Researchers Find Problems With RFID Passport Cards

An anonymous reader writes "Researchers at the University of Washington have found that RFID tags used in two new types of border-crossing documents in the US are vulnerable to snooping and copying. The information in these tags could be copied on to another, off-the-shelf tag, which might be used to impersonate the legitimate holder of the card." You can also read the summary of the researchers' report.

This just in

Bear shits in woods, news at 11.

Re:This just in

[Serenissima]

How about "This just in: DUH!?" :)

Breaking news:

[cosmocain]

The left hand doesn't know what the right hand is doing.

FTFA:

We show that a key anti-cloning feature proposed by the U.S. Department of Homeland Security (the tag-unique TID) remains undeployed in these cards.

Re:Breaking news:

The left hand doesn't know what the right hand is doing.

That only cos I sat on my arm. Totally worth it btw.

Re:Breaking news:

[GoombaTroopa]

The left hand doesn't know what the right hand is doing.

It's probably better off not knowing. ;)

(This sort of joke was inevitable)

Re:Breaking news:

[L4t3r4lu5]

Ahhhh... "The Stranger."

Good for those who sleep on their arms.

Re:Breaking news:

[morgan_greywolf]

Why were you so surprised that you never saw the stranger?

question to those who read the article

[mapkinase]

Did they compare the efficiency of copying passports w/ and w/out RFID?

Re:question to those who read the article

[HungryHobo]

I'm going to guess easier to copy than traditional passports.Can find anyone who can copy my passport in a few minutes after simply passing me on the street while my passport was inside my bag without me knowing they've obtained a copy?

Re:question to those who read the article

[NoisySplatter]

They still can't.

From the article:
"Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance..."

Considering the "passport" is the entire document and the tag itself contains no identifying information they still can't clone your passport at a distance. They could clone the tag inside it, but the process of faking your passport would still involve creating the paper hard copy. I'd say if they still have to do everything they used to and also something new then it's more secure, not less.

Of course the ability to recognize and track a person's movements through the use of RFID is still worrying, but it's no easier to fake a passport than it used to be.

Re:question to those who read the article

[mapkinase]

The only reason they copy YOUR passport is because it's easier to create an RFID passport from scratch for Joe Plumber.

They do not have to copy your conventional passport, because it's easier to create a conventional passport for Joe Plumber.

That's the comparison I am asking about. How easy is to create a passable RFID passport compared to passable conventional passport.

Re:question to those who read the article

[SCHecklerX]

Then what is the point of using RFID in the first place? If you need to see the actual passport anyway, why not use magstripe or barcodes? *sigh*

Re:question to those who read the article

[houghi]

then it's more secure, not less.

That is security through obscurity. I could even argue that it has become less secure. Now people will look at green light that will show up and when that does happen then it must be OK.
People tend to believe the machien more then they do themselves. This because they do not have to take the resposability, but can blame somebody (or in this case something) else. A simple case of "Gee, I can not give you another seat, because the computer tells me the plane is full" even though there are only 3 people on the plane.

Re:question to those who read the article

[davolfman]

Magstripes decay. Neither stores data all that densely.

Re:question to those who read the article

[NoisySplatter]

Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent, but even the best lock only works if you use it properly.

Re:question to those who read the article

[FrameRotBlues]

Not arguing, but what data? If the tag doesn't contain personal information, exactly how much data does it need to store, and for what? How about 2D Aztek or DataMatrix bar codes that need to have the passport in hand, and opened, to scan?

Re:question to those who read the article

[Jah-Wren+Ryel]

Then that's a flaw of the user, not the system. You could argue that adding a machine to the process would cause people to become complacent,

No, a system that does not take into account natural human behavior is flawed, not the humans. Your attitude is what leads to counterproductive 'security' like the UAC on Vista.

Re:question to those who read the article

[NoisySplatter]

I understand what you're talking about, and agree that things like that aren't good, but we're not talking about just clicking through an error message or "are you sure" dialog. These people are controlling the border of a country that is paying them to do it properly and accurately. There are a number of ways to test for continued compliance to a standard including random monitoring and even sending people through whose documents don't match to see if they're caught.

The reason the RFID chips are even in the passports is to bring up info that can be compared to the document in hand. You could require the agent to type in the name, scan a barcode or swipe a magstripe to do the same thing, but the bottom line is that the human in the loop has to look at the damn screen and see if it matches. They have to do this reliably hundreds of times a day. This action isn't an interruption of thier task, it is their task. If that isn't enough to keep them on their toes then they need to find a new line of work.

Re:question to those who read the article

[Jah-Wren+Ryel]

This action isn't an interruption of thier task, it is their task. If that isn't enough to keep them on their toes then they need to find a new line of work.

And that's the problem - it is not an interruption. Unless we plan on breeding idiot-savants for the job, no human can do that reliably all day long. We are just not wired that way to do the same repetitive task over and over and then notice the 1 out of 100 or 1 out of 1000 exception. It doesn't matter if a nuke will go off if the person fails, they will still fail.

Re:Anonymous Coward

[L4t3r4lu5]

Already been done.

Elvis

[Krneki]

So, if I want to be Elvis all I need is one of those new passports.

Cool.

Re:Elvis

[Yvanhoe]

You may or may not be aware that this very hack happened with the European version of the RFID passport in september :

http://hackaday.com/2008/09/30/cloning-and-modifying-e-passports/

By the way, the most "funny" thing I saw about RFID passports was that in Pakistan, at least one occurrence of "American passport bearer detection" has occurred in a market crowd. Fortunately, the goal was then to steal the passport, not behead the bearer.

Re:Elvis

[value_added]

Elvis would be a good choice when registering to vote in Chicago. For border crossings, I'd recommend using Cat Stevens.

Re:Elvis

By the way, the most "funny" thing I saw about RFID passports was that in Pakistan, at least one occurrence of "American passport bearer detection" has occurred in a market crowd. Fortunately, the goal was then to steal the passport, not behead the bearer.

Citation needed

Re:Elvis

[morgan_greywolf]

Elvis would be a good choice when registering to vote in Chicago. For border crossings, I'd recommend using Cat Stevens.

You mean Yusuf Islam? I'm guessing not such a good idea...call me crazy...

