E-Passport In the Works

ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports — about 13 million will be issued in 2006 — will contain such chips.'"

10 years

[lawpoop]

Passports are valid for 10 years upon issue, IIRC. Are you telling me that secure passport tech will slowly be phased in over 10 years? Because we all know how often Americans travel overseas.

If anything, this will raise the value of existing non-RFID passports, since they are more easily modified to indentify someone else.

Re:10 years

[plague3106]

At what price are we paying though? These will be faked in time as well, and probably not that much time.

Also, it ignores the fact that all the Sept 11 terrorists had valid passports / drivers licenses. How exactly does this help us again?

WHY?

[rkhalloran]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

Re:WHY?

[gEvil+(beta)]

It's all about appearances. Nothing more, nothing less. If the general population thinks that high-tech passports are more secure, then high-tech passports are what they general population will get.

Re:WHY?

[Red+Flayer]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

The same reason we can't take bottled water on an airplane -- pandering to gullible voters.

Re:WHY?

[eno2001]

Because... some stupid fucking PHB somewhere heard that RFID is the "next big thing (TM)" and just had to have it before those damn Canadians do. I honestly think that's all it comes down to. Someone thinks RFID sounds cooler than 70s mag stripe technology. If you ask me it's fucking stupid. Of course what do I know, I hate the direction the United states has taken the past six years. I'm fucking trapped here though because I can't just afford to pick up and leave. Have to make the best of in these hard times.

Re:WHY?

[muellerr1]

Either that, or some chip manufacturer is in bed with the government.

Re:WHY?

[Threni]

> adds nothing a mag-stripe couldn't,

If it's done properly it would be harder to produce. Anyone can write to a mag-stripe, but the Chip and Pin system in the UK, for instance, is more secure.

Re:WHY?

[supabeast!]

"What's the point?"

It has TECHNOLOGY! The technology will solve all out problems! Next we can add encryption to the technology so that it will be even more technological! And because Americans can't even wrap their heads around evolution, there's no way this nation of idiots will figure out what a load of BS this is and demand that politicians stop wasting resources on pork like this and actually get something done!

Re:WHY?

[amliebsch]

If the chip only carries an encrypted photo of myself, then thieves can't steal any information that they couldn't get by looking in my general direction. But it does make the passport much more difficult to forge, and more difficult to use fraudulently. That seems pretty reasonable to me.

Re:WHY?

[Lord+Ender]

The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

Re:WHY?

[Andrewkov]

This technology will just encourage unlawful face transplanting. Haven't you seen that John Travolta movie?

Re:WHY?

[dhasenan]

2d barcodes can't hold that much data; or rather, their data density sucks. You've got an analog portrait and you're trying to convert that to a binary 2d barcode in perhaps four times the area, with pixels that measure millimeters across.

If the power goes down, they won't authenticate passports. Perhaps at the Mexican border, they'll stop anyone who looks Hispanic until the power returns. Perhaps at LAX, they'll stop anyone who speaks with a non-American accent (those who have American accents have either prepared enough that the passport will clear, or have been in this country for some significant length of time and probably gotten a valid passport). And perhaps they'll have a standard battery backup.

Most of the time, your passport isn't carefully scanned. The chip will be used merely as another means of authentication, not as mass surveillance; that would take too much time.

Already customs lines at SFO for this

[Skyshadow]

Came back through SFO from Edinburgh yesterday and saw signs for a couple of dedicated test lanes for this (they were closed, but they were all set). I was wondering what the heck it was about.

American Made

[neonprimetime]

A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

Why do we always have to get everything from the Germans? (beer & cars for example) Why can't the government contract this out to good ol' American workers? Especially since it deals with National Security?

encrypted?

[Lord+Ender]

When they say "encrypted," do they actually mean digitally signed? Being able to provide a digitally signed (by a government key) passport photo in a machine-readable form would be good for security.

But simply encrypting the message with a symmetric key (as seems indicated by the blurb) would be bad for security, because many people would have the key, and so it would provide a false sense of security.

Scene at the customs office

[krell]

"Mr.... let's see 5AVE On Va1iumViagraCialis? Yes, everything checks out. Welcome to America!"

I blame it on the lack of logic today

[MikeRT]

One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak:

1) All computer security systems have been defeated.
2) This is kinda like one of them thar computer security systems that has been defeated.
3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American.

If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

Re:I blame it on the lack of logic today

[pilgrim23]

Entebe Incident; The Hijackers went around the plane asking for Israeli Passports. Now it is so much easier. Welcome to the new world of "Wand and Shoot".

