Slashdot Mirror

← Back to Stories (view on slashdot.org)

RFID Passports Raise Safety Concerns

Posted by ryuzaki0 on from the what's-this-all-aboot-ay dept.

CurtMonash writes "CNNMoney.com features a skeptical article about the US State Department's plans to soon issue RFID passports (currently being tested on State Department employees). One fear is that they can be hacked for information about you. And even if they can't, carrying around a little transmitter saying 'I'm an American! I'm an American!' isn't a fun and safe thing to do in all parts of the world." From the article: "Basically, you've given everybody a little radio-frequency doodad that silently declares 'Hey, I'm a foreigner,' says author and futurist Bruce Sterling, who lectures on the future of RFID technology. 'If nobody bothers to listen, great. If people figure out they can listen to passport IDs, there will be a lot of strange and inventive ways to exploit that for criminal purposes.'"

13 of 459 comments (clear)

  1. What's the range? by gasmonso · · Score: 2, Informative

    How far are you broadcasting in the first place? If its like 10 feet who cares? Now in good practice, whenever I travel I leave my passport in the safe at the hotel. Not really a good idea to walk around with it ;)

    http://religiousfreaks.com/
  2. Re:Save tinfoil hat for passport by alanxyzzy · · Score: 4, Informative
    Bruce Schneier thinks that it will be OK

    ...

    The new design also includes a thin radio shield in the cover, protecting the chip when the passport is closed. More good security.

    Assuming that the RFID passport works as advertised (a big "if," I grant you), then I am no longer opposed to the idea.

    ...

  3. Re:Confused? by Mayhem178 · · Score: 4, Informative

    As I understand it, RFID cards don't do anything until they're exposed to an electromagnetic field, which gives them just enough juice to fire off a message, usually an identity code. Unless I've been completely misinformed, you'd have to generate quite the field to even have a chance of reading one of these things at a distance. I know that my RFID card doesn't work until it's within a coupla inches of the appropriate reader.

    The whole "it's broadcasting all of your personal information!!!!" hype is a bunch of FUD. The only way it could really be a security risk is if the card itself was stolen, and then it's really no different than having your S.S. card or driver's license stolen.

    --

    "You will pay for your lack of vision..." - Emperor Palpatine to Ray Charles

  4. Re:yeah by Goth+Biker+Babe · · Score: 2, Informative

    No it doesn't. Passports issued to Brits in the last few weeks have RFID chips. The excuse being given is that the US demanded it!

  5. Enterprising RFID Entrepeneur by dbc001 · · Score: 2, Informative

    My guess is that some enterprising RFID Entrepeneur got into the Old Boys Network and landed some massive contract. Here in Missouri we have s imilar situation - Within just a few months of the state mandating increased ethanol in all gasoline, the governor's brother was found to have invested a substantial amount of money in ethanol (Matt Blunt is governor if your curious, see here for info on the ethanol scandal). Their orwellian response was simply to state that "there is no conflict of interest here."

    It would be nice to know who got the contract, what city they live in and what relationships they have with government.

  6. Re:What happens if the RFID doesnt work by jcupitt65 · · Score: 3, Informative
    The UK's ID card regulations include a £1,000 fine if you know your card to be defective but do not report it :-(

    You will be required to attend an enrolment centre with some form of identifying material - bank statements, credit cards, driving licence or birth certificate, who knows what. Then you will be fingerprinted, photographed and the iris in your eye will be measured. You will give the authorities 49 pieces of information about yourself. If you don't, you may be fined up to £2,500. Additional fines of up to £2,500 may be levied every time you fail to comply.

    If you fail to inform the police or Home Office when you lose your card, or if it becomes defective, you face a fine of up to £1,000. If you find someone else's card and do not immediately hand it in, you may have committed a criminal offence punishable by imprisonment for up to two years, or a fine, or both. And you will be fined £1,000 if you fail to inform the NIR of any change of address. You will also be expected to tell the authorities your previous addresses. Truly the government will be able to say with all the menace of the underworld enforcer: "We know where you live."

    If you don't inform the register of significant changes to your personal life, or any errors they have made, you will face a fine of up to £1,000. Astonishingly, you may also face a fine if you fail to submit to being reinterviewed, rephotographed, refingerprinted and rescanned.

    http://www.guardian.co.uk/g2/story/0,,1817436,00.h tml
  7. Re:yeah by xtracto · · Score: 2, Informative

    Oh and by the way, the city of campeche has a history of fighting against Pirates. I just tought this comment would go with current poll (and who does not likes pirates :))

    Oh, and nobody is paying me for posting all this, haha.

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  8. Not really a security concern. by MCraigW · · Score: 2, Informative
    Austrailia, New Zealand and Singapore already have RFID passports. The information that can be obtained from the chip is encrypted, and will only be readable using the public-key which is encoded in a machine readable format inside the passport http://www.dfat.gov.au/dept/passports/. Doesn't seem like there is a security vulnerability.

    People fear what they don't understand.

  9. Re:Confused? by Anonymous Coward · · Score: 2, Informative

    The distance is more like 69 feet.

    See http://yro.slashdot.org/comments.pl?sid=191202&cid =15719109

  10. Re:I don't think it would be that much of a proble by RedShoeRider · · Score: 2, Informative
    Yes, they do.

    And from lots of experience, you have to be *right* on top of it for the reader to scan the tag. Usually they're either between the shoulders or by one of the hips. But if it's injected incorrectly or migrates, you literally have to rub the wand over the animal like you're combing it to find the damn thing. Take a beagle, for instance. If the chip is on its hip and you're scanning its ribs (all of 6" away), it won't pick it up.

    So while we can argue the need of having RFID tags in passports in the first place, picking them up at a distance? Not going to happen without enough wattage to cook a chicken.

    --

    Chris Knight is my hero.

  11. Re:yeah by afidel · · Score: 5, Informative

    According to Schneier the State Department already plans (and has since sometime last year) to include a RF shield so the chip can only be read while the passport is open and they are encrypting the data on the RFID.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  12. Re:The most workable solution? by Ian+Peon · · Score: 2, Informative
    That's exactly what they're doing.

    http://www.schneier.com/blog/archives/2005/08/rfid _passport_s_1.html


    The new design also includes a thin radio shield in the cover, protecting the chip when the passport is closed.
    --
    Never never never smoke crack before geometry class!
  13. Re:endangering civilians by MCraigW · · Score: 4, Informative
    Using RFID for passports is not only stupid but completely irresponsible. It would put anyone in danger, especially traveling abroad. It doesn't take alot of brains to imagine the worst how this can be exploited by terrorists and rogue forces. Hopefully our government will recognize and stop this crazy proposal in time.

    As I stated in an earlier post, Austrailia, New Zealand and Singapore already have RFID passports. The information that can be obtained from the chip is encrypted, and will only be readable using the public-key which is encoded in a machine readable format inside the passport http://www.dfat.gov.au/dept/passports/. The plan in the U.S. is the to do the same thing, as well as putting a metal lining in the cover of the passport so that the RFID cannot be read when the passport is closed. See http://www.aimglobal.org/members/news/anmviewer.as p?a=394&print=no