Re:Elvis

[Yvanhoe]

Agreed, but I couldn't find any. This was presented as a fact in a conference presenting the problems surrounding RFIDs, but from the results of my google-fu, it is quite possible that it was a fictional scenario that was transformed into a fact in this presentation by a little argument stretching.

How should I respond to this?

[retech]

1. I am shocked!
2. I am outraged!
3. I am indignant!
4. Tubes, what tubes?
5. This is why I wrap all my important body parts in tinfoil.
6. Why didn't we know about this sooner?
7. If it's not on BoingBoing I don't believe it.

Please, someone in authority with intelligence tell me what to think about this. Oh.. wait... that's never going to happen is it.

Re:How should I respond to this?

[SharpFang]

8. Shut up. This is to stop the terrorists. And you don't want to support terrorism, do you?
9. Shut up. This is to protect the children. And you don't want to support pedophilia, do you?
10. This is a classified information you were not authorised to obtain. Please lay on the ground face down and place your hands on your head.

Re:How should I respond to this?

[TubeSteak]

Your solution advocates a

( ) technical ( ) legislative ( ) market-based ( ) vigilante (*) emotional

approach to solving a looming privacy problem. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular emotional state, and it may have other flaws which used to vary from state to state or country to country before a bad federal or international law was passed.)

Re:How should I respond to this?

[gknoy]

10. This is a classified information you were not authorised to obtain. Please lay on the ground face down and place your hands on your head.

11. A party associate will arrive shortly to collect you for your party. Make no further attempt to leave the testing area. Assume the "Party Escort Submission Position" or you will miss the party.

Security

[supernova_hq]

I guess this is especially bad, considering their security!

And this is news?

Researchers discovered that the exact same thing that Slashdot users said would happen years ago, is happening. BREAKING NEWS.
You know, it'd be nice if one of these things actually caught us by surprise for once instead of seeing the government wanting to implement a multi-billion dollar program that is hacked before it is even designed.

Re:And this is news?

[HungryHobo]

It's hard to find a large group of people more cynical than slashdot users.
If anything I'd say this proves that the cynical tend to be correct.

Again

[RAMMS+EIN]

This is about the umpteenth time we hear about this. Somehow, I can't believe anymore that putting these chips in passports was meant to increase security. The question is...what _was_ the purpose?

Re:Again

[SL+Baur]

The question is...what _was_ the purpose?

The main stated reason was to facilitate entry of US citizens into Great Britain. It was also supposed to be "more secure".

Sigh. See my earlier post in this article how kidnapper convenient these things are.

Re:Again

[will_die]

The purpose was to decrease the time it took to process a passport aka person. Bar codes can have problems being read and take more time to scan then RFIDs. In addition the RFID contain the same information you see in the passport, so that you can check that against the database and future use would allow checking the RFID stored photo with a camera scan to verify ID.

The problems mentioned here and elsewhere are that you can copy an RFID make a duplicate of it. With a regular passport that is not really a problem, excluding privacy since they contain personnal data but the US system and others are suppose to be encrypted so you cannot get the info without the physical passport so you can get the key, because your passport is checked against the database entery and then the person doing the check is suppose to compare the computer to the passport to the holder and they should all match. In this case the problem is that these are passport cards, not regular passports, designed for people who cross the borders all time and this will allow for quick processing with the passport card never being checked by human; same system that you have for toll road cards.
Since these cards and also drivers licenses are not encrypted and not checked by humans an evil person could copy the card, get your PIN and then have easy access to cross the border, provided they don't have sort of facial recognition system, being implemented, that checks your passport card against the database against the facial recognition system.

Re:Again

[jlarocco]

This is about the umpteenth time we hear about this. Somehow, I can't believe anymore that putting these chips in passports was meant to increase security. The question is...what _was_ the purpose?

First, the article isn't talking about passports. It's talking about the new passport cards. It's not necessarily a given that the same RFID chip is used in both of them.

Second, passport cards aren't even required. You can get a regular passport with or without getting the card. The cards have nothing to do with extra security and everything to do with making travel between the US, Canada and Mexico more convenient.

Third, the RFID chip in regular passports isn't required either. You can get the passport, smash the chip with a hammer, and use it just like a regular old passport.

In any case, it's 100x easier to just order somebody's birth certificate, make a fake ID, and order a legit passport in their name.

Re:Again

[Yer+Mum]

My first reaction would be to say that you are kidding, but then this is yet another example of policy laundering.

In the UK the government said it was because it was being deployed by the US.

Basically it was a working group from the US, UK, Canada, Australia, and New Zealand which pushed it onto the ICAO and then each country was forced to grudgingly and unwillingly implement this standard which they previously pushed for.

Re:Again

[swillden]

The purpose WAS to increase security, and it works just fine. What these researchers did was simple, obvious and pointless.

Sure you can copy the data from one passport to another. So what? It still contains the original photo and any other biometrics, binding it to the true owner of the passport. The data can't be altered because it's digitally-signed. Someone else can impersonate the passport holder, but only if they have the passport holder's face. As more biometrics are added, they'll also need the passport holder's fingerprints, iris -- maybe someday they'll need the passport holder's DNA.

Now, the fact that the passport might be detectable from a distance is something of an issue. US passports have foil in the cover to create a mini Faraday cage and RF-isolate the chip when the passport is closed, so for holders of US passports the solution is simple: put a rubber band around your passport to hold it closed. Holders of passports from other countries may want to cover their passport in tinfoil if they're concerned about being tracked.

Re:Again

[SharpFang]

The main stated reason of introducing RFID passports in GB was to facilitate entry of GB citizens into US.

So, bullshit.

Re:Again

[spikejnz]

The purpose was to decrease the time it took to process a passport aka person.

Well it works...just ask Elvis!

http://www.gizmodo.com.au/2008/10/elvis_comes_back_from_dead_to_prove_rfid_passports_lack_security-2.html

Re:Again

[klui]

Maybe the Chinese will do it right and just put a shoddy non-working chip into its citizens' passports. The first time when DOA is a good thing.

Re:Again

[TheP4st]

The data can't be altered because it's digitally-signed.

mmkay..

