Slashdot Mirror
American Passports to Have RFID Chips
pr1000 writes "Wired is reporting that the State Department is planned on adding RFID chips to new American passports, starting with diplomat's passports in January. Those worried about the privacy concerns of RFID should take notice, as this rollout could set a precedent."
Bruce Schneier has made some interesting observations on the RFID passport plans. Somehow, I do not see how this could possibly make us "safer".
This new step is another step towards control - remember, that is what this is all about. Bad guys get around the system - the 9/11 guys were all bona-fide visitors. Good guys, which is everyone else, gets tracked and watched.
I'm glad I'm outside the country 8+ months of the year.
Turn your bag into a faraday cage, keep your passport in your bag.
Let me get this straight. Assume I am a bad guy. If I want to find an American overseas - particularly in a country where carrying a passport is mandatory, how am I going to go about it?
To take it one step further, if I am wifi'd into a database somehow, I can even do a few smarts and identify a "better" target (wealthier, public figure etc).
I carry an Australian passport and it will not shock me when "the Clever Country" bends over and does what the Americans do - yet again!
It's funny. Nudist colonies say they have nothing to hide, but now they'll be the only place *to* hide.
Wheel in the sky keeps on turnin'.
The difference is that with current passports, you have to show it, which has to be asked, and which you can refuse, so you have the ability to choose to accept the consequences of not showing your passport. With rfid tags it can be done without you even knowing it, and thus without you agreeing to.
But you get to choose who to show your passport to. Anyone can read RFID information, as long as they can get reasonably close to you.
Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
And those very same security "experts" obviously don't know that there are methods for secure encryption known throughout the world even now? You don't need to be an expert to know that!
And no, I can't see any other explanation. It cannot be the possibility of unallowed reading of the data: That's even easier if the data isn't encrypted at all. And it cannot be the possibility of making forged passports: Having data not encrypted makes this not any harder than having it encrypted with a known encryption.
Even in the worst case scenario, when the decryption key was made public by some other state, the situation couldn't get worse than without any encryption at all. Of course, the USA could just decide not to give the key (or any specification at all) to countries they don't trust. Those countries would then just have to do what they do now: Rely on the non-RFID portion of the passport (which is currently all that is in a passport).
So there is really no excuse to store unencrypted data on the RFID chip.
The Tao of math: The numbers you can count are not the real numbers.
RFID chips can be read from up to 50 feet away. Sure, most readers only work from a few inches, but there is off-the-shelf equipment available for a moderate number of dollars with a much, much greater range.
So, lets assume that the RFID chips in US Passports will be readable from "a long way away". Doesn't matter if it's 10 feet, 20 feet or 50 feet. Lets just say it's more than a few inches.
What does this mean? It means that a bomber with a moderate budget could build a detonator for an explosive device which goes off when it can detect the presence of an RFID chip.
It doesn't need to actually read the chip (lets assume the passport data is encrypted), it just needs to know it's there.
Furthermore, it could count the number of unique RFIDs which are currently in range, and only detonate the explosive when enough of them are seen at the same time.
It could be planted days, weeks or months in advance, and it'd sit there until its batteries ran down waiting for the right moment to go off.
The result is a bomb which only goes off when a sufficiently large density of American citizens is present.
- mark
-----
I tried an internal modem, but it hurt when I walked.
Wrapping a tag in aluminum foil blocks the radio waves and prevents a tag from being identified. -
RFID Hack Could Allow Retail Fraud
Most of the concern seems to be around unauthorized person reading the RFID chip. According to this article blocking RFID chips is very easy to do if you have physical posession of the chip. Just wrap it in tinfoil. It would seem that someone would make a bag/box/pouch that would store your passport and protect it from being read w/o authorization. When you were in an area that required that you show your passport, the airport for example, you would just take the passport out of the bag. Sounds like a $19.95 solution to me.
I guess if you took your passport out at the hotel or some other place like that you could be "vulnerable". Maybe this solution from RSA woul help?
It does seem like the solution here is not to say "no RFIDs in the passports", but actually to ensure that there is a way to easily control when the tag is read. And there seem to be several solutions available.
It is not easier to show, but it is a *lot* harder to hide. That's the point why everyone is making such a fuss around this issue, I think.
Today, you carry some form of ID, be it driver's license in the US, a national ID in Europe or whatever. You are most of the time obliged to show this piece of ID to law enforcement officers if they ask for.
Either the officer authenticates him/herself with his badge, a similar ID item or just the entire appearance along with police equipment and police car. So in 99% of all cases, I know when my ID is checked and by whom and I'm sure it was read by real officers on duty or someone is going to jail for posing as one.
With RFID, none of us can ever know if we were checked, let alone by whom. If that person was really authorized by law and duty to check us, we can only pray for. We want to hide our ID from anyone's eyes who has not identified himself as a lawful officer on duty. With RFID it is hardly possible.
If the regular police cannot or does not perform simple duties in plain sight, with proper uniform, without hiding the officers identity behind something, having the officers armed only with the law and a baton, our society as a whole is in trouble. Riot shields, handcuffs and a low power hand gun may be necessary at times, but cable ties, fully automatic rifles, masks are certainly unacceptable for me. Special units can have them, but regular policemen and -women should not. Hidden and unnoticed checks for unsuspecting passer-bys performed by guess-who are totally out of question.
Law enforcement should not use mobster tactics. Should not be armed like mobsters, should not act like them. This may give criminals and terrorists an advantage, but it is the only way to make sure we can distinguish between officers and mobsters. If we allow the police to act like the mob, guess how long it takes for these two to merge...