Slashdot Mirror
Passport Chip Could Attract High-Tech Muggers
Orangez writes "Wired.com reports that 'business travel groups, security experts and privacy advocates are looking to derail a government plan to insert remotely readable chips in American passports, calling the chips homing devices for high-tech muggers, identity thieves and even terrorists.' and that 'The 64-KB chips will include the information from the photo page of the passport, including name, date of birth and a digitized form of the passport picture.'"
Someone is going to need a faraday cage.
Viral software licensing is not freedom, it is in fact GNU/Socialism.
...means just that?
If they government can read it for legitimate purposes, other people can read it for illegitimate purposes.
DBA? Software Engineer? My company is hiring! Click
If they're not terrorists, and have nothing to hide, why are they so worried about being tracked? If anything, if your passport is stolen, wouldn't you rather have the chip in there to track it?
Enjoy an e-piphany
the article states having a barcode or some other form of security that must actually be read, how about encrypting the data on the rfid and putting the key on the barcode?
just a thought
The Answer
Now they don't even have to steal my passport before they can use all my info. That's an improvement. If I get a new passport, I think I'll carry it in an aluminum foil pouch.
No good deed goes unpunished. - Avon, Blake's 7
They can just sit at the door of the airport and scan everybody comming in and out ! Without you even knowing so you won't report it !
I don't get it. I mean, they State Dept. could easily have a reader connected to a network which passes along some hash which is stored on the card, to a server which would verify what passport they should be looking at. Slow? Wtf kind of technology are they using where 64K of stuff would take any time?
"Only contractors who sign up to our foreign policy will be allowed to bid -- We welcome your bid, Halliburton Vacuum Tube Company!"
A feeling of having made the same mistake before: Deja Foobar
When will these people learn that independent sober second opinions are valuable.
Years from know they will probably say "We made the best decision with the information we had at the time".
Burglar goes down to airport and watches family get on a plane to Europe. He grabs your name, and from that gets your home address. Then he can go rob your house while you and family are out of town. Certainly makes scoping out houses much easier; your house could be cleaned out before you even reach your destination.
I Am My Own Worst Enemy
From the folks that brought us the hacked SideKicks of Fred Durst and Paris Hilton...
Not that I have any naked pictures on my passport chip... yet.
How comes that everyone trying to make a point has to include terrorist threat? Am I the only one who thinks it's a bit cheap?
"It's too bad that stupidity isn't painful." - Anton LaVey
"All you have to do is be fragile and grateful. So stay the underdog." Chuck Palahniuk, Choke
like someone would benefit from stealing my Identity. They would just inherit my debt.
I guess that's one more reason to get a passport
I don't see why they didn't just burn it (cryptographically signed) onto a business card sized CD inserted into a pocket of the passport folder. If they used a standardised format (XML+TIFF+GPG signed) then any country could read it without fancy equipment, and noone could make a counterfit.
...and look at this for a while. They understand that who you are and where you come from can make you a target. After all, the armed forces (whose upper ranks never lose a chance to make their soldiers dress up) tell their personnel not to wear their uniforms when traveling on civilian airlines, for the very reason that people don't want RDIF tags in their passport. And it's not just nationality. Airports all have wireless connections these days so you can get a name, do a quick Google search and stand a good chance of knowing enough about the person walking by to not only pick good targets but be able to imply uncanny knowledge about them. a corp. There must be a better solution that address both the governments concerns and the privacy concerns of our citizens. It seems that somebody has just made a decision and isn't willing to back off. We should isn't they try harder.
It should be combined with a biometric measurement. I understand the privacy people don't like it but identity is becoming increasingly important and a "peice of paper" just isn't going to cut it for much longer.
Well folks, it's a dupe.
1 28248&tid=158&tid=17
3 25238&tid=158&tid=126&tid=17
0 26222&tid=103&tid=158&tid=172
2 29221&tid=158&tid=103&tid=1
.. can anyone find Sex for me?
http://yro.slashdot.org/article.pl?sid=05/02/28/1
Or is it a trip?
http://yro.slashdot.org/article.pl?sid=04/12/23/2
A quad? (Quap?)
http://yro.slashdot.org/article.pl?sid=04/11/27/0
Quint? Penta?
http://yro.slashdot.org/article.pl?sid=04/10/22/0
So
Posted today at the BBC
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
However, all of the legitimate uses of the passport involve a human being handling the passport anyway - and using a non-RFID smart chip will suffice.
Tinfoil hats aside, the primary response of the RFID proponents to the question of why RFID tags are needed is "Why not?". This is a preposterous approach to implementing a system that handles sensitive personal data that could cause severe distress to the owners of that data, if compromised. Sensitive data belonging to thousands or even millions of people! Assuming the government still considers an individual as the rightful owner of their own personal data.
