Slashdot Mirror
Passport Chip Could Attract High-Tech Muggers
Orangez writes "Wired.com reports that 'business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.' and that 'The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture.'"
Someone is going to need a faraday cage.
Viral software licensing is not freedom, it is in fact GNU/Socialism.
Kill all muggers.
...means just that?
If they government can read it for legitimate purposes, other people can read it for illegitimate purposes.
DBA? Software Engineer? My company is hiring! Click
If they're not terrorists, and have nothing to hide, why are they so worried about being tracked? If anything, if your passport is stolen, wouldn't you rather have the chip in there to track it?
Enjoy an e-piphany
High tech crooks already have money-sniffing machines.
C'mon, is there nothing we shouldn't be scared of in the known Universe, I mean
Its like, we have to be reminded of this, every single time someone has an axe to grind.
; -- the corruption of government starts with its secrets. a truly free people keep no secrets. --
so they just have to steal my picture and information, change the picture to them and walk on through...why does this sound like a bad idea?
Unfortunately, some people have confused "security" with "track everyone, everywhere."
the article states having a barcode or some other form of security that must actually be read, how about encrypting the data on the rfid and putting the key on the barcode?
just a thought
The Answer
Now they don't even have to steal my passport before they can use all my info. That's an improvement. If I get a new passport, I think I'll carry it in an aluminum foil pouch.
No good deed goes unpunished. - Avon, Blake's 7
They can just sit at the door of the airport and scan everybody comming in and out ! Without you even knowing so you won't report it !
I don't get it. I mean, they State Dept. could easily have a reader connected to a network which passes along some hash which is stored on the card, to a server which would verify what passport they should be looking at. Slow? Wtf kind of technology are they using where 64K of stuff would take any time?
"Only contractors who sign up to our foreign policy will be allowed to bid -- We welcome your bid, Halliburton Vacuum Tube Company!"
A feeling of having made the same mistake before: Deja Foobar
When will these people learn that independent sober second opinions are valuable.
Years from know they will probably say "We made the best decision with the information we had at the time".
Burglar goes down to airport and watches family get on a plane to Europe. He grabs your name, and from that gets your home address. Then he can go rob your house while you and family are out of town. Certainly makes scoping out houses much easier; your house could be cleaned out before you even reach your destination.
I Am My Own Worst Enemy
From the folks that brought us the hacked SideKicks of Fred Durst and Paris Hilton...
Not that I have any naked pictures on my passport chip... yet.
I'd be qualified for your job... I'm gussing from your homepage that it's in NY... Whats the pay range?
...not just for your head. It can also stop aliens (and terrorists) from reading your passport!
Who ordered that?
How comes that everyone trying to make a point has to include terrorist threat? Am I the only one who thinks it's a bit cheap?
"It's too bad that stupidity isn't painful." - Anton LaVey
"All you have to do is be fragile and grateful. So stay the underdog." Chuck Palahniuk, Choke
Okay.... How Hong Kong uses electronic identification. Any HK /.ers here to tell us how well/bad their system works?
like someone would benefit from stealing my Identity. They would just inherit my debt.
I guess that's one more reason to get a passport
I don't see why they didn't just burn it (cryptographically signed) onto a business card sized CD inserted into a pocket of the passport folder. If they used a standardised format (XML+TIFF+GPG signed) then any country could read it without fancy equipment, and noone could make a counterfit.
...and look at this for a while. They understand that who you are and where you come from can make you a target. After all, the armed forces (whose upper ranks never lose a chance to make their soldiers dress up) tell their personnel not to wear their uniforms when traveling on civilian airlines, for the very reason that people don't want RDIF tags in their passport. And it's not just nationality. Airports all have wireless connections these days so you can get a name, do a quick Google search and stand a good chance of knowing enough about the person walking by to not only pick good targets but be able to imply uncanny knowledge about them. a corp. There must be a better solution that address both the governments concerns and the privacy concerns of our citizens. It seems that somebody has just made a decision and isn't willing to back off. We should isn't they try harder.
It should be combined with a biometric measurement. I understand the privacy people don't like it but identity is becoming increasingly important and a "peice of paper" just isn't going to cut it for much longer.
Well folks, it's a dupe.
