Fatal Flaw Weakens RFID Passports

fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.

Re:TFA is inconsistent

[starrift]

The RFIDs in the passports are passive. They were to be active but that was canceled. I think you may be "misrepresenting articles."

Re:Why contactless?

[Conare]

Excellent Question!

US Passports have a validity of 10 years. Modern contact chips in smart cards have an estimated life of 4-5 years. So you would theoretically have to get at least twice as many passports. Also, you can't really just replace passports with smart cards because not every country in the world will be able to read those smartcards at the get go. (Think Chad or other 3rd world countries) so you have to continue to use a typical human readable passport. This program is designed for the 27 or so VISA-waiver countries. There was no way that anyone was going to successfully mandate a single physical form factor for the passports of 28 different sovereign nations, but they were able to (finally) reach an agreement on an embedded chip, interface and some minimal and optional contents. These were the driving reason for contactless, and it is unfortunate that the US State Dept. did not consider privacy from the get go. But thanks to a public outcry, now they have.

Someone else asked what was wrong with the current passports. In a word, the answer is forgery. The new passports include a digital signature across the entire contents of the passport including the photo. So if I as a bad guy, take your passport and try to replace your photo with mine, either the photo on the chip won't match, or if you somehow figure out how to replace the photo on a chip that has had its write mode disabled permanantly, the digital signature will not verify. So with the new passports, the only way to get an undetectable forgery is to get the real thing through the passport office, probably not impossible (think bribes and extortion of issuance officers), but now we have an honest shot at detecting it, and if one does turn up, you might be able to go back and figure out who issued it. This has an additional side benefit in that it makes stealing chip equipped passports worthless. This should help increase the security of travellers who are sometimes attacked or robbed solely for their passport.

Im my opinion, now that steps have been taken to reduce the possibilities of skimming, the benefits of the new passports outweigh the negatives. Schnier's alarmism about the serial numbers is just that. If someone really wants to track people so badly that they will start building databases of those serial numbers and correlating them with information that they have obtained through some justified mechanism, just so that they can track you when you happen to have your passport open anyway, then they are going to track you, and there is not much you can do about it anywyay. This is roughly the same risk as having a hidden camera near a point where you open your passport (or someone opens it for you). It's just to far to go for the limited benefit. The new protections have tipped the balance in favor of the new ePassport, and while Schnier does point out a flaw that is unfortunate, it is certainly repairable in the future, and not "fatal". If the US starts issuing passports without the flaw in the next few years (before all the passports with no chip at all expire) no one will bother trying to attack passport security in this fashion. It just isn't worth it.