Re:Again

[DrgnDancer]

I don't see the conflict here:

Step one: US and UK (and probably several other) governments get together and decide this is a good idea.
Step two: Both governments go back to their people and say "This is to facilitate entry into $otherCountry."
Step three: Both governments get the standards implemented and both get to make it look like they were just being nice and facilitating travel to $otherCountry; while at the same time getting what they actually wanted anyway.

Both governments get what they want, neither side actually lied (since, after all, travel between the two or more countries IS facilitated) and everyone is happy except for the people who realized that this was a dumb, ineffective, and potentially abusable idea in the first place.

Re:Again

[swillden]

The data can't be altered because it's digitally-signed.

mmkay..

That's got nothing to do with the digital signature on the data.

In order to read the data from the card, you first have to authenticate with a challenge-response protocol using a symmetric authentication key. That key is derived from data printed on the inside of the passport, the "Machine Readable Zone", or MRZ. The purpose of this authentication is to make it difficult for someone to read your passport data without your knowledge. In theory, they'd need to open your passport, grab an image of the inside page and then they could authenticate to read out the data from the chip.

The problem is that there is insufficient entropy in the MRZ, since it doesn't contain any random numbers. Because of that, with a little guesswork and some trial and error, an attacker can figure out the authentication key without seeing the MRZ.

That means that an attacker can read the data from the card -- the digitally-signed data. Being able to modify the data without invalidating the signature requires breaking either SHA-1 (with a pre-image collision) or RSA-2048. Good luck with that.

Before someone else brings it up, there was another group who discovered that at least one immigration agency (Belgium? I don't remember which) was not bothering to verify the digital signature on the data. Since they weren't, the group was able to modify the contents of a passport and get away with it. That's not a security failure in the passport, though, it's a procedural error on the part of the immigration agency. Assuming agencies implement their passport checking software correctly and validate the digital signature on the data, there is no way for an attacker to modify any of the data without detection.

Re:Again

[MrJerryNormandinSir]

The day I'm required to supply my fingerprints, iris scan, and DNA to hold a passport, would be the day I uproot my family and reverse emigrate to San Miguel, Azores, Portugal. My In-Laws have property that's high on a cliff overlooking the ocean there. I'm tempted to see how much they want for it. There's hot springs there so a simple geothermal generator is possible. Solar too.. The climate is very temperate. I could do Linux consulting remotely to pay the bills. The Patriot Act is anything but patriotic. I'm getting even more disgusted with the presidential election.. we don't have a viable candidate from any party. McCain is loosing his mind, I don't have a good feeling about Barack.. I believe if he makes it in, history will repeat itself and Biden will end up as president in a year. Bob Bar voted for the patriot act so he's not getting my vote. Ralph Nader.. even though his intentions are good.. he's too old to be our nation's leader. The future of the U.S. looks bleak. RFID is too Orwellian for me. benjiman Franklin said something like "If you sacrifice liberty of security you will have neither"

My Great Grand parents emigrated to the US from Italy. My Wife's parents Emigrated from San Miguel. My wife and I were born in the US.

Re:Again

[swillden]

The day I'm required to supply my fingerprints, iris scan, and DNA to hold a passport, would be the day I uproot my family and reverse emigrate to San Miguel, Azores, Portugal.

Portugal will almost certainly implement biometric requirements before the US will.

Re:Again

[mrdoogee]

If I had mod points, I would have modded parent up.

Re:Again

[IndustrialComplex]

The first time when DOA is a good thing.

I don't know about that. I ordered a mail order steak once...

Re:Again

[hughk]

In addition the RFID contain the same information you see in the passport, so that you can check that against the database and future use would allow checking the RFID stored photo with a camera scan to verify ID.

No. A friend of a friend got his new RFID chipped passport in the US. He refused to accept the passport without the chip being checked. This was good because it was someone else's chip in his passport. The manufacturing process has got screwed up and the wrong data was recorded in the passport.

The reaction of the staff was not surprised although they didn't say how often it had happened.

Re:Again

[hughk]

There are schemes where passport data can be secured with a digital signature from the issuing authority. The problem is that it means that you have to have a key distribution infrastructure. Public Key Infrastructures have a lot of problems even in one organisation, let alone across international borders.

Re:Again

[pluther]

The question is...what _was_ the purpose?

My guess is that the answer to that will be obvious if someone can answer:
1. Who approved this in the first place.
2. Who is profiting from the manufacture of these new passports.
3. How much money #2's lobbyists gave to #1.

Re:Again

[quincunx55555]

The purpose was to decrease the time it took to process a passport aka person.

You mean the excuse was to decrease processing time. On every occasion that I've had my passport checked at a border it only took a few seconds. We've already heard the excuse. We still don't know the real purpose.

Re:Again

[Jah-Wren+Ryel]

Someone else can impersonate the passport holder, but only if they have the passport holder's face.

It is called "identity shopping" and not they do no need to have his face. They only need to look vaguely like the original holder because, as everyone with a driver's license knows, that the picture on your photo-id is rarely all that great of a picture.

As more biometrics are added, they'll also need the passport holder's fingerprints, iris -- maybe someday they'll need the passport holder's DNA.

Boy, that's a day to look forward to. But even that's not foolproof, have you seen the movie GATTACA? If DNA should ever become a requirement, there will be plenty of ways to impersonate that too, especially when you consider that people constantly shed their DNA into the space around them every second of their lives.

Re:Again

[swillden]

Wow, you've made an amazing discovery: Nothing is perfect!

Of COURSE it will always be possible to defeat any security scheme. It's always been possible to forge passports in the past. The new MRTDs are a response to the fact that technology has been making it easier and easier to forge the paper and ink characteristics that have been the primary security technologies in the past. No one seriously expects the new technologies to achieve perfection either -- and even if they did, you could STILL beat the system by bribing the appropriate passport issuance official -- but they raise the bar and make successful forgery more difficult, and they do an excellent job of it.

Having to find someone who looks like you to impersonate is harder than if you can impersonate just anyone, and it's riskier because maybe you'll run across an agent who is sharper, or ornerier than average. When you add having to fake fingerprints with gummi fingers, an iris with contacts and DNA with a bag of blood or skin scrapings, and have to successfully execute all of that fakery without being noticed, then doing it successfully becomes a significant challenge. Impossible? No. But hard, and that's the goal.

