thing...
Virginia government officials need to keep reading this until they get it:
THE 9/11 HIJACKERS HAD VALID DRIVERS LICENSES.
I agree; RFID licenses won't help.
That said, what do you (and the rest of the "I'm too cool to worry about terrorists" crowd) propose? The same people who are against measures like this are also generally against anything that would have prevented them from getting valid licenses.
I'm genuinely curious. I don't believe for a million years that the Kerry crowd is going to tighten up borders or anything substantive like that after they revoke Patriot Act stuff, so what exactly do they intend to do?
If they can't detect the RFID card, how can they prove you have one?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
On the other hand a smart card would be ok depending on the type of info on it. I don't see anything wrong w/ having a smart card that holds the data no my drivers license so I can insert it in somethign instead of holding it while the casher tries to figure out where the "date" field is to see if I'm ok to buy the beer. My first worry on this front is that the data on the smart card would be too trusted. People would assume that because it is electronic and possibly encrypted it would be more valid than the info on the front of the card. The other worry is that power hungry law makers and law enforcement would want to store more data on the card just because they had the additional space that is much less visible than the printed front. I don't care if my card has digitally stored anything that is on the front or back of the drivers license in human understandable format, but if my drivers license now carries, say, my fingerprint, my mental health, my criminal record, etc, then I would be strictly against it.
I do security
So what? Someone sniffs my wallet and gets #14960315. As long as they put stuff on there like just the DL number (not SSN), someone would need the rest of the DL to be able to make a fake, which would have allowed them to do it before. Or, they'd need access to the DMV database to get info, in which case they could have done it before.
From what I see, as long as they don't list SSN, DOB, address, or other personally identifying information on it, there are no privacy problems. It lets someone see a mostly useless number from a few feet away.
Learn to love Alaska
OK, hypothetical question: let's say that there was a way to make an RFID unreable by random passers-by (ie: you actually had to hand someone your card). One possible way I'm thinking of would be to have a reader that is a slot into which you insert your card. This would prevent some random dude from reading your card using a portable reader in the subway.
Let's also say that all the card stores is an ID number (ie: not your address, birthday etc; all that would have to be securely queried from the Dept of Transportation).
If both of these hypotheticals were in place, would you feel that this was still unreasonable? I'm neither trolling nor starting a flame war, I'm just curious if people object more to the perceived lack of security or the potential abuse of power from "the man".
If you are worried about "the man", please explain why this is worse that a barcode or magnetic stripe (again, assuming the security measures mentioned above).
"Reality is merely an illusion, albeit a very persistent one " -Albert Einstein
How, EXACTLY, would the 9-11 attackers been stopped if they had been issued RFID drivers licenses?
Presumably, the hijackers' licenses would have been read by a computer and then compared to a security watch list. If the hijackers were on the watch list, they would have been flagged and possibly prevented from boarding the plane.
My initial reaction, like many I've read here, was "Virginia ought to be a little more careful about who it gives licenses to." But a moment's reflection made me realize that licenses have a fairly long validity period, and it was likely not until after they obtained their licenses that it became known that these guys might be dangerous.
I'd agree that the RFID idea is pretty dumb. There's no reason that the person at the airport checking ID's can't simply scan the bar code on the front of my license, swipe the mag stripe on the back, or key in the license number.
The only reason I can think of for using RFID technology in a license is so that it can be scanned without my knowledge, and I can't think of a legitimate reason that government agencies or businesses should be allowed to do that.
This is were we call on crackers to crack the system and tell us how...thereby rendering rfid's useless...and suddenly not worth the money.
I know you can crack them, but I want a wizard
-- A cat is no trade for integrity!
Yea, you are right about that.
But I am still amazed at how far "playing dumb" will take you. It's quite cool how much you can do with that tact.
Put an RSA-8192 signature using the 288 bit hash "SHA1|MD5" and PKCS-2 padding on the magnetic stripe. That would both contain the information on the front as well as sign the data as legitimate.
a c4 *file1.datb cc *file2.dat
Only a secure black box (a la nCipher) at the state DMV would contain the private key. The public key would be given out publicly, especially card scanner manufacturers. The FBI or NSA could have a root certificate, and could countersign the public keys of each of the 50 states and other agencies issuing drivers' licenses.
We really need the federal government demanding a particular standard for the mag stripe system. Let the states design the fronts as they please, but at least make them all electronically readable. Don't build a central federal database with the information, as the public haaaaates that. Keep data storage the same, just make it possible to authenticate the data on the cards.
How much data can be stored on a mag stripe? Maybe you could fit a 10k image of the person on the mag stripe for a card reader to display. Like the other data, this would be hashed, identifying the photograph as authentic.
(Operator | in traditional cryptographic notation means "concatenate"; IE, attach the 128 bit MD5 hash to one of sides of the 160 bit SHA-1 hash to make a 288 bit hash function. SSH uses this. The MD5 algorithm has been shown insecure, as this output shows:
$ md5sum file1.dat file2.dat;sha1sum file1.dat file2.dat
a4c0d35c95a63a805915367dcfe6b751 *file1.dat
a4c0d35c95a63a805915367dcfe6b751 *file2.dat
2783c4ff4a3f20d25f2598a8b052b890c37dc
3c35410823ef00b12d020981c1cf8564c0f89
Click me for a site talking about this MD5 collision
SHA1 is also suspect. So combine the two for security. The fact that SHA1 and MD5 use opposite byte orders makes things even more secure.)
Still don't get it?
"We" didn't learn anything from 9/11, but certain people in our government did.
They learned that terror works, so evertime they want some ridiculous law passed (Patriot Act), or some AssHat elected (Bush) they play the "terrrorist card". People get all scared, and give up civil liberties as fast as they can.
We have our priorities all screwed up.
Don't get me wrong 9/11 was bad, I would give my life to have it not happen. The reality is that we lose more people each month to drunk driving.
Terriorist are just another issue, not even in the top ten.
This country needs to grow up and stop being afraid.
Take a wireless base station. Place aluminum foil over it. Doesn't do much, does it?