Re:I blame it on the lack of logic today

[kevin_conaway]

One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak: 1) All computer security systems have been defeated. 2) This is kinda like one of them thar computer security systems that has been defeated. 3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can. 4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American. If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

Well, according to the TFA: The chips carry an encrypted digital photograph of the passport holder..

Remember everyone, just by going out in public you are letting the world know what you look like! Time to start investing in brown paper bags

Re:I blame it on the lack of logic today

[HarmlessScenery]

1) All computer security systems have been defeated.
2) This is kinda like one of them thar computer security systems that has been defeated.
3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American. If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

This seriously got mod'ed up?

Come on, are there 'a lot' of terrorists out there searching desperately for US citizens to off? Randomly wandering around tourist areas - just in case? Really?

Admittedly there's possibly a few thousand dotted around the world - but unless you actually go looking for trouble by visiting that quaint looking camp site in the Afghan mountains, your chances of ever meeting one are probably lower than your odds of winning the lottery.

You're *much* more likely to get off'ed by any local criminals looking for tourists in general (on the grounds that they are easy pickings as they don't know the area and tend to carry more hi-tech items such as cameras etc). Being American won't make much difference to them.

... and what makes you think that an RFID on your passport is going to make you more noticeably American to the locals than say, your accent every time you open your mouth? Or what about the fact that your passport is *always* going to be readily identifiable as a US passport, RFID or not? If the problem is so bad, maybe Americans should be supplied with passports disguised as 'insert country of choice', and all given elocution lessons before they leave the US?

Americans traveling to other countries.

[krell]

"Because we all know how often Americans travel overseas."

Hey, I went to New Mexico twice in the last 6 years. That's fairly often, I think.

Re:Americans traveling to other countries.

[clickclickdrone]

I used to find the low number of Americans with passports rather scary and insular until someone pointed out you only get 2 weeks vacation a year. With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.
Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday :-)

Re:Americans traveling to other countries.

[morgan_greywolf]

I, for one, welcome our new McDonald's-cramming, identity-stealing, drive-by-shooting North American overlo......

oh, never mind.

Re:Americans traveling to other countries.

uh, what? I literally get two weeks of vacation a year. Anything more than that is "leave without pay". If I tried to take my two weeks of vacation all at the same time and also take two weeks of leave without pay my supervisor would deny it and probably have me fired. I don't know anyone who can "arrange their vacation time vs. work time quite easily" - everyone has to get it approved by a supervisor and rarely takes more than a few days at a time.
If I lived in the EU I would get 4 to 6 weeks of paid vacation and it's not frowned upon to take the entire 4 to 6 at once which makes it even better. Pay in the EU isn't that different than in the US and quality of life is higher. Sounds like a pretty good deal to me.

Re:Americans traveling to other countries.

[Maximilio]

Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

"Prefer?" I prefer quite a bit more time off. I would imagine most people do. The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground and causes them to change jobs on an average of every two or three years and careers on an average of every 10 or 15 years. You ask, stupidly, who pays for Europeans' 6 weeks holiday -- obviously as a cultural norm the employer shells it out. It's a quality of life issue.

But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle. I think, given 6 weeks of guilt-free holiday, most Americans would take it gladly.

Re:Americans traveling to other countries.

[Rosonowski]

I don't think there's anything about a minimum of vacation time, at least not for hourly wage earners. I don't get ANY vacation time, so any time I want to take off, I have to figure out how to make up the money.

Re:Americans traveling to other countries.

[badasscat]

Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

Are you kidding me? "As a nation", we take what we can get. And all we can get is 2 weeks per year or less.

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

Wow, who pays for that?

If the entire society accepts that this is normal, then no one pays for it.

Let's face it - the world works the way it does because we accept that the world works that way. If it worked differently, we'd accept that too. I mean, who's "paying" for the fact that you're sleeping 8 hours a day rather than working? You, and the rest of American society (at least to this point) has drawn the line at having at least enough time off every day to sleep. Nobody "pays" for that; that's just the way society has chosen to work. Could companies make more money if all of their employees worked 24 hours a day, 7 days a week? Sure. But you don't "pay" for something that never existed in the first place. That downtime is just downtime, not a debt that needs to be paid.

We Americans are overworked. We work more hours, on average, than any other nation in the world (yes, including places like Japan, which lets its employees have an average of 25 non-weekend days off per year). But it's not by and large because we want to, it's because we're demanded to and because employers have decided for us that this is the cultural norm. Someday, maybe we'll get in step with the rest of the world and realize that there are more important things in life than work.

