Slashdot Mirror
Fatal Flaw Weakens RFID Passports
fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.
Time to don the full body tinfoil armor!
domain combinatorics
So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?
--We don't NEED no stinkin' sig!
http://www.cafepress.com/berfid * Does the barcoded stamp qualify as irony?
*sigh*
Remind me to go out and buy a tinfoil money belt the next time I go on a trip...
People say I'm crazy, I got diamonds on the soles of my shoes...
Isn't the whole point of the tin-hat to give the public confidence, while still allowing tracking by suitably equipped (funded) parties? Or did I just wake up?
Your optimism strikes me like junkmail addressed to the dead.
1. sweep crowd with long range detector
2. go after wealthy american traveller
3. ???
4. profit!
As with the UK's attempts to push through ID cards, the politicians in charge have at best a vague fuzzy idea of what the technology can do, but it sounds funky so let's do it anyway.
Tiny details like monumental security problems and the things plain not working don't exist in the simplified pitch they get from their lobbyists, so they continue to push it through anyway, on the grounds that it's "Anti-Terror".
You don't support Terror, do you?
"I Know You Are But What Am I?"
this magical RFID device needs to be opened manually, looked at, checked, optically scanned and then finally used as RFID to get the digital picture and print from the device?
This is going to take 3x longer and be prone to more failures surely?
This is a benefit how?
Surely a 2d barcode would be better, or just use old tech mag swipe?
Stupid mofo imbeciles.
liqbase
According to the commercials on television RFID is wonderful, and we all know tv doesnt lie.
I only travel by climbing fences and digging tunnels.
man, I feel like mold.
And what is wrong with current passports?
--
Get your Free MacMini's here
I have heard both THREATS and JOKES that privacy-conscious Slashdot crowd folks plan on destroying the RFID capabilities of their personal passports.
Just an advanced warning: you will NOT be able to board flights using a passport that has no RFID response and thus has been tampered with.
If you "get" pointers add me as a friend (116)!
RFID chips, including the ones specified for U.S. passports, can still be uniquely identified by their radio behavior. Specifically, these chips have a unique identification number used for collision avoidance. It's how the chips avoid communications problems if you put a bagful of them next to a reader. This is something buried deep within the chip, and has nothing to do with the data or application on the chip.
Ok, so it has a unique ID on it but it doesn't appear that the ID is tied to you or the data. FUD?
Why would I want to leave the US anyway? (Funny or Troll, your call...)
The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches
I've got to wonder why, in this case, they don't use Magcards instead of RFID. Older technology, yes, but not any more limited for the use given, and a bit more secure as they require contact with the card to read. If they're supposedly going to limit the RFID to magcard limits, why not just use a magcard?
"A demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet."
Is this anything like the BlueSniper?
"To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed."
Well there has to be better protection for identity theft than having the passport closed all the time. You may not know whether it is open or closed, but it should have some way of notifying you if it is unsecured. How about having the passport just become a single card with some kind of flash memory built in?
There are many other scenarios where the RFID tags could be exploited, but you will first have to put on your tinfoil hat in order to even conceive of any of these conspiracies.
He who knows best knows how little he knows. - Thomas Jefferson
The interesting question is : Will my passport still work if I put it on top of my microwave oven and under my cell phone ? Are these residual radiations enough to get it fried ? I hope this has been carefully studied, but from what I have read/heard in the past, RFID main target was the low-cost and short lifespan labelling market. Can it last the ten years of validity of my passport ?
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance?
Get or renew your passport now and it should be RFID-free for the next 10 years.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Increasingly I find less and less reasons to travel abroad.
:(
From increasing plane fares to the "same-ization" of human culture, there is little reason for me to leave my own town.
To top it off, Europe is increasingly violent.
Witness the nonsense going on in France right now for the past few days, coupled with the fact that London is now SCARY to walk around many times during the day.
So many countries now speak ENGLISH that I fear we are losing cultures every day.
