Slashdot Mirror

← Back to Stories (view on slashdot.org)

No Encryption For RFID passports

Posted by Hemos on from the continued-stupidity dept.

Spy der Mann writes "Despite widespread criticism from security experts, the government is declining to encrypt data on RFID passports. Lee Tien, an attorney at the Electronic Frontier Foundation, said: 'It is my understanding it's possible to read this information from 10 to 30 feet away with the right equipment.' Considering gadgets like the BlueSniper as 'right equipment,' I think he's got a point. Tinfoil covers, anyone?"

6 of 73 comments (clear)

  1. Why put ANY data on passports? by Andy_R · · Score: 4, Insightful

    Even if you accept that RFID should be incorporated in passports (and the concept of terrorists and criminals owning a hand-held US-passport detector should be more than enough reason to realise it's a completely dumb idea), then why on earth should there be any locally stored data?

    If the passport held a unique ID number and nothing else, then sensitive data could be stored somewhere safe off-site, rather than in the back pocket of a potential terrorist.

    --
    A pizza of radius z and thickness a has a volume of pi z z a
  2. Better yet by Creepy+Crawler · · Score: 4, Insightful

    Either remove the RFID bug or fry it with microwaves.

    Either way, just guarantee there's nothing to harvest information from.

    Still, I fail to understand why anybody would want encryption on it.. Encryption schemes are broken, as are signing algorythims and other complex mathematical constructs. COnsidering how long passports have been around, would you trust your data to DES?

    --
  3. no security better than thinking you've got some by martin · · Score: 3, Insightful

    Of course should they have encrypted/passwd prototected the security, and then some person cracks that method they'd be in trouble too.

    Knowingly having zero security *can* be better than having poor security and thinking it's strong security. eg the early 802.11 standards where security was thought to be good and turned out to be abismal, the css on DVD's etc.

  4. Re:no security better than thinking you've got som by badfish99 · · Score: 2, Insightful
    So they're going to use an RFID tag, the whole point of which is that it can be read at a distance, with no contact. And they're going to enclose it in a RF shield, so that it can only be read close-up, with someone to open the shield. And someone thinks that this is a good idea?

    Still, two opportunities for profit: the RFID manufacturers and the RF shielding manufacturers can both get their cut.

  5. Encryption would have accomplished nothing... by anthony_dipierro · · Score: 3, Insightful

    We're talking about RFID here, these things aren't powerful enough to do any processing themselves, you can just read data from them. So if you use encryption, then you've gotta give anyone who needs to read the thing a decryption key - customs agents in every country of the world. It would be a matter of minutes before the decryption key got into the hands of criminals.

  6. Re:no security better than thinking you've got som by cgenman · · Score: 2, Insightful

    Or they use a mag stripe hooked up to a little chipset, powered by the host machine. I mean really, you're getting stopped by border patrol. Is it really that much extra effort to physically touch your passport to a machine, when you're likely to be sitting in customs for an hour and a half anyway?

    It sounds to me like someone got lobbied.

    --
    The ______ Agenda