Slashdot Mirror
RFID Cards to Include Tin Foil Hats?
An anonymous reader writes "The tinfoil hat finally gains government approval. From the story: 'Wrap an RFID chip [of the US passport] inside a Faraday cage, and the electromagnetic waves from the chip reader can't get in and activate the chip. The State Department says it may use the principle to give travelers an added sense of security. No, there won't be rolls of aluminum foil included with every passport. Instead, the passport cover may include a network of wires woven into the fabric. Fold the passport shut, and there's your Faraday cage. Even Schneier agrees that a properly shielded passport cover should solve the problem. He wonders why this wasn't included in the original plans for the new passports. 'It took a bunch of criticism before they even mentioned it,' Schneier said. And he hopes the anti-snooping technology is thoroughly tested before the new passports are introduced next spring.'" We've also seen this suggested in the past.
DAMN THE MAN!!!!!
What is this, Soviet Russia?
Was that a rational thought from the government? I know it's cold enough for hell to freeze over, but...
Wow.
I can't wait for people to start selling clothing with built in faraday cages, or a stylist alternative to the woeful 'tinfoil hat'... a (insert favorite h4x0r phrase here) hat with a built in faraday cage!
Excuse me, I don't mean to impose, but I am the ocean
It is time to make a new conspiracy theory. The current one that they government wants to use our passports to spy on us just got defunct. Maybe we can not trust the government issue Aluminum foil and it will be some sort of hidden spy method.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Something like 666 strands per inch. Remember only the BAD GUYS have something to hide. Fear not.
Personally I have found that if you use a double layer of tinfoil when fashioning your headwear that it more than doubles the effectiveness! This is due to a resonance effect between the two layers of tinfoil which resonates precisely at the frequency of the government's invisible brain lasers.
In addition, if you fashion two antennas on the top of your hat instead of the usual one, it increases the effectiveness by an additional 37 percent.
(+5 Misinformative)
Those who would give up liberty in exchange for security and DRM should switch to Microsoft Palladium!
You aren't missing much...
Not a Twitter sockpuppet... but I wish I was.
... of tin foil companies were up by more than 5 points today.
It means metal detectors will find your passport cover. When I go through airport security, I get wanded and they look in my wallet, which bugs the heck out of me. I usually carry my passport and cash in a nylon neck pouch though, and that doesn't set off the metal detectors. I don't like the sound of this new wire mesh thing. Big Brother and for that matter any club or courthouse I might visit has no need to know whether I'm carrying a passport.
Every neek and gerd should have some Mu metal which offers superb shielding of the magnetic component of the EMF. And at the close range of typical detectors it is the magnetic component which needs the shielding the most.
A number (of the set of natural numbers) of people are concerned about randoms reading their info. I'm a little more concerned about who can _write_ to these things. Consider broadcasting instructions to write bogus information so that the whole airport appears to be the same person, with string of criminal charges.
At least we'll all be a whooooole lot safer than if we were to say, destroy all nuclear weapons and stop going to war with each other.
Wheres the hidden feature that will allow the fariday cage to be disabled via remote?
Remember only the BAD GUYS have something to hide.
if you're not a troll, this is dangerous thinking
Out of curiosity, what does it take, generally, to kill one? Can you just use a particularily strong magnet? I know they do it somehow at department stores, but I'm sketchy on how it works there, or how one would build a device to achieve a simlilar affect.
I remember sigs. Oh, a simpler time!
- For one thing, as others have said, you're carrying around a large mass of metal, which will set off metal detectors.
- For another thing, this wouldn't completely surround the chip, and thus wouldn't completely isolate it. I suspect someone with a sufficiently high-powered transmitter could still read the thing.
- Obviously, the minute you pull the thing out, anyone nearby can read it, whether actively (using his own RFID reader) or passively (by listening to the pings emitted by the immigration guy's RFID reader.)
- Even if the data is encrypted, simply having that encrypted data on you identifies you as an American, if that's what you're worried about. And considering how many people would need to have access to the decryption key, it would be effectively public before long.
A stun gun is portable, works great, leaves no marks, and has pretty blue dancing lights.