Re:Americans traveling to other countries.

Yes, individually you probably would like 52 weeks of paid time off, as a society though, Americans aren't fond of vacations. As an ex-pat living in Italy, it still irritates me to no ends that around august, nothing is open. Its also irritates me that people take so much time off. For example, one day out of the week my favorite restaurant is closed (on Tuesdays). No, of course its a small thing, but if you come here don't be expecting to be able to get breakfast tacos at 3AM here. (mmmm...midnight tacos...how I miss Austin sometimes...)

As a society, I think we would shit bricks if everything closed for a month in August. Going to the supermarket on Christmas Evening is really convenient.

Yes I'm aware of the human costs, but like heroin, we Americans are addicted to the always-on style of life...

Re:Americans traveling to other countries.

[Mr.+Underbridge]

So emigrate.

Re:Americans traveling to other countries.

[CagedBear]

With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.

This is true. In fact, I live in upstate NY and feel it would take a lifetime just to fully explore my own state let alone the rest of the coutry. There is a whole lot to do in the U.S. and not nearly enough time to do it in.

Re:Americans traveling to other countries.

[Kadin2048]

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

Actually, very few people in my line of work are at risk of being fired. On the contrary, people are motivated by wanting promotions and to get ahead of the next guy. If you gave everyone 4 weeks of vacation, they probably wouldn't see it as an opportunity to take more vacation, but as an opportunity to work more hours than other people, and thereby get promoted more quickly. Or if you're paid hourly, get more overtime.

And we're not talking about wage slavery here either; the people I know who chronically give up their vacations aren't scraping by to make rent, they're trying to get promoted so they can get a better apartment, a nicer car, a more expensive suit, etc.

I think that people give up vacation much more readily because they want to get ahead, than because they're afraid of losing their jobs. You'd probably have grounds for wrongful termination if you got fired for taking your allowed vacation (2 weeks), yet most people don't even take that. Why? It's not because they want to stay in their current jobs, it's because they want to get more, and given the choice between vacation now, and the chance at making more money later, people take the shot at promotion. It's not fear, it's a desire for betterment (aka greed; your choice of terms).

What I do think would be popular here would be the ability to take your vacation and sick time as cash. If you required companies to give employees their unused vacation time at the end of the year, I'd bet that you'd see the amount of vacation go down even further as people chose cash over leisure time. In Europe, where they effectively have that option already, it's less popular. Obviously, there are differing values at work.

Re:Americans traveling to other countries.

[phulegart]

what kind of contradictory Bullshit are you spewing? First you say...

"The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground"

Which clearly indicates you believe that U.S. Citizens are pushed against their will to work as much as they do, because the CEOs and other corporate bigwigs want to increase the amount in their already overfull pockets. Then you say...

"But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle." ...which clearly indicates that you are of the opinion that if someone makes a statement about how Americans prefer 2 weeks they must be workaholics.

So which is it? Is that 2 week limit there because of people being workaholics and not wanting more vacation time, or is it there because the employers push harder than they should and only allow 2 weeks?

Personally I've never had a job where I had 2 weeks official vacation time per year. And I'm a U.S. Citizen.

I can clearly see from the anti-U.S sentiment here in the responses exactly WHY most Americans would prefer not to travel. It could also be due to the fact that while a lot of European countries are very tiny, the US is very large. Why go to another country when you can go somewhere in your own country that is easier to get to, somewhere you have never been before, and somewhere that won't cost you your entire vacation budget on airfare? An American can even expand their travelling habits to include visiting other countries, namely Mexico and Canada, so that they can spend their entire life vacationing once a year somewhere in North America, and never go to the same place twice.

Americans are not all rich. Not even most of us. Most Americans don't have a passport, because they will NEVER BE ABLE TO AFFORD TO TRAVEL OUTSIDE THIS COUNTRY in their lifetime. It is not because they are workaholics, or Xenophobes. If you work 6 days a week, 10 to 12 hours a day, it does not automatically mean that you are addicted to work. It most likely means that your job sucks, you have no prospects for a better job, you have no skills (or more importantly, documented notarized certification) to get a better job, and you have to support your family.

The cost of living in the US is now so high, compared to the "average" income, that we live in a DUAL INCOME culture. This is where there must be the equivalent of two incomes coming in, in order for a single family to be able to afford an "average" lifestyle. Guess what? Only those with an "average" or better lifestyle get to take 2 week vacations. THe rest of us working schmucks get to work on holidays (Christmas, Thanksgiving, Fourth of July, Etc.) and don't look forward to a vacation. THe rest of us working schmucks find that our vacation time comes when we get burned out with the job, and spend a few weeks looking for another. That's our vacation.

