Today is Comment Deadline for RFID-Chip Passports

An anonymous reader writes "Today is the deadline for submitting comments to the State Department concerning the use of RFID chips in passports. These devices would store in digital form all the information currently on a passport as well as a digital copy of the passport picture. This information could then be read by an RFID reader presumably being operated by port of entry personnel. However, these devices could feasibly be read by anyone, including those with malicious intent. The use of RFID chips in passports is a bad idea for many more reasons than can be listed here. If you haven't yet, send your comments to the State Department. You can email them directly at PassportRules@state.gov with the subject 'RIN 1400-AB93' or go to rfidkills.com for more information and an online submittal form. ... It's also being covered on Wired." Here's the proposed rule itself (PDF).

Why must they emit?

This is something I don't get. Why use something that emits a signal? Digitize it ... fine. Barcode it for easy reading ... fine. But why make it so somebody sitting next to me in an airport can pickup the signal?

Re:Why must they emit?

[0x461FAB0BD7D2]

Exactly. We have something like that in Hong Kong already: Smart Identity Card

It is an identity card, on a MULTOS 4.06 operating system that supports the ISO7816 standard.

An RFID-based system is not much more useful than a Smart card.

Re:Why must they emit?

[jcuffe]

Not to mention the fact that if they make everyone's ID emit some value, who can say what happens when you get a cluster of people standing together? Even if the broadcasting range of the RFID device is quite short, wouldn't you still have to basically whip out your card and swipe it to ensure that it's reading *your* card and not somebody else's? And if you have to do that, isn't the RFID chip 100% liability and 0% benefit?

How to kill your passport & other questions...

[justanyone]

Supposedly, putting an RFID tag in a microwave will kill it (make it no longer workable). This is an easy fix for those who don't want people nearby to read their passport info.

Questions:
* What do I gain, as a passport user, by having mine working?
* What prevents someone from putting a fake RFID tag in/on my passport, thus making it seem like I'm engaging in high-tech forgery?
* What benefits come from an RFID-based reading of the thing, vs. some kind of contact-based smart card that clearly shows when it's being read (you have to make physical contact with the device)?
* What's to stop the authorities from putting RFID readers throughout the airport and tracking where specific people walk?
* Why not put rfid tags on boarding passes instead, so that to go from the counter to the plane you have to walk past numerous RFID readers and it keeps track that you didn't miss a checkpoint, etc.
* Won't my address and phone number be on this? What if I'm a single female concerned with personal security? Some schmo could stalk an airport, find me, strike up a conversation, and then get home before me since they know I'm not home?
* What about ex-husbands / abusers / stalkers / restraining-order-prevented people from scanning the new address of someone to find / kill / abuse them again?

Seems to me there's something very Orwellian / Soviet / THX-1138-ish about this whole thing.

-- Kevin

Re:How to kill your passport & other questions

[j-turkey]

Supposedly, putting an RFID tag in a microwave will kill it (make it no longer workable). This is an easy fix for those who don't want people nearby to read their passport info.

According to the proposal:

Damaged, Defective or Otherwise Nonfunctioning Electronic Chip

Section 51.6 of Title 22, Code of Federal Regulations (CFR), governs the validity of damaged United States passports. This rule would amend 51.6 by adding new language providing that a damaged, defective, or otherwise nonfunctioning electronic chip may be grounds for invalidating a United States passport. A passport with an intact data page but a nonfunctioning electronic chip would still be used as a travel document. However, detected attempts to alter chip data or to substitute a different electronic chip would result in invalidation.

That sort of answers a few of your questions (although it's sort of an ambigous answer -- disabling the RFID is grounds for invalidation, but you can travel without the RFID? I don't get it). Have you submitted your comments yet?

Read distance enhancement

[justanyone]

The change specifies a read distance of approximately 4 inches.

I wonder if the technical experts have bothered to mention that this signal is being broadcast in all directions, and that simple dish antennae can enable exchanging signals over tens of yards/meters if not longer?

Has anyone thought about Embassy security personnel being given a task to eliminate all radio-frequency broadcasting devices in the building to prevent espionage, yet everyone will now be carrying a small broadcasting station that can be converted to send data out of the building? Detecting small bugs is a big deal to these guys. I wonder if they have an opinion about their jobs getting harder...

Re:Read distance enhancement

[swillden]

I wonder if the technical experts have bothered to mention that this signal is being broadcast in all directions, and that simple dish antennae can enable exchanging signals over tens of yards/meters if not longer?

Umm, there are a couple of points you're not considering.

The antennas in the normal (~4in range... hah! more like 1/2in!) are not omnidirectional. Orientation of chip antenna and reader antenna is pretty important to being able to achieve the nominal range. They're not specifically focused, either, so you can get some improvement with directional antennas.

