Slashdot Mirror
Tin Foil Passports?
Daedala writes "The debate over contactless chips with biometric information in passports continues. Vendors have been chosen for testing in the U.S. and Australia. Privacy advocates are still arguing about the measure, as are security reporters and bloggers. The specs themselves are interesting, to say the least. The EETimes says that in interoperability tests, the potential chips could be read from 30 feet away. However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.' Don't they know that the whole tinfoil hat thing is supposed to be a joke?"
Have been lining their purses/trenchcoats/whatever with foil for years to avoid those little tag detectors at the door.
I was watching it on TV, you saw this lady open up her purse and could see the tinfoil.. She shoved a waffle iron or some such thing in there and out she went.
I don't need no instructions to know how to rock!!!!
Tinfoil shielding? While that may work, why not just design it to be readable at a shorter range?? I mean, it can't be that hard, can it? Over-engineering strikes again...
Oh, and let me guess... I'm going to have to remove this from my person as well just to pass through the metal detector unmolester, right?
You need a FREE iPod Nano
Of course the first person to steal that data would most likely be labeled a terrorist and be...disappeared.
Buy Steampunk Clothing Online!
The what's wrong with cryptographic signing? Strong cryptography should have been used in passports a long time ago. The principle would be simple enough:
The name, photo and other information is hashed and then signed by the issuing authority. Airport checks are then a matter of verifying the signature. You can't forge a passport without the private key of the issuing country (which I presume they will guard closely), and modifying an existing passport will invalidate the signature.
The only tricky point here is photos: You can't scan the straight photo for the check because of all sorts of tricky alignment and scan quality issues, but that's what a chip might be useful for - it contains a hi res photo, along with the other data and signature. The hi-res photo from the chip is displayed on a terminal for the person checking the documents, along with signature verification.
Yes, you still have to have people checking photos. No, that isn't foolproof. But realistically it is as good as what we have now, with the added bonus that forged, faked, or munged passports will display as invalid due to the signature check. That's pretty damn good, especially when the resulting passport is no more invasive than what we have now.
Jedidiah.
Craft Beer Programming T-shirts
With airport metal detectors, if you ask me. You know most people are gonna forget to remove their *passport* before going through the scanner ... after all, what the hell would be metal in there, and most people are uneasy about letting their passports out of their possession, even just for a trip through the metal detector.
A Minesweeper clone that doesn't suck
It's one thing to get a reader to gather all my personal data, but at what distance can equipment detect the presence of one of these chips? Is the US the only country using them? I don't like the idea of walking around with a US Passport emitting signals to advertise my nationality.
A tin foil wrapper should actually work,
...
as well as a lead foil wrapper. Better
still, save the metallized ziplock bag
that your video card probably came in,
and use it. Dual purpose -- keep RFI
out, as well as moisture. If you have
money to burn, buy a nice gold or silver
cigarette case of the right dimensions.
BTW: I don't think that you would actually
need to drag a chain behind you to stay
at earth ground -- that's what the Faraday
cage does. Old fashioned Faraday cages did
have problems -- they generally use a wire
mesh of some particular size, which doesn't
stop ALL RF signals. That is why all the
"spooks" use walk-in steel safes
However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.'
Well that's just a fantastic idea. Now I don't have to worry about someone surrepticiously snagging my personal data as long as my passport is closed. Of course, my passport isn't actually useful if I can't let someone open it.
RFID is an interesting technology with a lot of potential, but passports are a stupid, stupid application for RFID. There are much better technologies for passports. Magnetic stripes and bar codes both do the same thing RFID does, but only at close range and with the permission of the document's holder. There are some 2D bar code symbologies out there that store more than enough data for this application and which are highly redundant, therefore resistant to dirt, wear, etc. Bar codes can be read very quickly and require no contact, which means less wear on both the documents and the readers.
The main thing that RFID gives you over bar codes is the ability to read them without the document holder's knowledge, and that makes me very suspicious of anyone who insists that we must have RFID in passports, drivers licenses, etc.
There are some rather nice materials on the market that can keep any rfid device from being detected.
