E-Passport In the Works

ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports — about 13 million will be issued in 2006 — will contain such chips.'"

WHY?

[rkhalloran]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

Re:WHY?

[gEvil+(beta)]

It's all about appearances. Nothing more, nothing less. If the general population thinks that high-tech passports are more secure, then high-tech passports are what they general population will get.

Re:WHY?

[Red+Flayer]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

The same reason we can't take bottled water on an airplane -- pandering to gullible voters.

Re:WHY?

[eno2001]

Because... some stupid fucking PHB somewhere heard that RFID is the "next big thing (TM)" and just had to have it before those damn Canadians do. I honestly think that's all it comes down to. Someone thinks RFID sounds cooler than 70s mag stripe technology. If you ask me it's fucking stupid. Of course what do I know, I hate the direction the United states has taken the past six years. I'm fucking trapped here though because I can't just afford to pick up and leave. Have to make the best of in these hard times.

Re:WHY?

[amliebsch]

If the chip only carries an encrypted photo of myself, then thieves can't steal any information that they couldn't get by looking in my general direction. But it does make the passport much more difficult to forge, and more difficult to use fraudulently. That seems pretty reasonable to me.

Re:WHY?

[Andrewkov]

This technology will just encourage unlawful face transplanting. Haven't you seen that John Travolta movie?

American Made

[neonprimetime]

A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

Why do we always have to get everything from the Germans? (beer & cars for example) Why can't the government contract this out to good ol' American workers? Especially since it deals with National Security?

encrypted?

[Lord+Ender]

When they say "encrypted," do they actually mean digitally signed? Being able to provide a digitally signed (by a government key) passport photo in a machine-readable form would be good for security.

But simply encrypting the message with a symmetric key (as seems indicated by the blurb) would be bad for security, because many people would have the key, and so it would provide a false sense of security.

Scene at the customs office

[krell]

"Mr.... let's see 5AVE On Va1iumViagraCialis? Yes, everything checks out. Welcome to America!"

I blame it on the lack of logic today

[MikeRT]

One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak:

1) All computer security systems have been defeated.
2) This is kinda like one of them thar computer security systems that has been defeated.
3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American.

If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

Re:I blame it on the lack of logic today

[pilgrim23]

Entebe Incident; The Hijackers went around the plane asking for Israeli Passports. Now it is so much easier. Welcome to the new world of "Wand and Shoot".

Americans traveling to other countries.

[krell]

"Because we all know how often Americans travel overseas."

Hey, I went to New Mexico twice in the last 6 years. That's fairly often, I think.

Re:Americans traveling to other countries.

[clickclickdrone]

I used to find the low number of Americans with passports rather scary and insular until someone pointed out you only get 2 weeks vacation a year. With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.
Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday :-)

Re:Americans traveling to other countries.

[morgan_greywolf]

I, for one, welcome our new McDonald's-cramming, identity-stealing, drive-by-shooting North American overlo......

oh, never mind.

Re:Americans traveling to other countries.

[Maximilio]

Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

"Prefer?" I prefer quite a bit more time off. I would imagine most people do. The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground and causes them to change jobs on an average of every two or three years and careers on an average of every 10 or 15 years. You ask, stupidly, who pays for Europeans' 6 weeks holiday -- obviously as a cultural norm the employer shells it out. It's a quality of life issue.

But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle. I think, given 6 weeks of guilt-free holiday, most Americans would take it gladly.

Re:Americans traveling to other countries.

[badasscat]

Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

Are you kidding me? "As a nation", we take what we can get. And all we can get is 2 weeks per year or less.

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

Wow, who pays for that?

If the entire society accepts that this is normal, then no one pays for it.

Let's face it - the world works the way it does because we accept that the world works that way. If it worked differently, we'd accept that too. I mean, who's "paying" for the fact that you're sleeping 8 hours a day rather than working? You, and the rest of American society (at least to this point) has drawn the line at having at least enough time off every day to sleep. Nobody "pays" for that; that's just the way society has chosen to work. Could companies make more money if all of their employees worked 24 hours a day, 7 days a week? Sure. But you don't "pay" for something that never existed in the first place. That downtime is just downtime, not a debt that needs to be paid.

We Americans are overworked. We work more hours, on average, than any other nation in the world (yes, including places like Japan, which lets its employees have an average of 25 non-weekend days off per year). But it's not by and large because we want to, it's because we're demanded to and because employers have decided for us that this is the cultural norm. Someday, maybe we'll get in step with the rest of the world and realize that there are more important things in life than work.

Re:Americans traveling to other countries.

[phulegart]

what kind of contradictory Bullshit are you spewing? First you say...

"The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground"

Which clearly indicates you believe that U.S. Citizens are pushed against their will to work as much as they do, because the CEOs and other corporate bigwigs want to increase the amount in their already overfull pockets. Then you say...