The US has every weather climate and all the swimming and skiing and climbing and flying and rafting etc etc that you could ever want. The only thing making us vacation abroad previously was to experience different CULTURES but now that McDonald's and English and RAP music are everywhere, we're all the same anymore.
It's sad really
Just some thoughts... REPLY, DON'T MODERATE
If you "get" pointers add me as a friend (116)!
TFA is by Mr Cryptology and he doesn't make that kind of stupid mistakes. He quite clearly says they FIXED that and one other problem, but left in a third problem because the people in charge are technically ignorant.
Infuriate left and right
When over there, the regional beers are AWESOME!!! The best beer I've ever had was this local brew I drank in Interlaken. It did help that it was being served by this really pretty blond in very tight jeans.
Evil people don't think they're evil. - George Lucas, Making of Ep III
*engage dr.cool subtle mode*
.... you get the idea?!
*whip out elite passport RFID reader*
Elite hax0r formerly known as script kiddie: Hey that's a neat passport! Can i see it?
Dumb user sans tin-foil armor: Wait don't you have one?
Elite hax0r: Yeah but mine's from Greenland - look it's all purple and stuff
Dumb user soon to be victim of a passport RFID theft: Oh ok here you go
*scan scan scan*
Seriously, how does this protect the passport when it's open or it gets opened while in a bag or someone opens it to check something or
A days parking at the airport : 12$
Homemade Magnetron gun concealed in suitcase : 250$
Watching everyone you point your suitcase at miss their flight and get arrested (before you get arrested yourself) : Priceless!
My left arm is all scars and I consider that a valid excuse...
From the summary:
The passports will also include a 'Tin Hat' that limits the RFID signal to only a few inches, but a demonstration has been made that using specialized hardware, the signal can be intercepted from up to 69 feet.
The poster apparently did not carefully RTFA (skipped page 2, is my guess). The 69-foot detection range does not apply to the RFID chips in this case, because of that 'Tin Hat' (the passport is radio-shielded when closed); Schneier was referring to RFID chips in general when he brought that statistic up, not this particular instance. Arguably (if you're going to put RFID chips in passports) this is one of the few things that they've actually fixed.
(I personally think that the whole thing is a bad idea...but let's attack the system on its demerits, not on no-longer-relevant bugs.)
I am VERY interested in YOUR comments. PLEASE specify more where YOU heard this INFORMATION. Was it PERCHANCE at a heavy METAL rock concert?
It increases the revenues of the companies that make those things, increases the revenues of the lobbyists, and get the politicians more campaign contributions. Geeze!
Evil people don't think they're evil. - George Lucas, Making of Ep III
some have derided this as a tinfoil hat for passports
What is wrong with the trusty tin foil hat? I never leave the mothership without mine.
Slashdot - Where the slash is most definitely to the left.
The Benefits:
/. for a little knows how easy collecting personal data can be.
For the average bad guy, a contactless module will make much harder to fabricate an identity.
Ideally, gov'ts have a better idea who is coming and going from a country and in a much more efficient manner.
For the average person, this doesn't affect them at all.
For the average dissident, the gov't still going to give them a hard time, so this might be one more way to make life difficult.
The Bad:
Bad guys can "collect" information. It's unclear to me what they would do with a unique identifier. They need much more than just the unique identifier. They would need to associate the identifier with (one assumes) the right identity. You don't need to be a bad guy to do that. You can buy most of it from totally legal companies right now. Please explain if I'm missing something here.
Epensive! Understand that it's not just about a passport that will be at least 10x more expensive to make, but the infrastructure to make it work at least half-way decent is a huge project. I submitted my passport information at my local post office. Now, every agency that can accept passport applications has to be somehow connected to the place where the passport is made. Then how do the airports "know" the passport is authentic? More new infrastructure.
The gov't collects information.
Well, they do that already except they buy it from private enterprises. They watch the bad guys. They watch people that they view as threatening. I don't see what changes here. Furthermore, anyone that's been on
Am I missing something?
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
*Fatal* flaw *weakens* RFID passports.
*Fatal* *weakens*
Um yeah.