Some of the conspiracy theories regarding RFID in passports are a little over the top. But there is no denying the fact that the potential for abuse is definitely enhanced by using this technology in this way. Today the scope is for Americans to be targeted using this - either by their own government, or by criminals, or by other governments, or by terrorists. Tomorrow, when more countries follow suit, that scope expands, giving birth to a rich and varied mix of uses - all of which with the legitimate exception of border control are extra-legal or downright criminal. I hate to sound like a troll but the RFID chip in your little blue book could well become the new star of david sewn into your shirt.
See that long UID - that's what you get for lurking too long
Can you imagine debating with foreign officials whether your CD is fake or it's just scratched?
-insert a witty something-
Seriously, you're pushing your cred here. What kind of burglar is going to be hanging out in airports looking for departing victims? An intelligent burglar would spend more time casing a target and keeping track of comings and goings of people. The newspaper, with funerals and such, has been a wealth of information for those vile enough to rob a house when someone's at a funeral or such.
Most burglaries are probably committed without much prior planning anyway, by someone looking for an easy target. Ambitious burglars or pros would probably be slower to adopt something like finding a prospective victim at an airport, as the still have no idea who's at home or what's worth taking, as they usually already have somthing in mind, like expsensive car or piece of artwork.
A feeling of having made the same mistake before: Deja Foobar
What are the implications of disabling the chip? A huge dose of ESD would probably do the job without harming paper and ink. You could just claim ignorance.
Because it would be illegal to export encryption of that strength. It does not matter if the other nation already has the technology.
Terrorists are the new Communists. And black is the new black. Get over it already!
People say I'm crazy, I got diamonds on the soles of my shoes...
Document 9303 at the ICAO. Note that it's the international Civil Aviation organization that defined the standard and is pushing it. Note that they intentionally do not encrypt the data so that it's simpler and easier for third world governments to read.
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
Keeping people from stealing your identity is important. The governments of the world being able to track you and being able to verify your identity is not as important as your right to not be tracked or identified.
There are plenty of legitimate reasons to not want people to be able to identify you. There are plenty of legitimate reasons to circumvent the system as well.
At what point did the unwilling martyrs at the twin towers win the balance against the millions of lives willing sacrificed so that we could taste freedom? It wouldn't matter if planes were crashed into building every day, it is no reason to take away freedom.
I don't get it. I mean, they State Dept. could easily have a reader connected to a network which passes along some hash which is stored on the card, to a server which would verify what passport they should be looking at. Slow? Wtf kind of technology are they using where 64K of stuff would take any time?
Think "Windows ME".
Remember, this is the U.S. Gov.
IANAL, but I've seen actors play them on TV
If the government can read it for legitimate purposes, then the government and other people can read it for illegitimate purposes.
I make a reasonable middle-class wage by going to work and not spamming blogs with scams.
http://rfidkills.com/action.html
[Insert the usual disclaimer here]
My question at that point is: why not use another technology? The whole point of RFID is that it is readable from a distance without jumping through any hoops. If TFA is correct they are negating the whole point of RFID and fighting it's inherent nature to do so. It seems that some kind of optical technology would be perfectly suited to do exactly what they want to do with RFID.
Sweden is going to introduce these state-of-the-art passports with microchips in them sometime in the autumn. i was planning on getting one first, but apparently a Visa will do just as fine should i ever want to visit the States, plus the microchip one is supposedly alot more expensive
so, im getting a new "regular" passport tomorrow... my current expires in july, no rush, but this new one will last 10 years so why not have it done with
Three rings for the Elven-kings in the sky
According to the ICAO standard states can chose to add an authentication scheme to the RFID-tag. This is what Sweden is dong, this is probably what the US is doing.
The authentication is based on the MRZ (Machine Readable Zone) in the passport (this is text that is read through OCR and not visible unless you open the passports photo page). The MRZ-data is hashed by SHA-1 and the high 32 bits of the hash is taken (this reduce the risk of someone computing the MRZ-data backwards (actually guessing) which MIGHT be possible if you have the hash and the basic structure of the MRZ-data). The hash is sent as an authentication code to the RFID-chip in the passport, if the hash is wrong the RFID responds with a "no valid authentication" message and refuse to send any data.
A state may decide to ignore such measures in their passports (but this is unlikely for the EU and the US). And such states have the option to include metallic jackets for the passport.
The range of the RFID transmission will be around 10 cm. IIRC it weakens with the power of 6 to the distance.
