Slashdot Mirror
American Passports to Have RFID Chips
pr1000 writes "Wired is reporting that the State Department is planned on adding RFID chips to new American passports, starting with diplomat's passports in January. Those worried about the privacy concerns of RFID should take notice, as this rollout could set a precedent."
Privacy issues aside, this could come in incredibly handy for those travelling abroad and being robbed. Much too often tourists are burgled of all their stuff, including passport, if the passport could be located, so might their other stuff including the thief.
Bruce Schneier has made some interesting observations on the RFID passport plans. Somehow, I do not see how this could possibly make us "safer".
And you thought it was just a Vitamin K shot.
Yeah. this really sucks. Imagine that, putting an RFID chip, a means of uniquely identifying a person, in a passport, a device that is meant to uniquely identify a person.
Bastards!
I don't know the requirements to renew passports, but if the same book is used constantly, that would mean that all the tinfoil hatters would need to get their passports before January... oh wait, that would mean they would have to be subject to the government... nevermind, they're buried out in Montana in a cave with an internet connection, they'll never have to worry about this.
This new step is another step towards control - remember, that is what this is all about. Bad guys get around the system - the 9/11 guys were all bona-fide visitors. Good guys, which is everyone else, gets tracked and watched.
I'm glad I'm outside the country 8+ months of the year.
just what I want...to beable to pin point where the robbers have been taking my credit cards...
As echelon evolves and RFID's go everywhere, soon You'll have to walk around naked if You want privacy.
I don't know this for sure, but wouldn't the RFID just bust out a number as an anti-counterfeit device? I mean, it's not like you're going to be broadcasting your personal information... right?? Are we worried about people replicating the rfid in fake passports? Because if we are, I just see it the same way I see any of the replicable content of the US passport.
What happens when these chips fail? Do you get locked up for tampering with a Federal document, or some crap like that?
Turn your bag into a faraday cage, keep your passport in your bag.
Let me get this straight. Assume I am a bad guy. If I want to find an American overseas - particularly in a country where carrying a passport is mandatory, how am I going to go about it?
To take it one step further, if I am wifi'd into a database somehow, I can even do a few smarts and identify a "better" target (wealthier, public figure etc).
I carry an Australian passport and it will not shock me when "the Clever Country" bends over and does what the Americans do - yet again!
I'm a bit afraid about this, as soon as that mean that everybody bringing passport will be "traceable"... but, why?
The target of a proposed solution usually it is driven by a defined utility: to speed up a procedure or whatever. But in this case, do will really speed up or improve something? What about passport authentication? For sure can not be 100% automated, as soon as RF ID chips can be, at least, cloned (from the sophisticated data retrieval via millitary X-Ray uC inspection or via amateur hacking, or whatever).
Summary: a cop/inspector will be still needed to validate your passport, then, there will no be "bottleneck solving" or whatever other problem was intended to be solved.
This too much control may irritate my civil rights chip... soon here at Europe. Regards.
It's funny. Nudist colonies say they have nothing to hide, but now they'll be the only place *to* hide.
Wheel in the sky keeps on turnin'.
Basically, the real question is what is the purpose of a passport. If it is to track every individual, then this new measure is good. If it is merely a pass to travel, then these new measures definity step on civil liberties. I think the purpose behind things often gets confused, especially when such emotive issues such as safety are involved.
Unity in Diversity
Local tourist sales people will love it. Imagine how good it would be for them if they could get hold a machine that could locate nearby Americna tourists alowing them to approach them first before the hundreds of other "you want cheap watch?" sellers.
When you show your passport at the airport or as means of identification at a bank, for instance, the same privacy issues arise, RFID or not.
Sure, RFID can be read from a distance, but many of us seem sooooo worried about RFID and yet happily keep carrying a mobile phone, willingly pay by card or withdraw money from an ATM, and get in view of security cameras. No tinfoil hat is going to protect against that.
If there are privacy issues, it is because someone decides to abuse the technology, RFID or not.
If you want privacy, pay cash only, stay home, don't use phones, and don't do anything that requires identifying yourself.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
As far as I know, such an RFID does not send out any signals, and cannot be located from a larger distance...
I wonder when they're going to start selling tin foil money belts for world travellers.
People say I'm crazy, I got diamonds on the soles of my shoes...
And those very same security "experts" obviously don't know that there are methods for secure encryption known throughout the world even now? You don't need to be an expert to know that!
And no, I can't see any other explanation. It cannot be the possibility of unallowed reading of the data: That's even easier if the data isn't encrypted at all. And it cannot be the possibility of making forged passports: Having data not encrypted makes this not any harder than having it encrypted with a known encryption.
Even in the worst case scenario, when the decryption key was made public by some other state, the situation couldn't get worse than without any encryption at all. Of course, the USA could just decide not to give the key (or any specification at all) to countries they don't trust. Those countries would then just have to do what they do now: Rely on the non-RFID portion of the passport (which is currently all that is in a passport).
So there is really no excuse to store unencrypted data on the RFID chip.
The Tao of math: The numbers you can count are not the real numbers.
damn....is it just me or are we paving the way for bigtime privacy invasion...RFID in the forehead please...
Sounds like you're just a consumer anyway.
If you're not making any difference in the world, positive or negative, do try to shut up.
It's people like you that let shit like this slide through.
It's not about having something to hide. It's a stupid idea.
Read this article.
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
|
|....o0O0o....<===
|
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
When your clothes have RFID chips and your passport and driving license and you're in an environment where everything else has been chipped, are the scanners going to be able to pick up anything but noise?
This must be so that targets^H^H^H^H^H^H^HAmericans can be identified in a crouded street/bus/station/building.
I jest, but this is really a stupid idea. American citizens are warned regularly to be inconspicuous when overseas.
As US passport authorities are indirectly forcing the rest of the world's governments to include biometrics in their passports (otherwise they will be denied the Visa Waiver Program).
Seems only fair that similar invasions of privacy should be imposed on Americans too. What's good for the goose...
I wonder how long it is before terrorists target US Diplomats with explosives triggered by proximity to one of these RFID tags!
Whew
I just got my US Passport renewed last month.
-- www.globaltics.net
Political discussion for a new world
I'll just microwave my passport like I do with my cash.
Grump
Is it true that more people vote for the winner of American Idol, than vote for the president? -Ali G.
This is bad. What if terrorists start making mines that just wait for an an American passport to walk by.
For terrorists. All they need to do is ping the right frequency in any tourist town.
A pizza of radius z and thickness a has a volume of pi z z a
I know that these chips are supposed to have a range of centimetres, but always? There have been plenty of privacy concerns about the remote interrogation of RFID chips used for profuct identification. Heck, you could probably even make a 'smart' boobytrap, only arms if a US passport is nearby.
If you want a forged current generation passport to convince a police officer in Nairobi, then it isn't so hard. If you want a forged passport to convice an Immigration Officer at JFK or Heathrow, then it had better be pretty genuine.
The issue of access to passport blanks (this has happened) or the ability to get a passport in a false identity through normal channels is more of an issue. Not RFID.
See my journal, I write things there
I'm allowed my opinion, and because it differs from yours doesn't make it bad or wrong.
I'm fed up with having to produce many bits of paper just to prove who I am, I see tech as a method make my life easier. And anything that does that is initially A Good Thing.
I'm sure that if this did become law, that free enterprise will produce a RFID blocker 'jacket' for your passport, so the paranoid (such as yourself) can feel suitably protected.
So you see, in the long run, you have nothing to be scared of my friend.
Together, We Can Make Slashdot Better. I Do NOT Mod ACs. - Check Me Out
So the US government is making it easier for people to target its own citizens. Nice.
welcome our new RFID overlords.
You can CHOOSE to pay by cash, you can CHOOSE to turn off your cell phone. You CANNOT choose who scans for RFID tags and you CANNOT choose not to have a passport (unless, of course, you don't plan on doing any overseas travelling).
HAND.
Well, just one step closer to installing the RFID chips directly into American Subjects (I don't think they can be called citizens anymore.)
So for the tin foil hat crowd, would wrapping the passport in Aluminum Foil stop from being detected, or does it take more than that to defeat RFID chips?
RFID chips can be read from up to 50 feet away. Sure, most readers only work from a few inches, but there is off-the-shelf equipment available for a moderate number of dollars with a much, much greater range.