Not to mention the fact that it's only fatal if they decide not to proceed.
dumbass.
Were that I say, pancakes?
As a Canadian fed agent, I emphasise with our US neighbours in their attempts to improve the security on the passports. It's a challenge to make passports secure, even with the best of technology. Canadian passports are one of the most forged in the world, and the safest to use from a suspicion point of view. With over 10% of our population landed immigrants, and a huge multicultural population, we represent one of the most diverse cultures in the world.
I'm sure they could devise an XYZ technology for their password and someone would either crack, track, or spoof it.
Something is better than nothing.
Management is doing things right; leadership is doing the right things. - Peter F. Drucker
Edited for accuracy.
Don't lie to us like that.....not all of us are N00bs
As someone else pointed out, many countries make you show your passport as identification.
It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.
Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.
Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Seems to me, a contact-based smart card would be a safer, cheaper option. It would also avoid the need for the tinfoil hat.
Sometimes I doubt your committment to SparkleMotion!
Under US pressure and the general terrorism FUD the German government decided to introduce new passport documents with RFID starting from Nov 1st 2005. I got me an old one without RFID that will be valid until 2015 and every day I am more sure I did the right thing.
On se Internetz nobody noes your German.
just put a little device under our skin, when we are born, with our all identity details. That would solve all problems!
If the foil shields the passport when it's closed, would opening your passport be a breach of the DMCA? :-p
I suspect many parts of the world will never waste money on having card readers at every possible port of entry. I bet ink stamps on paper and manual logs will probably never go away, despite the U.S. best efforts to waste money to create the illusion that politicians are doing something.
Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner.
If an optical scanner needs to be used to read the encryption key, doesn't that defeat the no-contact advantage of RFID as the passport then needs to be close to the scanner. Why not just use some smart card technology and avoid the radio part altogether?
why not just use a magcard?
Apparently, lobby behind RFID is a lot more powerful,
and as far as they concerned, if their clients will
get government contract, they might as well microwave
those chips themselves, they don't care !
How many editors do you think Slashdot has? Don't be a jerk.
I have seen the future, and it is inconvenient.
WHY DO YOU CARE?
Is there ever a reason the wireless feature of RFID would be needed for passports? Wouldn't smartcards provide all the necessary forgery prevention and data storage without any need for tinfoil hats?
Why don't we use retinal and fingerprint scanners instead?
Marine Sergeant: Did I give you permission to b*tch, soldier?
Hi everyone
Just a little question : the actual terrorists of 9/11 actually get valid passport and flew legally in the USA and from the USA. Did a new passport with all kind of information and data will prevent this to happen again?
If you don't keep quiet, we're going to end up with lots of other buzzword techs in our passports.
Yes, I very much want our government officials to be terrified of the response of the electorate to their unethical, illegal, and otherwise-just-plain-bad behavior. Unfortunately, it doesn't seem to be working very well, and I seem to have mislaid the thumbscrews, stocks, and pillories. The press seem to be doing a poor job of it as well, alas.
Oh, wait, you meant "Terror" as in blowing things up. Sorry, I only do that in Counter-Strike, where nobody gets hurt.
Let me put it this way. Think of the saying "Too many cooks spoil the broth."
I've already entered a gripe about this in my journal. Yes, it's a minor quibble, but is a little consistency too much to ask?
Bruce Lane, KC7GR,
Blue Feather Technologies
It sounds like they want to store a picture and probably a fingerprint template.
A mag-stripe doesn't have enough storage to do this.
IMHO a contact smart card is a much better idea, but it seems they want to keep the same passport format. Mifare is already deployed embedded in paper tickets so that's a big bonus to them.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.
From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.
Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.
All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.
http://lkml.org/lkml/2005/8/20/95
Don't tell me that correct spelling and grammar is to follow ?!
Hence why I just got my passport and have ten years before I have to worry about getting a new one.
Yea me.
i thought once I was found, but it was only a dream.
