Today is Comment Deadline for RFID-Chip Passports

An anonymous reader writes "Today is the deadline for submitting comments to the State Department concerning the use of RFID chips in passports. These devices would store in digital form all the information currently on a passport as well as a digital copy of the passport picture. This information could then be read by an RFID reader presumably being operated by port of entry personnel. However, these devices could feasibly be read by anyone, including those with malicious intent. The use of RFID chips in passports is a bad idea for many more reasons than can be listed here. If you haven't yet, send your comments to the State Department. You can email them directly at PassportRules@state.gov with the subject 'RIN 1400-AB93' or go to rfidkills.com for more information and an online submittal form. ... It's also being covered on Wired." Here's the proposed rule itself (PDF).

New product

[Tooxs]

Tinfoil passport holders.

Re:New product

[uncoveror]

Good idea, but try getting through a metal detector!

Why must they emit?

This is something I don't get. Why use something that emits a signal? Digitize it ... fine. Barcode it for easy reading ... fine. But why make it so somebody sitting next to me in an airport can pickup the signal?

Re:Why must they emit?

[0x461FAB0BD7D2]

Exactly. We have something like that in Hong Kong already: Smart Identity Card

It is an identity card, on a MULTOS 4.06 operating system that supports the ISO7816 standard.

An RFID-based system is not much more useful than a Smart card.

Re:Why must they emit?

[jcuffe]

Not to mention the fact that if they make everyone's ID emit some value, who can say what happens when you get a cluster of people standing together? Even if the broadcasting range of the RFID device is quite short, wouldn't you still have to basically whip out your card and swipe it to ensure that it's reading *your* card and not somebody else's? And if you have to do that, isn't the RFID chip 100% liability and 0% benefit?

Re:Why must they emit?

[OAB_X]

Because they have lack of common sense and someone probably thought that it would be a good idea to speed up customs on people and make in even harder to fake passports (as encryption is hard to fake).

But wait, they forgot that people can break encryption given enough time, its not ID theifs that are the real problem, its organized attack by foreign governments (maybe Iran or othe nations with state sponsored terrorism or government agents sympathetic to it) because they have the computing resources to crack the encrytion given enough packets sniffed coupled with the computing power.

Re:Why must they emit?

[harks]

They are suggesting putting a digitized image of the passport holder's face in the signal, so I'm guessing the person scanning could compare faces.

Re:Why must they emit?

[swillden]

Exactly. We have something like that in Hong Kong already: Smart Identity Card It is an identity card, on a MULTOS 4.06 operating system that supports the ISO7816 standard.

(Disclaimer: I like the HK card -- I actually did some work on the project)

The difference is the form factor. Where do you place the contacts in a passport booklet? If you went to a purely electronic passport, you could use a card form factor, but that's not possible, and it's also too unreliable (you need the paper as a fallback). You could try to put the chip's contact plate in some corner of the outer cover, so that the cover could be inserted into a reader, but if the cover got too tattered or frayed, the contacts wouldn't land in the right spot any more. Plus it might be hard to fit frayed edges into the slot. So, you'd have to make the cover out of a hard plastic. That's possible, of course, but it changes the look and feel of the passport significantly.

There's another, more technical, problem as well: transfer rate. ISO7816 cards max out at 115kbps, and that's the raw data rate. In practice, the 7816-4 overhead (reader-driven command-response protocol, small packet size, large interframe delays) means that you don't get all of that. Further, it's pretty common to run into combinations of cards and readers that can't operate at those high baud rates... 9900bps is what you can count on reliably.

Contactless smart cards, complying to ISO14443, on the other hand, talk at either 400kbps or 800kbps.

Why does that matter? Multiple biometrics, plus signatures and certificates can get pretty large. The "Silver Data Set" used by ICAO for testing is over 40KB in size. If you have to move that at 9900bps, you're only going to get net transfer rate of around <1KBps, meaning that it will take close to one minute to get all of the data from the card. In comparison, the fastest 400kbps contactless implementations move that data in under 3 seconds.

There are other practical reasons to use contactless as well, all related to ease of use and transaction speed.

And security doesn't need to be a problem. We have the technology to make these things very secure -- the ICAO specification even defines exactly *how* to secure them. The only question is whether or not the issuing nations choose to implement the security.

Please, write and encourage the US State Dept to implement the PK-based security scheme to prevent eavesdropping and shielded covers to prevent presence scanning.

Forgery

Wouldn't this create an increase in forgery, as people can now pick-up other's info easily?

How to kill your passport & other questions...

[justanyone]

Supposedly, putting an RFID tag in a microwave will kill it (make it no longer workable). This is an easy fix for those who don't want people nearby to read their passport info.