I personally think it's a bad goal. I would rather live in a world where passports and visas are unnecessary, and individuals can travel at will without identifying themselves. But that's not the world we have.

Re:Again

[swillden]

ICAO acts as the root CA and certifies the national keys. It's a well-understood problem.

Re:Again

[Jah-Wren+Ryel]

Wow, you've made an amazing discovery: Nothing is perfect!

The discovery I've made is that the price we are paying for imperfection keeps going up.

Re:Again

[SL+Baur]

Step one: US and UK (and probably several other) governments get together and decide this is a good idea.
Step two: Both governments go back to their people and say "This is to facilitate entry into $otherCountry."

You appear to be correct. :-(

Re:Again

[swillden]

Wow, you've made an amazing discovery: Nothing is perfect!

The discovery I've made is that the price we are paying for imperfection keeps going up.

Not really. The inflation-adjusted price of passports has remained fairly constant, with only minor fluctuations. Or did you think that all of the equipment to produce holograms, optically-variable inks, layered printing, UV printing, laser engraving, etc., was cheap? In the past, the high cost of the equipment was the ONLY thing preventing forgers from successfully producing perfect fakes.

If you meant something else by "price", don't be coy: spit it out so we can discuss it. I may agree with you.

Re:Again

[hughk]

Large PKI systems have a number of major issues complicating it, especially when you have a relatively long lived piece of information like a passport or other identity document.

One such problem is the root certificate. PKI is a hierarchical trust system so should ICAO signing key become discovered this would invalidate every document signed using that key. This would invalidate the national issuer keys which in turn would invalidate the issued documents. All of them.

Re:Again

[Jah-Wren+Ryel]

Social cost. I thought that was obvious.

Re:Again

[swillden]

What social cost?

Re:Again

[swillden]

Large PKI systems have a number of major issues complicating it, especially when you have a relatively long lived piece of information like a passport or other identity document.

Yes, and all of those issues are also well-understood and there are reasonable ways to address them. For starters do some research into FIPS 140-2 level 4-certified hardware crypto modules. Such devices, along with key-splitting techniques and secure backup and key management techniques, provide the basis for making secure generation and management of such important keys possible. Not easy, but possible -- and done all the time by numerous government and commercial institutions.

One such problem is the root certificate. PKI is a hierarchical trust system so should ICAO signing key become discovered this would invalidate every document signed using that key. This would invalidate the national issuer keys which in turn would invalidate the issued documents. All of them.

Nonsense.

The compromise of the root key doesn't affect the security of the keys it certifies. Its compromise only means that it cannot be trusted to validate those keys' authenticity, which means that another mechanism must be used to verify their authenticity.

There are less than 200 nations in the world, and each of them has created a small set of signing keys (a few hundred). If necessary, they could securely courier copies of their public signing keys to one another and accept as valid only passports signed by that set of keys. And don't start in on "what about compromised couriers", because there are many, many excellent ways to address those issues. Consider that banks have been exchanging SYMMETRIC keys via courier for nearly three decades, without any compromises, and militaries have been doing it for far longer. Exchanging public keys is a breeze. Publish them in the New York Times.

There are various breakdowns in a PKI system that would be fatal in a system with larger numbers of relying parties, or in an environment where key exchange must be cheap and fast, but those don't apply here.

Re:Again

[Jah-Wren+Ryel]

This is not the social cost you are looking for.

Re:Again

[swillden]

So you don't really have anything specific in mind?

I can think of a few different things you could mean, but if you think one of them is particularly obvious, that just shows that you haven't thought about these issues very much.

Re:Again

[Jah-Wren+Ryel]

No, I just don't really feel like having this conversation, because I've had it a million times before.

Re:Again

[hughk]

Electronic signatures are useful but are frequently compromised by poor implementation. Hardware authentication devices may themselves be compromised either during manufacture or distribution.

Consider that banks have been exchanging SYMMETRIC keys via courier for nearly three decades, without any compromises,

I have worked in banking for 20 years and I'm fully aware of the problems both on single key as well as dual key systems that have happened, some of which I have witnessed myself such as the transmission of AES encrypted data by courier but enclosing the key in the same package (Duh?). These were not made public. I can't comment on the government/military side as I only hear rumours but I'm fully aware that screwups happen there too.

Re:Again

[swillden]

Electronic signatures are useful but are frequently compromised by poor implementation.

Clearly, poor implementation causes problems, but there are also plenty of examples of how it can -- and is -- done right on a regular basis. If you work in banking, then you should be familiar with the ZMK transfer process, right? And, as I already pointed out, PK dissemination is much, much easier. PKI is needed to automate public key transfer and verification, but it's a convenience, not a necessity.

Keep in mind also, that if the digital signatures are somehow broken (perhaps a huge advance in the mathematics of factorization will break RSA, or perhaps some more mundane compromise occurs) all that happens is that we're back to the level of security that we had without them. That is, in that (unlikely) event, the attempt to increase the level of security failed, but no security has been lost.

Given that I've been involved in the e-passport work, and given my background in cryptology, I'll confidently wager a significant sum that the system will not collapse. There will be occasional problems (such as with the passport verification system that didn't bother to verify the certificates), but the system as a whole will perform its job well.

Re:Again

[swillden]

In that case, why did you bring it up?

Obviously, because you're not sure your arguments have merit, and you hoped you could get away with just implying that I'm too stupid to understand the obvious issues. A low -- and transparent -- tactic.

Re:Again

[Jah-Wren+Ryel]

In that case, why did you bring it up?

Because you misinterpreted my post.

Re:Again

[swillden]

In that case, why did you bring it up?

Because you misinterpreted my post.

Nope. Re-read the thread. You brought up "price", without specifying to what price you were referring. I refuted the most literal interpretation, while acknowledging that you might have been hinting at something else, and asking for clarification. You responded that you meant social cost, and then said that your meaning was obvious (which it's not -- there are a multitude of potential social costs here), trying to imply that I must be dense.