Nah, Usama can just sneak across the US border from Mexico with a forged South American passport, get arrested by the US border patrol, get processed, and then released in the US because he is "persons other than Mexican" and then he can drive to Disney World. Then, while at Disney World, the Border patrol finally figures out that the fingerprints they obtained from the processing are Usama's. You see, persons other than Mexican are not deported immediatly due to costs. Mexicans are bussed back to Mexico, but Latin Americans are currently being released in the US with a future court date, at which time they will start the deportation process. I still don't understand how RFID in passports can make the US safer. It just seems to make US passports more difficult to forge. What happens when your RFID chip gets zapped or fails to work (passports are good for 10 years). Do they then detain you until they can confirm that you are who you say you are?
As a result, RFID passports will now include a thin radio shield in their covers...
OIOW (or in other words) passports with built in tinfoil hats.
Tat Tvam Asi
Seems to me that this new tech makes passport forgery no more difficult than before, just more expensive. But that's beside the point. Why don't they just make the whole passport readable from a distance, that would surely reduce queues when crossing borders. I'd gladly pay for a passport that I could just show to a machine instead of eyeballing with some immigration officer of country X. I don't give a sh*t about the "security" side of this, but I'd gladly see better customer service when crossing the border. Then again, I'm from Finland and generally don't give a shit about the situation that the US has gotten itself into.
Just an advanced warning: you will NOT be able to board flights using a passport that has no RFID response and thus has been tampered with.
You are assuming that there will actually be readers installed at all aircraft terminals. Is there a reason to believe that this is actually going to happen any time in the next 10-20 years?
sigs are hazardous to your health
Mod AC +5 Hilarious!
Filthy parisians. What they need is a French Rodney King. I can see it now. Rodney is munching on a bagel and sippin on some gin and juice as he stares into the camera, "can't (munch) (munch) we all just get (munch) (munch) along...ah, fuck it! Yo bitches, I got first divs on that green Renault with my AK and molotav!"
Americans, with their weekend of vacation time, don't travel abroad.
It could be just my messed up thinking, but why is the big push on securing the passports. At least in my opinion, which obviously is not what the government wants to hear, but the problem doesn't lie in the passports. We all have to prove we are allowed to be here on entry, but not when leaving. The last times I have been on a plane to go to another country, nothing is done to track anyone when leaving the country. What's to stop people from coming in, mailing their passport to another person, and doing the same. If they never know when we leave, how do they know it's really the same person entering the country all the time. I seem to believe that people entering a country have about as much attention paid to the picture on the passport as people shopping at Home Depot with a credit card and having their signatures compared.
Remember, 50% of people are below average...
Verify me.
What does a generation of homosexuals migrating to San Francisco have to do with anything?
That I should be using Plate +3 (+5 versus State Department goons, diplomats and internet cafe baristas)
We play the game with the bravery of being out of range
You are going to need a fairly large and sturdy suitcase to fit the magnetron and its PSU... a microwave oven transformer weights about 1kg, the UPS that feeds it is another ~1kg (without battery and casing) and the batteries are another ~5kg. (Though you could cut nearly 2kg by building your own 12V or 24V to 2.5kV/1kW step-up converter.)
The simplest thing would be a spark gap housed in a wave-guide... but this would be really loud when driven with the sort of energy levels necessary to generate disruptive and potentially destructive amounts of RFI.
They'll know you microwaved it from the popcorn smell on the card...
We play the game with the bravery of being out of range
http://www.googlegames.tk/
I came I coded I conquered
Although some have derided this as a tinfoil hat for passports, the fact is that it is indeed a fucking tinfoil hat!
There seems to be a "hard" limit of 300m for active transponders.
Is there a greater range product on the market, or can one be created?
If the KEY is printed and thus has to be scanned, why don't they just print the information on there too? I mean, they are already planning to require you to put it across an optical scanner, so there must be another, unspoken, reason for using RFID.
The reasoning behind using RFID Passports seems *VERY* flawed. I am suspect of any agency that is a proponent of such reasoning. I'm sure terrorists and boogyman will be mentioned several times in the explanation as to why we should have this technology.
Someone is hiding something!!