So, lets assume that the RFID chips in US Passports will be readable from "a long way away". Doesn't matter if it's 10 feet, 20 feet or 50 feet. Lets just say it's more than a few inches.
What does this mean? It means that a bomber with a moderate budget could build a detonator for an explosive device which goes off when it can detect the presence of an RFID chip.
It doesn't need to actually read the chip (lets assume the passport data is encrypted), it just needs to know it's there.
Furthermore, it could count the number of unique RFIDs which are currently in range, and only detonate the explosive when enough of them are seen at the same time.
It could be planted days, weeks or months in advance, and it'd sit there until its batteries ran down waiting for the right moment to go off.
The result is a bomb which only goes off when a sufficiently large density of American citizens is present.
- mark
-----
I tried an internal modem, but it hurt when I walked.
Of course it will be difficult to change the data and create a fake passport, but you could copy the tag from someone else's passport (without their knowledge) and use it in identity theft.
A complication would be that blank RFID tags cannot be obtained with the same serial number (current RFID tags mostly have unique serial numbers that are pre-programmed by the chip manufacturer). I would expect that the serial number is included in the signature calculation.
However, you could still build your own functionally equivalent "RFID tag chip" using off the shelf logic components and program any serial number you like. It would not be as compact as a real RFID tag, but it could be used in situations where the tag would be read without being visible.
If needed RFID passports can be read from seevral meters away we need to fry teh chisp on the actual passport and carry RFID chips spoofing false information.
Thsi will not stop the ordinary passport control at the border or airport but will not help the snooping abuser and even give them false info.
http://www.sciencedaily.com/print.php?url=/release s/2002/10/021015073446.htm
Gait Recognition Technology May Aid Homeland Defense
The characteristics of your walk may not be as distinctive as the swaggering of John Wayne or the sashay of Joan Collins, but your stride may still be unique enough to identify you at a distance -- alone or among a group of people.
Researchers at the Georgia Institute of Technology and elsewhere are developing technologies to recognize a person's walk, or gait. Results indicate these new identification methods hold promise as tools in the war on terrorism and in medical diagnosis.
Gait recognition technology is a biometric method - that is, a unique biological or behavioral identification characteristic, such as a fingerprint or a face. Though still in its infancy, the technology is growing in significance because of federal studies, such as the Georgia Tech projects, funded by the federal Defense Advanced Research Projects Agency (DARPA).
At Georgia Tech, one study is addressing issues of gait recognition by computer vision, and the other is exploring a novel approach -- gait recognition with a radar system similar to those used by police officers to catch speeders.
The ultimate goal is detect, classify and identify humans at distances up to 500 feet away under day or night, all-weather conditions. Such capabilities will enhance the protection of U.S. forces and facilities from terrorist attacks, according to DARPA officials.
"We need technology to find the bad guys at a distance around federal buildings," says Jon Geisheimer, a research engineer at the Georgia Tech Research Institute (GTRI). "That is the original application. And after Sept. 11, we began to see the usefulness of these technologies in airports."
Because gait recognition technology is so new, researchers are assessing the uniqueness of gait and methods by which it can be evaluated.
"We know that we can get some information on gait, but that it is much less diagnostic than faces," says Aaron Bobick, an associate professor of computing and co-director of the computer vision project at Georgia Tech. " Currently, we can't recognize one in 100,000 people. At the moment, gait recognition is not capable of that, but it's getting better so it can act as a filter."
In its early development, gait recognition technology likely will serve as a screening tool in conjunction with other biometric methods.
With two years of experiments and analysis almost complete, researchers on both Georgia Tech projects are hopeful for continued funding to conduct further studies. They must address numerous technical issues and it will be at least five years before the technologies are commercialized, researchers say.
In the project using radar for gait recognition, results from experiments, data analysis and algorithm design are promising, says Geisheimer, who works under the direction of GTRI principal research scientist Gene Greneker, and collaborates with GTRI research engineer Bill Marshall and Georgia State University Professor of Biomechanics Ben Johnson.
Gait recognition by radar focuses on the gait cycle formed by the movements of a person's various body parts move over time.
"The magic goal we're shooting for is accuracy in the high 90 percent range," Geisheimer says. "We're not there yet, but our initial results are encouraging and promising."
Researchers correctly identified 80 to 95 percent of individual subjects, with variances in that range among the three experiment days.
The next step is to build a more powerful radar system and test it in the lab and then the field. In experiments last year, subjects started walking 50 feet away from the radar and then walked within 15 feet of it. But researchers are now building a radar system that can detect people from 500 or more feet.
In the study of gait recognition by computer vision, researchers distinguish their approach from others with a techniqu
Does anyone else smell a business opportunity for Radio-shielded passport sleeves?
Nobody writes jokes in base 13. - DNA
Keep it under your tinfoil hat. That'd do it.
Kidnapping Americans. Sometimes you grab a European and they get all whiney about it. Now you only have to scan for an RFID tag and hey presto you can pick yourself up an American with a lot less hassle.
This reminds me of a comment along similar lines.
When the U.S. mint added the shiny metallic strips to the bills, a friend of mine claimed quite seriously that it was so that it would be possible to "scan your butt" (or wherever you carry your wallet) to see if you were carrying loads of cash. My response at the time was sceptical, especially since the comment came from someone very non-tech, but wonder if it is even technically possible.
If the material is conductive, it should respond/reflect/absorb a specific frequency much like chaff does. Would it be possible to build a cash scanner? And if so ... "where can I get me one?" ;)
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
Hell, it's your country, your politics, your ideals, and your decision; I don't really care - it's mainly a curiosity for me that sociological values can change so rapidly.
I've just obtained a visa for the US, and had to give my fingerprints - I was curiously antagonistic towards this, and again it's nothing more than another incremental step. After thinking about it for a while I realised it's nothing to do with privacy, it's that I mentally associate being fingerprinted with being a criminal.
I felt I'd been judged and summarily convicted of something (what, I don't know, being an alien perhaps). As a reasonably law-abiding citizen (ok, I admit I sometimes exceed the speed limit on a motorway
Simon.
Physicists get Hadrons!
You can get tags with the same serial number.
Maybe today it isn't an off the shelf item, but I'm sure someone with the desire could get some made.
OTS availability is only a minor hoop for someone to jump through.
A very very scary thought occurred to me.
What if some terrorists connected such a transponder to an explosive device?
Imagine placing a bomb in some public place. A bomb that is totally harmless until a certain number of american passports are in close proximity and then BOOOM!
I hope someone in counter-terrorrism has thought of that and found a way to prevent it. If not they should do so ASAP.
oh no.. they're putting identification information in my.. er.. ID..
I don't think we've actually lost anything here.
Wouldn't this help the bad guys quickly identify who in that passing stream of tourists is an american? Why would that be good? Right now, we are not the most popular fish in the sea in some places and putting tags around our neck which electronically identify us to anyone with a scanner doesn't seem very bright. Am I missing something?
Revelation 13 (16-17)
And it causes all, both small and great, rich and poor, free and bond, to receive a mark on their right hand, or in their foreheads, even that not any might buy or sell except those having the mark, or the name of the beast, or the number of its name.
The bible always makes a good reading - not that I am a beliver, or so.
"I'm fed up with having to produce many bits of paper just to prove who I am"
They you should be opposing the 'identity' culture, not supporting it.
These chips will do nothing to make people safer (they'll be no harder to forge than current passports), but will certainly make some people less safe by broadcasting their information to anyone with an RFID reader.
Security at last! Just look at the chances for Terrorists! How about scanning the RFID of someone's passport and placing a bomb connected with a programmed RFID-Reader somewhere. As soon as he walks by... *bang* 100% failsafe, absolut secure.. Oh, the irony...
Exactly.
It's like having the Beware of Pickpocketers boards in London tubes - the moment folks read that, they subconsciously make sure they have their wallets on them. The bad guys look out for this, and so now they know where you have your wallet, making their job easier. And so, the boards had to be removed in the end.
This will just make it easy for the bad guys to spot American tourists, than anything else.
More harm than good.
Now isn't this great news for Terrorists world wide?
RFID-Triggered bombs that will only explode when americans are in close vicinity.
they'll be no harder to forge than current passports
Well... technically by adding one additional measure of protection they do become harder to forge.
You've got to be more positive.
Look at it this way, if you accidently went to Detroit, the cops would still be able to identify your body even if your passport was completely soaked through with your blood.