If they make these RFID cards mandatory, I'll use a tin foil wallet. Those creepy politicians - they read 1984 and say "wow! great idea!" BTW, look at this: Bush Smooches Osama
Bush was a load Barbara should've swallowed.
While RFID may be a huge privacy issue, this goes to show that technology always defeats technology. In a complex logical situation, that complexity is its own downfall, because it allows for points of failure.
While I get the joke, you're wrong.
.05 meters of wavelength, or about 50 millimeters. A typical RF shield needs to block 1/4 of a wavelength, or .0125 meters, or just about half an inch.
The frequencies used by RFID at the most are 5.8GHz. That equates to about
In my book, that means about, oh, two strands per inch.
They can *tell* you that there're metal threads running through the cover, but can you know that without dismantling one? Perhaps the activation frequencies will be made public, but perhaps not. In any event, it would probably be a pain in the ass to figure it out non-destructively (try and stuff an antenna in there and keep the passport closed, then measure the intensity of the radiation that comes though? Microwave it and look for sparks or the wires to catch fire?).
Make my tinfoil hat a beanie with a propellor, please. Or maybe a fedora...
They want you to wear tin foil hats. It enhances the ability of the orbital mind control lasers to control you. The only sure protection is to shove your head up your ass.
I for one welcome our new RFID overlords.
"You'll get nothing, and you'll like it!"
RTFSnippets, they're different, one mentions a debate, and the other says it's been put to rest. not to mention the editor put a note in there.
...they put metal wires in to keep others from accessing your information, big deal. How are they going to keep a thief from stealing your passport altogether?
Isn't this about the idea getting government approval? Not really duped I think ...
This is an early precedent towards a totalitarian state. We say, "Okay, that sounds resonable." Then, they do it with something else, something slightly more intrusive. You know the government wants to put tracking devices in every car for "taxation purposes". Another precendent. There are already black boxes in most newer model cars that save some of the statistics of your driving. Call me paranoid, but I don't like this kind of stuff, and I seem to be in the minority.
Hang on, this solves the "random people can steal biometrics by wardriving" problem, but what about the "US Government now knows your fingerprint etc details" problem?
"Einstein argued that [...] God is not capricious or arbitrary. No such faith comforts the software engineer." ~ Brooks
"He wonders why this wasn't included in the original plans for the new passports. 'It took a bunch of criticism before they even mentioned it"
because they hoped no one WOULD mention it in the first place.
I heard that, in order to cut costs. they will put wires only in the front cover.
Nobox: Only simple products.
It sounds like someone's getting an RFID kickback...why not use a barcode? Proven, cheap, and doesn't require new wars for foil...
Ok, lets recap: they are going to sell magnetic shield with those RFID passports, right? That's briliant! I also have some prime estate on mars I could sell them at a discount. A real steal!
Note that NOT using RFID is not what they propose. It is really impressive to see how far they are willing to go in order to justify pushing corporate interest despite its lack of use. There is plenty of technological solutions that can do the job, they have to insist on the one that won't...
In my book, that means about, oh, two strands per inch." (emphasis added)
Modifying the cover of your passport already?
Do not look into laser with remaining eye.
Is there any reason it needs to be RFID and cant just be a smartcard thingo that gets plugged into the immigration guys box which then reads the data off it or whatever.
This post makes no sense, why is it at top level?
Goatse troll mod parent down!
It just rains instead.
"Some fight for law. Some fight for justice. What will you fight for? One day, you will see."
Even before the article the editors linked to.
And for the record, I am STILL enjoying the fearmongering groupthink very much, thanks.
{Oh shit, on on-topic AYBABTU quote?}
I like my false sense of security.
"Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety."
i'm personally going to wait for o'reilly to release "passport hacks" before i start tinkering...
Get your torrents...
I am an American, or USAian to those of you so inclined, I work with Brits, and they would NEVER say they speak British English, they are proud of speaking just plain English, they will correct you instantly that everyone in the US speaks American, well, not counting those who don't speak any variant of the mother tongue, you know what I mean.
This guy is an imposter. He is no more Brit than I am.
Infuriate left and right
I have but one question: Where the fuck is Rudi Bakhtiar?
If the purpose of the wire mesh is to prevent the passport from being read without opening it then why didn't they just use a 2-D optical bar code that is visible only on the inside of the passport? Seems like somebody wanted RFID for the sex-appeal factor rather than any objective need.
