Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Encryption For RFID passports

Posted by Hemos on from the continued-stupidity dept.

Spy der Mann writes "Despite widespread criticism from security experts, the government is declining to encrypt data on RFID passports. Lee Tien, an attorney at the Electronic Frontier Foundation, said: 'It is my understanding it's possible to read this information from 10 to 30 feet away with the right equipment.' Considering gadgets like the BlueSniper as 'right equipment,' I think he's got a point. Tinfoil covers, anyone?"

3 of 73 comments (clear)

  1. Tinfoil cover built in! by IO+ERROR · · Score: 4, Informative
    From the article:

    The State Department concedes that skimming is a legitimate threat, but says the chips will have a read range of inches, that eavesdropping at border stations would be very conspicuous and that the passports will have a shielding mechanism -- perhaps a foil case or a weave in the cover that will cloak the chip when the passport is closed.
    --
    How am I supposed to fit a pithy, relevant quote into 120 characters?
  2. RFID allows facial ID by SimianOverlord · · Score: 4, Informative

    According to the wired article: Agents will also be able to use facial identification software to compare the person to the digitized photo, which is not feasible with current passports.

    Which is interesting because, according to this the error rate for real time facial recognition: the current error rate is 20% [...] this implies that out of 50,000 match scores there are 1,000 errors.

    Enjoy the wait. Remind me how many of the 9/11 hijackers had invalid passports?

    --
    Meine Schwester ist sehr, sehr reizvoll - Nietzsche
  3. Re:Why put ANY data on passports? by Wwolmack · · Score: 4, Informative

    It's an anti-counterfeiting measure.

    From TFA:
    [the RFID contains] all the information on the data page of the passport, including name, date and place of birth, and a digitized version of the photo passport [passport number, and date/place of issuance]

    So thanks to the digital signature (however strong that may be), passport forgers will need to crack the signature to create a passport with matching name, photo, etc. that would pass muster. Its basically adding another layer of difficulty for forgers.

    Of course, this still ignores the potential of:
    -Skimming via a bluesniper
    -Forgers creating fake rfid chips (how hard/far off can it be, now that this will be the primary goal of passport forgers?)

    The decision to rely on a digital signature (which is basically crypto!) and not encrypt the data is positively loopy. They haven't even decided what kind of signature it will be, and weakenesses in cryptographic methods are discovered all the time.