Slashdot Mirror
Tin Foil Passports?
Daedala writes "The debate over contactless chips with biometric information in passports continues. Vendors have been chosen for testing in the U.S. and Australia. Privacy advocates are still arguing about the measure, as are security reporters and bloggers. The specs themselves are interesting, to say the least. The EETimes says that in interoperability tests, the potential chips could be read from 30 feet away. However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.' Don't they know that the whole tinfoil hat thing is supposed to be a joke?"
A charged layer of tin foil will block most electromagnet signals, AKA Farrady cage.
a simple layer just won't cut it, though.
Why, yes, I AM a Pagan Libertarian.
They laughed when I wore my tinfoil hat.
They tried to have me committed when I said the government was tracking me.
Now they all want to buy my sporty Faraday Cagewear (TM) line of geek clothing, made of fine woven nylon and copper wire.
Bwahahaha!
Mod me down and I shall become more trollish than you can possibly imagine!
A much better idea than my tinfoil condom turned out to be.
Christ, what was I thinking?
Have been lining their purses/trenchcoats/whatever with foil for years to avoid those little tag detectors at the door.
I was watching it on TV, you saw this lady open up her purse and could see the tinfoil.. She shoved a waffle iron or some such thing in there and out she went.
I don't need no instructions to know how to rock!!!!
But perhaps the joke re: tinfoil hats is that the government isn't really trying to comtrol your mind?
That in about 5 years or so they'll implement this technology and we'll see a story, "Identity Theft On The Rise As Biometrics Are Stolen From Traveller's Passports".
~Ilyanep
To get message, take amount of carrier pigeons at each stage mod 2. Then decode binary.
why do they need to read passports from miles away?
The whole point of the biometrics (even the lowly photography) is that you confirm the data in the passport with the person in front of you at a booth as you check everyone as they go through.
There is no reason to broadcast this info at ALL.
It's like having two computers next to each other (2 meters apart) in a "security" installation and using 2 wifi cards to link them instead of cat5.
1) it's more expensive to use wifi
2) you have no need to broadcast due to range
3) not only do you not need to, there are now a pile of security problems you have to deal with which aren't needed.
When will these fucktards learn to stop pissing taxpayers money away on "futurists" to help enslave us with at worst crappy overbearing over intrusive government leaning toward fascism, at the least they are wasting our money and enslaving us with red tape.
Tinfoil shielding? While that may work, why not just design it to be readable at a shorter range?? I mean, it can't be that hard, can it? Over-engineering strikes again...
Oh, and let me guess... I'm going to have to remove this from my person as well just to pass through the metal detector unmolester, right?
You need a FREE iPod Nano
They stole my idea! I guess I should use a thicker tin-foil hat when walking around in public.
So now I can walk around with a real life cliche in my pocket, and use it to enter foriegn countries?
Now I just have to wait for the day that my PDA, phone and laptop can form a wireless Beowulf cluster that I can wear...
The what's wrong with cryptographic signing? Strong cryptography should have been used in passports a long time ago. The principle would be simple enough:
The name, photo and other information is hashed and then signed by the issuing authority. Airport checks are then a matter of verifying the signature. You can't forge a passport without the private key of the issuing country (which I presume they will guard closely), and modifying an existing passport will invalidate the signature.
The only tricky point here is photos: You can't scan the straight photo for the check because of all sorts of tricky alignment and scan quality issues, but that's what a chip might be useful for - it contains a hi res photo, along with the other data and signature. The hi-res photo from the chip is displayed on a terminal for the person checking the documents, along with signature verification.
Yes, you still have to have people checking photos. No, that isn't foolproof. But realistically it is as good as what we have now, with the added bonus that forged, faked, or munged passports will display as invalid due to the signature check. That's pretty damn good, especially when the resulting passport is no more invasive than what we have now.
Jedidiah.
Craft Beer Programming T-shirts
With airport metal detectors, if you ask me. You know most people are gonna forget to remove their *passport* before going through the scanner ... after all, what the hell would be metal in there, and most people are uneasy about letting their passports out of their possession, even just for a trip through the metal detector.
A Minesweeper clone that doesn't suck
It's one thing to get a reader to gather all my personal data, but at what distance can equipment detect the presence of one of these chips? Is the US the only country using them? I don't like the idea of walking around with a US Passport emitting signals to advertise my nationality.