Get the facts straight. It's not an RFID chip. It's a contactless smart card with a processor and all. It seems that everyone's confusing RFID and smart cards these days, but I'd expect a little better from /.
These new passports could be a terrorists wetdream. Now they will have the ability to easily scan a crowd for their targets and take them out with brutal efficency. Forget everything you've been taught to help you be safe and inconspicious while overseas your passport may be ratting you out.
Have a look at this
7 78 /1/1/
http://www.rfidjournal.com/article/articleview/
Immigration is a fairly tedious process straight after getting off a plane - could this result in a faster process?
I would have thought not unless they can verify your identity from another RFID tag in you or something?
> You CANNOT choose who scans for RFID tags
This would be the main problem, because tracing people with or without RFID is still perfectly possible. What I'm saying is that choice is limited, regardless of RFID - yes, you can switch off your phone, but it won't be of much use then.
Ever travelled abroad with a passport (without RFID)? You better believe that it was registered when you passed the border. RFID doesn't change that.
As for the main problem, '*anyone* being able to scan you' rather than just the government, most likely the main result is getting more spam. 'Welcome back mr Yakamoto', Minority-report style. Otherwise, laws against stalking are already in place.
What bothers me more already happens anyway nowadays. Days after my phone connection was activated, I was called by three different newspapers for a subscription. I doubt that those newspapers found out by themselves, so my private information must have been given to them by the phone company. Where was my choice in that?
We live in a grim world indeed.
Visit http://ringbreak.dnd.utwente.nl/~mrjb/growingbettersoftware to download your free copy of the book
Time for someone to make a metal coated passport travel bag - to prevent getting I.D. in a crowd.
Great for International Identity Theft, and for citizens visiting unfriendly countries for government business - they become walking beaconing targets, with a higher risk of kidnapping and other bad, bad things!
Wrapping a tag in aluminum foil blocks the radio waves and prevents a tag from being identified. -
RFID Hack Could Allow Retail Fraud
Most of the concern seems to be around unauthorized person reading the RFID chip. According to this article blocking RFID chips is very easy to do if you have physical posession of the chip. Just wrap it in tinfoil. It would seem that someone would make a bag/box/pouch that would store your passport and protect it from being read w/o authorization. When you were in an area that required that you show your passport, the airport for example, you would just take the passport out of the bag. Sounds like a $19.95 solution to me.
I guess if you took your passport out at the hotel or some other place like that you could be "vulnerable". Maybe this solution from RSA woul help?
It does seem like the solution here is not to say "no RFIDs in the passports", but actually to ensure that there is a way to easily control when the tag is read. And there seem to be several solutions available.
And how long would it take for that encryption to be cracked or leaked? Remember, the terrorists have links to various governments that we'd theoretically be giving the details on how to read the passports to. Passports last 10 years. Current anti-terrorist stuff is to hide your passport where it isn't easily found, as americans are targeted.
I don't read AC A human right
...he's pitch the known-flawed-but-better-than-nothing security as a scandal and an outrage and demand someone's head on a plate for delivering such an insecure product. Most likely it'll also reflect badly on the security in the real layers.
Whereas in this case, you have some well respected people saying it can't be done, some theorists saying that it can, and most people thinking "Theory bah, it probably wouldn't work in the real world" and journalists barely get a column with "Concerns regarding security level".
Kjella
Live today, because you never know what tomorrow brings
couldn't one just run one's passport over one of those department store anti-theft deactivators (the one that will wipe out your credit card) and be done with it?
Freedomsnet
IANAL
Actually, it's just stupid. A contact-based chip is clearly better for the same purpose.
Is this a case of the tail (RFID Industry) wagging the dog?
Sorry for the "stupid" question in the subject line, but so far I (as an European citizen) was told that the USA is a democratic system. So I guess that the US citizens should be able to express their discomfort about RFID tagging in the upcoming elections. Just a thought of a naive European...
Horrified, I dug out the offending material. It was one of those RFID chips the "Size of a grain of rice", --but in my dream it was more the size of a glass bean. It was also filled with lots of scary techno-bits and pieces whirring and blinking inside. Special effects in dream scapes tend to be a little over the top.
Heil Shrub.
-FL
Hmm,
Well, due to a recent 'outbreak', all US citizens will be required to get 'Vaccinated'.
Please report to your local government processing center for your vaccination and re-education.
Uniforms will be issued to all party members.
Conformity is Freedom.
So, Stop asking questions, citizen.
"Well... technically by adding one additional measure of protection they do become harder to forge."
Why? The whole point of RFID is that you don't need to do anything other than pass the passport near a reader: the RFID data will probably be trusted even if you have a photo of Mickey Mouse in the passport itself.
You could even use an active transmitter (and reciever) that pretends to be a RFID tag. Just because that passive tag can only be read from a few feet doesn't mean that my tag emulator with it's 100 watt transmitter and directional antenna is limited to that range. Even a 9 volt battery would provide more than enough power to such a RFID tag emulator and make it readable at several times the distance of a normal passive tag.
Uhhhmmm look people, I'm all for privacy and the need for oversight on what the government and corps do to infirnge on our privacy.
But, freaking out about RFID's in US passports is freakin inane!
What part of Radio Frequency ID seems so sinister in a Federally issued ID??? Jeeez... if anything it might help US citizens get cleared faster when passing through customs at international bounderies.
Now, if this was a Government mandated RFID tag... sure scream bloody murder. But placing an electronic ID tag onto a VALID FORM OF ID is not something to freak out about. So hey... take a chill pill, turn off the Art Bell and go for a walk or something.
RFID is a reality, let's focus on keeping it both USEFULL and WHERE IT BELONGS. And in my book, a passport or ID card is a perfectly valid place to put one, The only concern here is what type of precautions they'll be implementing to insure against identity theft via RFID-reader toting thieves.
Now lets say that I decide that I don't want to go along with the "broadcast who I am wherever I go" mentality. If I microwave (or otherwise destroy) the RFID capability, and it doesn't broadcast who I am at some checkpoint, is my passport no longer valid? Is there a penalty for doing this, similar to forging or altering an identification card? I've often carried my passport when I go to places where I need to verify my age to avoid having my license scanned and added to some bar's database so they spam me with snail-mail - I've had that happen once. I could have just put a magic marker over the barcode scan on the back of the licenses, but decided that wouldn't look to good if I ever had to display it to the cops. Wonder if this would be a similar issue...
"I will no longer be pushed, filed, stamped, indexed, briefed, debriefed, or numbered. MY LIFE IS MY OWN!"
- The Prisoner, #6
head to the nearest McDonalds. I'm not kidding.
A complication would be that blank RFID tags cannot be obtained with the same serial number (current RFID tags mostly have unique serial numbers that are pre-programmed by the chip manufacturer).
This is unlikely to be a big problem for organised criminals or national governments (and especially not for national governments run by organised criminals).
Since they are going to start tagging sick people in hospitals, you can ID them pretty easy too.. even without a passport.
Oh, and special forces, they have had them for some time now to aid in "extraction". Um perhaps i wasnt supposed to reveal that.. Hmm someone at the door..*click*
---- Booth was a patriot ----
Noy soy norteamericano! Soy ingles!
Thats not what my scanner says, dude, prepare to be mugged!
Beep beep.
While I disagree that the modification of an identity document really affects my civil rights (especially when you look at the info required just to get a passport). I do agree that the argument for process speedup is crap.
I've been across the border several times (Mexico, Canada, Miami International Airport) and the speed of getting across just depends on the agents.
When I cam back from Costa Rica, they didn't even ask for any kind id, just waved me through.
When I drove across the Mexican border last summer, they decided that my car should be taken apart, wasting about 3 hours of my time. (Sombody please explain to me how this seach without a warrant is legal)
----- If communism is a system where the government owns business, what do you call a system where business owns govern
I will probably be modded down for being insufficiently paranoid, but for goodness sake, who cares where I go? There are already dozens of ways to track my every step, from credit cards to cell phones to video cameras to E-Z Pass to employment badges to internet connections. Correlate them all and you have a pretty good picture of how I spend my day. But who cares how I spend my day? Am I really that important that people would go out of their way to trace my behaviour? Sometimes I think we get too hung up on principles and forget about reality.
Let's see...I use my credit card to buy a two-week tour package to Europe. The package includes airline reservations, hotel and restaurant reservations, a seat on a tour bus, and tickets to a couple of London shows. How's an RFID chip going to affect my privacy?