The materials vary, from resistive carbon and film laminates (super-cheap, short-lived) to to ferrite-embedded epoxies (very cheap, very hard, brittle, very long-lived) to amorphous magnetic alloys (cheap, stiff, useless-if-bent, very long-lived) to nanocrystalline magnetic metals (expensive, hard, stiff, bendable, very long-lived) to magnetic nanocystalline-embedded plastics (pricey, soft, flexible, not too long-lived).
Similar to materials used to skin the Northrop B-2 bomber, these will prevent most any rf-powered rfid device from operating and being detected and are a bit more discreet than wrapping a passport in foil like a burrito--and more durable.
They can be made to be like wallets, purses, pouches, hard cases, et cetera.
They do work on library books, SAW devices, Wiegand devices, and those Motorola RFID badges.
They also work on a wireless memory device under development--sort of a RFID device with a super-huge (4Mb++++), alterable "serial number" similar to the DalSem 1-wire stuff except that there's zero wires, read/writeable from 3.2+meters.
Here's an even scarier experiment: put your cellphone into your microwave oven. Close door. (No, DON'T TURN IT ON!). Call phone. It rings just fine. Now, considering that the frequency of GSM and microwaves are roughly the same (around 900 Mhz), this lets you wonder: if this frequency gets in that easily, how easily does it get out? Well, obviously, you can stand in front of the nuker just fine, even if it is on, so this is definately odd...
Or maybe, cellphones are just designed to very sensitive, even to very low levels of signal. The nuker (or ziplock bag) could actually be blocking 99% of signal strength, but the phone is sensitive enough to detect the 1% remaining...
I'm guessing that the chips in the passports aren't indestructable(people WILL accidentally put them in washing machines, chrush them, etc.).
Since there's no way a normal person can test whether their passport works or not I'm guessing a lot of people will be stopped at the airport for not having a valid passport even though they believed they had.
How would you feel if you were on your way home for the holidays and they didn't allow you to fly just because of a damaged chip, a problem that didn't exist just a few years earlier? When chips start to fail, people will start complaining.
My mother has one of those electronic passes for the toll highway she takes to work and back. The pass comes with a metallized plastic bag into which the user is supposed to place it when she does not want the toll booth to automatically detect and charge (as in money) the pass.
I am not sure if that device uses RFID, but the basic principle is similar. The tollbooth (or store stocking, security, and possibly checkout systems, or the government's Big Brother-style citizen tracking infrastructure) detects the device at a distance and takes some action upon doing so. For various different reasons, people might want to block detection of these devices, and I'd like to know which blocking schemes work and how well.
Mom did a few experiments with her highway pass. She noticed that the way the tollbooths (both entering and leaving the highway) responded differently when she had the pass in the bag than when there was no pass in the car. So even though putting the pass into the bag did keep it from being used for that particular trip, it did not keep the highway authorities from knowing the bag was there and tracking the user's movements.
I'd really like to see reports of some tests of RFIDs and similar technologies with different shielding schemes. Does a layer of tinfoil work? Two layers? Three layers? etc. (Anything beyond 5 layers starts to get to be difficult). What other schemes work, and how well?
Of course, the DMCA might complicate this, because while I see blocking schemes as a means to protect privacy, others see it as a way to shoplift, and the RFID companies and US government will almost certainly see them as "circumvention."
Maybe somebody in Europe could do some tests...
I found this article in Wired (referenced by most of the first 60 hits in Google), but the article contains exactly what I was thinking: So... anybody know of reliable tests?
--Mark
"It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
Our company has RFID security badges for going through doors. I figured I'd use the opportunity to test if aluminum foil will block the signal.
With no foil, the card will read from 20 cm. With one piece of foil on the back side, it will read from about 1cm. With the foil on the front, it will read, eventually, if you rub it right on the receiver. With foil wrapped completely around, you can't make it read.
I have no doubt that much more sensitive receivers could be built, but the foil does significantly reduce the read range.
Also, keep in mind that a reader has to transmit an RF pulse strong enough to power the chip for a fraction of a second, and the transmitted power is going to obey the inverse cube law. If the chip is shielded and the RF power pulse has to get through that, if you want to read from 20 feet away, you're going to be carrying around (or mounting if you're part of the establishment) a not-insignificantly-sized battery pack, transmitter, and directional antenna in order to get enough power cranked out to power that chip inside its foil wrap.
In fact, it may be so much power that it would be hazardous if someone stepped in front of it near the antenna.