That improvement is limited in a couple of ways, though. First, unlike most RF applications where both endpoints are independently powered and you only need to get enough gain to push a signal that's above the background noise level, in this case the reader signal has to reach the passport strongly enough to *power* the chip. The chip isn't terribly power-hungry compare to the one in your PC, but it's a lot more power-hungry than even a typical 8-bit microcontroller. Especially if the crypto extensions to the ICAO protocol are used -- running an RSA engine draws a lot of power, relatively speaking. Since the power you deliver to the device decreases with the cube of distance, you need a lot of gain to reach long ranges.

Also, no matter what you do on the reader side, the passport does not and will not have a high-gain antenna attached to it, and you'd have to get pretty lucky to make sure it was oriented right if it did. Further, no matter how much power you deliver to it, that chip is going to broadcast with very low power in return, so you're going to have to have a lot of gain on the receiver. As I understand it, this side is actually doable. People have sucessfully eavesdropped on chips at distances of nearly 40 feet, when the chip was talking to a nearby reader (conventional < one inch range). Under lab conditions, of course.

Has anyone thought about Embassy security personnel being given a task to eliminate all radio-frequency broadcasting devices in the building to prevent espionage, yet everyone will now be carrying a small broadcasting station that can be converted to send data out of the building?

Umm, not really. Not only do those passports not have a power source and extremely weak signals when they do transmit, but they also have no way to take in data that they might transmit, no sort of DSP or any other obvious mechanism to encode the data if they did have a microphone attached and very limited and non-modifiable software.

Of course, you could replace the chip in your passport with one that would overcome those limitations, but how would that be different from carrying a bug the "normal" way?

Re:How to kill your passport & other questions

[swillden]

Note that these are just my guesses, but I work with smart cards (contact and contactless) for a living, so they're fairly educated guesses.

What do I gain, as a passport user, by having mine working?

In the abstract, you gain higher assurance that no one is using a forged passport in your name, and that no one who finds your passport can pretend to be you (by grafting their own photo onto it, for example). In theory the higher assurance that passports are not forgeable and are more tightly bound to their legitimate owners also provides some measure of additional security (that's a pretty tenuous theory, though, just loaded with handwaving).

Keep in mind, though, that the real point isn't to benefit you, the point is to benefit customs and immigration officials.

From a practical perspective, turn your question around: What will it cost you if your chip isn't working? You'll go into the "exception" process for greater scrutiny. That's why you'll want your chip to be working.

What prevents someone from putting a fake RFID tag in/on my passport, thus making it seem like I'm engaging in high-tech forgery?

Depends on how the passport is implemented (note that this is *not* an RFID tag we're talking about, it's a contactless smart card -- there's a big difference). If proper security is implemented, then the fake will be obviously a fake. It will probably interfere with the operation of the real chip, so you'll get pulled aside, your passport will be examined closely and you'll get to answer some questions. Unless there's something else wrong, it'll end there, as far as you're concerned. They'll want to look into who did that to your passport.

What benefits come from an RFID-based reading of the thing, vs. some kind of contact-based smart card that clearly shows when it's being read (you have to make physical contact with the device)?

See my post here

What's to stop the authorities from putting RFID readers throughout the airport and tracking where specific people walk?

Depends on the passport design. Some nations are considering putting electromagnetic shielding in the passport covers so that the chip can only be activated when the booklet is open. Beyond that, range is a serious problem. The chips are powered by the reader, so the power delivered drops off with the cube of distance, both ways. Even if you make a boosted reader (with a directional antenna) that can power a chip at long range, the chip will still transmit at very low power -- low enough that beyond a couple of feet it will be nigh impossible to pick the transmissions out of the background. The nominal operating range of these devices is about 1 cm. You can extend that by one order of magnitude, fairly easily, especially if you don't need high reliability, but wo orders of magnitude gets to be really, really hard. I'm not an EM guy, but this is what I'm told by people who are deeply into this stuff.

Why not put rfid tags on boarding passes instead, so that to go from the counter to the plane you have to walk past numerous RFID readers and it keeps track that you didn't miss a checkpoint, etc.

With real RFIDs, rather than contactless smart cards, you could do that. They require less power to activate and transmit stronger signals, so that they can be used at longer ranges. They don't have the cryptographic capabities, though, or the volume of storage required for this passport application.

Won't my address and phone number be on this? What if I'm a single female concerned with personal security? Some schmo could stalk an airport, find me, strike up a conversation, and then get home before me since they know I'm not home?

Again, depends on the security model implemented. The schmoe in question would have to get his reader within a few inches of your passport, your passport would have to be unshielded, and you