BTW, it's an especially good idea to add the chip to diplomatic passports. Passports can be, and are, counterfeited, so the chip will help to ensure authenticity.
-- Slashdot: When Public Access TV Says "No"
Using even modest encryption such as 40-bit RSA would seriously cut down the number of IDs that an identity thief could profitably steal. Because they don't want to use the strongest encryption available, they make everything plain-text?
And there are stronger forms of encryption that originated outside the US or have already been distributed around the world, so many choices exist that would make things too hard for all but the most skilled and well-equipped ID thieves, without exposing other countries to encryption techniques that they don't already know.
Of course, it is also quite ridiculous that they still have this fear of exporting encryption technology.
---------
There is inferior bacteria on the interior of your posterior.
for women walking funny, they're going to be american. or the word 'fanny' means something completely different in the UK :)
I don't quite see what would be wrong with the government (you know, the ones you vote for; to GOVERN your country and its inhabitants - thus you again) knowing who you are...
You guys are always mumbling about privacy, but what is wrong with this? If you don't want to be 'tracked' (as many of you would put it) by your own government, that means that you do not trust your own government, and then where are you? If you can't trust your government, it has to be not an all to good country to live in... right?
I am a Belgian, we have highly sophisticated and mandatory ID-cards (which we have to have on us at ALL time) and Passports. I dont feel spied upon by my government. I trust my government, because I can VOTE for them (something most Americans don't even bother to do; so much for the 'greatest democracy in the world' - ahum)
Anyway... Stop fudding about privacy. If you can't trust your government, vote to change it, get out of the country, just go to a country in which you CAN trust your government (i.e. Belgium).
BTW, did I ever say that I think Belgium is the best country in the world on ALL terms (and is more democratic and free than for instance the US)
I have said...
null
I can't wait until those wanting to target the tourists that have pockets full of cash are doing so with a pocket RF detector. This is too far, plain and simple a bad idea.
http://www.mample.net
She's American, but she also has dual Irish nationality inherited from her grandmother. She's always said that if she's ever on a plane that gets hijacked, she'll be safe if the terrorists demand to see the passengers' passports as she could just wave her Irish one (after all, everyone loves the Irish). Now all they'll need to do is use a RFID scanner...
"But instead of simply saying "Polo," the 64 Kb chip will say the passport holder's name, address, date and place of birth, and send along a digital photograph."
The info does not come from a database, according to this. It's in the RFID tag, 64KB worth of info!
Jeeze, first it was the clothes, then it was my 12-pack of Bud Light. Are you telling me now that I have to rip the rfid tag out of my Passport and slap it on the back of some dog to remain anonymous in another country? greaaaaat.......
Cliff Claven
K.E.G. Party Chairman
Founding Leader of: Koncerned for Egalitarin Governance
RFID technology has been around for more than 60 years, but has only recently become cheap enough to be adopted widely. E-Z Pass prepay toll systems across the country run on RFIDs, pets and livestock around the world have RFID implants, and businesses such as Wal-Mart plan to use the tags to track their inventory.
examples fro, 60 years ago?
-gabe
I went on my honeymoon to the Caribbean just 4 months ago...glad I got my non RFID passport then. Should be good for 10 years. Of course they could always force me to get a new one I guess.
Really though, I don't see the big deal. They can track me just as easily by scanning it at the airport the way it is now. This way, they can just do it without me waiting in a huge line. Now I can just walk through the metal detector, and it can also check my passport. Once less line to wait in? maybe.
I dont know about how a particular RFID chip will behave but...
"only 13.56 Mhz"
Garage door openers operate at 400+MHz so there should be few transmission problems.
It may be possible to extract the weak signal using a custom receiver and some sort of signal processing technique (a'la TEMPEST).
Especially since it is a single known freq (13.56 Mhz).
Hopefully this would be too expensive/hassle for the T's.
"bombs being controlled by the tags is just kinda silly" - But it is possible!
Seems there will be a market for shielded wallets/cardholders in the very near future.
what i think i do remember hearing is that the chip does not contain your personal data, but a serial number. this is then cross - checked with the airport database. so all you would know, if you scanned for RFID chips was that this person (standing in front of you) is number zzxxyy123456789.
not alot of use
does that make anyone feel better?
Were getting the same thing in the UK starting 2005. I put my passport in the wash the other day so need to get a new one and I wasn't sure what the deal was with biometrics, I vowed not to get one if they already had fingerprint or iris data, I just feel that's totally uncalled for, especially since fingerprint theft could involve cutting off someone's fingers. So far its only going to be facial recognition which I don't really care about - passports already have your picture on them and this is basically just a very very expensive system to do exactly what a human does already. Its already a failure and the money has probably already been spent (the new trend these days is to spend £150M on some new system and then have the company say "erm it doesn't work, sorry, thanks for the money". I got a very big-brother-esq leaflet with my forms that told you exactly how to look for your photo - remember DO NOT smile, DO NOT frown, Look directly into the camera with a neutral expression and think about 9/11 damit! Hopefully they won't be dicks about it, if I go through check-in and the computer says I don't look like myself WTF are they going to do? Look at my photo and say "hmm you look like the photo but the computer says no, im sorry"
The data should be covered by the DPA so if I ever get a passport with a chip i'll be sure to ask for a printout of what's on it. I don't know if these will be RFID chips or not, i'd hope not, it will only be a matter of time before someone's passport is stolen while its still in their pocket.
This comment does not represent the views or opinions of the user.
http://www.intermec.com/eprise/main/Intermec/Conte nt/Products/Products_ShowDetail?Product=RFID2_IP3
And this is a commercially available system.
I want the number of the Beast on my wrist AND on my forehead. Apostate stylin'!
I would add a second RFID tag to my passport. One that I could remove whenever I needed to show my passport to someone with an RFID scanner.
(course, I could be wrong about how all this RFID stuff works)
Read Intel's website. LCOS was to be used for front or rear projection. No flat (i.e. thin) panels here.
I am absolutely shocked that our government came to that point of applying privacy invasive technology to keep track of its citizens. Now we really live in an orwellian surveilance state. Time to write complaints to our senators and congresspeople and hurry and get a passport without RFID. I am seriously considering to emigrate to a truly(!) free country that doesn't violate its citizens rights to privacy with their own tax money against their own will.
You can build an RFID tag that will DOS the system, but you first need to know how RFID works.
The RFID tag is simply a sequence of bits. You can ask about portions of its tag -- "do you start with sequence X". There is no way to communicate with only one tag; if you send a request, all tags in range hear it and send an affirmative signal if they do start with that sequence (and nothing otherwise).
When a reader needs to scan many RFID tags at once, it sends a signal saying 'Whose next bit is a 1?' and 'Whose next bit is a 0?' and counts the chirps for each response. When it gets zero chirps, it knows to stop (there are no tags with that ID). If it gets only one chirp, it has found a unique tag and records it. Otherwise, it recurs down both trees.
If you build a device that always says 'yes' to both questions, the reader will have to recur down both trees 'forever' or give up until you leave range.
This seems to have the desired effect of preventing RFID scans without your knowledge, and it would certainly be handy to be able to turn it off at will.
LincolnQ
Just an idle thought, but does anyone (physicist type's) know what would happen if you can get a farday cage to start superconducting. My theory is a little rusty here, but as a supercondutor expels its internal magnetic field wouldn't you effectively get a box that no EM wave could penetrate (including light)?
There are things we know we don't know and things we don't know we don't know. - Donald Rumsfeld
Just always been curious about this.
---
We spoke for about a half an hour. I don't recall a thing we said. - Colorblind James Experience
I can understand their wanting to be able to read data off the passport automatically, but the ability to have the data read remotely seems a little dangerours of course. Why not line the outside of the passport with something to block the signal. Then you can just open the passport to allow it to be read. I suppose you could do this on your own, but why not have this built in by the government?
THIS SPACE FOR RENT
I don't mind a customs official reading my passport, but I most certainly don't want anyone else reading it. I guess I'll be packing aluminum foil in a few years.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
If you're worried about the RFID tags being detected wherever you go, consider this...
If you put your passport in a static bag, wouldn't it act like a Faraday cage and shield your passport from being detected?
If so, and I haven't tested this (anyone wanna try?), then if you upgrade the RAM in your PC you should be "protected" from these RFID privacy problems.
"Bang there threw."
Oh please.