Has nobody thought about what a wonderful piece of misdirection RFID tags are? They're huge square blobs that ontain a lot of things you can obviously see, they are easily blocked or jammed and everyone knows about them. People can complain about it all they want and governments can listen and pretend to legislate, and all the while the real trackable stuff is silently glossed over. Don't you think there's smaller, more efficient tracking stuff that hasn't already been implemented? We're in 2004! An rfid tag looks like cold war technology in terms of apparant size.
I give it a 5.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
How long before they start using less expensive wire etc. yada yada yada and the shielding becomes ineffective and there are hundreds of people running around with passports that allow remote id verification without their knowledge a whole new group of stalkers who will know everything about you before you can even get a cab. Not to mention the potential of raising power exposure to the point of penetrating the shielding.
Would someone dare to explain what exactly is Faraday cage?! Thanks.
Finding a public microwave oven shouldn't be hard. Most gas stations have them and you should be able to find a few in an airport. Just pop the card in, and set it for "high" for 6 seconds.
Note: the effects are irreversible.
Life is not for the lazy.
So you're saying that George W. Bush is the only truly free-willed American left?
Can't you see??!! They're just going to connect the "shields" to the tag!!! They're building antennae into these things!! Run away! Flee while you can!
It is pitch black. You are likely to be eaten by a grue.
- They (incorrectly to their own knowledge) deny implications of RFID (in passports or otherwise) for the bearer's personal safety
- They want to force RFID chips inside passports
- Then they promise to shield it so the passport needs to be opened anyway - but could still be identified as e.g. a US one even when closed, and potentially still be read out with special (i.e. simply more powerful and/or sensitive) equipment, despite the apparent perception of security
- Unlike with optical reading, where the document can simply be put out of sight, the bearer has no way of knowing whether and when an RFID shield actually works
- Why pretend that only governments (or "the good guys" in general) would be able to procure RFID readers? This technology is not rocket science, and it could be every thug's dream come true (especially as the European Central Bank even seems to consider putting it into their money) - so "finally" for the nastier elements of society, remote assessment of who might be a "promising" victim e.g. for abduction, robbery or worse becomes possible
So there is always certain inconvenience -if not danger- to the bearer, but not a single valid reason for embedding RFID into a passport: If it needs to be opened anyway, and faster machine-readability than with the current (already standardized) printed text is required, a simple printed barcode would do, at much greater reliability. Make no mistake, if RFID is enforced even though it does not have any benefit in the proposed application, there have to be ulterior motives for its use - then, however, it is no conspiracy theory to suggest that future mischief is implied in this scenario.ahhh, wrong.
RFID is usually at 13.56 MHz, although they can operate in several different bands.
I can assure you that ALL shielding has only "so much" effectiveness. Since Schneier is not an RF geek, he may not know this.
Any wire mesh the gummint puts in will NOT prevent reading at quite a distance with the proper equipment.
Your info doesn't apply in this case. If wires are spaced 1/2" apart, one can easily picture the case where with the cover closed, the shielding wires neatly surround the chip on all sides (i.e. picture a chip with imbedded antenna, with a ground plane around the perimeter), leaving it free to radiate.
I guess nothing has changed. Faraday probably didn't have too much luck in love. This is Faraday. Looks like a typical nerd. :)
How does this protect the data at the time that it is being read??? How can you be sure that your data is not skimmed at that particular time. The reader could be tiny (no power supply necessary), and thieves could use it to get your address information at the airport, or any other place where your ID is scanned.
Note as well that the ICAO anti-skimming measures do not use RSA encryption - only DES. Getting a chip that can hold enough biometric information is going to cost, adding a DES processor is not *that* costly. So the question remains why the US is not want to adopt this scheme.
Furthermore I don't know if these metal threads could cause reading problems even after the passport has been opened.
> He wonders why this wasn't included in the original plans for the new
> passports. 'It took a bunch of criticism before they even mentioned it,'
> Schneier said.
Presumably because most people don't give a shit about it, and the ones who do are hardly going to trust the official solution, so any money spent discussing or implementing it is money wasted.
I need to wear my AFDB http://zapatopi.net/. This is just a ploy to strengthen mind control.