The new passport is smaller, lighter, more durable and contains more information than any previous passports, however the lead carrying case kind of makes it a wash.
Your proposal makes FAR too much sense to ever be implemented by a government.
The distance from which you can read an RFID chip depends almost entirely on how much power you're willing to run through your transmitter. The RFID chip is just a passive thing that runs on the correct frequency of radio waves coming in.
Anyone trying to read your passport is likely to be less concerned about damaging your kidneys than you would like.
I've actually seen one of these things in use during after-Christmas returns season. We were standing in the excessively long line, an' this guy comes up to one of the clothing racks. He opens up his shopping bag lined with foil and duct tape, stuffs a sweater inside, and walks off through the security gate without setting it off. Clerk was busy, it was done at an oblique angle from the security cameras, and 5 minutes later he looks just like some regular bloke walkin' the mall.
All he'd have to do after that is pull the tags and trash them, and he could pick off any store he wanted.
If you feel you need a tinfoil hat, do not use aluminum foil. Make sure you use actual tin foil. Aluminum foil hats actually broadcast your thoughts to anyone who might be attempting to... intercept.
Computers are useless. They can only give you answers.
-- Pablo Picasso
You could rotate the private keys based on the date issued and the suspect passports would eventualy expire.
Still not perfect, but even if the cryptographic part failed completely it would still work as well as it does now.
why does tin foil not solve the issue? well in most european countries you have to hand over your passport to get a hotel room. Presto, the passport reader can work.
likewise their other solution, putting a printed password inside the passport is equally broken. Again the hotel has access to your passport pasword.
these people are dangerously a) stupid, b) in charge.
Some drink at the fountain of knowledge. Others just gargle.
However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.'
Well that's just a fantastic idea. Now I don't have to worry about someone surrepticiously snagging my personal data as long as my passport is closed. Of course, my passport isn't actually useful if I can't let someone open it.
RFID is an interesting technology with a lot of potential, but passports are a stupid, stupid application for RFID. There are much better technologies for passports. Magnetic stripes and bar codes both do the same thing RFID does, but only at close range and with the permission of the document's holder. There are some 2D bar code symbologies out there that store more than enough data for this application and which are highly redundant, therefore resistant to dirt, wear, etc. Bar codes can be read very quickly and require no contact, which means less wear on both the documents and the readers.
The main thing that RFID gives you over bar codes is the ability to read them without the document holder's knowledge, and that makes me very suspicious of anyone who insists that we must have RFID in passports, drivers licenses, etc.
Comment removed based on user account deletion
I've been tracking this for a while, so I waited to make sure I got one of the last non-RFID passports. It's valid for 10 years, and hopefully people will have solved the privacy problem by then. Hopefully.
HIV Crosses Species Barrier... into Muppets
There really isnt anything wrong with our passports right now. It curreny isnt much of a security/privacy concern to anyone. so why would they want to make passports more convinent when it can cause these concerns?
KARMA POLICE ARREST THIS MAN HE TALKS IN MATHS- radiohead
Just zap that little chip
either as a social protest, or just to convert it back to a paper-based document.
Huh? Correct me if I'm wrong, but according to my 4.5 years of EE, Faraday cages work on the principal of Gauss' Law. That is, no EM field can be present inside because there is no charge inside. Wikipedia seems to agree with me.
So where does all this discussion of grounding come in? Googling for Faraday cage brings up this detailed article about building one, but it doesn't mention grounding either.
This page mentions grounding, but only in relations to the instruments, not the table. And this humorous article says grounding is only required if you have to have edges on your cage (we could design passport books so the edges are metal contacts).
I'd be more concerned with whether tin foil is a sufficient conductor for the higher frequencies.
But then, when they actually applied the intended use of the RFID, your passport would appear invalid.
An invalid passport should be only as good as no passport at all. Your social protest would have little more success than holding you up, and then, you would need to get a new RFID-enabled passport before you could do anything for which a passport is needed, and you would be back exactly where you started.
I doubt that they are putting the RFIDs in for the hell of it; they probably actually intend to use that identification technology. However, if they don't have readers in place for identification purposes or worse, use them as a default-allow unless there is a bad reading (which would be a complete security hole if they use it as the sole form of identification and removed the human interaction aspect since you wouldn't throw any alarms, not being read, and thus wouldn't be flagged), your idea would work. If they are smart about it, however, it should not.