Bang they're through.
*Sigh* OK. I'm done.
Note that the point about the difficulty of sharing decryption keys that I have made earlier is poingnantly high-lighted in this article - as the TFA says - "Security experts said the U.S. government decided not to encrypt the data because of the risks involved in sharing the method of decryption with other countries.".
Anyway, here is my original take on the subject and I find more reason to stick with it every day!
I agree that contactless smart cards are more secure than plain old RFID systems (PORS). However, given the usage model for a passport, it is highly unlikely to be a design option for passports.
A typical passport must be
a. Writeable and readable by the issuing authority
b. Readable by the passport scanners of ANY country that the holder cares to travel to (assuming universal deployment of this technology which, admittedly, might be a tad unrealistic today). In any case, it must be readable by say, a dozen or so countries.
In a typical contactless smart card solution, you would wave the card in the vicinity of a scanner which
(i) either embeds the required crypto intelligence to talk to the card (issuer entity same as scanner entity)
or
(ii) is connected to a backend-crypto server that acts as a clearing house and mutually authenticates a "Card from Issuer A " and a "Scanner from Entity B" so that they can establish a trust relationship on the basis of which to communicate.
In the case of contactless smart passports, this will require the establishment of a crypto-exchange that allows all member countries' scanners to read passports encrypted by any of the other member countries. Key management, security, key exchange and fault management are horrendously difficult in deployments like this.
The apparent benefit of "contactlessness" in this situation is far outweighed by its complexity of deployment, cost of management and cumbersomeness of use.
Ergo, closing the gap to make a passport based on a contact smart chip is a much simpler, robust and viable solution. All that is required is a reality check that recognises the hype of card-waving for what it is.
You have a rabbit bone in your beard
See that long UID - that's what you get for lurking too long
If you are worried about that someone might collect information on the movements of your passport, there exists an easy solution.
All what you need is a metal plated passport covers! The RFID can be read oly when you allow it.
The greatest possibility I see for this is mischief...
Since the devices are writable, why not just create a small device that writes some small amount of gibberish (pwn3d!) to the RFID tag. Since the tag is cryptographically signed, this will invalidate the tag.
The next time the passport is shown to a duly authorized agent, the invalid passport will cause the unfortunate innocent passport holder to be delayed, interogated, and probably strip searched and given an anal probe.
From the perspective of those that don't like Americans, there's probably nothing better than getting Americans harrassed by their own government (and tying up security resources in the bargain).
Eventually, the government will need to make accomodatations for passports that have been hacked this way. An invalid signature with the scratchpad containing 'pwn3d!' will be recognized as valid but maliciously damaged. It's either that or dedicate continuously increasing resources to harrassing American citizens.
So now the bad guys just copy an RFID, update the picture, put 'pwn3d!' in the scratchpad area and they are cleared. Simple.
So... this provides increased security how?
Can You Say Linux? I Knew That You Could.
You could make a fake RFID tag with a FPGA. Not quite as small as a real RFID chip, but still very easy to conceal.
"Isn't it time you treated yourself to a Lexus, John Anderton?"
Tinfoil can be used for circumvention of mandatory identification standards required by law. A plastic replacement will be put on the market. That will be all, citizen.
Would this make it easier for terrorist to find out you are American? This would make it impossible to hide your passport! Bad move!
but is it illegal to give your passport a tin-foil hat?
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Annoying.
Reading through this thread it would appear that RFID is ripe for the picking for anyone with rudimentary hardware and software skills. There are lots of discussions on RFID theft, tampering, breaking, hacking and phreaking.
If that is true and these little beasties are going to unleashed on us in many forms we are all in for a world of hurt. You will get questioned at Walmart about a faulty tag, your passport will get stollen, there will be a couple of dopplegangers posing as you.
Somebody better come up with a better proposal quick because this is all the warehouse industry is talking about. And now the government wants in on it. You know there will be a Microsoft RFID next year.
Something's always bugged me about the RFID privacy issue, no pun intended. It's just a little piece of silicon, and all the cool benefits are enticing. I understand the privacy concerns, but it led me to think of an analogy: :: RFID:Personal Privacy
Google Desktop:Computer Privacy
So, the Google Desktop is typically defended on Slashdot as simply exposing existing security concerns. RFID is similar, in that it simply makes it easier and faster to do what is already done with barcodes and magstripes. Inventory tracking and market analysis can become instant, as well as identity theft and tracking.
Heck, they'll do three times better!
Introducing Triple-Powered Vitamin KKK!
I'm worried about how to protect oneself from a friggin chip broadcasting a signal that possibly bears an identifying signature that you're carrying an American passport to those who are not friendly to you.
Would it possible to wrap the passport in tinfoil or put it in a metal case to render it invisible?
Or better, can't a simple on/off switch be added to RFID devices? When going through customs you can just turn the little Orewillian nightmare on and leave it off otherwise.
If it were a democracy, we could address it this November 2. Being a republic, we'll have a 2-4 year lag time while we educate ourselves and our representatives on the issue, then press for our representatives to take some sort of action. If they fail to take the actions we (assuming we is a majority or a vocal, organized minority) want, we can find a different candidate, and elect that candidate in his/her stead.
We'll be able to address this issue. But not this November, and probably not next year, either. Our legislative system moves slowly, except when there are smoking piles of rubble on the nightly news.
The cure for cancer is coming: Reovirus
"He has no moustach, but a aggressively black hair and he has a dark skin"
-----
Let's say your brother is walking down the street in NYC and someone with 'aggressively black hair and dark skin' hits him over the head with a pipe.
The police come and question witnesses (your brother is too dazed to remember anything).
The witnesses say, "it was someone with aggressively black hair and dark skin and they whacked him with a pipe".
Now the police, not wanting to offend anyone, decide they should be very careful and just pick people out of the city, at random, to search for a pipe with a bit of your brothers hair and scalp stuck to it. So while a 5 year old asian girl with a pet spider is being searched, the police ignore someone fitting the witnesses description.
Is this how you want them to respond should your brother be whacked on the head with a pipe?
Shouldn't your brother be FREE to walk around without getting whacked on the head with a pipe?
The simplest RFID is the magnetic foil in the "don't steal me" package in stores. It has no information, but just notes that "I'm here" by absorbing some power from the transmitter.
The "smart" RFID with information to send back, receives power from the external interrogator transmitter, turns on, decodes up to 128 bits (privacy) from the incoming signal to determine if it should respond, reads some or all of its memory, and responds as requested. The amount of memory is not limited, so fairly detailed pictures could be there. Units that turn on like a radio receiving signals need a battery. They can potentially transmit longer distances since they contain their own transmitter.
Circuits on the device must protect from too much received power and turn off until the power decreases.
The range is based on the frequency and the size of the receiving and /transmitting coil along with the method of operation. Passive types modulate the received signal by drawing power from it. Larger antennas are needed for longer distances, and that is the reason for the big antennas you walk through next to doors in stores. Units with their own battery can transmit further, but are limited by battery life.
There is obviously a lot more to this, but I just wanted to give a little more information.
Maybe a way to deal with RFID is to take a page from Microsoft's playbook. We should "embrace and extend" RFID.
Embrace it. Cover yourself in so many RFID devices that a scanner simply can't read them all reliably. I have no sense of how many that might be, but it would seem technically difficult to scan several thousand devices all at once. At a nickle per, you're really only talking about a couple hundred bucks even if you have to buy the devices yourself. With stores like Walmart essentially giving them away, you might not even have to do that. Sew them into your jacket or something so that when someone scans you, they're greeted by a cacophony of garbage signals.
Extend it. It won't be long before someone figures out how to either a) make their own RFID devices or b) modify existing ones. And there will be a window of opportunity before Congress makes doing so illegal. If you can make a chip that matches another, you can appear to be someone else. Or to be in two places at once. Or to teleport across a store or a country in a heartbeat.
Now, I certainly wouldn't suggest tampering with a device in a passport, of course, but the possibilities at Walmart are pretty interesting.
Even if you just buy legit devices from existing manufacturers, RFID can and will be used to consumers' benefit. RFID chips could be hidden by investigative journalists in products returned to stores and then used to prove that the store turns around and sells the item as "new" again. Not a big deal for a book, perhaps, but interesting when the item is, say, a car or a mattress or a rump roast.
Oh great, let's all just walk around with targets painted on us if we leave the country. Or better yet get out the ole "F@!# you I'm from the USA!" T-shirts and wear them.
