Slashdot Mirror
E-Passport In the Works
ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports — about 13 million will be issued in 2006 — will contain such chips.'"
Passports are valid for 10 years upon issue, IIRC. Are you telling me that secure passport tech will slowly be phased in over 10 years? Because we all know how often Americans travel overseas.
If anything, this will raise the value of existing non-RFID passports, since they are more easily modified to indentify someone else.
Computers are useless. They can only give you answers.
-- Pablo Picasso
A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?
Came back through SFO from Edinburgh yesterday and saw signs for a couple of dedicated test lanes for this (they were closed, but they were all set). I was wondering what the heck it was about.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
So this means my passport that was processed Aug. 9th doesn't have an RFID chip?
A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.
Why do we always have to get everything from the Germans? (beer & cars for example) Why can't the government contract this out to good ol' American workers? Especially since it deals with National Security?
When they say "encrypted," do they actually mean digitally signed? Being able to provide a digitally signed (by a government key) passport photo in a machine-readable form would be good for security.
But simply encrypting the message with a symmetric key (as seems indicated by the blurb) would be bad for security, because many people would have the key, and so it would provide a false sense of security.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
there will be a way to get one of those traditional passports. It's been demonstrated that these new RFID things are able to be hacked and cloned, and since our government seems to be about as keen on security as micro$oft, I'd really like to avoid getting one of these things.
"Mr.... let's see 5AVE On Va1iumViagraCialis? Yes, everything checks out. Welcome to America!"
Where were you when the voynix came?
I ask because I thought there was already a story in the news how at defcon they hacked a passport ID system. This article tells about it. I mean if yu want something secure, your going to have to do betther than a chip. And in order for it to be really effective, everyone must replace their drivers license with the new passport. Otherwise you will give hackers 10 years to make a really effective fake.
One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak:
1) All computer security systems have been defeated.
2) This is kinda like one of them thar computer security systems that has been defeated.
3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American.
If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.
"Because we all know how often Americans travel overseas."
Hey, I went to New Mexico twice in the last 6 years. That's fairly often, I think.
Where were you when the voynix came?
We all know that paper is so easy to modify, so we need to go to chips. Chips are more secure, while harder to duplicate. Like game chips, which don't get coppied freely like paper products such as books. Books can also be "emulated" in pdf or e-text formats. Chips can't be emulated or falsely burned with someone elses data!
And if we're already on the subject of the government, why are they spending all this money to make sure passports can't be faked, greencards can't be faked, etc., if there is absolutely positively nothing being done to stop the flood of immigrants, criminals, drugs, and terrorists that are crossing our totally unprotected borders into this country every day? Every time this issue comes up, idiots say it's racism. Sorry, it's not racism to stop people and things that shouldn't be here illegally from coming here illegally.
I do not like the idea of being so easily IDed or miss-IDed. I expect that the gov. will soon require all of us to have a passport or one of the new greeen cards.
I just renewed my passport last month, despite having a little over 3 years left before it would have expired. Now I'm damn glad I did...in ten years time, when I have no choice but to renew again, at least I won't be getting Version 1.0 of the US Government's Made-to-be-cracked ePassport.
The Future of Human Evolution: Autonomy
So now the bomb makers can design bombs to explode when a certain number of american passports are within range.
They don't need to correctly talk to the passports only determine that they are american passports.
What with the UK government wanting to force an ID card on us - seems applicable to Passports/Driving Licenses too.
Take a standard Credit Card sized plastic card.
Put a chip on it like credit cards use - not an RFID tag, just a simple chip that can store ONE piece of info.
That piece of data will be unique to that person, and is their ID in the system.
On the card we print a photograph, their name and date of birth.
When the card is presented at an appropriate terminal, a database lookup is done for the ID. The card reader then displays a "virtual" version of the card.
Visual inspection will allow the person doing the Identity Check to confirm the persons ID.
ID cards to be updated every 5 years, replacements for lost/stolen/damaged to be charged at cost, and be available within 2 working days, with designated places (like police stations) being able to print out temporary ID papers until replacement card arrives.
