Slashdot Mirror

← Back to Stories (view on slashdot.org)

Passport Chip Could Attract High-Tech Muggers

Posted by Zonk on from the what,-no-trust? dept.

Orangez writes "Wired.com reports that 'business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.' and that 'The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture.'"

14 of 348 comments (clear)

  1. Re:When will people realise that remotely readable by temojen · · Score: 2, Informative

    I don't see why they didn't just burn it (cryptographically signed) onto a business card sized CD inserted into a pocket of the passport folder. If they used a standardised format (XML+TIFF+GPG signed) then any country could read it without fancy equipment, and noone could make a counterfit.

  2. Re:Tin foil wrapper by Uptown+Joe · · Score: 2, Informative

    Found this searching for forensics computer software... They have a tent, too. Now that is one way to look cool, your very own tinfoil tent!

    http://www.paraben-forensics.com/catalog/product_i nfo.php?cPath=26&products_id=173

  3. Why biometrics are bad: by Ironsides · · Score: 4, Informative

    Posted today at the BBC

    --
    Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
  4. Re:why are travellers worried? by tomcio.s · · Score: 3, Informative

    The government would be forcing me to do what they want with my private property.

    Any passport issued in any country is not your property. It's the property of the issueing government.

    In Canada, even our health cards carry that infomation on the back. It says 'card is property of Minitsty of Health, issued to be used by:' and your name + address.

    Sorry no 'property rights violations' here. Whatever those are.

  5. Re:When will people realise that remotely readable by shaitand · · Score: 4, Informative

    Because it would be illegal to export encryption of that strength. It does not matter if the other nation already has the technology.

  6. Re:why are travellers worried? by cosmo7 · · Score: 4, Informative

    I had thought this was alarmist, that the information would be a set of MD5s or in the case of client-side data, public-key encrypted, but that turns out to not be the case. It's all naked data.

  7. Re:Tin foil wrapper by Anonymous Coward · · Score: 2, Informative

    These guys have you covered: http://www.berk.com/~lessemf/personal.html/

  8. the system is secure, stop the FUD by lordholm · · Score: 3, Informative

    According to the ICAO standard states can chose to add an authentication scheme to the RFID-tag. This is what Sweden is dong, this is probably what the US is doing.

    The authentication is based on the MRZ (Machine Readable Zone) in the passport (this is text that is read through OCR and not visible unless you open the passports photo page). The MRZ-data is hashed by SHA-1 and the high 32 bits of the hash is taken (this reduce the risk of someone computing the MRZ-data backwards (actually guessing) which MIGHT be possible if you have the hash and the basic structure of the MRZ-data). The hash is sent as an authentication code to the RFID-chip in the passport, if the hash is wrong the RFID responds with a "no valid authentication" message and refuse to send any data.

    A state may decide to ignore such measures in their passports (but this is unlikely for the EU and the US). And such states have the option to include metallic jackets for the passport.

    The range of the RFID transmission will be around 10 cm. IIRC it weakens with the power of 6 to the distance.

    Further, it is not practical to have contact chips in a book-formed passport. It is more practical in ID-cards.

    While I dislike this in general and would prefer a passport free world, try to avoid spreading untrue FUD about the technology being used, the data is secure and no person is going to get within 10 cm from your passport, and try an average of 2^31 different hashes without you noticing it. Of course, if the person manage to "borrow" your passport, he will use the MRZ to obtain the key, but in that case, he can take the passport to a photocopier as well (and that is probably cheaper).

    --
    "Civis Europaeus sum!"
  9. Re:why are travellers worried? by Qzukk · · Score: 2, Informative

    I do have something to hide: my passport has my name, address, phone number, next of kin notification address/phone, passport number, and with these 64KB chips, I'm sure they'll pack everything they can think of on there like SSN, birthdate, and so on.

    All that, waiting for someone to just bump into me on a train or in a subway or getting off the airplane. Unlike a normal passport, I'd never know it was "stolen", since it'd still be in my pocket afterwards! By the time I get back to my country, I'd probably be thousands of dollars in debt, with 50 credit cards in my name.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  10. Re:hmm... by Technician · · Score: 2, Informative

    I think I'll carry it in an aluminum foil pouch.

    Stuff it in an old aluminized mylar potato chip bag, roll it up and stuff it in your pocket. If asked, say it was raining cats and doga at my last stop. I didn't want it to get wet. The added advantage is the tag is unreadable inside the folded up bag.

    --
    The truth shall set you free!
  11. Re:disabling chip? by chrispl · · Score: 3, Informative

    Well I should have RTFA about the RFID. They DID suggest RF blocking fibers in the cover.

    --
    What post? The one you're carrying inside your rusty innards!
  12. Re:Actually that might be part of the plan by fatcatman · · Score: 2, Informative

    No, RFID is expensive. iButtons are dirt cheap and almost completely indestructible.

    www.ibutton.com

  13. Re:When will people realise that remotely readable by SquadBoy · · Score: 2, Informative

    Why not?

    I really don't get it and have yet to see a good argument for what is suposedly so borken about paper docs.

    Biometrics are good for a large number of things. But they are *not* good for IDs (passports, DLs, ICs those kind of things). This is because for them to be used that way they must be passed over a network. Once you start passing things over a network it becomes very possible to steal that persons biometrics and use them to be him/her.

    --

    Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
  14. CFP2005 sesssion on RFID chipped Passports by SynCrypt · · Score: 3, Informative

    There will be a session about RFID chipped passports at the 2005 Computers, Freedman, and Privacy conference on Wed. April 13th in Seattle, WA. Bruce Schneier, who has spoken frequently on this issue, and Bill Scannell, who is quoted in the article, will both be keynote speakers at the conference. Right after the panel, there will likely be a demo of RFID technology as it relates to passports.