So, YOU brought up some vague notion of price, before the alleged misinterpretation (which I maintain wasn't a misinterpretation, but a reasonable response to an ambiguous assertion).

So, I repeat: If you had a point, why not make it? If you didn't have a point, why bring it up?

Re:Again

[Jah-Wren+Ryel]

You did not go far enough back in the thread. You responded to ME, not the other way around.

Re:Again

[swillden]

You did not go far enough back in the thread. You responded to ME, not the other way around.

This is getting silly, but I'll recap the thread for you anyway.

You responded to my post about how the security does work, and pointed out that it's imperfect. This was your entry into the thread.

I replied that of course it's imperfect, nothing is perfect, but it raises the bar.

You replied "The discovery I've made is that the price we are paying for imperfection keeps going up." This is where you brought up the notion of some nebulous "price".

I pointed out that the dollar cost has not gone up, acknowledged that you may have meant some other price, and asked you to clarify.

You said "social cost", and that you thought it was obvious.

I again asked you to clarify.

You started evading and misdirecting.

Again, I'll ask: What price are you talking about, and if you didn't want to discuss it, why did YOU bring it up?

Re:Again

[Jah-Wren+Ryel]

You responded to my post about how the security does work, and pointed out that it's imperfect. This was your entry into the thread.

That was your post?
Sorry, I misremembered.
No wonder you have such stick up your butt about it.

Re:Again

[swillden]

You responded to my post about how the security does work, and pointed out that it's imperfect. This was your entry into the thread.

That was your post? Sorry, I misremembered. No wonder you have such stick up your butt about it.

Ah, misdirection and evasion failing, it's time for ad hominem!

Are you always an asshole, or are you just having a bad day?

Re:Again

[Jah-Wren+Ryel]

Are you saying you don't have a stick up your butt about the whole thread? Come on, go back and read your own posts, they are pretty funny.

Here's a bone - any cost is too much because there has been no significant lapse in security to justify these changes. Passport forgery has been trivial for decades, yet we have not seen any significant problems in that time and we certainly have not seen any recent increases in problems either.

Re:Again

[Jah-Wren+Ryel]

Damn, all that pissing, moaning and accusations about my integrity to try and bait me into an argument and when I finally do make one arguable point, he is no where to be seen, instead he tags me as his enemy. I kinda had a feeling he was one of those "respect my authoritae!!! babies to begin with." Of course I'm smug about it, he just proved I was justified in not wanting to debate it with him in the first place.

this is intentional

Part of creating a more authoritarian society is to keep your populace under fear. To have the more knowledgeable elements of your population know just how close they are to losing their freedom due to a modern equivalent of a filing error is entirely intentional.

No-one in government/civil service wants these documents to be 100% secure. A few accidental misidentifications will keep everyone realising how powerless they are, and a few "accidental" misidentifications will be used to conveniently eliminate specific undesirables.

Summary: If you fear that your identity will be stolen now, the government is operating as intended.

Re:this is intentional

[mapkinase]

Oh, for the sake of the only God!

Re:Anonymous Coward

[tRANIS]

I would just hammer it

Re:Anonymous Coward

[will_die]

Too expensive cheaper here.

Re:Anonymous Coward

[txoof]

A moulding nail works great for smashing the hell out of just the RFID chip. My new AmEx came with one and I immediately crushed the hell out of it. I was thinking about doing the same to my new passport when it arrives. I decided that the plausible deniability might be a little slim for a precisely placed hole over the chip though. Perhaps another destructive method might be in order. Who knows what might happen if I accidentaly stood too close to a strong microwave emitter... I hear that the microwave oven is good for drying out wet passports too.

Three Words

[Dracophile]

No shit, Sherlock.

Re:nothing to worry

[SL+Baur]

Oh yeah. Nothing to worry about. One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain. I've never been to Europe, have no planned trips there for maybe the rest of my life. Wonderful.

Another danger is that the tags can be read from as far as 150 feet away in some situations, so criminals could read them without being detected.

s/criminals/kidnappers/ which IS an issue in places I travel. Those RFID thingies shout out, "I'm an American citizen, kidnap me!".

Although the tags don't contain personal information, they could be used to track a person's movements through ongoing surveillance, they said.

See previous comment.

Though there's no reason for panic, "Our hearts should start to beat a little faster," Kohno said.

Bwahahahaha. Can I please have my paper only passport back, please? It's for my safety and think of my children.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Anonymous Coward

[HungryHobo]

It will be considered a mangled document. Never mind that it's also an old style passport, if the RFID tag is broken then it's considered the same as if the passport was dipped in ink or burned too badly to read.

The fun starts when you consider that RFID tags break if exposed to too stong a signal of the kind used in RFID scanners. You could build one fairly easily, stick it in your backpack and hang out or even walk through somewhere with a lot of tourists.

Re:nothing to worry

[ettlz]

One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain.

Really?! Because I thought here in the UK, one of the main stated reasons they started introducing RFID passports was to facilitate entry to the United States!

Tinfoil anyone?

[dword]

Damn it, now I have to take off my tinfoil hat and use the tinfoil to protect my RFID!

Re:Tinfoil anyone?

[glop]

Does it actually work?
What's the frequency used for RFID chips? How thick a metal box do you need? What kind of joints does one need?
Come on guys, don't tell me I'll have to Google it!

Re:Tinfoil anyone?

This is probably just a global conspiracy, to increase tinfoil sales.

Re:Tinfoil anyone?

[TheP4st]

Google it and thy shall find your answers in the first hit. http://www.google.com/search?client=opera&rls=en&q=rfid+frequency&sourceid=opera&ie=utf-8&oe=utf-8

Re:Tinfoil anyone?

[houghi]

I do have made a pouch for my RFID passport. I took some tinfoil and put somer duct tape on one side a bit more then souble the size of my passport in length. Doublefolded it and put duct tape on the outside as well. Now it is like an envelope. Layer of duct tape, layer of tinfoil and again a layer of duct tape.

I was once asked why I did this. I told them it was because I once had problems with a password becoming wet and unreadable, so this is to prevent that. If they would have asked about the tinfoil in the middle, I would have explained that that was because it is easier to work with that way.