Further, it is not practical to have contact chips in a book-formed passport. It is more practical in ID-cards.
While I dislike this in general and would prefer a passport free world, try to avoid spreading untrue FUD about the technology being used, the data is secure and no person is going to get within 10 cm from your passport, and try an average of 2^31 different hashes without you noticing it. Of course, if the person manage to "borrow" your passport, he will use the MRZ to obtain the key, but in that case, he can take the passport to a photocopier as well (and that is probably cheaper).
"Civis Europaeus sum!"
The passport sniffer needn't hide the gear under a bulky coat. Any shoulder strap carry on type bag will do. They will blend in perfectly in the air port. They can then stand next to you in line, or perhaps brush past you walking in the hallways.
In 60 minutes of sniffing they could easily collect a dozen or more candidate "known gone" families, then use that as a short list of houses to check.
Maybe the regular readers will have a range in inches, and 802.11 has a range of 100ft. With the right antenna 802.11 can be extended by a factor of 50. I would not count on tags being unreadable from 24", a nice polite personal space distance.
I'm not saying this will ever happen, but it certainly is a lot easier than your deliberately ridiculous example.
What it really comes down to is...
If the passport issuing officials want a system that keeps a secondary reference copy of your information in a difficult to forge format, that is only readable with a special reader and is encrypted to prevent unauthorized use, then there is no reason to use a remotely readable device. A high resolution two dimensional barcode of encrypted data will do a nice job of it without exposing people's data to risk additional risk.
Either you've missed out something vital, or the system is wide open to a replay attack.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Authorized custom agents could then pass a reader over that chip, which would take the number, connect to a US government's computer, input the number which would return photo, fingerprints, etc. etc.
There seems NO need to put all the sensitive information on a chip, when all you need is a number. Keep the sensitive information on more secure computers, accesible only by valid custom agents.
excitingthingstodo.blogspot.com
Why not?
I really don't get it and have yet to see a good argument for what is suposedly so borken about paper docs.
Biometrics are good for a large number of things. But they are *not* good for IDs (passports, DLs, ICs those kind of things). This is because for them to be used that way they must be passed over a network. Once you start passing things over a network it becomes very possible to steal that persons biometrics and use them to be him/her.
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
Still, that would leave at least five system weaknesses obvious to even cursory glances:
1) It's still a Mark One RFID initial response; to prevent traffic analysis from making identifying USAssholes (yes, I can say that, I am one) trivial for hostile entities, there need to be a lot more responding Mark One RFIDs chirping away out there.
2) The specific query to the RFID could be played back. This might be solvable by inclusion of a random number component with in the initial response.
3) Every Mark Two RFID query generator needs to have the signature capability; the system is only safe until one is stolen and reverse engineered. Giving each it's own marine guard is liable to increase the expense of the deployment slightly. This might be obviated by an integrity-and-privacy secured uplink connection to a centralized query making server located at Fort Meade.
4) This still implies US passport holders should trust the US government to be able to secretly and silently find out exactly who they are at any time. Survey says...
5) I'm betting the computation for signature checks exceed the RFID remotely powered capabilities; I suspect they don't have much more than needed to play "Marco!".... "Polo!"
//Information does not want to be free; it wants to breed.
In WWII, Nazi's required jews to wear armbands distinctly identifying themselves as jewish at a distance.
This system worked very well. It insured that second class citizens could properly receive the proper treatment as such. i.e.: forced to walk in the gutter, rather than a side walk etc. Attend at labour and death camps etc.
Now the american government wants americans to only travel abroad on the condition that they effectively wear electronic armbands identifying them as "AMERICAN" to anyone with a simple detector.
America is at war, and the American government wants its citizens to be required to advertize their status to all possible enemies.
At least the NAZI's were fairly transparent about their desire to oppress and harm jews.
How is electronically broadcasting american citizenship for all to see, going to help americans be safer.
Why not just make a law requiring all american citizens to wear armbands with the Star of David.
Would that be obvious enough for the morons in the whitehouse to wake the fuck up!
No one has a right to their *own* opinion. They have a right to the TRUTH.
There will be a session about RFID chipped passports at the 2005 Computers, Freedman, and Privacy conference on Wed. April 13th in Seattle, WA. Bruce Schneier, who has spoken frequently on this issue, and Bill Scannell, who is quoted in the article, will both be keynote speakers at the conference. Right after the panel, there will likely be a demo of RFID technology as it relates to passports.
If you really loved America, you would know that only terrorists fear having their freedoms taken away. Real, law-abiding, god-fearing, red state Americans have nothing to hide!!!!!!!!one one
Yeah, right.