*-*-*-*-*-*-*-*
"We are Linux. Resistance is measured in Ohms."
A Faraday cage is a conductor, so charges are free to move inside.
When the outside is exposed to a negative charge, all the electrons 'flee', and leave a positive charge on the surface. They 'flee' to the other side of the surface, to bunch up in negative charges: that is, inside the cage. Hence exposing the inner volume of the cage to negative charges, exactly at the level of incoming negative field to be exact.
When the cage is grounded, 'fleeing' electrons are not accumulated on the other side of the surface, but rather are dissipated, leaving the inner surface of the cage perfectly neutral, and hence not exposed to electrical fields.
An example of this is Coax cables. Coaxial cables are basically a faraday cage made long. Coax cables are perfectly immune to interference *only* if the outter core is grounded. If it is not grounded, they are subject to any interference the whole system is subjected to.
Wikipedia seems to have it partially right, but not fully:
Faraday stated that the charge on a charged conductor resided only on its exterior, and had no influence on anything enclosed within it. To demonstrate this fact he built a room coated with metal foil, and allowed high-voltage discharges from an electrostatic generator to strike the outside of the room. He used an electroscope to show that there was no excess electric charge on the inside of the room's walls. [Emphasis mine.]
I am fairly sure about this as a whole (about 99.995%), but unfortunately, it's been too long for me to remember the math behind it all. What my instinct tells me is that the proof by Gauss' law must have an obscure provision that is not listed in the Wiki entry either. A condition such as "all charges in the system must be within the sphere" or something of that nature.
Actually, if you wanted to be really clever about it and doubted the quality of tin foil (although it should be noted that most people unknowingly actually use aluminum foil), you could use a copper mesh and wrap the passport several times. Copper shielding is rather hefty.
The problem is that a shielded passport, if the RFID is applied correctly, would be an invalid passport. It therefore should do you no good since the identification methods (which should not be set to allow all until a problem comes up) should flag you for coming through without being read. Otherwise, the only ones they would likely catch are those who aren't smart enough to know how to shield their ids, which is something someone with the motive to do something would make it their business to know, thus rendering this measure ineffective. Also, if one has to remove their passport from the shielding to be read, then it is exposed (if briefly), and that invalidates the measures taken if you subscribe to the privacy concerns that someone with a reader (which you will be suprised to know are very accessible and fairly cheap for someone who stands to benefit from having one, and can actually be built practically by someone with enough know-how) could use that time to lift the information.
I am hoping that there is strong encryption involved with this implementation of RFID; not all RFID implementations are very secure and, the sad truth is, from my experience, that most are not.
This reminds me of a story I was once told by someone who did work that brought in all kinds of conspiracy nuts claiming that they were reading these people's minds. This woman came in every day with an aluminum foil hat folded on her head. Every day they would sort of shrug her off, feigning interest in what she had to say. Well, finally one day one of them decided to have a little fun with her and said "You know, we can read your mind because your little hat there isn't grounded." The next time she came by the desk, she had a chain of paperclips from the hat, dragging the ground. heh heh. Needless to say, it provided a bit of amusement for some time.
*-*-*-*-*-*-*-*
"We are Linux. Resistance is measured in Ohms."
There are other, more subtle issues. The usual textbook explanation of how a Faraday cage works assumes a static equilibrium. Fluctuating electric or electromagnetic fields will pass through the cage to some degree, depending on the frequency of the field and the construction of the cage. Grounding sometimes makes a difference in how well a cage blocks external high-frequency waves. It's not just a matter of whether the cage is grounded, but also where and how it's grounded.
In case anyone else reading this is unclear on why a Faraday cage is not a perfect barrier for non-static fields: loosely speaking, the usual analysis assumes the electrons on the surface of the metal have had time to adjust their positions so as to "cancel out" the external electric field everywhere inside the cage. If the external electric or electromagnetic fields fluctuate fast enough, the electrons will not move fast enough to completely cancel the field at all times and the signal leaks through the cage.
You're probably right, though, that an ungrounded Faraday cage would be fine for shielding a passport. I have no idea whether tinfoil would be sufficient for blocking RF though.
There are some rather nice materials on the market that can keep any rfid device from being detected.