Just incorporate the data into the bar code and be done with it?
This is more secure and wouldn't bring the host of problems associated with RFID security.
Isn't that kind of like military intelligence?
We play the game with the bravery of being out of range
But no one wanted to buy a passport protector, fine foil product when I offered 2 for sale on eBay earlier this year. They obviously don't have the following that Foil Hats for pets do.
A picture of the Foil'ID Again is at the bottom of this page http://www.angelfire.com/mt/woodmtn/insight.html
Now the US government is trying to improve upon my design by integrating the foil right into the cover of the passport. And I thought government wasn't supposed to interfere in start-up businesses.
Saskboy's blog is good. 9 out of 10 dentists agree.
I think the exiting part can also be a bit worrying...
Or even the transiting.
My uncle once had the "pleasure" of being on a flight that was to transit on US soil. Something happened and the passengers had to get off the plane (it was to be just a short stop and then the plane was to take off etc).
Naturally he didn't have the visa and stuff to enter the USA, after all he wasn't intending to enter the USA, but still the US immigration people hassled him about that. This was even before the USA's 9/11.
So things could probably be worse now.
Might end up being sent to some Middle Eastern country or Cuba or even the US itself...
Give that DNA readers seem to following Moore's Law, at some future time there will be a quick DNA reader. But then the bad guys will employ the disguise Ethan Hawke used. Maybe even clones.
With the new 'tin-foil' cover it will probably burst into flames ....
How do RFID chips hold up to moisture? Being passive, I'd imagine that they don't care much, but when you intend to make it very thin, you must give up insulation and protection.
Would metal start to oxydize?
What happens if it is currently damp when it is scanned? My understanding of RFID is that you have to induce current to read it. Aren't the security alarms at the door of clothing stores using RFID?
Sure, the idea that I will be tracked is not good, but I'd be more worried that my passport would become either bulky or fragile.
Worry about privacy, but in the worst case, it shouldn't be hard to make a passport RFID jammer or the some sort of signal dampening like the metal shield.
I've had several laser treatments for retinal tears lately. Something like that would really fuck things up for me, having to change my information for each treatment...? And I'm sure they'd make it difficult, if not possible to change this information. Even when you have legitimate medical reasons to do so. Just to be the assholes they are.
People say I'm crazy, I got diamonds on the soles of my shoes...
Hey, lets be nice. They're called "Parisites".
wrong. There are still 2 important benefits:
1. Contact chips only last 4-5 years. US passports are valid for 10. The contactless chip is more durable. 2. There is no need to attempt to mandate the exact size and shape of 28 countries different passport. Very difficult, especially in the current political climate. Remember that this initiative started when the US said you have to do this to be a visa waiver country. The International Civil Aviation Organization then set the standards. So don't blame just the US for the fact that it's an RFID chip. 28 countries agreed to this because it was the path of least resistance.
Also, I don't think optical codes can store as much data as this RFID chip, but I may be wrong about that
I see your B.S. and raise you!
Stop Continental Drift! Reunite Gondwanaland!
The only way to solve this is to randomly-generate the UID on the RFID during the anti-collision process, which dramatically increases the cost of the card. Encrypting the UID is out of the question because the anti-collision process is very low-level.
To the people who are scared of identity theft: this flaw does NOT expose the information on the card, so an atacker using this will NOT get your photo,name,age,fingerprent minutia, etc. The only malicious way this could be used is to recognize a person identified before.
But the area where the anti-collision process can be eavesdropped on is at least 10m (some 30 feet), because a part of the process requires that the RFID reader broadcast the UID of the card it selects for comunication. Wrapping the passport in tin-foil will protect you from hidden readers, so your passport will not be detectable in your pocket.
To review:
Am I the only one who is beginning to think that RFID is a problem in search of a different problem. This news today proves conclusively that nothing is gained by using the chips. They open up pointless security holes and provide not one bit of protection.
What a damned waste.
"A barcode could have actual data on it."
.59 'Corn' 12Oz.
A barcode is a series of numbers the is then compared to a key in a database and returns the results.