Back in my day, we watched T.V. by candlelight.
We use RF ID badges at work. One day, I had my hands full of a steel plate, so I used the plate to lift the ID badge up to the scanner. It would not let me in. Like any good engineer I tried the exact same thing three more times. Suspecting RF interference, I managed to free up a hand to lift the badge away from the plate, and the badge was read promptly.
I don't think this would be a Faraday effect as the badge wasn't enclosed. I've always assumed that the reflected RF signal was nearly 180 out of phase with the original. Unfortunately the stack of plastic cards hanging from my neck varies weekly as HR, corporate or the bean counters come out with some new version of their ten commandments, issued in a badge laminate, for us to keep near and dear to our hearts, so I can't tell percisely how far the RFID chip was from the plate.
So just putting foil on or in one cover of the passport would not be totally useless. However, I'm not sure a mesh on a single side would be as effective, but IANARFE
As soon as you open your passport, you've given away your private details to the world.
So for example, the baddy guy near by with the rfid reader will still snag your info as soon as you open up your wallet at the counter. RFID is a bad idea for privacy.
For your privacy to be secure, it would have to create a secure link between you and the person you're giving your info to. This solution doesn't create a secure link. It doesn't seem likely that rfid will ever be able to make secure links of communication with an intended recipient.
RFID should not be used at all for confidential information. Passports with farady cages, although a tiny bit better, are still a really bad idea.
1) A passport isn't a national ID card, which appears to still be in the works. Americans still have "May I see your papers, citizen?" in their futures.
2) Even with a Faraday cover, you will still need to take your passport out and open it. The would-be data thieves will simply hang around those places...airport check-ins, Immigration desks, hotels...etc
You're using her as bait, Master!
(points and laughs)
What is the point of a passport if most are to scared to leave the country?
It still dosen't change the fact that my passport photo sucks.
I have gas, but my car uses petrol.
"You want wine? May I see your ID?"
American pulls out passport.
RFID snoopers who hang out nearby restaurant frequented by foreign tourists scoop up yet another id.
The best solution is to eliminate the stupid idea that you can send and receive vital information wirelessly.
However, baring that, somehow preventing the RFID from working unless you do something explicit to make it work should be sufficient. For example, the RFID chip won't send personally identifiying information unless it has a low voltage electrical contact that you can make by pressing a specifically marked spot in the passport marked "press here to activate wireless identification".
The world will not get better through technology. We must seek to be better people.
It may make your passport fairly heavy but I seem to remember that encasing something in thick lead tends to shield it from radiation of various sorts.
Any use here?
Ripping an new rectum in the fabric of spacetime.
I'm sure if you apply 20,000 volts from one of those shock boxes you made in electronics class, you could disable the RFID tag.
i dont know why their bothering with this RFID nonsense
when a simple barcode tattooed on the forearm
would surfice
worked well enough before didn't it?
In the tooth, Bob! Right? [sudden triumphant grin] But I fooled 'em, old buddy! [He opens his mouth wide] NO TEETH'
You need to put the layers of foil with the SHINY SIDE OUT. If you put the shiny side in, it will actually MULTIPLY the strength by bouncing the waves between the layers, acting as a MASER. It's a scientifically proven fact that Government Mind Control Rays are reflected and dispersed 68% more effectively by the shiny side of foil than the dull side.
The truth about Scientology, Xenu, and you: Operation Clambake
If they need more machine-readable information than a conventional barcode, use the 2-D barcodes like UPS does (they use Maxicode, good for about 100 ASCII chars.) And check this out - once the passport is closed, nobody can read it. Oh, and it's not detectable with metal detectors, and it's compatible with the existing publication techniques.
My gut is tellimg me that the RFID manufacturers are lobbying the politicians. The malicious behavior is on the part of the RFID manufacturers who are desperate to expand their market.