Looks like you Europeans are the ones with all the money and leisure time. Looks like YOU should be the ones on the world crusade to help the needy. We did our part. We saved your countries over 60 years ago. Get off our backs. How about a Thank you? How about taking US out for a vacation?

It's nice and all that the travel industry is growing and attempting to get more secure with the addition of these identifier chips. Soon, we won't need a separate passport. Soon, our regular Identification (what ever that turns out to be) will be all that is needed to travel. ANd I'm sure it will include a digital component.

Re:Americans traveling to other countries.

[PPGMD]

It can also be frustrating to those working on a tight schedule.

One of my clients is a developer company, based in Mexico City, but with offices in most of the vacation hot spots in the US (because they own high rises in all those cities). There were having issues with their ERM, because it was a fixit session it was scheduled between other trips, and I only had two days on site. Well that wouldn't have been an issue, if they didn't stop working everyday for 3 hours to have lunch and watch the World Cup.

I don't know what it is, but the way we work versus the way that work is done in Europe and Latin America, is hugely different. I like to relate, to the Super Market that was across the street from where I was staying in Amsterdam, they were open M-F 10am-5pm, for an American that is unfathomable, Europeans are used to it, and adept to it, and I did too (by adept I mean I mostly ate at restraunts that were open later in the evening) when I was there for 3 months on a project. But it's quite strange for someone who's last job involved making a 1am Taco Bell run during my 11pm - 11am shift.

Re:Americans traveling to other countries.

[MasaMuneCyrus]

Us Americans are the hardest working people in the world, and right above us is Japan. However, the irony is truely great as we are some of the least efficient workers, too (and Japan is one of the most efficient).

Unfortunately, all work and no play makes one unhealthy. Perhaps the reason, then, why Japan has the highest life expectancies in the world is because while they may get around the same time off as Americans, they're CONSTANTLY having holidays. There's nearly a holiday every same-day-as-the-month, e.g., January 1st, February 2nd, March 3rd..., whrereas us Americans don't really have very many holidays (unless you work for the postal service -_-;)...

Re:Americans traveling to other countries.

[HungWeiLo]

here

This, of course, runs contrary to the common view that American workers are lazy and unproductive. However, there is an interesting catch. Because workers in the US tend to put in more hours than their European counterparts, the rankings change when you look at productivity per hour worked.

Norwegians lead the world with an output of $38 per hour worked last year. French workers were in second place, averaging $35 an hour, the report said. Belgians were third at $34, followed by Americans at $32.

Re:Americans traveling to other countries.

[Grishnakh]

Is your employer one of these places that works everyone 35 hours a week to get out of paying benefits?

You say this like it's a bad thing. Employees need to stop worrying about their little personal lives and worry more about providing shareholder value. Not taking any vacation, working unpaid overtime, etc. are all great ways to achieve this. How about some volunteer work? Volunteer to work weekends, for no pay. Or volunteer with your spare time to do chores, like yardwork, for your boss so that he can concentrate on providing more shareholder value.

Won't somebody please think about the shareholders??!!

Re:Americans traveling to other countries.

[TClevenger]

I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

Out of the people who I've encountered who don't take their full 10 days (14 days? What country do you live in?), nearly all are concerned that either their work will pile up and overwhelm them on their return, or will get piggybacked onto their already overworked coworkers (and in return, they'll be picking up the slack for the coworkers.) Thus, they will typically accrue the time until they are forced to use it or lose it, and then will take it in the form of three-day weekends or "errand days" rather than an extended break.

This is contrary to the whole purpose of a vacation, which is to get away from work for a while and relax. Not having an extended time off leads to stress, poor production, family problems, and ultimately, one fewer employee.

Re:Americans traveling to other countries.

[Grishnakh]

Personally I've never had a job where I had 2 weeks official vacation time per year. And I'm a U.S. Citizen.

Sounds like you're either a workaholic, or you need a new job. I had 2 in my first job, 5 in my second job (state government; paid better than the private companies in the area were paying too!), and 3 in my third (current) job. And I've always been able to actually use that time. And in my current job, I get an additional 8 weeks off every 7 years. Not quite up to European standards, but much better than what I read on here.

