No Encryption For RFID passports

Spy der Mann writes "Despite widespread criticism from security experts, the government is declining to encrypt data on RFID passports. Lee Tien, an attorney at the Electronic Frontier Foundation, said: 'It is my understanding it's possible to read this information from 10 to 30 feet away with the right equipment.' Considering gadgets like the BlueSniper as 'right equipment,' I think he's got a point. Tinfoil covers, anyone?"

Tinfoil cover built in!

[IO+ERROR]

From the article:

The State Department concedes that skimming is a legitimate threat, but says the chips will have a read range of inches, that eavesdropping at border stations would be very conspicuous and that the passports will have a shielding mechanism -- perhaps a foil case or a weave in the cover that will cloak the chip when the passport is closed.

RFID allows facial ID

[SimianOverlord]

According to the wired article: Agents will also be able to use facial identification software to compare the person to the digitized photo, which is not feasible with current passports.

Which is interesting because, according to this the error rate for real time facial recognition: the current error rate is 20% [...] this implies that out of 50,000 match scores there are 1,000 errors.

Enjoy the wait. Remind me how many of the 9/11 hijackers had invalid passports?

Re:Why put ANY data on passports?

[Wwolmack]

It's an anti-counterfeiting measure.

From TFA:
[the RFID contains] all the information on the data page of the passport, including name, date and place of birth, and a digitized version of the photo passport [passport number, and date/place of issuance]

So thanks to the digital signature (however strong that may be), passport forgers will need to crack the signature to create a passport with matching name, photo, etc. that would pass muster. Its basically adding another layer of difficulty for forgers.

Of course, this still ignores the potential of:
-Skimming via a bluesniper
-Forgers creating fake rfid chips (how hard/far off can it be, now that this will be the primary goal of passport forgers?)

The decision to rely on a digital signature (which is basically crypto!) and not encrypt the data is positively loopy. They haven't even decided what kind of signature it will be, and weakenesses in cryptographic methods are discovered all the time.

Re:Better yet

[Wwolmack]

From the link in TFA:

Under the proposed rule, a passport that contains a damaged, defective, or otherwise nonfunctioning electronic chip or with observable wear and tear that render it unfit for further use as a travel document may be invalidated by the Department of State.

So without the working RFID, you are at the mercy of the Dept of State.
You also get to apply for a new passport, and boy is that fun (2 hour wait) and cheap ($85/$145 rushed)!

Re:Better yet

[swillden]

would you trust your data to DES?

You do, every day. You trust your money to DES. Ever use an ATM? Your PIN is encrypted with DES. How about a debit card? Same thing. How about on-line payment? While the SSL connection may or may not use DES, the bank-to-bank communications involved in moving the money are protected with DES.

BTW, If you ask your question of a professional cryptographer, the answer will be "Yes". And you won't find a more paranoid group than cryptographers.

Encryption schemes are broken, as are signing algorythims and other complex mathematical constructs.

No, they aren't, really. The prominent, widely-reviewed and time-tested algorithms we use in security applications are very rarely broken, and even when they are (such as the recent break of SHA-1), the breaks are generally theoretical, not practical (as in the case of SHA-1). Frankly, you're looking at the wrong part of the problem -- the ciphers and algorithms are extremely good, the protocols that use them are generally pretty good, the security problems arise from key management and the human interfaces.