The real reason is because it was fun to do and I had time, tinfoil and duct tape to spare. The fact this IS a good protection against damaging your passport is just a nice plus.

Re:Tinfoil anyone?

[Dr_Barnowl]

Thin foil should work as long as it's electrically insulated from the loop antenna in the document ; since this is embedded between a sheet of plastic and a cardboard cover, that's already done.

Complete coverage works for any frequency.

Heck, a conductive antistatic bag might be enough.

Re:Tinfoil anyone?

[Squeedle]

An electromagnetic field cannot exist inside a conductor. I use a hinged metal credit card box for a lot of my cards, since some of my purses/bags have magnetic closures, and this protects them (and my BART cards) from getting wiped. Just remember the RFID-equipped item needs to be completely enclosed.

There are RFID-reader-proof passport holders available for sale, but you could easily make one yourself in any number of ways. You could use industrial strength aluminum foil.

You can also use metal screen, which is more flexible than metal sheet and won't tear like foil, but just know that the screen openings have to be less than 10% of the wavelength of the RF you want to keep out.

It does not need to be thick (within reason/possibility - don't use a 1-atom thick layer, k? :) ) It just needs to be a conductor. The joints aren't really relevant as long as there aren't gaps when it's closed - see the 10% rule.

As a guideline for wavelength, the microwave (GHz) frequencies run to the centimeter range. If you have gaps at the millimeter level, you are fine - just look at the screens over a microwave oven door to see what I mean.

Here's the wikipedia page for the electromagnetic spectrum: http://en.wikipedia.org/wiki/Image:EM_spectrum.svg

Re:Tinfoil anyone?

[Thuktun]

An electromagnetic field cannot exist inside a conductor.

I think you meant that an external electromagnetic field is canceled inside a conductive shell.

Re:Tinfoil anyone?

[nsaspook]

EMI AND ESD protection differ. http://multimedia.mmm.com/mws/mediawebserver.dyn?6666660Zjcf6lVs6EVs666bOjCOrrrrQ-

wait...

[nimbius]

the question im asking right now is not "why didnt everyone just listen to me when i said it was a problem" but, "does this make me a researcher too??"

Re:nothing to worry

[TheRaven64]

One of the main stated reasons they started introducing these things was to facilitate entry to Great Britain.

Actually, much of Europe. But talk to your government about that - they started the tit-for-tat escalating entry requirements. When someone enters the US now, they are photographed and fingerprinted, and the only reason I didn't require a biometric passport for entry last time I went was because there was a temporary visa waiver program in place for people without biometric passports.

Most of the stupid entry requirements for Americans entering other countries are due to politicians responding to pressure from their constituents complaining about being treated like criminals when they enter the USA.

Re:Anonymous Coward

[stephanruby]

I could see why you'd want to do this to other people's passports, but why do it to your own? Do you enjoy being detained by airport security before/after a long flight? Do you think the American government will pay to replace your defective passport?

Re:Anonymous Coward

[L4t3r4lu5]

That's a card holder. We're talking about RFID passports.

How about this for your cards, or this if you like the idea, but want to keep your passport and cards in one place.

However, if you think that having all your ID in one place is a good idea, I don't think you should be on this thread.

Re:nothing to worry

[SL+Baur]

Really?! Because I thought here in the UK, one of the main stated reasons they started introducing RFID passports was to facilitate entry to the United States!

Can you find a link to some reference for that and get back to me? I'll do likewise.

This announces the bloody thing, but isn't complete: http://edocket.access.gpo.gov/2005/05-21284.htm

Re:Anonymous Coward

[dyingtolive]

I think the whole point is that (omitting the mangled document thing from the other reply) it prevents anyone else from reading/stealing/monitoring your data and hopefully would just be manually read and you would be on your way.

Re:Anonymous Coward

[will_die]

Further down on the page they have passport holders and wallets. They are compariable in price to the ones on Thinkgeek site, excluding the stainless steel one.
Based on the photos the wallets are the same ones.

Re:nothing to worry

[niiler]

Are you ready for the inevitable conspiracy theory? Here it is, cooked up between my wife and myself after discussing the implications of renewing our passports shortly.

The problems are actually a feature. Let me explain. Remember how the old Soviet-bloc countries didn't like their nationals traveling because they would see how much better the rest of the world was? (Don't get me wrong, I like it here just fine.) Well, if everyone who hears about this says "I guess I won't be traveling any time soon", it effectively stops travel (usually by the intelligentia) all the while allowing the govt to say "We have no travel restrictions on our own citizens".

Of course, all this is nonsense. Our current administration would never feign incompetence to obtain other goals. Yet there's plenty of other information that suggests there's no tom-foolery about this and that the incompetence is real.

So in short, I'm not sure which it is, but the bottom line for me is that I'm waiting until the last minute in the hopes that some of the recommended features are implemented by then.

Big cluestick

[KenRH]

The persons who got the brilliant idea to but remote readable technology into passports should be hit with a cluestick the size of the Eiffel-tower.

Like it would be such a big problem to put such a card into a reader with connection points

Re:Anonymous Coward

[mapkinase]

Swell! And it's not done by Faraday!

So what? You still need to forge the card itself

[jjo]

Just cloning the RFID code isn't a particularly safe way to forge a border-crossing card. With a blank RFID card carrying cloned data you are running the risk that the border agents will examine your bogus RFID card, see that it's not geniuine, and bust you for forgery.

Even if you do a convincing forgery of the card itself, you run a risk of discovery. Using the RFID data as an index into the government database, the border agent's computer system will pull up the photo (or other biometric data) of the genuine cardholder. If they are paying attention, they will see that you are not the right person, and bust you for forgery.

Also, each RFID passport card comes with a foil-lined sleeve that protects it from both physical damage and RFID skimming. I always keep mine in the sleeve when not in use. If others do the same, this vulnerability will be restricted to places where the cards are used, i.e., border crossings. Lurking around border crossings to clone RFID data seems like another risky strategy.

once again

I work with motorola canopy gear to bring people broadband to remote areas using RF. It's amazing how simple it is to steal some of our stream, access people's "radio's" and routers and so on...

I guess if the global government wants to put a definitive leash on us, they'll have to pursue other avenues.

otherwise - I can't wait to hack my RF brain chip!