I'm also totally baffled by this RFID craze.
I'll offer two non-mutually exclusive reasons.
First possibility: Someone can make money out of this. We therefore have an incentive for some parties to play up the supposed advantages of this technology.
Second possibility: Some people at "the top" aren't very tech savvy and are easy prey for the former group.
Third possibility: Some people at the top are under constant pressure to be doing something, even if we now have a system that works as well as can reasonably be expected (there comes a point when the resources required to achieve 100% are less than the damage 0.5% that get through). However, if you have to be "doing something" when there is nothing to be done, then you're going to start going backwards.
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
"From the end of world War II well in to the 1970s, the Atomic Energy Commission, the Defense Department, the military services, the CIA and other agencies used prisoners, drug addicts, mental patients, college students, soldiers, even bar patrons, in a vast range of government-run experiments to test the effects of everything from radiation, LSD and nerve gas to intense electric shocks and prolonged 'sensory deprivation.' Some of the human guinea pigs knew what they were getting into; many others did not even know they were being experimented on."
The Cold War Experiments , Budiansky, Goode and Gest,
U.S News and World Report , January 24, 1994
"Suddenly, at the close of 1993, the public was bombarded with "news" about the feeding of radioactive substances to pregnant women and mentally retarded students, about the unethical irradiation of workers, soldiers, medical patients, and prison inmates, and about the government's own internal fears that these experiments had 'a little of the Buchenwald touch.'
I am among those who persistently tried to get national media coverage of this outrageous example of government wrongdoing. To say that the media were reluctant to listen would be an understatement. The fact is that, for more than a decade, documentation was ignored and facts were misreported."
The Radiation Story No One Would Touch,
Geoffrey Sea, Columbia Journalism Review, March / April 1994
"... On December 17, 1963, Deputy Director for Plans Helms wrote a memo to the DDCI, who with the Inspector General and the Executive Director-Comptroller had opposed the covert testing. He noted two aspects of the problem: (1) 'for over a decade the Clandestine Services has had the mission of maintaining a capability for influencing human behavior;' and (2) 'testing arrangements in furtherance of this mission should be as operationally realistic and yet as controllable as possible.' Helms argued that the individuals must be 'unwitting' as this was 'the only realistic method of maintaining the capability, considering the intended operational use of materials to influence human behavior as the operational targets will certainly be unwitting. Should the subjects of the testing not be unwitting, the program would only be 'pro forma' resulting in a 'false sense of accomplishment and readiness.' ' [Memorandum for the Record prepared by the Inspector General, 5/15/63]"
Project MKULTRA, the CIA's Program of Behavior Modification,
Appendix A, XVII. Testing And Use Of Chemical
And Biological Agents By The Intelligence Community,
Joint Hearing before the Select Committee on Intelligence,
U.S. Senate, 95th Congress, 1977
"Scores of new contracts have been let, and scientists, aided by government research on the 'bioeffects' of beamed energy, are searching the electromagnetic and sonic spectrums for wavelengths that can affect human behavior."
Wonder Weapons: The Pentagon's quest for nonlethal arms is amazing. But is it smart?, archived copy
That's the part where grounding comes in: grounding essentially means connecting to a capacitor of infinite capacity (the earth), which is able to always supply you with an equal and opposite field E. The scenario you describe is a very specific one illustrating how you would shield out from one particular intensity (or function wave) of the internal E field. This is more akin to noise cancelation... it is not shielding: in shielding, you can cancel any function wave (even if it is chaotic - e.g. static noise) because of your infinite capacitor.
Again, I believe this proof we are after is based upon a provision, such as "the overall charge of the system" or something of the like. Think of grounding as having a system with infinite capacity.
PS. I will not really discuss the previous points you and I made because I was trying to simplify the situation into layman's terms. We cannot make a proof using "fleeing" charges and what not. The proof is mathematical, and I am suggesting we are missing a crucial requesite that neither of us remembers. The Coax cable thing though, I am positive of, it is without a doubt in my mind a real world application of a Faraday cage. It is also why computers and sensitive electronics need to have a ground plug: so as to avoid data corruption from stray RF fields emenating from the scooter rolling by down your street. Only two plugs (phase and neutral) are not sufficient.