Questions:
* What do I gain, as a passport user, by having mine working?
* What prevents someone from putting a fake RFID tag in/on my passport, thus making it seem like I'm engaging in high-tech forgery?
* What benefits come from an RFID-based reading of the thing, vs. some kind of contact-based smart card that clearly shows when it's being read (you have to make physical contact with the device)?
* What's to stop the authorities from putting RFID readers throughout the airport and tracking where specific people walk?
* Why not put rfid tags on boarding passes instead, so that to go from the counter to the plane you have to walk past numerous RFID readers and it keeps track that you didn't miss a checkpoint, etc.
* Won't my address and phone number be on this? What if I'm a single female concerned with personal security? Some schmo could stalk an airport, find me, strike up a conversation, and then get home before me since they know I'm not home?
* What about ex-husbands / abusers / stalkers / restraining-order-prevented people from scanning the new address of someone to find / kill / abuse them again?

Seems to me there's something very Orwellian / Soviet / THX-1138-ish about this whole thing.

-- Kevin

Re:How to kill your passport & other questions

[j-turkey]

Supposedly, putting an RFID tag in a microwave will kill it (make it no longer workable). This is an easy fix for those who don't want people nearby to read their passport info.

According to the proposal:

Damaged, Defective or Otherwise Nonfunctioning Electronic Chip

Section 51.6 of Title 22, Code of Federal Regulations (CFR), governs the validity of damaged United States passports. This rule would amend 51.6 by adding new language providing that a damaged, defective, or otherwise nonfunctioning electronic chip may be grounds for invalidating a United States passport. A passport with an intact data page but a nonfunctioning electronic chip would still be used as a travel document. However, detected attempts to alter chip data or to substitute a different electronic chip would result in invalidation.

That sort of answers a few of your questions (although it's sort of an ambigous answer -- disabling the RFID is grounds for invalidation, but you can travel without the RFID? I don't get it). Have you submitted your comments yet?

Why even have public commenting periods?

[c0d3h4x0r]

The government agencies or legislative bodies that host these periods of public comment never seem to listen to what anyone with an educated opposing view or well-founded criticism has to say anyway, so why even host such "public comment"? Is it just an effort to make the general public feel pacified or what?

Re:Why even have public commenting periods?

[0x461FAB0BD7D2]

They have no idea what to do with their 2GB Gmail accounts. A subject with RIN 1400-AB93 would be easy to filter / label, and they could start filling the account up quite fast.

Also, it's good reading material when Slashdot has no news to post.

Re:Why even have public commenting periods?

[macdaddy357]

Indeed! They pay no attention to what we say. The moozlim ayrab terrists will be able to pick out the Americans from a distance, and then kill us at will. The only answer is never to travel overseas.

Read distance enhancement

[justanyone]

The change specifies a read distance of approximately 4 inches.

I wonder if the technical experts have bothered to mention that this signal is being broadcast in all directions, and that simple dish antennae can enable exchanging signals over tens of yards/meters if not longer?

Has anyone thought about Embassy security personnel being given a task to eliminate all radio-frequency broadcasting devices in the building to prevent espionage, yet everyone will now be carrying a small broadcasting station that can be converted to send data out of the building? Detecting small bugs is a big deal to these guys. I wonder if they have an opinion about their jobs getting harder...

Re:Read distance enhancement

[swillden]

I wonder if the technical experts have bothered to mention that this signal is being broadcast in all directions, and that simple dish antennae can enable exchanging signals over tens of yards/meters if not longer?

Umm, there are a couple of points you're not considering.

The antennas in the normal (~4in range... hah! more like 1/2in!) are not omnidirectional. Orientation of chip antenna and reader antenna is pretty important to being able to achieve the nominal range. They're not specifically focused, either, so you can get some improvement with directional antennas.

That improvement is limited in a couple of ways, though. First, unlike most RF applications where both endpoints are independently powered and you only need to get enough gain to push a signal that's above the background noise level, in this case the reader signal has to reach the passport strongly enough to *power* the chip. The chip isn't terribly power-hungry compare to the one in your PC, but it's a lot more power-hungry than even a typical 8-bit microcontroller. Especially if the crypto extensions to the ICAO protocol are used -- running an RSA engine draws a lot of power, relatively speaking. Since the power you deliver to the device decreases with the cube of distance, you need a lot of gain to reach long ranges.

Also, no matter what you do on the reader side, the passport does not and will not have a high-gain antenna attached to it, and you'd have to get pretty lucky to make sure it was oriented right if it did. Further, no matter how much power you deliver to it, that chip is going to broadcast with very low power in return, so you're going to have to have a lot of gain on the receiver. As I understand it, this side is actually doable. People have sucessfully eavesdropped on chips at distances of nearly 40 feet, when the chip was talking to a nearby reader (conventional < one inch range). Under lab conditions, of course.