Quick!

[BigBadBus]

Someone call the Mythbusters! Oh, someone did? Darn.

Re:nothing to worry

[sir_eccles]

I'm not sure why people are so worried about high tech methods of "stealing" passports when thousands of passports are physically lost and stolen every year. Check out the statistics from the past two Brits abroad reports.

http://www.fco.gov.uk/resources/en/press-release/2007/08/fco_hp_npr_070802_britsbehavab

http://www.fco.gov.uk/en/newsroom/latest-news/?view=PressR&id=5226726

Re:nothing to worry

[caluml]

Those RFID thingies shout out, "I'm an American citizen, kidnap me!".

Stop with the paranoia. You'll find people around the world are generally all decent people. Of course, YMMV in Iraq, Afghanistan, etc, etc

Re:nothing to worry

[Spy+der+Mann]

Stop with the paranoia. You'll find people around the world are generally all decent people. Of course, YMMV in Iraq, Afghanistan, The White House, etc, etc

There, fixed that for you.

Re:nothing to worry

[spikejnz]

You do realize that there are currently 27 countries whose citizens are not required to get visas for entry into the US, right?

http://www.travel.state.gov/visa/temp/without/without_1990.html

You also realize that the US required these 27 countries to comply with their intent to implement RFID enabled passports, right? Should they decide NOT to implement the passports, they faced possibly losing their visa-free status.

"...requirements under the US Visa Waiver Programme which calls for countries to roll out their Biometric Passport before 26 October 2006."

http://www.wired.com/politics/security/news/2005/05/67418?currentPage=all

Re:Anonymous Coward

[txoof]

It will be considered a mangled document. Never mind that it's also an old style passport, if the RFID tag is broken then it's considered the same as if the passport was dipped in ink or burned too badly to read.

Having a toasted RFID chip would be much like having a gunked up, but not deliberately defaced passport number. The OCR machines are notoriously bad at reading the data at the bottom of the document. A fried, but not obviously physically damaged chip would appear to the border offical as if the chip or the reader had malfunctioned. They would most likely simply input the data by hand and send you on your way. If you use a hole punch to remove the chip, it's a completely different story. Then it looks like you're up to no good. They key hear is to look innocent ;)

Re:nothing to worry

[Hurricane78]

But who wants to go to a terrorist nation anyway? Or would you go to Iran, because they say you need no visa?

In both cases there is a high probability that you lose your laptop and maybe not even come back at all.

There, I did it. I compared the USA to Iran. Beautiful countries with good people, but evil extremistic governments that brainwash them for their own power.

Oh, and we in Europe will join you soon. By then I'll be gone to one of the new growing independend nations...

Re:nothing to worry

[coffeepriest]

Most of the places I can think of that have a problem with kidnappers would be places like the Philippines where I seriously doubt the kidnap-for-ransom groups would have RFID readers powerful enough to scan a large group of people and locate you. Besides, they won't be looking for AMERICANS, they would be looking for anyone from a devloped nation because they might have money. Most of these places you would stick out like a sore thumb looking like a tourist anyway, so the RFID card isn't going to give you away anymore than your appearance likely does anyhow. So, I think this fear of 'kidnappers' is overblown.

Government Property?

[PolygamousRanchKid+]

Well, it doesn't seem to be in the fine print of my new passport (without RFID!), but my old one states:

THIS PASSPORT IS THE PROPERTY OF THE UNITED STATES OF GOVERNMENT.

Followed by a paragraph titled:

ALTERATION OR MUTILATION OF PASSPORT

Prosecution (Title 18, U.S. Code, Section 1543), etc ...

I wonder if the new ones state: "This passport is only valid with a functioning RFID chip."

Re:nothing to worry

[daem0n1x]

Why would people in those countries be different from the rest of the world? I wonder if they are born with the "evil gene" or something like that.

Re:Anonymous Coward

[thepotoo]

It would be cheaper just to put the passport in the microwave, however this might be illegal. Anyone know for sure?

Re:nothing to worry

[Rick+Bentley]

Can I please have my paper only passport back, please?

Just put the one you have now in your microwave for a few seconds, that'll fry anything in there and you'll effectively have a paper-only one again. If they ever try to engage the RFID portion and it doesn't work just say "huh, wierd". Yours won't be the only one to ever fail.

anti-static bag

[pseudorand]

Would keeping my passport in an anti-static bag that computer parts come with prevent it from being read? And does anyone know where I can get an RFID reader cheap? (cuz I don't trust the /. crowd to really know the answer to the first question.)

Also, what anti-copying technology could they possibly be talking about. It seems to me that unless the RFID chips have evolved into active things that actually read some transmitted data, decrypt it (proving you have the secret key without revealing the secret key) and send it back, RFID couldn't possibly be anything more than a bar code that doesn't require line-of-sight. 'splain it to me, Lucy.

Take that!

[Jane+Q.+Public]

All you people who said I was full of sh** when this subject last came up on slashdot.

Re:So what? You still need to forge the card itsel

[svank]

Also, each RFID passport card comes with a foil-lined sleeve that protects it from both physical damage and RFID skimming. I always keep mine in the sleeve when not in use.

I don't remember getting a foil-lined sleeve with my RFID passport.

Oh REALLY?

[Nephroth]

Hell, even my aging grandmother could find flaws in the RFID passports.

Re:So what? You still need to forge the card itsel

[hughk]

In theory your own border guards may be able to validate the identity of a passport holder. In reality, if you go to the US with a UK passport, I don't think the US will allow the UK immigration officials access to their database. In reality they will just use the image on the chip (maybe).

Re:So what? You still need to forge the card itsel

[pluther]

1. Forging the card is easy. You don't need access to the original, you just need to know what it's supposed to look like. They all look the same, and the info you need is on the chip. Convenient, huh?

2. I didn't get a foil sleeve with my new RFID passport. Nor did either of the other two people in my household who got theirs at about the same time.

3. "Lurking around border crossings" is perfectly safe, and not suspicious. I've crossed lots of borders and one thing they all have in common is large numbers of people standing around.

Faraday Wallet

[CranberryKing]

There are already several of these available for wallets and passports, if you don't just want to build your own.