Why go to another country when you can go somewhere in your own country that is easier to get to, somewhere you have never been before, and somewhere that won't cost you your entire vacation budget on airfare? An American can even expand their travelling habits to include visiting other countries, namely Mexico and Canada, so that they can spend their entire life vacationing once a year somewhere in North America, and never go to the same place twice.

Airfare across the continent is actually not that much different from airfare to Europe many times. I've seen lots of deals from NYC to Paris for ~$400. Those 747s are quite efficient with all those seats.

I agree, though, there's a lot of stuff to see here in the USA and Canada. But Mexico?? What idiot would want to travel there? What a dump. Be prepared to carry around a lot of cash to bribe the cops in case you get pulled over (you don't have to be doing anything wrong, they just pull you over because you have money). And watch out for all the drug gangs leaving severed heads around the tourist cities and having gun battles with the police. No thanks, I think I'll stick to civilized countries.

We did our part. We saved your countries over 60 years ago. Get off our backs. How about a Thank you? How about taking US out for a vacation?

I hear this so often from Americans (and I am an American, for the record), and I'm really quite sick of it. Were you alive 60 years ago? Were you involved in WWII? For 99.9% of the Slashdot readers, I suspect the answers to both these questions is "no". So drop it. It's about as relevant to living people as the French helping us out in the Revolutionary War, or something that happened during Roman times.

You do have a great point about the high cost of living and low real wages, forcing most families to have dual earners. Americans work too much for too little reward.

Re:Americans traveling to other countries.

[rahrens]

Your comment is unwarranted, insulting and uneducated in its attitude about the modern Germany.

Germany is a modern industrial nation that has worked hard to overcome the disaster that was WWII. It was the first of the Axis nations to pay off its war debt, and has done all it could to counteract the influence of the National Socialist Party and all it did to the people of Europe.

The people of Germany suffered as much as the rest of Europe did (exclusive of the victims of the Holocaust) from the horrors of that war. While we think of the occupation of Europe by the Wehrmacht, we rarely think of the affects of the "occupation" of Germany by the SS. While allied nations such as the US and England repatriated German POWs quickly at the end of the war, the USSR not only took up to five YEARS to return some prisoners, but many never came home at all. My wife's father was on the Russian front, and he didn't come home till 1948. Many of the WWII generation of German soldiers died very early by American standards, due to the many hardships they endured. My father-in-law died several years before I met my wife in 1974 - he was in his fifties. By contrast, my mother-in-law is celebrating her 85th birthday in October. Many women in Germany of her generation lived decades longer than their husbands, with all the hardships that widowhood entails.

The German people have worked hard to rebuild their country after the war. They had to rebuild from almost nothing, and my wife's generation, and our children's, have had to work double so hard to overcome the stigma created by their fathers' and grandfathers' generation.

Next time, think before opening your mouth, or at least check to be sure that the chair to keyboard interface isn't out to lunch!

anti-pirate passports!

[invader_allan]

We all know that paper is so easy to modify, so we need to go to chips. Chips are more secure, while harder to duplicate. Like game chips, which don't get coppied freely like paper products such as books. Books can also be "emulated" in pdf or e-text formats. Chips can't be emulated or falsely burned with someone elses data!

Heh heh

[rice_burners_suck]

I bet there won't be a device in existance that can actually read the chip that will be embedded in these passports. I say that because my Permanent Resident card (greencard) is supposedly the most advanced ID card ever made, with all kinds of weird embedded information and whatnot, making it impossible to counterfeit. Or at least that's the theory, because although they spend ridiculous amounts of money to make these cards contain all that personal information, there is reportedly not a machine in existance that can read the information off the card. Typical government nonsense. It's like trying to invent the modem with enough funds to build just one.

And if we're already on the subject of the government, why are they spending all this money to make sure passports can't be faked, greencards can't be faked, etc., if there is absolutely positively nothing being done to stop the flood of immigrants, criminals, drugs, and terrorists that are crossing our totally unprotected borders into this country every day? Every time this issue comes up, idiots say it's racism. Sorry, it's not racism to stop people and things that shouldn't be here illegally from coming here illegally.

bomb makers can now target americans

[RichMan]

So now the bomb makers can design bombs to explode when a certain number of american passports are within range.

They don't need to correctly talk to the passports only determine that they are american passports.

Re:bomb makers can now target americans

[moosesocks]

Not sure why this was modded as funny.

This could potentially become a huge problem for Americans traveling overseas, especially considering that the Government advises Americans abroad to not advertise the fact, while at the same time, they're equipping us with radio beacons that scream "HEY! OVER HERE! THAT'S RIGHT! HERE! LOOK! AMERICAN! AMERICAN!"

