Disabling the RFID in the New U.S. Passports

slashchuck writes "Along with the usual Jargonwatch and Wired/Tired articles, the January issue of Wired offers a drastic method for taking care of that RFID chip in your passport. They say it's legal ... if a bit blunt. From the article: 'The best approach? Hammer time. Hitting the chip with a blunt, hard object should disable it. A nonworking RFID doesn't invalidate the passport, so you can still use it.' "

No Hurry

[JusticeISaid]

Great idea! Anything else I can do to slow down my passage through Immigration and Customs after a long flight? I'm always looking for ideas.

Re:No Hurry

[Jah-Wren+Ryel]

the shielding in the passport cover hold the chip incommunicado unless the passport is open

That's true if your definition of "open" is anything not held tightly closed.

It has already been demonstrated that the faraday cage effect of the shielding is negated if the passport is only open a centimeter or so, as could easily happen with a passport carried in a handbag, or pretty much anywhere there is not much pressure to hold it closed.

So, while you may not be able to crack the data from the RFID, you can certainly talk to it under conditions that are reasonably common in the field.

it requires execution of a cryptographic authentication protocol using an AES key derived from data printed inside the passport cover (called the MRZ)before it will divulge anything; and

Doesn't this strike anyone as ironic? The RFID is of no value for official use without first having to read something printed on the inside. So much for any improvement in convenience or ease of use over the previous implementation. Seems like an RFID manufacturer (patent holder?) hired a really good lobbyist.

Re:No Hurry

[iron-kurton]

Here's an idea: not giving up your civil liberties for the sake of convenience and national security (to be distinguished from ACTUAL security). What's really funny about your statement is that 5 years ago, people like you were in front of news cameras at the airline check-in saying "we don't mind waiting in line if it makes us more secure." Now, 5 years later, even after we have all established that airport security is a joke, instead of coming up with a more efficient screening method, we spent our resources developing YET another new technology full of holes.

My point is, your anger at the poster and the method of destroying the chips is a bit misdirected -- if you really want to spend less time at security checkpoints and Immigration and Customs, you should lobby for improving the methods currently in place. Besides, like someone who replied to your post already said, there really is no speed improvement in putting your passport through a barcode reader or waving it in front of an RFID reader. However, there is a relative security difference, and given the choice, I would take the former.

ObSneakers

[Rob+T+Firefly]

(Bishop is at a door with an electronic lock.)
Bishop: Anybody remember how to defeat an electronic keypad?
Mother: This might help. An old buddy of mine who was in Desert Storm sent it to me. 'Course, he was on the other side.
Bishop: Come on. There's got to be a way around these things.
(He listens intently to instructions via his earpiece.)
All right, all right... This might work... Yeah. Yeah... Right. Okay. I'll give it a shot.
(He kicks the door in.)

Taking bets...

[Junior+J.+Junior+III]

How long until they make hammer possession a felony?

State Department FAQ

[brewer13210]

From the US State Department FAQ on electronic passports

What will happen if my Electronic passport fails at a port-of-entry?

The chip in the passport is just one of the many security features of the new passport. If the chip fails, the passport remains a valid travel document until its expiration date. The bearer will continue to processed by the port-of-entry officer as if he/she had a passport without a chip.

Re:Somebody doesn't grok RFID...

[canavan]

passive (powered by the magnetic field generated by an RFID reader).

Passive RFID tags are not powered by magnetic, but by electromagnetic fields, more precisely essentially the same radio frequency they use to send back their data - they use the same antenna for sending and receiving.

someone with even a basic knowledge of physics knows that the power requirement to maintain an adequate magnetic field increases exponentially with distance.

Since we determined that radio is used to power the tags, everyone with a basic understanding of physics should know that the field strength diminishes with something like x^-3 and not y^-x, which would make it a cube law matter, and not exponential. Additionally, the same directional antenna that can be used to read the tag's signal can be used to direct the radiated RF energy to the tag.

one has to remember that tags operating on the same frequency will tend to interfere with each other, reducing the chance of getting a good read.

Sorry, but that's wrong again. RFID tags only send an answer when they are specifically addressed. The inventory control tags allow for a binay search to find all tags, e.g. you start by asking if any tag have addresses <2^31. If any answer, you check < 2^30 and between 2^31 and 2^30, etc. until you know the individual addresses of all tags in your range. Only after you have the right adress you will start actually reading their data, anything before that is just to detect their presence. Whether or not passport tags even give away their presence if one doesn't provide the (printed) secret key in the request, I do not know.