As long as downloads to terminals are encrypted, and the credentials of the operatives inputting data onto the system are checked, we have a secure system with no privacy concerns that SHOULD be cheap to implement.
Other systems, Passport Control etc could be tied to the database with your ID reference number becoming your Passport number - Give each person a pin number (or if you really insist use biometric information) and you have a bank/credit card that should also help prevent fraud.
Anyone see any holes in my plan?
Guess I will need to get me one of these sooner than expected
Anail Nathrock Uthvass Bethudd Dochiel Dienve
that's who's making the chips [Infineon]. . read it yesterday. . .they claim 50 separate security features will protect the passport holders. Wish my passport wasn't 4 years old already so I could delay getting one of these electronic ones longer than 2012.
...the future crusty old bastards are already drinking the Kool-Aid.
So they need to have a system where they swipe the document, and if the light's green, the person's clean.
It'll work just like credit cards, you get an auth from the machine, the operator doesn't bother checking signatures.
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
And, as I have no intention or interest in visiting the US, I gave it 30 seconds in the microwave. Problem solved. They've been issuing these things over here since the end of July - I missed the deadline for a "real" passport by 5 days. Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me. They can't store a 40K jpeg in an RFID tag, at most it could be a (small) hash, but that would be useless as obviously another image of my face will have a completely different hash. Anyone got any idea what the UKPO means by asserting this thing's "biometric"? My guess is that they're just breaking people into the idea gradually, so as not to alarm us too much...
Everything I needed to know about life, I learnt from Blake's Seven
1) phase in new tech you know isn't bug-free
2) wait for major security hole to be found
3) come up with a fix
4) ???
5) PROFIT!!!
Step 4 is to make people who want the fix to pay for a replacement passport.
The e-voting-machine vendors are taking the same approach. Ditto many other technology vendors.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is why I got my passport renewed two months ago, even though I still had 3 years left on it. Now I have almost ten more years of peace and quiet before I need to worry about any of this RFID stupidity.
It's an arms race against those that would forge a US Passport; they are using technology to make the Passport better. We know they are being faked right now under the current technology, so now they have added this chip with a digital picture of you to make it harder for them to duplicate.
Will it eventually be hacked/copied? Yes. Does that mean we throw up our hands in the air and stop trying? Taking a defeatist attitude gets us nowhere. When this one gets hacked, we'll add more forgery deterrents. Take at look at the US currency; its the same thing.
It is just one more tool we can use to keep pace/ahead with those that want to forge them.
This also seems to be a good next step to controlling & closing the US borders, a-la the Soviet Union. Just try to escape the U(S)SA* with one of these!
The RFID passtports have to be opened to be read due to protective foil covers. However, here's still alleged advantages of chip compared to a magnetic stripe. Foil covers wont prevent a hotel or bank from reading the chip.
I recall the date is Dec. 31, 2006, though there might be exceptions for a few miles across the border.
Forget about the so-called security. It's "secure" to the vast majority of voters.
The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.
This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.
FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
A RFID chip has got an enormous advantage in comparison to magnetic stripe : no meccanical part for the reading.
But if you had comparied to a bar-code tag (2D or 1D) then you would have been right : this bring nothing.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
You can renew your passport without replacing it. It's cheaper than getting a new one too!
You can throw your new one in a microwave just in case :D
I wonder if the passport is valid if for some (terribly unfortunate and completely accidental) reason, the RFIP chip was to be inactivated? If so, the obvious answer to this being forced upon us, if you're worried about this sort of thing, it to just zap your passport with an electromagnetic field.
As featured a couple of weeks ago in this article on Wired, these RFID chips have already been hacked. From TFA:
I just sent in for renewal... so my guess is that it'll have picture, name, social security number, birthdate. I'll see if I can pull the info from the passport through my Bluetooth phone. some dude is going to walk up to me in an airport and just say 'thanks' & i'll find my bank accounts emptied, now that's security.