1 28248&tid=158&tid=17
3 25238&tid=158&tid=126&tid=17
0 26222&tid=103&tid=158&tid=172
2 29221&tid=158&tid=103&tid=1
.. can anyone find Sex for me?
http://yro.slashdot.org/article.pl?sid=05/02/28/1
Or is it a trip?
http://yro.slashdot.org/article.pl?sid=04/12/23/2
A quad? (Quap?)
http://yro.slashdot.org/article.pl?sid=04/11/27/0
Quint? Penta?
http://yro.slashdot.org/article.pl?sid=04/10/22/0
So
May really not be enough for everyone, but it's sure as hell enough for terrorists and/or high-tech muggers!
IAN a security expert, but I have seen enough reports of encryption being broken or circumvented in a matter of days (see DVD Jon as a recent example).
Something as valuable as one's identity should not be left up to a series of 1's and 0's to determine.
This leaves me looking to the Creator (that would be God to me) for an answer.
We already have a biometric key - called our DNA - that uniquely identifies our physiology (except in the case of identical twins - and perhaps triples+ but I don't know because IAN a doctor either).
Can DNA be spoofed? not as far as I know - though perhaps with a bone marrow transplant one could change their bloods DNA - but not the DNA of their entire body.
My point, to get backnon topic, is that I don't trust any electronic device to be secure or reliable 100% of the time to identify me, my where abouts, or for that matter, my finances.
I hope this type of electronic identifier doesn't make it out of the R&D phase.
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
My biggest worry is that it lulls travel security into a false sense of security. Yes, I realize that people can snoop, but there's always tin-foil. I worry that since The computer is always right, it will be easier to have false positives (if you're looking for terrorists) and make fakes. Replace the chip and you have a new passport. Scratch the photo a bit, and now they have to rely on the computer. Since the computer is always right... Anybody remember that Ted Kennedy couldn't fly for a while because a T. kennedy was on the don't fly list?
Posted today at the BBC
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
I can just imagine some militia men sitting in the back of a pickup truck with their AK-47's. One of them has only a PDA and is guiding the driver to where the americans are. Thats right, they've modded the PDA to detect the chips in the passport, and now they can home in on them. Makes life a whole lot harder for foreign aid workers/missionaries/reporters/contract workers in any hot zone.
And another issue, is a 64k picture going to be clear enough to use facial recognition software on?
Free MacMini
People love to rob and kill americans overseas..
unless you like to vacation in other countries with expensive stuff. You are a walking target...
I am sure people would love to have a american detector
However, all of the legitimate uses of the passport involve a human being handling the passport anyway - and using a non-RFID smart chip will suffice.
Tinfoil hats aside, the primary response of the RFID proponents to the question of why RFID tags are needed is "Why not?". This is a preposterous approach to implementing a system that handles sensitive personal data that could cause severe distress to the owners of that data, if compromised. Sensitive data belonging to thousands or even millions of people! Assuming the government still considers an individual as the rightful owner of their own personal data.
Some of the conspiracy theories regarding RFID in passports are a little over the top. But there is no denying the fact that the potential for abuse is definitely enhanced by using this technology in this way. Today the scope is for Americans to be targeted using this - either by their own government, or by criminals, or by other governments, or by terrorists. Tomorrow, when more countries follow suit, that scope expands, giving birth to a rich and varied mix of uses - all of which with the legitimate exception of border control are extra-legal or downright criminal. I hate to sound like a troll but the RFID chip in your little blue book could well become the new star of david sewn into your shirt.
See that long UID - that's what you get for lurking too long
Can you imagine debating with foreign officials whether your CD is fake or it's just scratched?
-insert a witty something-
Seriously, you're pushing your cred here. What kind of burglar is going to be hanging out in airports looking for departing victims? An intelligent burglar would spend more time casing a target and keeping track of comings and goings of people. The newspaper, with funerals and such, has been a wealth of information for those vile enough to rob a house when someone's at a funeral or such.
Most burglaries are probably committed without much prior planning anyway, by someone looking for an easy target. Ambitious burglars or pros would probably be slower to adopt something like finding a prospective victim at an airport, as the still have no idea who's at home or what's worth taking, as they usually already have somthing in mind, like expsensive car or piece of artwork.