Instead of marking our passports put them on the passports of folks coming into our country. Student visa's, terrorists maybe.
Thanks, Beannie
Mr. Passport, meet Mr. Hammer.
Chip H.
(Someone is sure not to get this -- RFID chips are typically in glass microcapsules, and even if they're not, silicon is sort of brittle)
Read the other comments.
Best thing to happen to me was to lose my passport and get it replaced at an embassy (that was blown up a year later) by an old school one without a bar code. I love it when the INS official has to enter the code in by hand. I'll be sad to give it up in a few years.
The 'terrorists' upon whose actions all of this insane police state nonsense is based were funded and manipulated by both the U.S. and Israel specifically because the psychopaths in power want to stay in power so that they can have all the money, sex and cocaine. Having to work for a living, (or serve in the military), is scary for them, and so it makes more sense to them to trick all the trusting citizens into believing in 'terrorists'.
Anybody who looks at the details clearly will see the manipulation.
Remember the 'terrorist' passport they, 'found' on top of the smoking remains of the WTC?
If that doesn't get your brain ticking, then you are either sleeping or dead, and you richly deserve the hell you are beginning to see rising around you.
-FL
I'm having an interesting time working out the relationship between privacy and RFID-tagging of a document that one is required to produce on demand.
Including (optional) anti-skimming measures and PKI.
Here
Now go and read into it.
Unfortunately, the Wired article has it wrong. They are NOT putting RFID into passports - they are putting contactless smart cards that have built-in processing capabilities.
This doesn't mean that there aren't privacy issues, but they are different and more complex than the RFID ones.
People actually will be less safe. The minimum wage workers will rely on the scan to verify the passport. They will spend less time giving a visual inspection because it has the RFID.
-- To mess up an OS X box, you need to work at it; to mess up your Windows box, you just need to work on it.--
The 'terrorists' upon whose actions all of this insane police state nonsense is based were funded and manipulated by both the U.S. and Israel specifically because the psychopaths in power want to stay in power so that they can have all the money, power, sex and cocaine. Having to work for a living, or serve in the military, is scary for them, and so they choose instead to trick all the trusting citizens into believing in 'terrorists'.
Anybody who looks at the details clearly will see the manipulation.
Remember the 'terrorist' passport they, 'found' on top of the smoking remains of the WTC?
That is just one of a hundred loose threads, and if it doesn't get your brain ticking, then you are either sleeping or dead, and you richly deserve the hell you are seeing rise around you.
"Oooh. But Conspiracies don't exist! It's impossible for a large number of people to keep a secret!"
Yeah? What the heck does that prove? NEWSFLASH: Conspirators do not NEED to keep secrets when the populace has been brainwashed into constantly looking the other way whenever a piece of evidence pops up.
People would rather fight and yell and argue in favor of the psychopathic manipulator rather than deal with the truly awful possibility that they are being raped. This, in fact, is exactly the reason psychopaths are so dangerous. Normal people are hardwired into certain behavioral traits which make them excellent marks for this sort of manipulation.
Any 'terrorist' who uses RFID passports to blow up Americans will be doing so with the consent of the military industrial complex, and your spreading of fear is making those jerks giddy with the joy of a mind-job successfully executed.
I have to live in this world, too, and imbeciles like you are contributing to the misery smart people also have to deal with. Arrogant? Gee, sorry. I'll just quietly go off to a barbed wire camp so you don't have to feel like an idiot.
-FL
Geeks have the Cassandra complex. We know how the potential abuses of RFID technology, along with many other technologies (such as voting machines), greatly outweigh their benefits.
However, most people cannot see this. They do not have the technical competence that we do, and as such they just don't see the dangers as being an issue. Though we try to explain it to them, they can't understand our techno-jargon, and even if they can, they STILL see us as coming across as paranoid nay-sayers...so they just choose to ignore us.
So, RFID tags are coming, as are many other harmful technologies, and everyone will just have to learn about the abuses the hard way.
Every night I pray that humanity will be blessed with intelligence....maybe...someday....
That is not a reasonable tradeoff to me. If you want to make that tradeoff for yourself, fine, but the government forcing everyone else to make that trade-off makes the country a prison for people who want privacy. The nation's founders fought and died specifically for freedom from excessive government searches among other things. You might as well be pissing on their graves by what you say. Thanks to them, saying it is your right, but, it's disgusting to see a stooge unwittingly pissing away what they fought for you to have.
My government carefully watching, screening, and fingerprinting its own citizens is unconscionable.
Wake up! Fingerprints are now required for drivers licenses in California, Colorado, Georgia, Hawaii and Texas. California and Texas are over a fifth of the US population.
Come to the Scotland instead. We have the best beer and the best food in the world. Especially seafood.
It's not just the US that is responsible for this. The United Nations through one of its subgroups, the International Civil Aviation Organization (ICAO), is involved as well.
What happens is that the ICAO releases a non-binding recommendation about the format of passports. For example, they recently released a recommendation that passports should have RFID tags AND biometric identification. Then governments who want to adopt these technologies but fear public outcry can simply say "Our passports are going to follow the technical standards outlined by the ICAO." Sounds much more innocuous than saying "We're putting RFID chips and your facial and retinal scans on your passports." It's a technique called "policy laundering."
With current US passports on a 10 year expiry (wife is American, and that's what hers says) or even Canada's 5-year expiry, it will take a VERY long time to have enough of these out there to be useful for the intended purpose. And that would be after design, testing etc.
I really don't understand what advantage they would have over conventional passports with a biometric identifier (like your picture).
Preview, not Submit...
"In reality, I skipped out a couple of details in that description of what happend. The man in concern was ALSO being racist and offensive to Chinese and Black people, saying london is "full of japs with cameras" and "niggers running the show" that the Mayor should take a stand and deal with it."
I'm American and I thought this prank was pretty damn funny. And well-deserved, even without the extra info re: the guy being a slur-spewing racist.
Come on people, SLN even pointed out that he has plenty of American friends. The target (assuming accurate description) was a dick the size of the Washington Monument. Had that guy showed up in your neck of the woods insulting everything around you, your city, your culture, racial slurs... Face it, on the NY subway this guy would likely have gotten worse. In Alaska or Minnesota they'd have found a way to get him to lick the metal flagpole at night.
Mega-assholes the world over deserve what they get. Doubly so the clueless ones who expect everyone around them to not only soak up their abuse but then actually HELP the nimrod. Think of your most obnoxious abusive user support experience. Imagine they're also insulting you personally. And everyone else in the room. On speakerphone. You'd all be laughing at how the techie gave them bogus advice.
And I have to say that after decades of traveling around the world, the only insulting behavior I've witnessed has been from fellow American travelers. (Disclaimer - I do NOT go to Euro football matches. Drunken fans are the same the world over, best avoided at all costs.)
It may only be 1 in 100 of those of us who travel abroad, but that 1% really screws up things for the other 99% of us.
I do believe RFID will make passports harder to forge. That seems clear enough. But why broadcast your name and address? Why not broadcast something like the passport number? Without looking at the info on the inside, they may be able to track you by number, but not get your name, address, or other personally identifying information without the kind of work that they'd have to do right now to get that information. In addition, countries could store databases of just the passport numbers that they want to watch (or pass thru), without the associate personal data. Everyone not in the database gets the standard interview questions.
This post expresses my opinion, not that of my employer. And yes, IAAL.
Now terrorists can go wardriving for Americans to kidnap and kill.
Yeah, this is a real stroke of genius.
"Hey Abdul, I think I got me the ambassador over there hiding behind an oil drum. Hand me the '47."
In many countries in which I have lived, as a U.S. citizen it is not always in your best interests to broadcast the fact. This technology could give potential adversaries information on who you are, and where you are, making it easier to target Americans, even those who are not acting / dressing like it. Potentially, it could even be used to track you in a crowd, etc., making possible more targeted muggings / robberies / kidnappings.
As long as you don't deviate from your plan, it doesn't.
But what if you want to go to Amsterdam for a little side trip? How about a motorcycle ride through Germany, stopping at little places here and there?
It's not the immediate threat - its the potential for misuse, and governments have shown time and again that they WILL misuse our personal data.
There're still border checks. Every time I use a credit or bank card, my identity and current locatin are recorded. Lots of cameras record my presence as I ride that motorcycle.