"But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle." ...which clearly indicates that you are of the opinion that if someone makes a statement about how Americans prefer 2 weeks they must be workaholics.

So which is it? Is that 2 week limit there because of people being workaholics and not wanting more vacation time, or is it there because the employers push harder than they should and only allow 2 weeks?

Personally I've never had a job where I had 2 weeks official vacation time per year. And I'm a U.S. Citizen.

I can clearly see from the anti-U.S sentiment here in the responses exactly WHY most Americans would prefer not to travel. It could also be due to the fact that while a lot of European countries are very tiny, the US is very large. Why go to another country when you can go somewhere in your own country that is easier to get to, somewhere you have never been before, and somewhere that won't cost you your entire vacation budget on airfare? An American can even expand their travelling habits to include visiting other countries, namely Mexico and Canada, so that they can spend their entire life vacationing once a year somewhere in North America, and never go to the same place twice.

Americans are not all rich. Not even most of us. Most Americans don't have a passport, because they will NEVER BE ABLE TO AFFORD TO TRAVEL OUTSIDE THIS COUNTRY in their lifetime. It is not because they are workaholics, or Xenophobes. If you work 6 days a week, 10 to 12 hours a day, it does not automatically mean that you are addicted to work. It most likely means that your job sucks, you have no prospects for a better job, you have no skills (or more importantly, documented notarized certification) to get a better job, and you have to support your family.

The cost of living in the US is now so high, compared to the "average" income, that we live in a DUAL INCOME culture. This is where there must be the equivalent of two incomes coming in, in order for a single family to be able to afford an "average" lifestyle. Guess what? Only those with an "average" or better lifestyle get to take 2 week vacations. THe rest of us working schmucks get to work on holidays (Christmas, Thanksgiving, Fourth of July, Etc.) and don't look forward to a vacation. THe rest of us working schmucks find that our vacation time comes when we get burned out with the job, and spend a few weeks looking for another. That's our vacation.

Looks like you Europeans are the ones with all the money and leisure time. Looks like YOU should be the ones on the world crusade to help the needy. We did our part. We saved your countries over 60 years ago. Get off our backs. How about a Thank you? How about taking US out for a vacation?

It's nice and all that the travel industry is growing and attempting to get more secure with the addition of these identifier chips. Soon, we won't need a separate passport. Soon, our regular Identification (what ever that turns out to be) will be all that is needed to travel. ANd I'm sure it will include a digital component.

Re:Americans traveling to other countries.

[PPGMD]

It can also be frustrating to those working on a tight schedule.

One of my clients is a developer company, based in Mexico City, but with offices in most of the vacation hot spots in the US (because they own high rises in all those cities). There were having issues with their ERM, because it was a fixit session it was scheduled between other trips, and I only had two days on site. Well that wouldn't have been an issue, if they didn't stop working everyday for 3 hours to have lunch and watch the World Cup.

I don't know what it is, but the way we work versus the way that work is done in Europe and Latin America, is hugely different. I like to relate, to the Super Market that was across the street from where I was staying in Amsterdam, they were open M-F 10am-5pm, for an American that is unfathomable, Europeans are used to it, and adept to it, and I did too (by adept I mean I mostly ate at restraunts that were open later in the evening) when I was there for 3 months on a project. But it's quite strange for someone who's last job involved making a 1am Taco Bell run during my 11pm - 11am shift.

Re:Americans traveling to other countries.

[Grishnakh]

Is your employer one of these places that works everyone 35 hours a week to get out of paying benefits?

You say this like it's a bad thing. Employees need to stop worrying about their little personal lives and worry more about providing shareholder value. Not taking any vacation, working unpaid overtime, etc. are all great ways to achieve this. How about some volunteer work? Volunteer to work weekends, for no pay. Or volunteer with your spare time to do chores, like yardwork, for your boss so that he can concentrate on providing more shareholder value.

Won't somebody please think about the shareholders??!!

anti-pirate passports!

[invader_allan]

We all know that paper is so easy to modify, so we need to go to chips. Chips are more secure, while harder to duplicate. Like game chips, which don't get coppied freely like paper products such as books. Books can also be "emulated" in pdf or e-text formats. Chips can't be emulated or falsely burned with someone elses data!

Heh heh

[rice_burners_suck]

I bet there won't be a device in existance that can actually read the chip that will be embedded in these passports. I say that because my Permanent Resident card (greencard) is supposedly the most advanced ID card ever made, with all kinds of weird embedded information and whatnot, making it impossible to counterfeit. Or at least that's the theory, because although they spend ridiculous amounts of money to make these cards contain all that personal information, there is reportedly not a machine in existance that can read the information off the card. Typical government nonsense. It's like trying to invent the modem with enough funds to build just one.