A feeling of having made the same mistake before: Deja Foobar
They have this fancy new remotely readable chip, but they are still requiring two photographs. This is despite the fact that they now print out the photo digitally, so only one is required. I bet that other photo is sitting in a filing cabinet somewhere, stapled to a random piece of paper, just waiting to be thrown out in fifteen years. Yes, our federal bureaucracy, the ultimate in efficiency!
Walt
What are the implications of disabling the chip? A huge dose of ESD would probably do the job without harming paper and ink. You could just claim ignorance.
Because it would be illegal to export encryption of that strength. It does not matter if the other nation already has the technology.
Personal information brokering and identity theft are big businesses. Why would anyone want to limit their market? If you restrict access to personally identifiable information you'll be taking away money from an ever expanding industry. There should be a law against that.
Speak truth to power.
Terrorists are the new Communists. And black is the new black. Get over it already!
People say I'm crazy, I got diamonds on the soles of my shoes...
Document 9303 at the ICAO. Note that it's the international Civil Aviation organization that defined the standard and is pushing it. Note that they intentionally do not encrypt the data so that it's simpler and easier for third world governments to read.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
You must be either a liberal commie or a right-wing nazi (sorry, had to add in those two predictable comments also).
Hoi Polloi's Law: The time it takes before someone says that an act or an invention could be used by terrorists. Conversely, the time it takes before someone says it could be used to stop terrorists.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
Keeping people from stealing your identity is important. The governments of the world being able to track you and being able to verify your identity is not as important as your right to not be tracked or identified.
There are plenty of legitimate reasons to not want people to be able to identify you. There are plenty of legitimate reasons to circumvent the system as well.
At what point did the unwilling martyrs at the twin towers win the balance against the millions of lives willing sacrificed so that we could taste freedom? It wouldn't matter if planes were crashed into building every day, it is no reason to take away freedom.
The passports must be easily readable by scanners in foreign countries, under local control.
Given that the scanners will be widely distributed, it seems pointless to encrypt the data. All it will do is slow down processing while the hash is validated.
-EvilMagnus
"Can DNA be spoofed?"
Not sure how much you'd need to copy but there is a thing called PCR.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
I don't get it. I mean, they State Dept. could easily have a reader connected to a network which passes along some hash which is stored on the card, to a server which would verify what passport they should be looking at. Slow? Wtf kind of technology are they using where 64K of stuff would take any time?
Think "Windows ME".
Remember, this is the U.S. Gov.
IANAL, but I've seen actors play them on TV
If the government can read it for legitimate purposes, then the government and other people can read it for illegitimate purposes.
I make a reasonable middle-class wage by going to work and not spamming blogs with scams.
More importantly, how are they going to fit a decent image for counterfeiting in 64K? Sure, it might be viewable, but it damn sure won't be printable. Monitors have terribly low resolution compared to printers. Now... if the customs folks in all countries are willing to let someone through with a "passport photo" that looks like a character from Donkey Kong, I think we all have a bigger problem. :p
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
http://rfidkills.com/action.html
[Insert the usual disclaimer here]
Eh? Doesn't that export ban just cover algorithms to encrypt/decrypt/verify? Does it also cover encrypted data? Please enlighten me ...
I'd be tempted to stick the thing in the microwave or otherwise nuke the tag, but for the fact that the bureaucracy that would then ensue would keep me stuck in some nasty little office for several hours whenever I tried to clear customs...
Grab that man! He just brute forced my wallet. John the Ripper strikes again
My question at that point is: why not use another technology? The whole point of RFID is that it is readable from a distance without jumping through any hoops. If TFA is correct they are negating the whole point of RFID and fighting it's inherent nature to do so. It seems that some kind of optical technology would be perfectly suited to do exactly what they want to do with RFID.
Sweden is going to introduce these state-of-the-art passports with microchips in them sometime in the autumn. i was planning on getting one first, but apparently a Visa will do just as fine should i ever want to visit the States, plus the microchip one is supposedly alot more expensive
so, im getting a new "regular" passport tomorrow... my current expires in july, no rush, but this new one will last 10 years so why not have it done with
Three rings for the Elven-kings in the sky
But they realyl are out there, and they are really out trying to 'get you'.
We've been really lucky, even 9/11 pales when I think of the disasters that we've avoided.
But there are people willing to die to perform acts of violent religious intolerance. There's just no getting around that truth. As much as the US has made mistakes, it will always be ultimately the terrorists fault that we have lost so much freedom. Now we're sitting here worrying about passport security. Just a few years ago, travel was fun.