The materials vary, from resistive carbon and film laminates (super-cheap, short-lived) to to ferrite-embedded epoxies (very cheap, very hard, brittle, very long-lived) to amorphous magnetic alloys (cheap, stiff, useless-if-bent, very long-lived) to nanocrystalline magnetic metals (expensive, hard, stiff, bendable, very long-lived) to magnetic nanocystalline-embedded plastics (pricey, soft, flexible, not too long-lived).
Similar to materials used to skin the Northrop B-2 bomber, these will prevent most any rf-powered rfid device from operating and being detected and are a bit more discreet than wrapping a passport in foil like a burrito--and more durable.
They can be made to be like wallets, purses, pouches, hard cases, et cetera.
They do work on library books, SAW devices, Wiegand devices, and those Motorola RFID badges.
They also work on a wireless memory device under development--sort of a RFID device with a super-huge (4Mb++++), alterable "serial number" similar to the DalSem 1-wire stuff except that there's zero wires, read/writeable from 3.2+meters.
First of all, I agree it's unlikely that a reader could energize an ISO14443 tag from much farther than about 4 inches. It's possible to use a stronger field than allowed by local EM regulations, but with magnetic coupling antennas such as ISO14443 systems use, the field strength drops approximately with the third power of the distance, and the power needed to get that field is the square of the field strength. To read at 4 inches, a power of about 100 mW is needed. So to read at 40 inches, you would need some 10,000W, and trying to operate a reader for 400 inches would be like detonating a bomb...
So the likely scenario for reading at 30 feet would be "listening in" using a big antenna and sensitive receiver to the exchange of data between a legitimate reader that is much closer to the tag. Such an antenna could be mounted in a big suitcase, for example. As it would not transmit it would be difficult to detect.
Secondly, I can confirm that any well-conducting sheet metal covering the tag will effectively short the magnetic field of the reader, so that the tag can not be energized, there's simply no way to read it. Aluminium foil would work perfectly.
Thirdly, many ISO14443 tags contain support for public-key cryptography. The reason to include this is that the data exchange between the reader and the tag can be encrypted so if someone would be "listening in" it will be very difficult to obtain any useful information. Because of this security feature this kind of tag is often chosen for transport fare systems, access control, etc. It seems a shame not to use this, but I think the reason is that the tags should be readable worldwide, so that many readers containing the private key will have to be in existance. It would only be a matter of time before some wrongdoers get such a reader in their hands, and the private key contained in it gets out. Once an unauthorized party has the private key, the encryption will be practically useless anyway (compare this to the CSS encryption of DVD's).
My objection to this entire scheme was that it would allow random people to read my passport from a distance without my permission. If it can only be read while open, that basically takes care of this problem. Hooray!
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Let's clarify this real quick: I assume you are talking about the inner and outer surfaces, not the volumes.
(digging out my handy Elements of Engineering Electromagnetics, 5th Edition, Rao)
Right, this is a physical explaination of the boundary condition that says the discontinuity in the E field between the sides is equal to the amount of charge present on the conductor. However, you're forgetting to mention that our conductor in this case is a closed surface, and that surfaces are equipotential. Charges don't bunch up on one part of the inner surface, they distribute equally. And assuming the surface is closed, mathematics necessitates that all the internal E fields will cancel.
Otherwise, you would have an imbalence, and would create an E field in a region that does not contain any charge.
True, but unnecessary. The E fields are going to balance perfectly anyways, and cancel themselves out.
Ummm... not really. Assume you have a positive current on the center wire. Using the right hand rule, this creates a positively charged, cirularly symetric E wave that radiates outwards (think throwing a rock in a pond). If you pass the negative equivalent of this signal on the outer shielding, you generate an opposing E field that will directly cancel the internal one. Again, you don't have to ground the external shielding.
Of course, this is all theoretical. As someone else mentioned, the electrons can only propagate so fast, and there will be some delay. But I believe it will work well enough. I'm not sure what frequency they use for these chips, but it can't be too high for something so simple.
I'm also totally baffled by this RFID craze.
European Passport have at the lower edge a line printed with the OCR-B font which encodes all the necessary data from the passport. All border stations have a small OCR scanner to swipe passports.
This system is simple, robust, easy to verify in case of inconsistency (eg the reader reads something else than the rest of the passport shows) and quite cheap to implement both on the passport and for the reader.