US Department of State announcement

[SgtPepperKSU]

I actually ran into this a few days ago while looking into getting a passport. They announced this on the 14th.

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients).

It seems the passports will come with their foil hats pre-installed ;-)

Been thinking about this one.

[NiteHaqr]

What with the UK government wanting to force an ID card on us - seems applicable to Passports/Driving Licenses too.

Take a standard Credit Card sized plastic card.

Put a chip on it like credit cards use - not an RFID tag, just a simple chip that can store ONE piece of info.

That piece of data will be unique to that person, and is their ID in the system.

On the card we print a photograph, their name and date of birth.

When the card is presented at an appropriate terminal, a database lookup is done for the ID. The card reader then displays a "virtual" version of the card.

Visual inspection will allow the person doing the Identity Check to confirm the persons ID.

ID cards to be updated every 5 years, replacements for lost/stolen/damaged to be charged at cost, and be available within 2 working days, with designated places (like police stations) being able to print out temporary ID papers until replacement card arrives.

As long as downloads to terminals are encrypted, and the credentials of the operatives inputting data onto the system are checked, we have a secure system with no privacy concerns that SHOULD be cheap to implement.

Other systems, Passport Control etc could be tied to the database with your ID reference number becoming your Passport number - Give each person a pin number (or if you really insist use biometric information) and you have a bank/credit card that should also help prevent fraud.

Anyone see any holes in my plan?

Re:Been thinking about this one.

[morgan_greywolf]

Anyone see any holes in my plan?

Yep. Reliance on a very large central database. What if the database goes down? What if the database gets hacked? With the very large number of people you would have to have entering data into the system, chances are one or more those people will allow unauthorized access into the system, either intentionally or unintentionally.

What if the person checking ID loses connectivity to the database?

Example: I want to steal $25,000 out of your account. I forge your passport, complete with chip and everything. Then, my accomplice uses a DoS attack to knock out the bank's connection to the passport database.

Teller cannot verify against the database, assuming the database is down in some way. The bank, of course, has to be able to do business with or without the database, so it has a policy of visually verifying the passport against some other form of ID. I have such an ID already forged, no electronic verification takes place, ka'ching! I have your $25,000.

Re:Been thinking about this one.

[sasserstyl]

You're kidding right?

You appear to be describing the ID card system to be implemented in the UK which is a bad idea for three reasons:

1.
It does not solve anything.

I repeat: no existing problem will be solved by ID cards.

Why?

Because there has to be an application process for a card. Say I don't have a card - how do I get one?

Answer: take along some existing ID.

And herein lies the problem - a system is only as secure as its weakest link. You can encrypt the data on the card and sign it and make it forgery proof (if that were possible), but I can still get one of these strong cards by showing up with my paper "birth certificate" and a bank statement. You can make the card as secure as you like, but it can only ever prove that you are the person who showed up at the card issuer with a couple of pieces of paper. Someone can blow themselves up on a plane whether they are carrying a card or not.

2.
The ID card system will essentially be a huge governmental IT project. The British Govt. has an abysmal record with IT projects - they invariably cost a fortune and do not meet requirements. I wouldn't give a sh*t about the cost, but the tax-payer will pay for it.

3.
The system sets a precedent and is another step on a slippery slope to the kind of country I don't want to live in - a beauraucratic, police/authority-fearing, guilty-until-proven-innocent, card carrying, 1984 dystopia where I have to prove my identity to faceless officials.

This ID card debate gets me!

Anti-skimming/eavesdropping measures

[SgtPepperKSU]

More info form department of state:

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed; Basic Access Control (BAC) technology, which requires that the data page be read electronically to generate a key that unlocks the chip, will prevent skimming and eavesdropping; and a randomized unique identification (RUID) feature will mitigate the risk that an e-passport holder could be tracked. To prevent alteration or modification of the data on the chip, and to allow authorities to validate and authenticate the data, the information on the chip will include an electronic signature (PKI).

I have a chipped UK passport

[OriginalArlen]

And, as I have no intention or interest in visiting the US, I gave it 30 seconds in the microwave. Problem solved. They've been issuing these things over here since the end of July - I missed the deadline for a "real" passport by 5 days. Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me. They can't store a 40K jpeg in an RFID tag, at most it could be a (small) hash, but that would be useless as obviously another image of my face will have a completely different hash. Anyone got any idea what the UKPO means by asserting this thing's "biometric"? My guess is that they're just breaking people into the idea gradually, so as not to alarm us too much...