Yeah, I'm sick of it too.
But there are ideas about how to fix the problem, and they require discussing the problem using the word terrorist.
passport sized photos in just 64kb?
According to the ICAO standard states can chose to add an authentication scheme to the RFID-tag. This is what Sweden is dong, this is probably what the US is doing.
The authentication is based on the MRZ (Machine Readable Zone) in the passport (this is text that is read through OCR and not visible unless you open the passports photo page). The MRZ-data is hashed by SHA-1 and the high 32 bits of the hash is taken (this reduce the risk of someone computing the MRZ-data backwards (actually guessing) which MIGHT be possible if you have the hash and the basic structure of the MRZ-data). The hash is sent as an authentication code to the RFID-chip in the passport, if the hash is wrong the RFID responds with a "no valid authentication" message and refuse to send any data.
A state may decide to ignore such measures in their passports (but this is unlikely for the EU and the US). And such states have the option to include metallic jackets for the passport.
The range of the RFID transmission will be around 10 cm. IIRC it weakens with the power of 6 to the distance.
Further, it is not practical to have contact chips in a book-formed passport. It is more practical in ID-cards.
While I dislike this in general and would prefer a passport free world, try to avoid spreading untrue FUD about the technology being used, the data is secure and no person is going to get within 10 cm from your passport, and try an average of 2^31 different hashes without you noticing it. Of course, if the person manage to "borrow" your passport, he will use the MRZ to obtain the key, but in that case, he can take the passport to a photocopier as well (and that is probably cheaper).
"Civis Europaeus sum!"
Honestly I am not entirely sure. I had that same impression but then I heard of numerous cases where people have not been allowed to take laptops with encrypted hard drives through customs.
Fingerprints are the way to go if you like biometrics. PEople leave fingerprints at crime scenes and in caves in afghanistan.
;i am not' really that hard to type?
They rarely leave a face image and often leave no DNA.
Plus, DNA reading takes forever.
Oh, and what the hell is IAN about? is
I feel like I'm listening to that ugly girl from Sleepless in Seattle. God, that kid was a bitch. In fact, everyone in that movie was a bitch. Even the dog.
We are worried that someone will take the chip in the passport? What about the fucking passport itself? Fuck the damn chip.
With a tie-in to ChoicePoint, products you'd be interested in would be displayed. Just like Minority Report.
He only said cryptographically signed. That might not be illegal to export.
The passport sniffer needn't hide the gear under a bulky coat. Any shoulder strap carry on type bag will do. They will blend in perfectly in the air port. They can then stand next to you in line, or perhaps brush past you walking in the hallways.
In 60 minutes of sniffing they could easily collect a dozen or more candidate "known gone" families, then use that as a short list of houses to check.
Maybe the regular readers will have a range in inches, and 802.11 has a range of 100ft. With the right antenna 802.11 can be extended by a factor of 50. I would not count on tags being unreadable from 24", a nice polite personal space distance.
I'm not saying this will ever happen, but it certainly is a lot easier than your deliberately ridiculous example.
What it really comes down to is...
If the passport issuing officials want a system that keeps a secondary reference copy of your information in a difficult to forge format, that is only readable with a special reader and is encrypted to prevent unauthorized use, then there is no reason to use a remotely readable device. A high resolution two dimensional barcode of encrypted data will do a nice job of it without exposing people's data to risk additional risk.
How is the above "troll"?
Think "Windows ME".
Remember, this is the U.S. Gov.
The State Dept is an advocate and user of Open Source Software.
A feeling of having made the same mistake before: Deja Foobar
They were going to distribute them inside aluminium bags (basically just ESD bags), so they couldn't be skimmed unless you took it out of the bag.
There's still people who don't care, or have the time, to learn why they should keep their passport in the case. Too much effort, too many little beers to kill.
How would these other nations be able to encrypt/decrypt the passport data if the nations are banned from the algorithms?
Bush's trillions spent to "protect Americans from terrorists" will be down the drain by the time someone can sit in an airport lounge, snarfing up copies of RFID passports. In keeping with the rest of Federal cyberInsecurity, they data won't be signed, so inserting new pictures or other data for identity fraud will be trivial - and rampant. I'm waiting for a terrorist, granted a White House press briefing day pass, to ask Bush the loaded question "Mr. President, what have I got in my pocket?"
