Slashdot Mirror
Tin Foil Passports?
Daedala writes "The debate over contactless chips with biometric information in passports continues. Vendors have been chosen for testing in the U.S. and Australia. Privacy advocates are still arguing about the measure, as are security reporters and bloggers. The specs themselves are interesting, to say the least. The EETimes says that in interoperability tests, the potential chips could be read from 30 feet away. However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.' Don't they know that the whole tinfoil hat thing is supposed to be a joke?"
A charged layer of tin foil will block most electromagnet signals, AKA Farrady cage.
a simple layer just won't cut it, though.
Why, yes, I AM a Pagan Libertarian.
They laughed when I wore my tinfoil hat.
They tried to have me committed when I said the government was tracking me.
Now they all want to buy my sporty Faraday Cagewear (TM) line of geek clothing, made of fine woven nylon and copper wire.
Bwahahaha!
Mod me down and I shall become more trollish than you can possibly imagine!
A much better idea than my tinfoil condom turned out to be.
Christ, what was I thinking?
Have been lining their purses/trenchcoats/whatever with foil for years to avoid those little tag detectors at the door.
I was watching it on TV, you saw this lady open up her purse and could see the tinfoil.. She shoved a waffle iron or some such thing in there and out she went.
I don't need no instructions to know how to rock!!!!
But perhaps the joke re: tinfoil hats is that the government isn't really trying to comtrol your mind?
That in about 5 years or so they'll implement this technology and we'll see a story, "Identity Theft On The Rise As Biometrics Are Stolen From Traveller's Passports".
~Ilyanep
To get message, take amount of carrier pigeons at each stage mod 2. Then decode binary.
why do they need to read passports from miles away?
The whole point of the biometrics (even the lowly photography) is that you confirm the data in the passport with the person in front of you at a booth as you check everyone as they go through.
There is no reason to broadcast this info at ALL.
It's like having two computers next to each other (2 meters apart) in a "security" installation and using 2 wifi cards to link them instead of cat5.
1) it's more expensive to use wifi
2) you have no need to broadcast due to range
3) not only do you not need to, there are now a pile of security problems you have to deal with which aren't needed.
When will these fucktards learn to stop pissing taxpayers money away on "futurists" to help enslave us with at worst crappy overbearing over intrusive government leaning toward fascism, at the least they are wasting our money and enslaving us with red tape.
So now I can walk around with a real life cliche in my pocket, and use it to enter foriegn countries?
Now I just have to wait for the day that my PDA, phone and laptop can form a wireless Beowulf cluster that I can wear...
The what's wrong with cryptographic signing? Strong cryptography should have been used in passports a long time ago. The principle would be simple enough:
The name, photo and other information is hashed and then signed by the issuing authority. Airport checks are then a matter of verifying the signature. You can't forge a passport without the private key of the issuing country (which I presume they will guard closely), and modifying an existing passport will invalidate the signature.
The only tricky point here is photos: You can't scan the straight photo for the check because of all sorts of tricky alignment and scan quality issues, but that's what a chip might be useful for - it contains a hi res photo, along with the other data and signature. The hi-res photo from the chip is displayed on a terminal for the person checking the documents, along with signature verification.
Yes, you still have to have people checking photos. No, that isn't foolproof. But realistically it is as good as what we have now, with the added bonus that forged, faked, or munged passports will display as invalid due to the signature check. That's pretty damn good, especially when the resulting passport is no more invasive than what we have now.
Jedidiah.
Craft Beer Programming T-shirts
With airport metal detectors, if you ask me. You know most people are gonna forget to remove their *passport* before going through the scanner ... after all, what the hell would be metal in there, and most people are uneasy about letting their passports out of their possession, even just for a trip through the metal detector.
A Minesweeper clone that doesn't suck
It's one thing to get a reader to gather all my personal data, but at what distance can equipment detect the presence of one of these chips? Is the US the only country using them? I don't like the idea of walking around with a US Passport emitting signals to advertise my nationality.
The new passport is smaller, lighter, more durable and contains more information than any previous passports, however the lead carrying case kind of makes it a wash.
Your proposal makes FAR too much sense to ever be implemented by a government.