Naturally, I agree with the majority of people here that RFID passports are insecure, a threat to our privacy, and just generally a bad idea. However, I see a bigger problem here-- and a trend that's been growing over the past few years, at airports in America as well as in other countries. Airport security has already essentially dropped the facade of "random" checks; my male relatives (of Israeli descent, but most holding American passports) have all been interrogated/strip-searched/had the bomb squad called on them in the past few years at various airports throughout the world, for no justifiable reason. I find it pretty ridiculous that governments are spending so much money paying people to do things such as spend 2 hours detaining/interrogating a random girl (me) and doing things such as turning my violin upside down and shaking it violently, repeatedly turning my laptop on and off, etc., asking me idiotic questions ("why do you have this computer? what are you using it for?"). At any rate (sorry, got a bit off-track there), the real problem I see is this: airport security/governments in general already have such ridiculous criteria for profiling thought criminals (oh excuse me, "suspected terrorists".) It's bad enough to be detained/searched in this manner on a regular basis simply because of your ethnicity or appearance, but with RFID passports, passports containing a smartcard, etc., they can just take it one step further and start flagging "suspicious" people even more easily. Maybe I'm on the wrong track, but I really fell that the biggest threat here is not random criminals trying to steal your data or abduct you (as others have suggested); I think it's government entities with which we should be more concerned.
Doesn't a faraday cage have to be grounded in order to work properly?
Anyone who has ever tried to build a simple faraday cage - to shield a pocket radio from the local radio stations for a demonstration - Will realize that this shielding proposition is utter Bullshit !
http://www.schneier.com/crypto-gram-0310.html
And the specific section:
He completely missed the point then that its EASIER to steal data remotely. Pick pocketing runs the very real risk of being caught.
What happens if you microwave one of these proposed passports?
It may take some time for RFID readers and writers to be commercially available, but it will happen, just as anyone today can buy magnetic card equipment.
First, these aren't RFIDs, they're contactless smart cards (the difference is one of degree, not type, but important nonethelesss). And contactless smart card reader/writers are already commercially available, and cost between $70 and $200.
However, the chips are not just passive data stores, like a magnetic stripe or a barcode, they're microprocessors that run software and make decisions about what they will do. You don't actually "write to" or "read from" a smart card. Instead you send it commands asking it to "retrieve this" or "store that"... kind of like a very, very small FTP server. And like an FTP server, the chip makes decisions about what it will or will not do. If the chip refuses to divulge the data until you've successfully authenticated yourself via a cryptographic challenge/response protocol, just having a reader won't do any good.
Although the govenrnment is not talking about cryptographic protection on reads (though they really, really should), they certainly will configure the chips to require a strong authentication for writes. It's very unlikely that you'll ever be able to modify the data on a passport like you could if it were encoded on a magnetic medium. And you could read it with easily-available equipment today, assuming the chip is willing to cough up the data.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Get a new/renewd passport NOW, i.e., before they start issuing the RFID ones. Passports are now good for 10 years. I doubt that they'll forcibly retire all existing ones at once, since it would cost too much, they'l probably replace them all by attrition, and now you'll have 10 years until renewal.
By then, it might have been successfully fought, or there could be good tested workarounds to the problems.
Really weird how one could choose to adopt this kind of technology (especially as -unlike a bar code- it is creating other risks for the holder) in the first place, under these circumstances...
How did you write that you submitted the post? Logically, you couldn't have done that yet when you wrote it.
If corporations are people, aren't stockholders guilty of slavery?
- Theft may occur on every airport, every day - even huge pieces of luggage are easily just carried away in many places on this planet
- Entire hard disks full of classified data have reportedly disappeared in maximum-security nuke labs
- Entire five-foot tall ATMs are rumored to have been pulled off their foundations on a chain, in front of or even inside banks, and disappeared on the back of some pick-up truck
So, is it reasonable to assume that not even one "government-approved" portable RFID reader, maybe no more than 5 inches in size or so, will ever leave the hands and premises of airport security, and be put to illegitimate use elsewhere? For if it does, anyone in its possession could probably use it (with all the "official" cryptographic protection included) to single out very specific victims from a crowd, e.g. to direct whatever evil deed he is plotting against, say, "male caucasian blue-eyed baptist Texans age 40-65" only.Where is the advantage to justify the use of a technology that brings about this kind of risk - when a 2D (or even conventional) bar code can serve the same purpose of contactless readability, but is much more easily concealed from unauthorized prying eyes?