--
make install -not war
The State Dept is an advocate and user of Open Source Software.
I see that Vulcans still do not understand the concept of humor.
IANAL, but I've seen actors play them on TV
Yes, Michael Moore certainly exploits fear make a buck (or several million), while using his form of media to promote his political agenda.
But if the hard drive is encrypted, then the laptop software must have the encryption algorithm on it in order to decrypt the data, otherwise what's the point of bringing a laptop with an encrypted disk if you have no way if decrypting it once you've reached your destination?
...not if terrorists and muggers could read it, but if our boys could read it... http://www.theregister.co.uk/2005/03/31/intel_outf its_still_inept/
Life is pleasant. Death is peaceful. It's the transition that's troublesome. - Isaac Asimov
Text books.
So would it be possible to rewrite the info? If the *terrorists* (hope its not the same *terrorists* that stole my bike when I was 8) can find a way to read the tags, why not rewrite the info too? You could totally fuck over your enemies. I have a coworker that's going out of the country this summer and I would just love to be able to change his last name to "bin Laden."
Wishing I was a millionaire since 1969.
A simple solution...microwave your passport for 10 seconds! No more RFID!
Encryption devices, not cryptographically signed messages.
Why in the hell is any information stored digitaly on the passport. Only store a Passport ID that can only be used for passport verification. Not another SSN, Just an identification number not tied to any thing but who you are to the US.
The readers should be tied into a central database that has your picture, name, DOB, and (optionialy your drivers license number). That is it. why would you need anything more?
If you number gets stolen, your picture shows up when they try to use it. If they fake a number it will not validate. If the system gets hacked, the less personal info they store the better (and makes it less of a target).
If the only thing that is digitised is the number than encryption is more of an option (they mentioned a speed issue) or barcodes. I still say print the usual stuff on the cover just dont include it digitaly.
Im a gamer, not a grammer major. This post is full of spelling and grammer mistakes.
Either you've missed out something vital, or the system is wide open to a replay attack.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
A portrait is a biometric measurement.
Authorized custom agents could then pass a reader over that chip, which would take the number, connect to a US government's computer, input the number which would return photo, fingerprints, etc. etc.
There seems NO need to put all the sensitive information on a chip, when all you need is a number. Keep the sensitive information on more secure computers, accesible only by valid custom agents.
excitingthingstodo.blogspot.com
Why not?
I really don't get it and have yet to see a good argument for what is suposedly so borken about paper docs.
Biometrics are good for a large number of things. But they are *not* good for IDs (passports, DLs, ICs those kind of things). This is because for them to be used that way they must be passed over a network. Once you start passing things over a network it becomes very possible to steal that persons biometrics and use them to be him/her.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
The terrorists have indeed won. Nobody has a sense of humor anymore...
People say I'm crazy, I got diamonds on the soles of my shoes...
Kill all muggers
Should we? Can the RIAA, MPAA, FAA, FCC, INS, IRS, FBI, CIA, FEMA, and others actualy be killed? They aren't parties to the Constitution. They don't subscribe to an Oath to not violate the Constitution. Let's retourn that Flaming post into somthing worthy to be spoken of. Those organizations are founded extra-Constitutional; that is, they are not expressly forbidden. The verry principal allowing theses to exist is what I am about to say. Starting with forgiveness to the parent poster:
Friend until proven foe.
Innocent until proven guilty.
Unrefuted statements are fact.
And the ring to bind them all is... Love your neighbor as yourself; Bless them that curse you; Love works no ill will.
Orwelian times were announced for 1984, and the enemy has only improved beyond then. The thieves are granted privileges adue business; the same people looking to "secure" your baggage are the thieves to compel an unrelated contract to forfeit your interests if you receive unsatisfactory. What do you call a airbussing service with a brute to more than airbussing? It's the same as buying music that can't be heard; thieves. Theft of property occurs with a misleading advertisement and ends at the stroke of a pen.