And if we're already on the subject of the government, why are they spending all this money to make sure passports can't be faked, greencards can't be faked, etc., if there is absolutely positively nothing being done to stop the flood of immigrants, criminals, drugs, and terrorists that are crossing our totally unprotected borders into this country every day? Every time this issue comes up, idiots say it's racism. Sorry, it's not racism to stop people and things that shouldn't be here illegally from coming here illegally.

bomb makers can now target americans

[RichMan]

So now the bomb makers can design bombs to explode when a certain number of american passports are within range.

They don't need to correctly talk to the passports only determine that they are american passports.

US Department of State announcement

[SgtPepperKSU]

I actually ran into this a few days ago while looking into getting a passport. They announced this on the 14th.

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients).

It seems the passports will come with their foil hats pre-installed ;-)

Been thinking about this one.

[NiteHaqr]

What with the UK government wanting to force an ID card on us - seems applicable to Passports/Driving Licenses too.

Take a standard Credit Card sized plastic card.

Put a chip on it like credit cards use - not an RFID tag, just a simple chip that can store ONE piece of info.

That piece of data will be unique to that person, and is their ID in the system.

On the card we print a photograph, their name and date of birth.

When the card is presented at an appropriate terminal, a database lookup is done for the ID. The card reader then displays a "virtual" version of the card.

Visual inspection will allow the person doing the Identity Check to confirm the persons ID.

ID cards to be updated every 5 years, replacements for lost/stolen/damaged to be charged at cost, and be available within 2 working days, with designated places (like police stations) being able to print out temporary ID papers until replacement card arrives.

As long as downloads to terminals are encrypted, and the credentials of the operatives inputting data onto the system are checked, we have a secure system with no privacy concerns that SHOULD be cheap to implement.

Other systems, Passport Control etc could be tied to the database with your ID reference number becoming your Passport number - Give each person a pin number (or if you really insist use biometric information) and you have a bank/credit card that should also help prevent fraud.

Anyone see any holes in my plan?

Anti-skimming/eavesdropping measures

[SgtPepperKSU]

More info form department of state:

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed; Basic Access Control (BAC) technology, which requires that the data page be read electronically to generate a key that unlocks the chip, will prevent skimming and eavesdropping; and a randomized unique identification (RUID) feature will mitigate the risk that an e-passport holder could be tracked. To prevent alteration or modification of the data on the chip, and to allow authorities to validate and authenticate the data, the information on the chip will include an electronic signature (PKI).

The Main Reason is it's Faster

[mpapet]

Forget about the so-called security. It's "secure" to the vast majority of voters.

The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.

This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.

FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

Re:I don't see the problem here...

[lawpoop]

I agree that we need to continue to constantly increase our security measures, but I believe there is a danger in supposed security measures which actually *don't* increase security. It causes the users of such measure to relax their guard, assuming that they are safe when they actually may not be.

As far as anti-counterfeiting measures, the 9/11 terrorists had valid passports and IDs, so how exactly would this prevent terrorism? If an immigration official lets his guard down because a person has an RFID passport, he may be ignoring other tip-offs that would alert him to suspicious activity. This would probably only really effect illegal immigration.

Again, no one is saying that we shouldn't increase security measures. But let's not claim that this is a panacea, or going to do something that is actually can't. Americans seem to have the belief that some simple technology will solve any problem we encounter. The reality is that we have to hire and train competent personnel in immigration and security. Mass surveillance, face recognition, gait recognition, etc. will not keep us safe from terrorism; motivated terrorists will always outsmart the machine or system. What we need is human intelligence, building contacts and infiltrating groups. These sorts of technological fixes are just to pacify jittery Americans into thinking that something is being done.

And the obvious problem is...

[Moraelin]

So I went to the shop yesterday to buy a couple of PSP games. So I pull out my plastic debit card to pay with it. They have these numeric pads with a slot for the card and a small LCD display around here in a lot of shops. (The super-markets and such just ask you for a signature, but almost everyone else has a PIN pad.)

"Oh," says the clerk, "the connection's been down the whole afternoon."

It's not even the first time something like that happens. It's not often, but it does happen.

So for purchasing games or groceries, ok, I can just pull some banknotes out of the wallet. But it kinda scares me that I'd have to depend on something like that at an airport.

How it works in Germany

[ai3]

In Germany we have RFID passports since last year. This despite much criticism (the old passports were considered one of the most secure documents ever). The new passport costs 59 euros, the old one was just 26 euros, so I got myself an old one just before the deadline.

In my opinion, the e-passport was largely introduced to secretly subsidize the biometrics sector: The interior minister responsible for the e-passport, Otto Schily, joined two biometrics companies this month :)

Source (german only, sorry): http://www.silicon.de/enid/cio/21505