I've actually seen one of these things in use during after-Christmas returns season. We were standing in the excessively long line, an' this guy comes up to one of the clothing racks. He opens up his shopping bag lined with foil and duct tape, stuffs a sweater inside, and walks off through the security gate without setting it off. Clerk was busy, it was done at an oblique angle from the security cameras, and 5 minutes later he looks just like some regular bloke walkin' the mall.
All he'd have to do after that is pull the tags and trash them, and he could pick off any store he wanted.
If you feel you need a tinfoil hat, do not use aluminum foil. Make sure you use actual tin foil. Aluminum foil hats actually broadcast your thoughts to anyone who might be attempting to... intercept.
Computers are useless. They can only give you answers.
-- Pablo Picasso
However, both they and the New York Times have published articles reporting vendors' low-cost solution: '[I]incorporate a layer of metal foil into the cover of the passport so it could be read only when opened.'
Well that's just a fantastic idea. Now I don't have to worry about someone surrepticiously snagging my personal data as long as my passport is closed. Of course, my passport isn't actually useful if I can't let someone open it.
RFID is an interesting technology with a lot of potential, but passports are a stupid, stupid application for RFID. There are much better technologies for passports. Magnetic stripes and bar codes both do the same thing RFID does, but only at close range and with the permission of the document's holder. There are some 2D bar code symbologies out there that store more than enough data for this application and which are highly redundant, therefore resistant to dirt, wear, etc. Bar codes can be read very quickly and require no contact, which means less wear on both the documents and the readers.
The main thing that RFID gives you over bar codes is the ability to read them without the document holder's knowledge, and that makes me very suspicious of anyone who insists that we must have RFID in passports, drivers licenses, etc.
I've been tracking this for a while, so I waited to make sure I got one of the last non-RFID passports. It's valid for 10 years, and hopefully people will have solved the privacy problem by then. Hopefully.
HIV Crosses Species Barrier... into Muppets
Just zap that little chip
either as a social protest, or just to convert it back to a paper-based document.
Because how far away you can read something isn't fixed by design. They can't make the radio waves suddenly stop propagating at a certian distance. So someone could just design a bigger, more sensitive antenna and read it from further away. They also want to make it strong enough so that the legit readers can be simple and small. A shielding just solves the problem. You can't read it period, unless it's open.
Huh? Correct me if I'm wrong, but according to my 4.5 years of EE, Faraday cages work on the principal of Gauss' Law. That is, no EM field can be present inside because there is no charge inside. Wikipedia seems to agree with me.
So where does all this discussion of grounding come in? Googling for Faraday cage brings up this detailed article about building one, but it doesn't mention grounding either.
This page mentions grounding, but only in relations to the instruments, not the table. And this humorous article says grounding is only required if you have to have edges on your cage (we could design passport books so the edges are metal contacts).
I'd be more concerned with whether tin foil is a sufficient conductor for the higher frequencies.
Actually, if you wanted to be really clever about it and doubted the quality of tin foil (although it should be noted that most people unknowingly actually use aluminum foil), you could use a copper mesh and wrap the passport several times. Copper shielding is rather hefty.
The problem is that a shielded passport, if the RFID is applied correctly, would be an invalid passport. It therefore should do you no good since the identification methods (which should not be set to allow all until a problem comes up) should flag you for coming through without being read. Otherwise, the only ones they would likely catch are those who aren't smart enough to know how to shield their ids, which is something someone with the motive to do something would make it their business to know, thus rendering this measure ineffective. Also, if one has to remove their passport from the shielding to be read, then it is exposed (if briefly), and that invalidates the measures taken if you subscribe to the privacy concerns that someone with a reader (which you will be suprised to know are very accessible and fairly cheap for someone who stands to benefit from having one, and can actually be built practically by someone with enough know-how) could use that time to lift the information.
I am hoping that there is strong encryption involved with this implementation of RFID; not all RFID implementations are very secure and, the sad truth is, from my experience, that most are not.