This was my first thought when I read this. Since the Government sure doesn't seem to be listening to me and I won't have a choice when I get my passport, I want to minimize the potential damage. So my first thought was "how do I block the RFID signals from getting to the device". Finally some useful information and not just banter about how it sucks!
An E-Ticket is a virtual ticket that I don't have physically with me when I go to the airport. You can guess what my first guess for an E-Passport was.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Genuine Passport Advantage
actually I am happy to see you, however that is in fact a banana in my pocket.
These things have already been cloned.
A passport has to last 10 years. It's say it's a fairly safe bet that the encryption used will be cracked wide open in far less time than that.
So I went to the shop yesterday to buy a couple of PSP games. So I pull out my plastic debit card to pay with it. They have these numeric pads with a slot for the card and a small LCD display around here in a lot of shops. (The super-markets and such just ask you for a signature, but almost everyone else has a PIN pad.)
"Oh," says the clerk, "the connection's been down the whole afternoon."
It's not even the first time something like that happens. It's not often, but it does happen.
So for purchasing games or groceries, ok, I can just pull some banknotes out of the wallet. But it kinda scares me that I'd have to depend on something like that at an airport.
A polar bear is a cartesian bear after a coordinate transform.
Why the hell was this modded "Funny"?
Programmer: an ingenious device that converts caffeine into code.
In light of terrorism, illegal immegration, identity theft and white collar crime, we will need not only passports with chips, but national IDs with smart chips too.
Not just your appearance, but your fingerprints, iris pattern, voice patterns and probably eventually unique DNA markers will be necessary. And a good long PIN or passphrase.
Those predicted bar codes on the forehead and arm look pretty likely, too.
"I'm sorry officer, my USB port is down. Could you use my saliva?"
Help end the use of Sigs. Tomorrow
There may be legit concerns about the tags being used to track people, which is precisely why the new passports are mini Faraday cages to prevent reading the tags when the passport is closed. And if someone sniffs your ID when it is opened at customs, big deal. The RFID is just secondary confirmation. It still has to be paired with a valid passport with the MATCHING photo from the database that the RFID point to. A random person will not be able to make use of it. And if you're worried about someone snagging the ID of a similar looking person, how is that any different than non-RFID passports, when they can just create one from paper with your identification and their picture?
A healthy dose of paranoia can be helpful, but you have to critically consider the use of the data. The RFID does not replace the passport's primary identification, only augment it.
Viisage Technology, Inc. (VSIG) headquarted in Billerica, MA won the bid to be the sole provider of the US passport RFID chips, in case anyone was interested.
n dex.jsp?ndmViewId=news_view&newsId=20060803005845& newsLang=en
"We are pleased with our second quarter results especially with respect to our bookings, which totaled $50 million during the quarter. Our healthy bookings rate reflects robust growth in our sole source US passport program and increases in our drivers' license business," said Robert V. LaPenta, Chairman of the Board of Viisage
http://home.businesswire.com/portal/site/google/i
That fact doesn't appear to have done much for their stock price so far though:
http://www.google.com/finance?q=VISG
Well, according to the TFA: The chips carry an encrypted digital photograph of the passport holder..
Remember everyone, just by going out in public you are letting the world know what you look like! Time to start investing in brown paper bags
You seem to be missing the whole point here. According to logic, it doesn't really matter what contents are being stored on this chip. It could be an encrypted random number for all anyone cares, since (as the GP correctly noted) the very existence of any such embedded data is sufficient to remotely flag the holder of the passport as an American. I can only hope it's unnecessary to point out the many reasons why this is so undesirable.
So, I wonder if you will be denied entry to the U.S. if the RFID chip in your passport does not scan, or if your passport is visibly damaged after it gets nuked in the microwave to destroy the RFID chip.
Read the post above yours. The covers of the passport act like a Faraday cage. I'd still like to see tests of whether you can saturate the passport with enough RF to actuate the chip using a small parabolic antenna (and disregarding normal safety standards), but it does seem like they've considered this possibility. That's a small good sign.