To top it off, the system raises very few privacy concerns, as the content of the encoded line is the same as the human readable part and everybody can easily verify this. No secret data hidden there.
The UK ID card scheme proposes just this. The Government wants private sector organizations to use the ID card and the database (called the National Identity Register). So everything you do with your ID card gets tracked.
Am I the only one who is a teensy bit troubled by this proposal?
K.
My mother has one of those electronic passes for the toll highway she takes to work and back. The pass comes with a metallized plastic bag into which the user is supposed to place it when she does not want the toll booth to automatically detect and charge (as in money) the pass.
I am not sure if that device uses RFID, but the basic principle is similar. The tollbooth (or store stocking, security, and possibly checkout systems, or the government's Big Brother-style citizen tracking infrastructure) detects the device at a distance and takes some action upon doing so. For various different reasons, people might want to block detection of these devices, and I'd like to know which blocking schemes work and how well.
Mom did a few experiments with her highway pass. She noticed that the way the tollbooths (both entering and leaving the highway) responded differently when she had the pass in the bag than when there was no pass in the car. So even though putting the pass into the bag did keep it from being used for that particular trip, it did not keep the highway authorities from knowing the bag was there and tracking the user's movements.
I'd really like to see reports of some tests of RFIDs and similar technologies with different shielding schemes. Does a layer of tinfoil work? Two layers? Three layers? etc. (Anything beyond 5 layers starts to get to be difficult). What other schemes work, and how well?
Of course, the DMCA might complicate this, because while I see blocking schemes as a means to protect privacy, others see it as a way to shoplift, and the RFID companies and US government will almost certainly see them as "circumvention."
Maybe somebody in Europe could do some tests...
I found this article in Wired (referenced by most of the first 60 hits in Google), but the article contains exactly what I was thinking: So... anybody know of reliable tests?
--Mark
"It is nice to know that the computer understands the problem. But I would like to understand it too." --Eugene Wigner
You're a Best Buy manager, aren't you?
No. The EU is also discussing this, and most likely, other countries are as well.
This is also the reason why Bruce Schneier thinks terrorists will love this technology: if they want to specifically target a certain nationality (e.g. US), they can easily find people of this nationality in a crowd.
Our company has RFID security badges for going through doors. I figured I'd use the opportunity to test if aluminum foil will block the signal.
With no foil, the card will read from 20 cm. With one piece of foil on the back side, it will read from about 1cm. With the foil on the front, it will read, eventually, if you rub it right on the receiver. With foil wrapped completely around, you can't make it read.
I have no doubt that much more sensitive receivers could be built, but the foil does significantly reduce the read range.
Also, keep in mind that a reader has to transmit an RF pulse strong enough to power the chip for a fraction of a second, and the transmitted power is going to obey the inverse cube law. If the chip is shielded and the RF power pulse has to get through that, if you want to read from 20 feet away, you're going to be carrying around (or mounting if you're part of the establishment) a not-insignificantly-sized battery pack, transmitter, and directional antenna in order to get enough power cranked out to power that chip inside its foil wrap.
In fact, it may be so much power that it would be hazardous if someone stepped in front of it near the antenna.
That's the part where grounding comes in: grounding essentially means connecting to a capacitor of infinite capacity (the earth), which is able to always supply you with an equal and opposite field E. The scenario you describe is a very specific one illustrating how you would shield out from one particular intensity (or function wave) of the internal E field. This is more akin to noise cancelation... it is not shielding: in shielding, you can cancel any function wave (even if it is chaotic - e.g. static noise) because of your infinite capacitor.
Again, I believe this proof we are after is based upon a provision, such as "the overall charge of the system" or something of the like. Think of grounding as having a system with infinite capacity.
PS. I will not really discuss the previous points you and I made because I was trying to simplify the situation into layman's terms. We cannot make a proof using "fleeing" charges and what not. The proof is mathematical, and I am suggesting we are missing a crucial requesite that neither of us remembers. The Coax cable thing though, I am positive of, it is without a doubt in my mind a real world application of a Faraday cage. It is also why computers and sensitive electronics need to have a ground plug: so as to avoid data corruption from stray RF fields emenating from the scooter rolling by down your street. Only two plugs (phase and neutral) are not sufficient.