Re:I have a chipped UK passport

[Dun+Malg]

Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me.

From www.passport.gov.uk
"How will facial biometrics work? Facial recognition will map various features on the face, for example, the distances between eyes, nose, mouth and ears. The measurements will be digitally coded and held on an electronic chip secured in the passport page."

Your passport required a picture, right? Congradulations! You have been biometricized!

It's a revenue plot

[davidwr]

1) phase in new tech you know isn't bug-free
2) wait for major security hole to be found
3) come up with a fix
4) ???
5) PROFIT!!!

Step 4 is to make people who want the fix to pay for a replacement passport.

The e-voting-machine vendors are taking the same approach. Ditto many other technology vendors.

Re:RFID Blocking Passport Case

[SgtPepperKSU]

Guess I will need to get me one of these sooner than expected

It comes with one already... that is, if you trust a government issued one.

I don't see the problem here...

[Androclese]

It's an arms race against those that would forge a US Passport; they are using technology to make the Passport better. We know they are being faked right now under the current technology, so now they have added this chip with a digital picture of you to make it harder for them to duplicate.

Will it eventually be hacked/copied? Yes. Does that mean we throw up our hands in the air and stop trying? Taking a defeatist attitude gets us nowhere. When this one gets hacked, we'll add more forgery deterrents. Take at look at the US currency; its the same thing.

It is just one more tool we can use to keep pace/ahead with those that want to forge them.

Re:I don't see the problem here...

[lawpoop]

I agree that we need to continue to constantly increase our security measures, but I believe there is a danger in supposed security measures which actually *don't* increase security. It causes the users of such measure to relax their guard, assuming that they are safe when they actually may not be.

As far as anti-counterfeiting measures, the 9/11 terrorists had valid passports and IDs, so how exactly would this prevent terrorism? If an immigration official lets his guard down because a person has an RFID passport, he may be ignoring other tip-offs that would alert him to suspicious activity. This would probably only really effect illegal immigration.

Again, no one is saying that we shouldn't increase security measures. But let's not claim that this is a panacea, or going to do something that is actually can't. Americans seem to have the belief that some simple technology will solve any problem we encounter. The reality is that we have to hire and train competent personnel in immigration and security. Mass surveillance, face recognition, gait recognition, etc. will not keep us safe from terrorism; motivated terrorists will always outsmart the machine or system. What we need is human intelligence, building contacts and infiltrating groups. These sorts of technological fixes are just to pacify jittery Americans into thinking that something is being done.

Re:I don't see the problem here...

[Sycraft-fu]

Yep, it's just like any of the other security advances. The passport revision just prior to this one, the one I have, already has a hidden pciture on it. It's on the opposite side of the main picture and shows up only under UV light. Agian something that is possible to duplicate (I mean of course it's possible to duplicate, it was possible to make it in the first place) but it's another layer.

The idea is that the easiest method of passport forgery is just to alter the picture. You nab my passport, stick your picture on it, suddenly you can pretend to be me, and not just for border crossing. Well, if my picture is also on there in a number of other formats, that makes it much harder. Now you've got to replace them all, and that means you have to have the technology to do all the different formats.

It's no magic bullet, just like having coloured money won't stop all counterfitters, but it helps.

The Main Reason is it's Faster

[mpapet]

Forget about the so-called security. It's "secure" to the vast majority of voters.

The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.

This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.

FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

Re:The Main Reason is it's Faster

[swillden]

FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

Actually, they not only store the photograph on the chip, but they store a fairly large, high-quality photograph (~30KB). The reference data set used for testing implementations of the ICAO electronic passport is almost 50KB in size, total. The transfer rates supported by contactless smart card chips are pretty high -- 400kbps and 800kbps. So, in theory, even with the slower speed you should be able to move 50KB of data in just over a second. In practice it takes longer than that since the chip also has to encrypt all of the data, and because the protocol has a lot of overhead. Still, decent implementations transfer the reference data set in just 3-4 seconds, even with all of the security turned on. That will get faster over time.

It's worth pointing out that performance is one of the reasons that contactless smart card chips are preferred over contact chips. Unless the ICAO wanted to develop new smart card technology, all of the contact protocols are significantly slower, maxing out at 115kbps. With off-the-shelf chips, contactless was much faster. There are other reasons contact chips wouldn't work well, though, and I doubt very much that performance was the deciding factor.

Yes, also

[gerf]

You can throw your new one in a microwave just in case :D

Already hacked, even before rollout

[MrAtoz]

As featured a couple of weeks ago in this article on Wired, these RFID chips have already been hacked. From TFA:

LAS VEGAS -- A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.

