Slashdot Mirror


Tin Foil Passports?

Daedala writes "The debate over contactless chips with biometric information in passports continues. Vendors have been chosen for testing in the U.S. and Australia. Privacy advocates are still arguing about the measure, as are security reporters and bloggers. The specs themselves are interesting, to say the least. The EETimes says that in interoperability tests, the potential chips could be read from 30 feet away. However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.' Don't they know that the whole tinfoil hat thing is supposed to be a joke?"

10 of 264 comments (clear)

  1. Professional Shoplifters by stratjakt · · Score: 5, Interesting

    Have been lining their purses/trenchcoats/whatever with foil for years to avoid those little tag detectors at the door.

    I was watching it on TV, you saw this lady open up her purse and could see the tinfoil.. She shoved a waffle iron or some such thing in there and out she went.

    --
    I don't need no instructions to know how to rock!!!!
  2. If the issue is forged passports by Coryoth · · Score: 5, Interesting

    The what's wrong with cryptographic signing? Strong cryptography should have been used in passports a long time ago. The principle would be simple enough:

    The name, photo and other information is hashed and then signed by the issuing authority. Airport checks are then a matter of verifying the signature. You can't forge a passport without the private key of the issuing country (which I presume they will guard closely), and modifying an existing passport will invalidate the signature.

    The only tricky point here is photos: You can't scan the straight photo for the check because of all sorts of tricky alignment and scan quality issues, but that's what a chip might be useful for - it contains a hi res photo, along with the other data and signature. The hi-res photo from the chip is displayed on a terminal for the person checking the documents, along with signature verification.

    Yes, you still have to have people checking photos. No, that isn't foolproof. But realistically it is as good as what we have now, with the added bonus that forged, faked, or munged passports will display as invalid due to the signature check. That's pretty damn good, especially when the resulting passport is no more invasive than what we have now.

    Jedidiah.

    1. Re:If the issue is forged passports by Sycraft-fu · · Score: 3, Interesting

      Well it's not normal people that need to know or care, it's the governments, since they issue them. Normal people woldn't even need to know what the new string of letters and numbers meant. It's not about making people feel safe, it's a really good suggestion for making passports very hard to forge. I'm actually kind of supprised it hasn't been suggested before. I mean unless the algorithm in use was broken or something like quantum computers comes out, it'd be unbreakable. You could not modify a passport and produce the correct signature.

    2. Re:If the issue is forged passports by Coryoth · · Score: 3, Interesting

      Really the people don't need to know or understand the crypto. They just need to be told that a lot of very smart people made sure that you can't fake a passport and still have the green "verified" symbol show up when you get checked. You'd be surprised how many people aren't interested in asking "why?", or "really, how?" when told "it works, trust me" as long as the person saying "trust me" is the government.

      And what of all the people who don't trust the governments word? Well the paranoid are exactly the people that will know and understand the crypto, so it's not a problem.

      I think the real issue is that it would actually involve real change, and odds on if they did do it they'd make a complete mess of the crypto used, there would be outcries from those in the know, and everyone else would just blindly assume it worked perfectly.

      Jedidiah.

  3. That would be a major PITA by Hanji · · Score: 3, Interesting

    With airport metal detectors, if you ask me. You know most people are gonna forget to remove their *passport* before going through the scanner ... after all, what the hell would be metal in there, and most people are uneasy about letting their passports out of their possession, even just for a trip through the metal detector.

    --
    A Minesweeper clone that doesn't suck
  4. Bzzt. American over here! by bluntyetsharpe · · Score: 5, Interesting

    It's one thing to get a reader to gather all my personal data, but at what distance can equipment detect the presence of one of these chips? Is the US the only country using them? I don't like the idea of walking around with a US Passport emitting signals to advertise my nationality.

  5. Re:Not actually based on a joke. by quarkscat · · Score: 4, Interesting

    A tin foil wrapper should actually work,
    as well as a lead foil wrapper. Better
    still, save the metallized ziplock bag
    that your video card probably came in,
    and use it. Dual purpose -- keep RFI
    out, as well as moisture. If you have
    money to burn, buy a nice gold or silver
    cigarette case of the right dimensions.

    BTW: I don't think that you would actually
    need to drag a chain behind you to stay
    at earth ground -- that's what the Faraday
    cage does. Old fashioned Faraday cages did
    have problems -- they generally use a wire
    mesh of some particular size, which doesn't
    stop ALL RF signals. That is why all the
    "spooks" use walk-in steel safes ...

  6. So now I can't open my passport safely? by YouHaveSnail · · Score: 5, Interesting

    However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.'

    Well that's just a fantastic idea. Now I don't have to worry about someone surrepticiously snagging my personal data as long as my passport is closed. Of course, my passport isn't actually useful if I can't let someone open it.

    RFID is an interesting technology with a lot of potential, but passports are a stupid, stupid application for RFID. There are much better technologies for passports. Magnetic stripes and bar codes both do the same thing RFID does, but only at close range and with the permission of the document's holder. There are some 2D bar code symbologies out there that store more than enough data for this application and which are highly redundant, therefore resistant to dirt, wear, etc. Bar codes can be read very quickly and require no contact, which means less wear on both the documents and the readers.

    The main thing that RFID gives you over bar codes is the ability to read them without the document holder's knowledge, and that makes me very suspicious of anyone who insists that we must have RFID in passports, drivers licenses, etc.

  7. Re:Microwaving it should make it invalid by Anonymous Coward · · Score: 3, Interesting

    I'm guessing that the chips in the passports aren't indestructable(people WILL accidentally put them in washing machines, chrush them, etc.).
    Since there's no way a normal person can test whether their passport works or not I'm guessing a lot of people will be stopped at the airport for not having a valid passport even though they believed they had.
    How would you feel if you were on your way home for the holidays and they didn't allow you to fly just because of a damaged chip, a problem that didn't exist just a few years earlier? When chips start to fail, people will start complaining.

  8. Re:OCR-Line by h4rm0ny · · Score: 3, Interesting


    I'm also totally baffled by this RFID craze.

    I'll offer two non-mutually exclusive reasons.

    First possibility: Someone can make money out of this. We therefore have an incentive for some parties to play up the supposed advantages of this technology.

    Second possibility: Some people at "the top" aren't very tech savvy and are easy prey for the former group.

    Third possibility: Some people at the top are under constant pressure to be doing something, even if we now have a system that works as well as can reasonably be expected (there comes a point when the resources required to achieve 100% are less than the damage 0.5% that get through). However, if you have to be "doing something" when there is nothing to be done, then you're going to start going backwards.

    --

    Aide-toi, le Ciel t'aidera - Jeanne D'Arc.