Has anyone thought about Embassy security personnel being given a task to eliminate all radio-frequency broadcasting devices in the building to prevent espionage, yet everyone will now be carrying a small broadcasting station that can be converted to send data out of the building?

Umm, not really. Not only do those passports not have a power source and extremely weak signals when they do transmit, but they also have no way to take in data that they might transmit, no sort of DSP or any other obvious mechanism to encode the data if they did have a microphone attached and very limited and non-modifiable software.

Of course, you could replace the chip in your passport with one that would overcome those limitations, but how would that be different from carrying a bug the "normal" way?

Re:How to kill your passport & other questions

[mangu]

disabling the RFID is grounds for invalidation, but you can travel without the RFID?

It seems that the RFID is used just for the purpose of simplifying the process of reading it. The primary identification would be electronic and the paper would be used as a "backup" device. Conterfeiting the chip would be a felony. Sounds reasonable.

I don't get this conspiracy-theory fear about RFID. I have an RFID work badge, it works only at a few centimeters distance, I have tried opening a gate from a distance and it didn't work. So what's the problem? If you can get through immigration by swiping a passport instead of having someone open it and reading the pages, better for you. Shorter lines, less hassle.

Send a letter now!

[BlueFashoo]

Here's the letter that I just sent.

Feel free to copy and modify it as you see fit.


Hi,

I'm writing to voice my objections to the placement of RFID chips in future US passports.

RFID technology is not a secure technology. Chipping the passports allows anyone with an inexpensive chip reader to easily identify who is an American and make them a target for terrorist activities.

Chipping also allows opens the door to identity theft. Someone could discreetly obtain the information broadcast by the chip and forge a fake chip.

A barcode like the UPS shipping barcodes or some sort of magstripe can achieve your aims without the security concerns that RFID technology brings up.

Sincerely,

(my real name, no sig)

Re:How to kill your passport & other questions

[jcuffe]

The thing is, there's a fair difference between something that simply lets you in doors at work (I have a Sonitrol badge in my wallet that I use at work) and something that personally identifies you as "so and so residing at x address born on... Etc." Also, if we're looking to make passports simply swipeable instead of requiring them to be read, aren't there other technologies that do the same thing?

Only an ID Number

[Ghetto_D]

I have read that these chips would transmit an ID number, and then that number would be read in and looked up in a database. People need to keep in mind that it would not store everything about you so that an passerby could simply access the data. They would also need access to the database.

Now cloning the ID on the chip, thats a different story...

Re:Only an ID Number

[Ghetto_D]

Change "would" to "could", it was one of the proposed ways of making it safer.

Re:How to kill your passport & other questions

[swillden]

Note that these are just my guesses, but I work with smart cards (contact and contactless) for a living, so they're fairly educated guesses.

What do I gain, as a passport user, by having mine working?

In the abstract, you gain higher assurance that no one is using a forged passport in your name, and that no one who finds your passport can pretend to be you (by grafting their own photo onto it, for example). In theory the higher assurance that passports are not forgeable and are more tightly bound to their legitimate owners also provides some measure of additional security (that's a pretty tenuous theory, though, just loaded with handwaving).

Keep in mind, though, that the real point isn't to benefit you, the point is to benefit customs and immigration officials.

From a practical perspective, turn your question around: What will it cost you if your chip isn't working? You'll go into the "exception" process for greater scrutiny. That's why you'll want your chip to be working.

What prevents someone from putting a fake RFID tag in/on my passport, thus making it seem like I'm engaging in high-tech forgery?

Depends on how the passport is implemented (note that this is *not* an RFID tag we're talking about, it's a contactless smart card -- there's a big difference). If proper security is implemented, then the fake will be obviously a fake. It will probably interfere with the operation of the real chip, so you'll get pulled aside, your passport will be examined closely and you'll get to answer some questions. Unless there's something else wrong, it'll end there, as far as you're concerned. They'll want to look into who did that to your passport.

What benefits come from an RFID-based reading of the thing, vs. some kind of contact-based smart card that clearly shows when it's being read (you have to make physical contact with the device)?

See my post here

What's to stop the authorities from putting RFID readers throughout the airport and tracking where specific people walk?

Depends on the passport design. Some nations are considering putting electromagnetic shielding in the passport covers so that the chip can only be activated when the booklet is open. Beyond that, range is a serious problem. The chips are powered by the reader, so the power delivered drops off with the cube of distance, both ways. Even if you make a boosted reader (with a directional antenna) that can power a chip at long range, the chip will still transmit at very low power -- low enough that beyond a couple of feet it will be nigh impossible to pick the transmissions out of the background. The nominal operating range of these devices is about 1 cm. You can extend that by one order of magnitude, fairly easily, especially if you don't need high reliability, but wo orders of magnitude gets to be really, really hard. I'm not an EM guy, but this is what I'm told by people who are deeply into this stuff.

