Fatal Flaw Weakens RFID Passports
fmwap writes "Wired news is reporting on new measures being taken to ensure RFID in US passports are not traceable. Encryption will be implemented via a key printed on the passport, which will be read by an optical scanner. The problem is the RFID serial number used for collisions will not be encrypted as is required for communication, thus still allowing tracking." We've previously reported on the decision to chip U.S. passports. From the article: "To its credit, the State Department listened to the criticism. As a result, RFID passports will now include a thin radio shield in their covers, protecting the chips when the passports are closed. Although some have derided this as a tinfoil hat for passports, the fact is the measure will prevent the documents from being snooped when closed." Update: 11/04 16:08 GMT by Z : Edited for accuracy.
So its time to Microwave your new Passport for a few seconds to cook the RFID device, right?
--We don't NEED no stinkin' sig!
Why not just make a container for the passport - like a cigarette holder - but lighter, which does not allow reading the RFID chip at all from any distance?
As someone else pointed out, many countries make you show your passport as identification.
It's time someone make a passport "book cover" that covered the inside-covers with a transparent faraday cage. Think clear plastic with thin closely-spaced wires.
Or, if that doesn't work, a "book cover" that includes a probably-battery-powered jammer that jams any attempt to read it.
Of course you'd remove your passport from this at points of entry and for other official purposes, but when a private merchant asks to see your passport as ID, he won't be able to scan it, leaving him with a business decision: rely on the visible passport, or ask you to shop elsewhere. More importantly, the hopefully-rare-but-I-don't-want-to-meet-him id-theiving-store-clerk won't be able to scan it.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
My mom used to work at the welfare office for the Cabrini Green projects in Chicago. She used to listen to some of her fellow workers sitting at screens, data mining the client's records for people who weren't at home during working hours. They were using the information to rob the empty homes during lunch hours. True story.
Technology gives bad people with power ever more ways of fucking you over. If they DON'T need the tool, don't give it to them. We didn't need RFID passports before, and we don't need them now. Misdirection is afoot. What ELSE are they adding to the passports besides RFID? Get that question answered, and you'll know how they are fucking us in brand new ways.
When a corporation or a government (in the U.S., indistiguishable now) wants a new way to track people, it's never for the citizens' good, but for their own. Acquiesence to tyranny happens a tiny bit at a time. In twenty years, a whole generation of the world's people will have grown up in a virtual prison, and won't even notice.
Under US pressure and the general terrorism FUD the German government decided to introduce new passport documents with RFID starting from Nov 1st 2005. I got me an old one without RFID that will be valid until 2015 and every day I am more sure I did the right thing.
On se Internetz nobody noes your German.
I expressed similar questions when reading the previous articles. Why not a barcode? An RFID system only has an identifier, a key ot a database. A barcode could have actual data on it.
From one of the responses to the previous articles of this sort, I understand that the system here is a bit different than regular RFID. One is that this system actually does have information in it, not just an ID. That doesn't relate to your question, but I found it very enlightening.
Another thing this system does is it is a challenge-response system. That is, it has information in it that is not emitted until you give the right information to it. Perhaps this is the information in that barcode on the password, I dunno. Anyway, a barcode is there for everyone to read, it cannot hide itself until the right key is given to it. The content could be encrypted, but once you take a picture of the barcode, you have its data, you could work on cracking it later, and the "owner" of the barcode wouldn't even know you were doing it. With this system, you can only work on extracting its secrets when you are in proximity to the chip. In addition, it is possible for the chip to monitor and know that you successfully passed its test and got its info. So you will at least know if you've been had when the "successful reads" counter (if it has one) is higher than you expected.
All in all, it seemed like a reasonable system to me. The actual presence of data (as opposed to just a key), the tinfoil cover and the requirement to read the barcode optically before you can get the data (other than ID) out all just adds up to a pretty good system to me. Definitely far better than the representations of it I had seen earlier.
http://lkml.org/lkml/2005/8/20/95