Bad guys at the airport will be able to positively identify me as a US national because:
a) There is an RFID tag in my passport.
b) The RFID tag in my passport is shielded by tinfoil, etc. placed in the cover of my passport by a thoughtful State Dept.
c) They can't detect anything unusual about my passport, but my underwear is screaming "Stolen From Wal-Mart!"
Don't Faraday cages have to be grounded to work?
Tracy Johnson
Old fashioned text games hosted below:
http://empire.openmpe.com/
BT
So which would be a valid reason to assume this added complexity could actually enhance security?
Yes. High-security applications is exactly what these devices are designed for. They're simple enough that their software can be validated for security, and their hardware designs incorporate numerous security defense mechanisms. The security of smart card chips is something that has developed over the last 20 years through a long series of breaks and countermeasures, which is exactly what any security technology requires to be good.
Even on today's 3+ GHz PCs it is difficult (at best) to ensure watertight security
PCs are horribly insecure devices. The software is many orders of magnitude too large and complex to be securable, and the hardware is not designed with security in mind at *all*. It includes no provisions whatsoever for defeating side channel attacks like power analysis or EM emissions, it does nothing to protect itself against power or heat glitching or freezing, and it has absolutely zero defense agains dissassembly attacks. In short, it's horrid.
Smart card chips are not like that at all; they're as secure as we know how to make them, given their limitations (the main limitation is they're dependent on external power, so they can't continually monitor their environment for evidence of intrusion attempts).
how can one reasonably expect to find the "perfect, proven unbreakable crypto" implemented in a sub-1$ RFID chip that may only have a few milliseconds of power to compute and transmit its replies?
Actually, they cost about $3-$5, not $1. Maybe $2 in volumes of tens of millions. And there is no "perfect, proven unbreakable crypto" anywhere, but there are some extremely good ciphers, like the venerable 3DES. Smart card chips even 10 years ago were fast enough to do 3DES in software without problem. Modern chips actually include 3DES or AES hardware coprocessors, not because they can't do it in milliseconds in software, but because there's less risk of side-channel key bit leakage if it's done in microseconds in hardware. They also include large integer math coprocessors that are perfectly capable of doing 1024-bit RSA operations, in milliseconds, powered by RF.
I'm not saying the security on these chips is perfect, but it is pretty darned good. A good working assumption is that to dig the secrets out of a single chip requires approximately $200,000 worth of effort and destruction of the chip. $200K isn't a lot of money, but if the system is also designed such that complete compromise of a single chip doesn't compromise any other part of the system, and if the system has the ability to detect and disable copied chips (not actually that hard to do), then it provides a really significant barrier.
So, is it reasonable to assume that not even one "government-approved" portable RFID reader, maybe no more than 5 inches in size or so, will ever leave the hands and premises of airport security, and be put to illegitimate use elsewhere? For if it does, anyone in its possession could probably use it (with all the "official" cryptographic protection included) to single out very specific victims from a crowd, e.g. to direct whatever evil deed he is plotting against, say, "male caucasian blue-eyed baptist Texans age 40-65" only.
Of course it's unreasonable to assume that no legitimate readers would ever walk out the door. It's somewhate more reasonable to assume that no devices that have authentication keys will walk out the door, since the readers themselves should not have this information. The keys should be stored in hardware crypto modules in secured back rooms. The modules should be configured to require periodic reauthentication by the owning agency and if they don't get it they should zeroize.
Second, even if some device with keys did make it into the wrong hands, the damage that can be done is limited. Keep in mind that these chips have a read range -- even without the shielding -- of
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It's like CNN: even if you miss something, it will be on again.
1/3 of jokes get modded OT. If you get the joke, mod 1 in 3 insightful/interesting/underrated to restore karma balance.
It's a self-confirming prediction. If you can read it, it's true. If not, it never happened.
Changa hates change.
Sounds cool, I remember getting stuck in Zurich airport coz my passport was not being recognised by the scanner. It was shocking! I hope "rfid fabric" will imporve these type of situations. I came across this web site http://www.bigsquid.org/ A company doing rfid in manufacturing. They seem to have done some cool stuff. Check it out monty
guys! sort of confused. What about long range rfid. My experience with 900 MHz rfid was different. We have put up the stuf in a shop floor and is being used for rfid in manufacturing http://www.bigsquid.org/