This reminds me of a story I was once told by someone who did work that brought in all kinds of conspiracy nuts claiming that they were reading these people's minds. This woman came in every day with an aluminum foil hat folded on her head. Every day they would sort of shrug her off, feigning interest in what she had to say. Well, finally one day one of them decided to have a little fun with her and said "You know, we can read your mind because your little hat there isn't grounded." The next time she came by the desk, she had a chain of paperclips from the hat, dragging the ground. heh heh. Needless to say, it provided a bit of amusement for some time.
*-*-*-*-*-*-*-*
"We are Linux. Resistance is measured in Ohms."
First of all, I agree it's unlikely that a reader could energize an ISO14443 tag from much farther than about 4 inches. It's possible to use a stronger field than allowed by local EM regulations, but with magnetic coupling antennas such as ISO14443 systems use, the field strength drops approximately with the third power of the distance, and the power needed to get that field is the square of the field strength. To read at 4 inches, a power of about 100 mW is needed. So to read at 40 inches, you would need some 10,000W, and trying to operate a reader for 400 inches would be like detonating a bomb...
So the likely scenario for reading at 30 feet would be "listening in" using a big antenna and sensitive receiver to the exchange of data between a legitimate reader that is much closer to the tag. Such an antenna could be mounted in a big suitcase, for example. As it would not transmit it would be difficult to detect.
Secondly, I can confirm that any well-conducting sheet metal covering the tag will effectively short the magnetic field of the reader, so that the tag can not be energized, there's simply no way to read it. Aluminium foil would work perfectly.
Thirdly, many ISO14443 tags contain support for public-key cryptography. The reason to include this is that the data exchange between the reader and the tag can be encrypted so if someone would be "listening in" it will be very difficult to obtain any useful information. Because of this security feature this kind of tag is often chosen for transport fare systems, access control, etc. It seems a shame not to use this, but I think the reason is that the tags should be readable worldwide, so that many readers containing the private key will have to be in existance. It would only be a matter of time before some wrongdoers get such a reader in their hands, and the private key contained in it gets out. Once an unauthorized party has the private key, the encryption will be practically useless anyway (compare this to the CSS encryption of DVD's).
Let's clarify this real quick: I assume you are talking about the inner and outer surfaces, not the volumes.
(digging out my handy Elements of Engineering Electromagnetics, 5th Edition, Rao)
Right, this is a physical explaination of the boundary condition that says the discontinuity in the E field between the sides is equal to the amount of charge present on the conductor. However, you're forgetting to mention that our conductor in this case is a closed surface, and that surfaces are equipotential. Charges don't bunch up on one part of the inner surface, they distribute equally. And assuming the surface is closed, mathematics necessitates that all the internal E fields will cancel.
Otherwise, you would have an imbalence, and would create an E field in a region that does not contain any charge.
True, but unnecessary. The E fields are going to balance perfectly anyways, and cancel themselves out.
Ummm... not really. Assume you have a positive current on the center wire. Using the right hand rule, this creates a positively charged, cirularly symetric E wave that radiates outwards (think throwing a rock in a pond). If you pass the negative equivalent of this signal on the outer shielding, you generate an opposing E field that will directly cancel the internal one. Again, you don't have to ground the external shielding.
Of course, this is all theoretical. As someone else mentioned, the electrons can only propagate so fast, and there will be some delay. But I believe it will work well enough. I'm not sure what frequency they use for these chips, but it can't be too high for something so simple.
I'm also totally baffled by this RFID craze.
European Passport have at the lower edge a line printed with the OCR-B font which encodes all the necessary data from the passport. All border stations have a small OCR scanner to swipe passports.
This system is simple, robust, easy to verify in case of inconsistency (eg the reader reads something else than the rest of the passport shows) and quite cheap to implement both on the passport and for the reader.
To top it off, the system raises very few privacy concerns, as the content of the encoded line is the same as the human readable part and everybody can easily verify this. No secret data hidden there.
I'm guessing that the chips in the passports aren't indestructable(people WILL accidentally put them in washing machines, chrush them, etc.).
Since there's no way a normal person can test whether their passport works or not I'm guessing a lot of people will be stopped at the airport for not having a valid passport even though they believed they had.
How would you feel if you were on your way home for the holidays and they didn't allow you to fly just because of a damaged chip, a problem that didn't exist just a few years earlier? When chips start to fail, people will start complaining.