More importantly though, if they can pick your pocket, they can just steal your passport and then do anything with it that they want, so I think that's really not a great criticism. This technology doesn't really close that most traditional avenue of attacks.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
In Germany we have RFID passports since last year. This despite much criticism (the old passports were considered one of the most secure documents ever). The new passport costs 59 euros, the old one was just 26 euros, so I got myself an old one just before the deadline.
:)
In my opinion, the e-passport was largely introduced to secretly subsidize the biometrics sector: The interior minister responsible for the e-passport, Otto Schily, joined two biometrics companies this month
Source (german only, sorry): http://www.silicon.de/enid/cio/21505
Nothing a swift pound with a rubber mallet & a microwave sauna won't cure.
You are checking your backups, aren't you?
The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.
Ah, but what if the 'Thief' doesn't want to so much steal your identity, as pick an American tourist out of a crowd of hundreds of other tourists? This isn't giving you a secure digital picture. It's painting a huge bulls-eye on your forehead...
HA! I just wasted some of your bandwidth with a frivolous sig!
It costs a lot of money to travel. Even if you had unlimited vacation, it costs a lot of money to travel. We can't just drive or take a train or bus to other countries - we usually have to fly, and usually a long ways, too, unless you want to go to Canada (yawn) or Mexico (third world).
I've been overseas on vacation now 3 or 4 times. But cost has always been the deciding factor, not time off.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
13 million passport for a population of 300 Americans.. Do Americans travel that seldom to another country???
;-) I think most countries in Europe have much higher percentages of passports per citizen..
I live in the Netherlands, almost everyone has a passport there. Heck, we might even have 13 million passports
I guess I will get modded down for my title.
You solved the education crisis in America! All we have to do is work for a college or university and we will all get free education! Amazing!
Next we need to work on health insurance for everyone by having everyone elected to Congress. I hear they have really great benefits!
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
While a Customs officer's inspection can be very quick, there's much more to it than simply waiting for a light to turn green. They still talk to the passengers, they DO examine their documents, and even if the light is green, they can deport you. They are trained to watch how people act and react much like cops are. In fact, some are former cops. Obviously, they're not knights in shining armor, and some are better than others. Some are worse. But they are not like the kid working a register at the gas station.
I have a military ID that has a chip on it that has nothing to do with RFID. The US Government gave me this card, yet they can't figure out how to put something secure like this on passports? The card has a chip on it, that is read when you slide the card into a reader. There is no passive proximity reading on this. It contains a fair amount of data, and it doubles as a 2nd factor authentication for government computers too. I have to put my card into them, type in a password, and then I can use the system. Pulling my card out automatically locks the system, or logs me out. The card has my index fingerprints on it somewhere, or can reference them from a remote database as well. Some stations require me to put my fingertip on a reader, with the card in it, and then type in a password. It is the size of a drivers license, and quite easy to carry. Why can't we make passports like this? You get the right type of card, and it is VERY flexible.
Wow. Now I feel like I need to change jobs. I've been at the same one for almost nine years and still have the same 15 days vacation I did when I started. And if I used it all at once, I'd probably be laid off.
Six score characters.
Brevity being wit's soul
I have enough space.
Having the 1337est, unhackable, unduplicable passports with 256 bit encryption, does NOTHING, if people can still just walk across the Mexican border with impunity.
Why not just implant the chips in the victim . . . I mean citizen, yeah, citizen. Once we all have mandatory identity chips implanted, HoSecPo (Homeland Security Police) will have no problem completely controlling our lives - err, I mean keeping us safe from (nonexistant fantasy) terrorists.
there aren't any competent workers that can be hired. All we can hire are unmotivated drones that are putting in their nine-to-five shift. Any technology that can be utilized to either replace, motivate or assist these drones will make things better.
Real pity that we can't seem to hire anyone who is actually competent.
