Today is Comment Deadline for RFID-Chip Passports

An anonymous reader writes "Today is the deadline for submitting comments to the State Department concerning the use of RFID chips in passports. These devices would store in digital form all the information currently on a passport as well as a digital copy of the passport picture. This information could then be read by an RFID reader presumably being operated by port of entry personnel. However, these devices could feasibly be read by anyone, including those with malicious intent. The use of RFID chips in passports is a bad idea for many more reasons than can be listed here. If you haven't yet, send your comments to the State Department. You can email them directly at PassportRules@state.gov with the subject 'RIN 1400-AB93' or go to rfidkills.com for more information and an online submittal form. ... It's also being covered on Wired." Here's the proposed rule itself (PDF).

How to kill your passport & other questions...

[justanyone]

Supposedly, putting an RFID tag in a microwave will kill it (make it no longer workable). This is an easy fix for those who don't want people nearby to read their passport info.

Questions:
* What do I gain, as a passport user, by having mine working?
* What prevents someone from putting a fake RFID tag in/on my passport, thus making it seem like I'm engaging in high-tech forgery?
* What benefits come from an RFID-based reading of the thing, vs. some kind of contact-based smart card that clearly shows when it's being read (you have to make physical contact with the device)?
* What's to stop the authorities from putting RFID readers throughout the airport and tracking where specific people walk?
* Why not put rfid tags on boarding passes instead, so that to go from the counter to the plane you have to walk past numerous RFID readers and it keeps track that you didn't miss a checkpoint, etc.
* Won't my address and phone number be on this? What if I'm a single female concerned with personal security? Some schmo could stalk an airport, find me, strike up a conversation, and then get home before me since they know I'm not home?
* What about ex-husbands / abusers / stalkers / restraining-order-prevented people from scanning the new address of someone to find / kill / abuse them again?

Seems to me there's something very Orwellian / Soviet / THX-1138-ish about this whole thing.

-- Kevin

Read distance enhancement

[justanyone]

The change specifies a read distance of approximately 4 inches.

I wonder if the technical experts have bothered to mention that this signal is being broadcast in all directions, and that simple dish antennae can enable exchanging signals over tens of yards/meters if not longer?

Has anyone thought about Embassy security personnel being given a task to eliminate all radio-frequency broadcasting devices in the building to prevent espionage, yet everyone will now be carrying a small broadcasting station that can be converted to send data out of the building? Detecting small bugs is a big deal to these guys. I wonder if they have an opinion about their jobs getting harder...

Re:Read distance enhancement

[swillden]

I wonder if the technical experts have bothered to mention that this signal is being broadcast in all directions, and that simple dish antennae can enable exchanging signals over tens of yards/meters if not longer?

Umm, there are a couple of points you're not considering.

The antennas in the normal (~4in range... hah! more like 1/2in!) are not omnidirectional. Orientation of chip antenna and reader antenna is pretty important to being able to achieve the nominal range. They're not specifically focused, either, so you can get some improvement with directional antennas.

That improvement is limited in a couple of ways, though. First, unlike most RF applications where both endpoints are independently powered and you only need to get enough gain to push a signal that's above the background noise level, in this case the reader signal has to reach the passport strongly enough to *power* the chip. The chip isn't terribly power-hungry compare to the one in your PC, but it's a lot more power-hungry than even a typical 8-bit microcontroller. Especially if the crypto extensions to the ICAO protocol are used -- running an RSA engine draws a lot of power, relatively speaking. Since the power you deliver to the device decreases with the cube of distance, you need a lot of gain to reach long ranges.

Also, no matter what you do on the reader side, the passport does not and will not have a high-gain antenna attached to it, and you'd have to get pretty lucky to make sure it was oriented right if it did. Further, no matter how much power you deliver to it, that chip is going to broadcast with very low power in return, so you're going to have to have a lot of gain on the receiver. As I understand it, this side is actually doable. People have sucessfully eavesdropped on chips at distances of nearly 40 feet, when the chip was talking to a nearby reader (conventional < one inch range). Under lab conditions, of course.

Has anyone thought about Embassy security personnel being given a task to eliminate all radio-frequency broadcasting devices in the building to prevent espionage, yet everyone will now be carrying a small broadcasting station that can be converted to send data out of the building?

Umm, not really. Not only do those passports not have a power source and extremely weak signals when they do transmit, but they also have no way to take in data that they might transmit, no sort of DSP or any other obvious mechanism to encode the data if they did have a microphone attached and very limited and non-modifiable software.

Of course, you could replace the chip in your passport with one that would overcome those limitations, but how would that be different from carrying a bug the "normal" way?