Is not the strategy durring War unrestricted deception, as revealed by Sun Tsu? If a man named John Doe being at California, and there was a thief in District of Columbia a person named JOHN DOE, would JOHN DOE act on behalf of John Doe for legitimate purposes? Their names sound alike, one is a man and the other is a person, one walks and the other is filed, yet the defamation of character is to the signature that is surety to the sign. A person can be many places at once. To prevent misuse of JOHN DOE to commit fraud against John Doe; the being John Doe held for acts committed in District of Columbia by JOHN DOE, it needs to be known the coverture over such transmitting utility. John Doe dba JOHN DOE; where are your accusers? Whatever JOHN DOE not bound down by John Doe with a limited premise for its transmittal. If there is a JOHN DOE not put there by John Doe, then it is criminal and not civil.
Your words are your bond, lawful when known by a notary Justice of the Peace; legal when in an Office.
Still, that would leave at least five system weaknesses obvious to even cursory glances:
1) It's still a Mark One RFID initial response; to prevent traffic analysis from making identifying USAssholes (yes, I can say that, I am one) trivial for hostile entities, there need to be a lot more responding Mark One RFIDs chirping away out there.
2) The specific query to the RFID could be played back. This might be solvable by inclusion of a random number component with in the initial response.
3) Every Mark Two RFID query generator needs to have the signature capability; the system is only safe until one is stolen and reverse engineered. Giving each it's own marine guard is liable to increase the expense of the deployment slightly. This might be obviated by an integrity-and-privacy secured uplink connection to a centralized query making server located at Fort Meade.
4) This still implies US passport holders should trust the US government to be able to secretly and silently find out exactly who they are at any time. Survey says...
5) I'm betting the computation for signature checks exceed the RFID remotely powered capabilities; I suspect they don't have much more than needed to play "Marco!".... "Polo!"
//Information does not want to be free; it wants to breed.
I understand the privacy people don't like it but identity is becoming increasingly important and a "peice of paper" just isn't going to cut it for much longer.
In what way is identity more important today than it was 20 years ago?
No one has a right to their *own* opinion. They have a right to the TRUTH.
After all, US passports already have a mag stripe containing everything but the picture. And with the absolute refusal to place any safeguards whatsoever on the RFID data, there can only be one reasonable explanation. The USG wants the ability to do that which they so stridently deny can be done: sniff passport RFID from a surreptitious distance.
The question of motive is left as an exercise for the reader.
Mail? Put "slashdot" in the subject to pass the spam filters.
It is usually the shoes.
--Phillip
Can you say BIRTH TAX
You'd rather send that sensitive information all over the world through computer networks instead?
How else is a customs agent in a foreign country going to validate your passport?
And as for the reason to have chips etc. in the passport, rather than just printing the info on the page--the most obvious reason is that it makes them harder to forge.
Mail? Put "slashdot" in the subject to pass the spam filters.
Using optical data storage (holograms) are much cheaper, flexible, harder to manipulate and copy.
It makes much more sense, unless you do want to TRACK people, without their knowledge perhaps.
In WWII, Nazi's required jews to wear armbands distinctly identifying themselves as jewish at a distance.
This system worked very well. It insured that second class citizens could properly receive the proper treatment as such. i.e.: forced to walk in the gutter, rather than a side walk etc. Attend at labour and death camps etc.
Now the american government wants americans to only travel abroad on the condition that they effectively wear electronic armbands identifying them as "AMERICAN" to anyone with a simple detector.
America is at war, and the American government wants its citizens to be required to advertize their status to all possible enemies.
At least the NAZI's were fairly transparent about their desire to oppress and harm jews.
How is electronically broadcasting american citizenship for all to see, going to help americans be safer.
Why not just make a law requiring all american citizens to wear armbands with the Star of David.
Would that be obvious enough for the morons in the whitehouse to wake the fuck up!
No one has a right to their *own* opinion. They have a right to the TRUTH.
Please, protest this plan!! You have until April 4, 2005, to send your comments to PassportRules@state.gov and tell them to abandon this wireless approach, and use a system that REQUIRES contact instead (no more RFID). Do it, before someone dies.
- David A. Wheeler (see my Secure Programming HOWTO)
What international terrorist wouldn't love to be able to build a bomb that only goes off if there are enough Americans in the area? Sure there are a few groups that don't care about the US (ETA in Spain, a few of the Palestinian terrorist groups) but most of them want to target Americans and what better way to do that than building bombs that check for at least three or five Americans before going off?
some supermarket thieves use aluminium bags to disable RFID and other types of electromagnetic anti thlef devices(pretty smart for them to know about faraday cage). the same thing can be done with passports.