Re:this is intentional^irrational

[Squeedle]

It's easy to make up motivations, since it's completely unprovable. The more believable it is the better, and people will make up motivations that fit their own biases, so you can believe whatever you want. I prefer being more rational; do you have evidence for this? Has it happened in the past? Where and when? Do you have any evidence whatsoever that this is not just due to incompetence rather than conspiracy? How do you know that "no-one in government/civil service wants these documents to be 100% secure?" Do you know everyone in government and civil service, and have you asked them? If not, are you some kind of magical mind-reader? And how likely is it that literally nobody in government wants what's right for America? Nobody? There is no more sweeping generalization.

They're using SHA-1?

[Beryllium+Sphere(tm)]

In February 2005, cryptographers were already saying things like "Until further notice all new designs should use SHA-256" due to recently discovered weaknesses in SHA-1. It hasn't been cracked, and it's not in immediate danger, but in any system that will be around for decades to come it is an unwise choice.

Re:They're using SHA-1?

[swillden]

Yes, they're using SHA-1. This standard was completed and countries had already made large investments in building and deploying passports and infrastructure before the first reports of possible weakness in SHA-1 came out.

I'm sure they'll change that in a future revision, but it'll take a decade or two. I'll be surprised if pre-image attacks against SHA-1 become possible before then.

Re:nothing to worry

[Foobar+of+Borg]

Most of the stupid entry requirements for Americans entering other countries are due to politicians responding to pressure from their constituents complaining about being treated like criminals when they enter the USA.

Yeah, even Indonesia is initiating biometric passports. It's really odd to contrast entering Indonesia vs entering the US. When entering Indonesia, they check your passport, check your luggage, and make sure all your entry papers are in order. But, the people you deal with are generally professional and you are talking to a real human being. Also, the overall setup is not designed to intimidate and corral everyone, like it is in the US. Upon entering the US, it's like entering some kind of fascist nightmare. The people you deal with may as well be robots. You have to give fingerprint and other biometric stuff. And God help you if you look "funny" to them. And there is even the general stupidity of having to put baby blankets through the x-ray scanner. I actually unfolded the baby blanket and showed it to the TSA guy, but this stupid robot still mindlessly drones that I have to put it through the x-ray.

Stupid frigging people. [/rant]

Microwaving them Dead

[Doc+Ruby]

How does someone use a microwave oven to zap the embedded RFID without leaving a noticeable mark on the passport (like a burn mark after too much power/time)? Maybe there's some amount of popcorn kernels that can pop before burning the passport, then stop the process after the chip is fried, before some larger amount of kernels pop before the passport burns?

Re:nothing to worry

[Friggo]

No, many people in those countries have a rather recent reason to hate americans, thats all.

One Word Solution. Problem Solved.

[TrentTheThief]

"Microwave"

Re:nothing to worry

[wiglebot]

All RFID is insecure: Smack the passport with a hammer, it will break it. You will just be put in the line to run the magnetic strip and then possibly cavity searched. Where have you guys been this is very old news.

Re:nothing to worry

[Gilmoure]

Once they finally crack down on all that tourist traffic stuff and start controlling state border crossings, we'll all have passports. The war on tourism won't fight itself ya know!

Re:nothing to worry

[Gilmoure]

I hear in Iceland, there's a woman behind every tree.

Even a perfect forgery isn't enough

[jjo]

You did get a foil sleeve with your new RFID passport. If you are talking about the standard "book-type" passport, the RFID sleeve is integrated in the cover. However, the new passport card comes with a separate foil sleeve.

While forging the card isn't "easy" by any reasonable definition of the word, even a perfect forgery isn't enough. The picture (and in future, other biometrics) of the genuine passport holder will be stored in the government database, and called up via the index stored in the RFID chip. No matter how good the forgery, if the guards are paying attention to the computer output you stand a significant risk of being caught.

Re:Anonymous Coward

[txoof]

Magnetic fields won't have much effect on an RFID chip. Maybe a really strong one like an MRI might provide would toast the chip, but I doubt it. The chip is tuned to radio, not magnetic flux.

Re:Anonymous Coward

[SpammersAreScum]

And it's not hard to find cheaper US sources, too, unless you have your heart set on stainless steel: here, here, here, etc

Re:nothing to worry

[I)_MaLaClYpSe_(I]

Watch the zeitgeist movie. Skip to 01:48:50 and you'll know what I mean.

At 01:51:00 comes the part with the RFID chip. Damn scary. So I think might be more of an effort to get people used to carrying around remotely readable RFID chips carrying their ID.

http://www.zeitgeistmovie.com/

Re:nothing to worry

[Original+Replica]

So I think might be more of an effort to get people used to carrying around remotely readable RFID chips carrying their ID.

I already carry around a RFID in a work ID, that I have to touch to scanners to open certain doors, and two of my credit cards have RFID for some "insta-pay" feature I never use. I have tried stacking my credit cards with my work ID and scanning into a locked door at work. Sometimes it works sometimes it fails, but without the credit cards RFID tags the job ID always works. So I'm wondering if having a small card with several RFID tags on it to slip inside your passport would act as an effective scrambler vs remote reading of your passport info.

Depending on the type...

[Jane+Q.+Public]

Implantable RFIDs are typically enclosed in glass capsules. However, the type typically used for this kind of application is a minimally-protected microchip surrounded by a coil of fine wire that is used for both communication and power. The kind used in department stores is usually a chip at the center of a printed (rather coarse) spiral coil, mounted on a paper or polymer base with an adhesive applied to one side. This kind is often read-only with only a few bits of information. They are usually about 1.5" square.

Whichever type, the microscopic structure of the chips is most vulnerable to being burnt out by a minimal amount of microwave radiation. Even a small burst of microwave radiation, in even a miniscule coil, should generate more than enough current to fry the chips. If kept to a short burst, this should not leave visible damage.

However, depending on the construction, if it is left in the microwave for more than about a second, the coil could generate currents that might melt or burn other surrounding structure.

I would recommend trying multiple short bursts, of no more than 1 second.

Correction

[Jane+Q.+Public]

I should have stated "more than enough voltage to fry the chips". Apologies for any inconvenience.