Everything can be abused. It is medieval to ban research and technology to prevent abuse. Seems to me the value of securely identifying passports, effectively preventing the use of counterfeit passports -- a real security threat -- outweighs any imagined scenario that involves governments routinely tracking the locations of hundreds of millions of people (not that I'm at all convinced that RFID's provide that capability. Perhaps if I polished my tinfoil hat...)
-- Slashdot: When Public Access TV Says "No"
Is to get off at Euston Square station, then walk 200 metres to Euston station. It's annoying that Euston itself is not on the circle line, I know. Trains to manchester depart every 30 minutes (during normal hours).
They could always just put in chips that have a 6 inch broadcast power... very simple, they don't have to go 25 yards. chances our your current Club card already has them..... Albertsons, costco.. etc.etc. They only contain a Special number they don't carry all your information on them...
informative.
Brazil did until some more touristy areas there got hurt... not sure of the status now.
It seems to me that it will eventually make it easier to forge Passports.
People are lazy and cheap.
The government doesn't want to have to pay a bunch of agents to look at passports and agents don't want to have to look at passports all day long. I predict that with RFID chips embedded in passports, there will just be devices that you wave your passport near and they will check to see its validity. There will be a security guard nearby to jump on anyone that fails the scan, but nobody will be actually looking at the passports.
Along come Mr. Forger. He no longer needs to concentrate on making special paper, holigrams, and the like: all he needs to do is make it look decent and put a good RFID chip inside.
The only problem: where to get some valid RFID numbers. That's easy! Just hang out at the airport for a few hours with an RFID scanning device, brushing against people and scanning their passports. Then take home the numbers and create some RFID tags with them.
This wouldn't work as well if a picture popped up on a security guard's screen so that they can verify the holder of the passport looked like what they had on file, but...people are lazy.
I can even do a few smarts and identify a "better" target (wealthier, public figure etc).
A simple to make but durable effective RF shield pouch for your passportcan be made from an old aluminized mylar balloon. Make a simple pouch with a fold-over top to place the passport inside. The balloons are welded with heat and mass stamped from sheets of mylar. An iron and some paper to prevent sticking is all that is needed to press your new pouch. Airport security is no problem as you would pass it to the officer with your billfold and loose change. The pouch would look like the silver packet sports trading cards come in.
Anytime you don't need the passport, leave it in the pouch. This would prevent drive by ID theft. I think the film X-Ray pouches could also do the job, but I haven't tested them for RF shielding. I don't know if the film X-Ray shield is particles to block just X-rays or a continious film that will also shunt EM fields.. Next time I have one, I'll have to test it.
To test you shield, put a pager in it and send a page. It's working if the pager gets no messages.
The truth shall set you free!
On the other side of the discussion, there is kind of an explicit assumption that people own driver's licenses in the US. While there are numerous other cards one can pull out to establish ID in places one needs them (Second form of ID has been everything from library cards to medical insurance to my National Honor Society membership card for me), when people ask for a photo ID, they generally assume a driver's license and get confused if you pull out any other one. Heck, some of the local restaurants won't accept anything but a driver's license or military ID in such cases. It's similar to the assumption that everyone has a phone number, which leads to some databases indexing people by said number. ^_^ And no, I don't really have a point I'm driving at. I just find it interesting.
This sig has absolutely no significance and serves only to take up screen space and waste the time of the reader.
Does anyone else see diplomats kidnapped en masse in January when they're the ones with RFID passports that can be read from a distance?
Maybe this is a ploy to keep Americans in the country because they can be sniffed out from a distance by terrorists whenever they leave.
my EZPass that lets me pay tolls without stopping is an RFID tag and it came with bag that looks like the shinier sort of anti-static bag in which we get computer peripheral boards & such. I slip the EZPass into the bag and the readers can't see it anymore. How hard would it be for me to sew or glue such a liner into the compartment in my Tom Binh bag where I keep my passport?
Just stick it in the microwave for a few seconds, and TADA, no more working RFID chip. If someone asks just say "RFID? What's that? I have no idea why your little machine doesn't work, guess you are going to have to enter the info by hand. Oh well."
I was in Europe a lot the past year and when people asked where I was from I said San Francisco or Silicon Valley (it helps that I am in Silicon Valley, I guess). Even well meaning Europeans that like Americans are apt to give you a lecture these days on how you are screwing up the rest of the world - not just Iraq but also Kyoto and a host of other issues. Most Europeans know at least a few Californians or New Yorkers and have a favorable impression of them from past experience, and most know that we're not really happy with the federal government right now either. Usually I'd just get a sympathetic nod or maybe a joke or two about the Governator.
Also, I find that colloquialisms are a great ice-breaker. As long as you will take the time to explain them people find them fascinating. Also, if you spend any amount of time with Brits or have even seen an Austin Powers movie you know that British slang puts American slang to shame so you might learn something, too.
"Subtitle B, Sections 3052, 3053:
To be eligible to receive any grant or other type of financial assistance made available under H.R. 10, The 9/11 Recommendations Implementation Act, a State shall participate in the interstate compact regarding sharing of driver license data, known as the `Driver License Agreement', in order to provide electronic access by a State to information contained in the motor vehicle databases of all other States. [Requiring] (1) All data fields printed on drivers' licenses and identification cards issued by the State. (2) Motor vehicle drivers' histories, including motor vehicle violations, suspensions, and points on licenses."
and
"(b) MINIMUM DOCUMENT REQUIREMENTS- To meet the requirements of this section, a State shall include, at a minimum, the following information and features on each driver's license and identification card issued to a person by the State:
(1) The person's full legal name.
(2) The person's date of birth.
(3) The person's gender.
(4) The person's driver license or identification card number.
(5) A photograph of the person.
(6) The person's address of principal residence.
(7) The person's signature.
(8) Physical security features designed to prevent tampering, counterfeiting, or duplication of the document for fraudulent purposes.
(9) A common machine-readable technology, with defined minimum data elements."
Mmmmm, Big Brother is my Friend!
This from the same bill that is seeking to outsource torture:
"Section 3032 - (3) BURDEN OF PROOF- The revision shall also ensure that the burden of proof is on the applicant for withholding or deferral of removal under the Convention to establish by clear and convincing evidence that he or she would be tortured if removed to the proposed country of removal."
yeah, that sounds plausible.
Time to write your congressional reps folks!
http://www.house.gov/writerep/
or hat.
Sincerely,
Pan Tarhei Hosé, PhD.
"Homo sum et cogito ergo odi profanum vulgus et libido."
you fucktards asked for this.
Or,... (hint: business plan idea, and IIII reserve the right to compete with you, even if you go to market before I do..."
This idea is OPEN-SOURCED. I declare that it is NOT to be hijacked by some patent-chasing prick who cares more for a buck than saving a life.
Hopefully, this idea will be used for good things, and therefore, I share it for GNU/GPL/CopyLeft/CreativeCommons-like/friendly implementation.
GO FOR IT!
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
Say I'm taking a whirlwind tour of Europe, visiting a variety of historical sites and countries. Are you saying I'm obligated to learn French, German, Italian, and possibly more? That's a bit unreasonable (though Italian shouldn't be too much of a stretch for someone who already knows Spanish).
Why is it unreasonable? When I was on the train during my whirlwind tour of Europe, I'd learn a few local phrases for my destination. I'd get at least the basics like Yes, No, Please, Thank You and "One beer please" plus whatever else I thought might be necessary.
There're still border checks.
Border checks don't exist within the EU anymore than they exist within the US now. Withdraw a bunch of cash and you can travel around anonymously.
That's also how they'll do the cavity search.
Thanks. You've just demonstrated why the non-American part of the world doesn't like Americans.
Love and kisses,
- mark
-----
I tried an internal modem, but it hurt when I walked.
This is one of those cases where a little "privacy invasion" may in the long run be a good idea. First, I don't have a passport and have no intention of getting one anytime soon so maybe it's just that it doesn't involve me.
Those people I know who have passports do not carry them every day. IF they are going to tavel, they take them out of the top dresser drawer and have them ready. My point in mentioning this is that a passport is only carried when it is needed.
Second, the RFID chip is not easy to forge like a paper document is. The chip probably will only be a serial number that will allow a customs officer to access info in a database. Most of this info will be redundant to the information already in the passport.
I can see how an RFID chip in a passport could be used to smooth access at busy places like airports. Scan the passport and confirm the information and all but waive the frequent flyer through.