"The whole passport design is totally brain damaged," Grunwald says. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all."

And the obvious problem is...

[Moraelin]

So I went to the shop yesterday to buy a couple of PSP games. So I pull out my plastic debit card to pay with it. They have these numeric pads with a slot for the card and a small LCD display around here in a lot of shops. (The super-markets and such just ask you for a signature, but almost everyone else has a PIN pad.)

"Oh," says the clerk, "the connection's been down the whole afternoon."

It's not even the first time something like that happens. It's not often, but it does happen.

So for purchasing games or groceries, ok, I can just pull some banknotes out of the wallet. But it kinda scares me that I'd have to depend on something like that at an airport.

National ID and passport--fingerprint, PIN etc.

[BrentRJones]

In light of terrorism, illegal immegration, identity theft and white collar crime, we will need not only passports with chips, but national IDs with smart chips too.

Not just your appearance, but your fingerprints, iris pattern, voice patterns and probably eventually unique DNA markers will be necessary. And a good long PIN or passphrase.

Those predicted bar codes on the forehead and arm look pretty likely, too.

"I'm sorry officer, my USB port is down. Could you use my saliva?"

Missing the point

[BigJavaGeek]

Most posters here are missing the point. The RFID tags are not used to store the images, just a reference to your ID in a database. It's about the same level of additional security the CVV (3 digit number on back of credit card) provides on top of your credit card number. It's a second factor that can provide a verification for the primary data (the picture/name in your passport). It's also like adding the little plastic strip inside US currency. You don't accept money from someone that is blank paper with a plastic strip, it still needs to have the other features that identify the money as legit. And while it still be counterfeited, it takes a bit more expertise and money to do so. Same thing with the RFID. You can't make it 100% impossible to fake a passport, but if this makes it a bit more expensive and difficult, that is a step in the right direction.

There may be legit concerns about the tags being used to track people, which is precisely why the new passports are mini Faraday cages to prevent reading the tags when the passport is closed. And if someone sniffs your ID when it is opened at customs, big deal. The RFID is just secondary confirmation. It still has to be paired with a valid passport with the MATCHING photo from the database that the RFID point to. A random person will not be able to make use of it. And if you're worried about someone snagging the ID of a similar looking person, how is that any different than non-RFID passports, when they can just create one from paper with your identification and their picture?

A healthy dose of paranoia can be helpful, but you have to critically consider the use of the data. The RFID does not replace the passport's primary identification, only augment it.

Re:Missing the point

[seanmb15]

Actually, the chips DO contain your picture, along with your address, passport number, and other info.

More Lack of Logic

[dereference]

Well, according to the TFA: The chips carry an encrypted digital photograph of the passport holder..

Remember everyone, just by going out in public you are letting the world know what you look like! Time to start investing in brown paper bags

You seem to be missing the whole point here. According to logic, it doesn't really matter what contents are being stored on this chip. It could be an encrypted random number for all anyone cares, since (as the GP correctly noted) the very existence of any such embedded data is sufficient to remotely flag the holder of the passport as an American. I can only hope it's unnecessary to point out the many reasons why this is so undesirable.

How it works in Germany

[ai3]

In Germany we have RFID passports since last year. This despite much criticism (the old passports were considered one of the most secure documents ever). The new passport costs 59 euros, the old one was just 26 euros, so I got myself an old one just before the deadline.

In my opinion, the e-passport was largely introduced to secretly subsidize the biometrics sector: The interior minister responsible for the e-passport, Otto Schily, joined two biometrics companies this month :)

Source (german only, sorry): http://www.silicon.de/enid/cio/21505

BECAUSE!

[TiggertheMad]

The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

Ah, but what if the 'Thief' doesn't want to so much steal your identity, as pick an American tourist out of a crowd of hundreds of other tourists? This isn't giving you a secure digital picture. It's painting a huge bulls-eye on your forehead...

Re:The flat world called the US

[hcob$]

13 million passport for a population of 300 Americans.. Do Americans travel that seldom to another country???

Let's see here:

Netherlands Land Area: 33,920 sq km (13,097 sq miles)
USA Land area: 9,631,418 sq km (5,984,685 sq miles)
State of Mississippi 121489 sq km (46907 sq mi.)

Well if you go on travel distance, I leave my home state quite often. However, we don't need passports to go from state to state. I have only been out of the country once (to Mexico) and it took about 10 hours to travel. Does that help much with perspective?