For example:
When you go buy a can of corn, the price of the corn is not in the bar code. it is in a database.
SO the barcode gets scanned, and lets say the bar code returns a '2'.
It hen goes to the database and gets the data associated with that ID.
Select Price,Name,Weight from Inventory where Item_ID = 2
The Kruger Dunning explains most post on
The RFID encryption in the not-yet-released Dutch passport has also been broken a couple of months ago. Why don't they just put a regular, actual physical contact-requiring chip in those passports? That'd really save a lot of privacy and security headaches.
Barcodes (especially 2D barcodes) can carry information more information than a database key. For example, many drivers licenses carry a barcode which contains personal information about the driver.
But I'm sure most of the
The European passport will be worse. They will also contain biometric information, like fingerprinting. And databases about every EU citizen, including their eating habits, usual and occasional flight routes, etc., are already up and running, with random access for the US government. EU citizens do not understand this matter and I have not seen any broad coverage in the EU media.
Some people find it hard to get a useful wireless connection over a few meters, but others can run the same transmission over several km, because they understand how things work. Signal processing makes a big difference. We will see if 10m are enough distance to prevent eavesdropping. I doubt it.
Causing Kernel Panic!!!
We play the game with the bravery of being out of range
1) How much does the US e-Passport draw from the framework drawn up for machine readable travel documents from the ICAO?
The ICAO machine readable documents use a PKI-based challenge/response mechanism to coax the data out. It would not be impossible to get all the pieces required, but it would be quite a good trick.
2) Can anyone who really understand radio propagation explain the factors involved in activating a passive RFID chip from a distance? I understand the distance-squared rule. What I do not understand is what the ramifications are for field strength at the transmitter. You would seem to have to have a lot of power at the transmitter, and you'd have to keep it somewhat portable. Good luck with that.
I have one of the Washington DC Metro Smartcards used to operate their turnstiles. Since I keep it in my wallet and sit on it most of the time, the internal circuitry got a bit damaged. It now only works if I twist the card slightly while holding it over the sensor.
But this just goes on to highlight the fact that it shouldn't be too hard to simply put an off switch on RFID, so it's only activated if you, say, short an exposed terminal on the card/passport. Shouldn't be too hard to grow a mod community around a feature like this...
if you lose your overflowing apostrophs coming out of every hole... ;P
Any sufficiently advanced intelligence is indistinguishable from stupidity.
You might have noticed in the article that some countries have already starting issuing these new passports. I can confirm that because I have one right here.
Visually it looks very similar to a regular pasport, although it now has a little symbol on the bottom of the front cover denoting it as an electronic passport. The chips are stored in the centre of the passport, in what looks like about 7 pages stuck together. It has a warning printed on this page about it containing sensitive electronic components, and that you shouldn't bend, perforate or expose it to extreme temperatures or excess moisture. Further down it also says to please treat it with the same care you would any sensitive electronic device.
I can't see any evidence of a metal shield in the front and back covers, and I can't see where the number is that must be scanned optically to get the access code for the rfid chip is.
Physically it is noticeably thicker, heavier, and stiffer. The other point worth making is that it was ~10% more expensive then a regular passport.
get yourself one of those solid metal cases and carry the pass port in that.
Then when the border people want to see it you take it out of your case and presto.
After, when your at done, you put it back.
Simple.
ISO14443 doesn't actualy deal with dumb memory storage devices, but contactless smartcards.
In a CAST Forum presentation http://www.cast-forum.de/events/cast/2005/Biometri e/ earlier this year the BSI (http://www.bsi.de/ Germany National Security Agency) claimed that German passports are protected against tracing, because they generate their serial number randomly, each time they get powered on via microwaves.
The idea of using something printed in the passport to protect the access to the RF chip is called basic access control and is regarded as moderately secure by BSI (who claim that this protection is a European/German - don't remember exactly - idea). Even this basic protection is optional by ICAO standards and not implemented by many countries.
A a more advanced PKI based access control will be implemented by Germany in a second step (in 1-2 years, as far as I remember).