If you do recall correctly, sixth power of distance is a high dispersion rate--and I would hate to have human flesh within one millimeter of the chip!
But if *I* recall correctly, in the three-dimensional universe all forms of electromagnetic radiation weaken with the square of distance. So if you can't explain why or at least cite who said sixth power, we should probably assume you do NOT recall correctly.
And by the way, if Sweden is doing hashes, good for them. But it does not follow that the criminally-useful data is what's encrypted. Nor does it follow *at all* that the US would do likewise--especially when they have said "no encryption".
But thanks for playing.
you can get the passpor out of the bag. since they have no right to read the RFID without asking no one should bother .
A simple 3 seconds in the microwave on 'high' should do it, I think. If not that, take a nice anti-stat bag, pack it in there, nobody reads it.
Besides all this, it assumes the chips would actually work. When they start failing at 10 - 20% of the time, then the security the will have been used for is a moot point, since the people screening those documents will get used to it, just waving people through. So this level of security will just be useless if there are decent amounts of errors.
So, power up the microwave kids! It ain't just for CD's and hamsters any more!
-- There is no sig line, only Zuul.
For those who don't know, in most foreign countries you are legally REQUIRED to have your passport on you at all times. Often the prosecution for forgetting is pretty minimal, but that is still the rule.
Also in many countries your passport is required for hotel check-in. Many hotels even require you to leave your passport at the front desk for the duration of your stay. Note the conflict with the rule above. But if you have a problem with complying, you are welcome to go see if there is a park with nice benches anywhere nearby.
People don't have to be intelligent to make rules.
So then, the English-Hungarian phrasebook would make more sense?
"I will not buy this record, it is scratched!"
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
And I haven't "dry humped a tourist" since...well... ok, but you're still an insensitive clod.
Look at all sort of reader, optical, or not. RFID is the cheapest you can set up and amss produce with the msot reliability. Official checking pass do not want to read it from far away (despite the wet dream of the tin foil hat crowd), they just want to read it reliably with the cheapest cost and the easiest way to deploy. Thus RFID even it needs to be shielded for privacy reason.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
There will be a session about RFID chipped passports at the 2005 Computers, Freedman, and Privacy conference on Wed. April 13th in Seattle, WA. Bruce Schneier, who has spoken frequently on this issue, and Bill Scannell, who is quoted in the article, will both be keynote speakers at the conference. Right after the panel, there will likely be a demo of RFID technology as it relates to passports.
If you really loved America, you would know that only terrorists fear having their freedoms taken away. Real, law-abiding, god-fearing, red state Americans have nothing to hide!!!!!!!!one one
Yeah, right.
Instead of having a radio-wave emitting chip for the data, use one of those 2D bar codes like you see on UPS packages and NASA shuttle parts. It would still allow the quick scanning of the information into a computer, and offer _better_ (not perfect) security. In this way, your passport has to be stolen or lost in order for a thief to get the info, instead of simply standing next to you with his black box passport RFID scanner he picked up on ebay in his pocket.
--- Nothing is secure.
Actually, there are plenty of RFID chips on the market which respond with non-static data. Some have field-programmable memory, others use encrypted challenge-response systems to autheticate tags (such as the ExxonMobil Speedpass). Of course, these systems are not without their own problems.
Courtesy of Penny Arcade!
---------The early bird gets the worm, but the second mouse gets the cheese.
A 2-D barcode could encode much of the same information as this RFID chip -- with none of the privacy implications. Any legitimate use of your passport involves handling it anyway -- it can simply be scanned.
An ISO/IEC 16022 data matrix would do the trick (the same type used by semacode.org and NextBus for cell phones). The Economist recently did an article on these.
RFID is a good technology, but this is a very bad application.
eh?
I wanted to point that out: Just line your wallet and whatever you keep your passport in with alluminum foil. I agree that this is stupid too - you still need to take it out to use it, so why is RF needed at all? Swipe a card or scan a barcode instead. The only reason for RF that I can think of is to track people without them knowing.
It's most definitely possible to copy DNA.
That's not the bad part: The real bad bit is if someone did get a copy, and biometrics are being used, you would be fucked in a permanent kind of way.