Why not put rfid tags on boarding passes instead, so that to go from the counter to the plane you have to walk past numerous RFID readers and it keeps track that you didn't miss a checkpoint, etc.

With real RFIDs, rather than contactless smart cards, you could do that. They require less power to activate and transmit stronger signals, so that they can be used at longer ranges. They don't have the cryptographic capabities, though, or the volume of storage required for this passport application.

Won't my address and phone number be on this? What if I'm a single female concerned with personal security? Some schmo could stalk an airport, find me, strike up a conversation, and then get home before me since they know I'm not home?

Again, depends on the security model implemented. The schmoe in question would have to get his reader within a few inches of your passport, your passport would have to be unshielded, and you

Re:How to kill your passport & other questions

[j-turkey]

I don't get this conspiracy-theory fear about RFID.

I'm with you that the technology isn't all bad. Where it becomes a concern is where RFID tags can be scanned from long distances without our knowledge. For example, my EZ-Pass can be scanned from about 20-30 meters away. Some people have issues with being monitored from a distance electronically, and without their knowledge, so they won't use an EZ-Pass. For those people, this is a concious choice, so it's easy. International travelers don't have a choice -- they will not be able to carry their passport and maintain that same low profile. Worst care scanario: those people become targets for kidnappers. As far as I'm concerned, I just like to know when my identification is being scanned. I want to know when I'm identified positively and if I'm being watched. I'm not a criminal and don't wish to be treated or scrutinized like one -- especially without my knowledge.

I didn't catch what the range was of these embedded devices...but why RFID? Is there some company pushing it? Why not barcode, or even a smartcard? Why does it have to be a "wireless" solution? I understand and appreciate why this is being done, but does it really make a difference if the agencies in question use a different "wired" technology?

Disabling the chip is exactly what I will do...

[thecampbeln]

...should this come into effect - it's nice to know that it won't invalidate the passport! Updating passports is not a bad thing, but when it's done as half assed as this seems to have been done, it does nothing but make them less secure. Non-encrypted data readable from a distance, what genious thought that one up? (as a CIA agent quietly sneaks up behind me... ;)

Best of all, I'll have to nuke my Aussi and US passports (and exactly when did US law become international law? DCMA comming to [in] Europe, this in Oz...)

Be sure to make your comments heard, I have!

baaa

[syrinx]

The use of RFID chips in passports is a bad idea

I'm glad I have Slashdot so I know what opinions to have! Linux good! RFID baaaaaad!

Re:baaa

[JadeNB]

The use of RFID chips in passports is a bad idea
I'm glad I have Slashdot so I know what opinions to have! Linux good! RFID baaaaaad!

Is this better language for the post?

In my opinion, which is in no way endorsed by syrinx, and which I would never inflict on another user, the use of RFID chips is ... well, forget it, I'm just imposing now.

RFID NEWS: Katherine Albrecht

[Zombiewire]

Under The Radar Katherine Albrecht's Sweat of labor, the battle heats up by James Mata The Book we have all been waiting for is just around the corner. It's the inside scoop of Caspian founder Katherine Albrecht. There are so many facts and falicies whirling about in the so-called RFID News arena that to finally read the truth with out the spins from the RFID investors of how we will enjoy the new life of RFID tracking and get the scoop from someone we all admire and trust would be most refreshing and rewarding. More at www.zombiewire.com

Did you proofread it?

[Muad'Dave]

Chipping also allows opens the door to identity theft.

http://rfidjournalwired.blog-city.com/

The Cloud of Smoke or Smoking guns
It has been two years now and there has not been any word on how Philips RFID "off switch"...... Was that news just a smoke cloud? Did that story suffice our privacy issues and buy time for the RFID market to unfold and get stronger. These are question we all need to be asking the main RFID playgoers who's concerned more of the RFID ROI instead of privacy issues that may concern the majority of consumers
Sure there is one RFID kill mechanism coming out when RFID ROI develops. The Tagzapper is considered the straw that may break the camels back.
The manufactures are gaining their own privacy concerning their RFID setbacks and successes. There is no need to show where the problem is. Why cry fire in a theater anyway?
The horses are at the gates and jocking for that one position to be the leader. Once the mandate sifts out the weak RFID roll outs, and then only the meek RFID manufactures will prevail and then they will consumes their competition.
So what I am saying is a cloud or the smoking gun? It is your call.