First, no I haven't read the article, but I've been following these passport chips for a while now. First, the chips are encrypted and locked. That solves a lot of problems right there. Second and most importantly, they are somehow "covered" and un-scanable while the passport is physically closed. The passport needs to be open in order for the chip to be scanned. This alleviates the problem of "walkby" scannings and people taking advantage of American tourists. I think they have thought this through more than people think, and I doubt if there is as big a need to be worried about them as many people would want you to believe. 2cents, --Jon
"Janelle Hironimus said existing passports will remain valid until they expire"
:S
similar to "this doesn't end until it ends"
"existing passports will remain valid until they expire" - that is up to ten years, until 2016. So forgers can forge old-style ones until 2016. If the goal is to make passports more secure (and I'm not saying I'm in favor of rfid passports), it seems kind of strange to wait so long to mandate their use.
No offense meant, mate - it's just that going to Canada is like staying home - it looks the same. I went to Toronto a few years ago. Might as well have been in Boston.
Steve
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
Seriously? You think this is new? Australia's been doing this for years! You americans think you're so brilliant, but you're nearly a decade behind us in many areas and 5 in others. Get with the times!
I think I'll wait for the iPassport instead. According to the latest rumors, it will be extremely easy to read, very stylish, and available in two colors: white and black. And there will be a U2 special edition which will offer you combined American & Irish citizenship.
>Well, we 'take' 2 weeks (or 1 week, or whatever) a year.
I earn 22 vacation days a year plus 12 holidays.
>our cultural habits come down to preferring about 2 weeks per year.
I much prefer what I have to "2 weeks per year." Two weeks per year sucks. I know this, because I've had that kind of job. Six weeks would be better. It's like the old saying about having been both rich and poor. Rich is better. I have a strong work ethic, and I love my job, but I also have a life outside of it.
Some mornings it's hardly worth chewing through the restraints to get out of bed.
Australia, which is a state of the USA, has been issuing these things for a while. I got to try mine out in the automated machine yesterday. The system totally, absolutely failed to work. Even after multiple attempts. Even after being "assisted" by the full time person who attends the "automated" machine. So as far as I can see, these RFID passports have exactly one purpose... they give the government an excuse to charge more for a passport. Based on this criteron, the program has been an overwhelming success.
Oh for a mod point. That was funny.
"No fear. No envy. No meanness." Liam Clancy
Actually, the next phase of this project is planned to remove the whole issue of documents altogether.
Instead everyone will have a crystal embeded into their palm. When the crystal turns red...
Given that the technology used in the new electronic passports has already been broken, why the $&#* is deployment continuing? Corruption or stupidity, it's a criminal waste of tax money and dangerous to our security.
Some of the new Australian passports have this already... It's in the form of a very thick page in the centre of the passport with a chip inside.
I was travelling with a friend of mine who has one of the above passports. This passport kind of freaked out the immigration officials in Cuba. So there I was standing with his bags on the other side of customs for about 30 mins wondering what the were doing to him... Eventually he convinced them that it was a real passport and they let him through.
Add some unfunny and some insightful. Which clown was moderating today?
I'll be your candy shop of infinite deliciousity if you'll be my discotheque of endless rump-shaking.
"But they are not like the kid working a register at the gas station."
They will be!
Technology -- No Place For Wimps! Grateful Dead and Jerry Garcia Chatroom -- http://www.wemissjerry.org
yet.
New things coming soon to your New World Order.
Patriot Act IV.
The War on Terror - State Boarder ID checks required, no illegal ground traffic permitted.
Resistance is not only futile, it will be a felony.
I get 10 weeks a year leave, plus 10 public holidays. Work 36 hours a week. Anythink over that, and they pay me extra. Yep, life is sweet! ;-)
You think the locals carry passports with them? Any non-static response on the correct radio frequency will suffice, no need to identify the country of origin. So the response is very likely to originate from just a big chubby busload of tourists -- American, Canadian, Japanese, British, Scottish, Swedish, Finnish, German, Spanish, French ... awww, let Allah sort them to hell if need to ...