Someone else can impersonate you, but you can never really change yourself. (futuristic viral/gene therapy aside)
I really don't want to see biometrics used as a validation method for anything.
In fact, the whole idea of putting a wireless chip into US passports just makes life easier for most other white/english people, because terrorists will be able to better home in on their targets. I'll have a lower chance of being collateral damage. (note the sarcasm: I don't think it would be a good thing for US citizens abroad)
Not if it's coated with a scratch resistant, er.. coating.. like BluRay plans to use. CDs take time to load and spin up though.
https://www.eff.org/https-everywhere
Ever hear of carjacking? That crime was virtually nonexistent before automobile manufacturers started making it more difficult to hotwire vehicles. As a result, rather than simply breaking a window and starting the vehicle up, people started resorting to going after occupied vehicles.
I don't know about you, but I value my life more than my insured auto.
If it is not my property, why am I forced to carry around someone else's shit?
I don't think the range is really an issue. There are plenty of places where personal space is nonexistant. Crowded bars, baggage pickup, sitting next to someone on the bus.. There are already plenty of opportunities to get very close to people without it looking strange. Pickpockets have been exploiting these places for as long as there have been pockets. Now they just wouldn't need to actually make physical contact.
https://www.eff.org/https-everywhere
I don't see why this is all a problem.
Your passport should need two keys, a public key so it can authenticate a message from 'the government' and a private key to sign an incoming (authenticated) message to send back. The government also has this private key and can this way always track your passport.
An outsider wouldn't be able to track you or copy your private key as it's never sent out by the chip, and no personal information can be stolen as it isn't stored in the chip.
Now I also don't like the idea of being tracked all the time by the government, but at airports, I really wouldn't mind, it's for my own security. So they could just make a switch on the passport to enable or disable the chip. It should then be compulsory to have it switched on at places that need to be 'secure'..
Regardless of the outcome in this example, we know RFID is going to be used in a host of ways we don't care for.
As I see it, it would be useful to have my own RFID scanner that tells me when something I have has an RFID tag in it (you often won't know otherwise), and if I deem it worth the time, allows me to read/write to the RFID tag.
Does anyone know of any homebrew RFID scanner projects?
I get the impression that most commercial scanners are probably no good, since the companies are all trying to lock clients into their own proprietary format, and so their scanners only read from their brand of tag (though they will tell you if a not-our-brand tag is present, just not any information about it).
Also, most commercial scanners have the normal range (less than a foot), it'd be cool to do a homebrew scanner with a boosted range.
Hell, just stand outside customs in SFO with a transmitter that "conveniently" disables everyone's passports =)
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
What if you scratch the coating?
-insert a witty something-
Then get a new one? What do you do if you rip your passport?
The coating is pretty durable. You almost have to scratch it on purpose.
https://www.eff.org/https-everywhere
Well, it's not really happening, but if the government really did do something like that, I wouldn't be surprised at all.
2. Find Yankee Imperialists.
3. ??
4. Profit!
[Mohammed and Abdul are prowling around for American hostages. Mohammed has a RFID detector, and Abdul has an AK-47.]
"Hey Abdul! I think I've found us a Yankee Imperialist cowering behind that rubble over there!"
"Place me in the company of those who seek Truth, but deliver me from those who believe to have found it."
Just imagine ...
Imagine, a thief with a scanner goes through the vestaire and finds all wealthy coats in there by their passport? No need to feel, that time is over, just wave with the wand...
Imagine, a thief in the subway with a scanner in his hand scanning for who to pickpocket?
Imagine, a stalker, who wants to know the identity of his victim?
Already three reasons of the hunderds more; Everyone can know my name, but please, let me introduce myself before I am introduced on some machine? I live in Belgium, lucky me for this, I would not be vulnerable (yet) to people with bad intentions (toward me) with this equipment.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
So you're implying the car makers are to blame for the hike in violent crimes because they're trying to safeguard peoples' $20+k investments? This makes no sense.
;)
You can't blame the car makers for the car jackings. Do you sleep with unlocked doors? Would you bitch and moan at the maker of your locks if someone were to wait for you to get home and jump you for your keys to get in, because there's no other possible way into the house, and they wanna jack your shit?
There is a more fundamental issue at hand here I feel, but I can't put my FINGER on it..
You're nothing; like me.