Passports must already contain some identifier that can be typed into a terminal by a customs officer which accesses the same kind of DB. So, law enforcement types probably already have the access to the data already.
Being a somewhat frequent flier, anything that can speed up those blessed lines is fine by me.
Since the terrorist attacks of 2001, the Bush administration--specifically, the Department of Homeland Security--has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their nonvisa status.
These future passports, currently being tested, will include an embedded computer chip. This chip will allow the passport to contain much more information than a simple machine-readable character font, and will allow passport officials to quickly and easily read that information. That is a reasonable requirement and a good idea for bringing passport technology into the 21st century.
But the Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that's a very bad thing.
These chips are like smart cards, but they can be read from a distance. A receiving device can "talk" to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.
Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.
Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily--and surreptitiously--pick Americans or nationals of other participating countries out of a crowd.
It is a clear threat to both privacy and personal safety, and quite simply, that is why it is bad idea. Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
Security is always a trade-off. If the benefits of RFID outweighed the risks, then maybe it would be worth it. Certainly, there isn't a significant benefit when people present their passport to a customs official. If that customs official is going to take the passport and bring it near a reader, why can't he go those extra few centimeters that a contact chip--one the reader must actually touch--would require?
The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.
Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can't be done.
Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it.
This article originally appeared in the 4 October 2004 edition of the International Herald Tribune
Bruce Schneier, October 04, 2004.
could this RFID be used as a trigger or homing device? Could an explosive device be triggered if a certain RFID is within range? Or could a small unmanned aircraft with some expolosive payload hover around a city looking for a certain RFID and once it finds it, homes on its target and boom.
[title refers to a Gary Larson cartoon]
You don't appear to realise that an RFID is readable over quite a distance (spec says 30 feet or so, but double that distance has been tested).
Suitably equipped you could pick a US passport carrier out of a crowd - IMO a very unhealthy idea.
A barcode, OK. RFID or similar broadcasting device, not OK.
= Ch =
Insert
...I submitted my paperwork for a passport. Good timing!
> took the chance to be an asshole. And your country is better...how?
And the actions of one man are the fault of his country how?
(If you think that's what the poster was saying about Americans, RTFP.)
Don't. It just gives Americans an international reputation for being liars, which just makes the situation worse.
Most foreigners genuinely like Americans, even while genuinely disliking the US government. Express sympathy for any US government foreign policy blunders in the area, ask them what you can do to help, and listen to the response. People love to be listened to, and love to be agreed with.
It's amazing how far a little politeness and tact will take you. Enough of that from enough people, and some of the international bad opinion of American tourists might well go away. Or, we could convince the rest of the world we're liars, as well as all the other things they already believe.
While it may be virtually a national passtime to take the easy way out that helps in the short term while building up long-term problems, it's no better an idea here than it is anywhere else.
So the correct response is to jettison your civil rights?
I suppose that's one approach - do so much damage to your own freedom and peace of mind that a terrorist would be hard-put to come up with anything worse. Sort of a "scorched earth" approach to defending your freedom, but without anywhere to retreat to.
Really? I thought the government's primary responsibility was to improve the quality of life of its citizens, in all ways - letting you be educated, helping you stay healthy, helping to make you prosperous, and helping to keep you safe.
In particular, since about 99% of the threat to an American inside America is from other Americans, I would hope that the government is spending rather more of its effort protecting me from Americans than from foreigners. Simply put, there's a lot more Americans than anyone else around here.
Are you sure your view on this is an entirely rational assessment of the threat, rather than just a tad skewed or hyperbolic?
A line of luxury leather passport holders lined with rf-absorbent cloth will soon be available. Wallets and handbags will follow.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
When the people who are taking your rights away daily to "fight terrorists" have tons of DOCUMENTED business and personal ties to the very same people who they are supposedly "fighting", then it's time to realize that you're being scammed.
Remember the protection rackets, where mobsters would charge small shop owners for "protection" against fire. Isn't it an amazing coincidence how the shops that burned down always seemed to be those that hadn't paid the "protection" money?
The current war on terror is simply a replacement for the war on drugs and for the war on communism. The military-industrial complex had to find a new boogy man when the communists dropped out of the game.
How else would they keep making the same profits and enjoy the exercise of power, if not in the name of "protecting" you?
Are the 500,000 American troops currently stationed overseas PROTECTING America? How exactly are they doing that from so far away? Wouldn't they be better placed to protect America if they were IN America guarding the coastlines and borders?
Nope. They'd only be well-placed in that case to *actually* protect you, as opposed to "protecting" you.
I wondered this too, but the answer is at the end of the article: it's a form of security through (in this case) domain obscurity: a forger who understands printing is unlikely to also understand RFID chips.
But that won't help much against state-sponsored terrorism, or bribery, or...much at all, really.
And since I'm posting anyway: remember lots of people ask to see the passport for all sorts of reasons (hotels, etc). Presuming that the RFID tag is not on the front page of the passport with your photo etc, you should separately wrap the RFID-bearing page in foil, not the whole document, to prevent surreptitious data-harvesting...
Anyone care to join me? I am researching a way to create a blocker tag for the specific RFID that will be contained in the passports. My proposed device will not allow the data to be released unless the blocker tag is deactivated or removed by the owner. I am looking at designing a simple owner/user contolled system. It could also be something as simple as a specially designed vinyl case that will block the specific frequency. With so many passports and the fact that other counties are being forced into this system, potential sales could astonomical if the end user price is kept at less than $5 each. Think about it the Government could actualyl make me a zillionaires. Looking for a financial partner. More information available on my personal website located at http://members.cscoms.com/~mglatz
http://www.mobilecloak.com/mobilecloak/index.html I don't know much about RFID. But it would appear that this device could help prevent against "drive-by scannings" of one's RFID passport.
An internal system operation returned the error "The operation completed successfully.".
RIAN reports (Russian) that in 2006 Italian passports will have RFIDs too.
Future Wiki -- If you don't think about the future, you cannot have one.
The idea is that the document contains biometric information (photo, fingerprint, hand geometry, iris scan, whatever) that is also cryptographically signed.
In some cases (fingerprint, etc.) this can be validated automatically using detection equipment at the turnstile. In others (photo) it may require manual attention but that will still be a whole lot quicker than it is now.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
"Yes, I *AM* the President of the United States. Would you like to scan me again to confirm that? I *KNOW* that's not the name on my passport -- I'm traveling incognito! OK, thank you. I accept your apology. And may I have your vote in November?"
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
Hotels in MANY countries insist that you leave your passport with them when you stay. I have repeatedly heard people say it is illegal, and stupid to comply, but that doesn't help. The alternative is to either carry fake passport[s] to give the hotels, or else to sleep on the street.
Not much of an alternative, that. Any ideas?
Given the potential for covert surveillance and the almost uncontrolled assault on pricavy that's taking place with "9/11" as excuse, what do you reckon the chances are you get a /short/ range RFID in that passport?
Insert
Ask a friendly Irishman what that means and then you will see what kind of reputation American's have.
:) of being a European. Even had many people in Paris come up and talk to me in French, and received some shocked looks when all I could rattle off in broken French was "j'ne parle pas Francais."
I spend over a year in Ireland and thoroughly enjoyed it. I dressed in my normal clothes (jeans, respectable t-shirt) and was constantly being accused
While I Ireland, I went to a tourist area on the west coast (Dingle) and witnessed both the funniest and saddest display of American ignorance I've ever encountered. An elderly man in his 50s or 60s marched into the tourist shop and bee-lined for the information desk. He cut in line, and once there, demanded the attention of the helpful employee, and whipped out his distinctive dark blue passport. He opened to a blank page and started to insist that the employee stamp his passport. When the employee very politely explained that only customs could stamp it, the man when totally ballistic. Demanding to see supervisors, report the shop to the police, and claim that because he was an "American" that he deserved more. His argument was that at the airport, the man did not stamp it and he wanted the stamp in his passport as a soveigner. I keep hoping that the poor employee would just grab the thing and get a big red VOID stamp and stamp away, but he never did. I left the shop and couldn't stop laughing, but after thinking about it a bit, realized that this could not have been the first place that he attacked. I think the nearest international airport was over 100 miles away in Cork, and in between there must have been at least 10 tourist traps that any tourist would stop at first.
I came away from that encounter realizing why "green pants" are so disrespected.
I am living proof of the Peter Principle