Posted on 10/06/2004 11:11:41 AM PDT by zeugma
Since the terrorist attacks of 2001, the Bush administration--specifically, the Department of Homeland Security--has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their nonvisa status.
These future passports, currently being tested, will include an embedded computer chip. This chip will allow the passport to contain much more information than a simple machine-readable character font, and will allow passport officials to quickly and easily read that information. That is a reasonable requirement and a good idea for bringing passport technology into the 21st century.
But the Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that's a very bad thing.
These chips are like smart cards, but they can be read from a distance. A receiving device can "talk" to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.
Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.
Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily--and surreptitiously--pick Americans or nationals of other participating countries out of a crowd.
It is a clear threat to both privacy and personal safety, and quite simply, that is why it is bad idea. Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
Security is always a trade-off. If the benefits of RFID outweighed the risks, then maybe it would be worth it. Certainly, there isn't a significant benefit when people present their passport to a customs official. If that customs official is going to take the passport and bring it near a reader, why can't he go those extra few centimeters that a contact chip--one the reader must actually touch--would require?
The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.
Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can't be done.
Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it.
For those not familiar with Bruce Schneier, he runs Counterpane.com a security consultancy. He wrote Applied Cryptography, a "bible" of sorts in the crypto world. His encryption algorythm, "twofish", was one of the three finalists in the NIST's quest to adopt a new encryption standard to replace DES.
Could we please get someone technically competent to comment on technology, please?
And if worse comes to worse you could always degause the thing, that's what I did when they put magnetic strips on our drivers licenses, taped it to my computer monitor for a couple of days and hit the degause button every hour or so. Just to make the cops actually type.
I've heard tell of Bluetooth sniper guns that can pick up Bluetooth transmission from over a mile away. Imagine a RFID system that zeroes in on a local RFID signal, fires a 50 cal bullet right at wherever the passport is, then moves on to the next target less than a second later. Now imagine such a system set up behind a billboard sign in, say, Times Square. Imagine six such system operating simulaneously.
Where can I get or build one of these ? Thanks.
666
The sign of the beast. Sorry if some of you guys think I am a nut, but when you are talking about using stuff like this (and probably embeding them into people.. why not, we do pets).. Its just a sign of the times.
A Faraday cage is an enclosure made from a perfectly conducting material. For the purposes of hiding a RFID you could make a good-enough Faraday cage with any small metal box, either solid or mesh. A fully enclosed metal cigarette case, or just wrapping the card in tinfoil (say). Tinfoil has the added advantage of deflecting mindcontrol beams from Arcturus.
As far as RFID goes, my dog has a chip in her neck too. Why not a contact chip? Because it is much harder to design a contact interface that would stand up to the abuse that the typical passport goes through. It is a booklet, not a card, therefore it is not easily adapted to magnetic stripe technology. Electrical contact chips also are subject to contact failure. What do you do when a foreign national comes into LAX and darn, his passport won't connect to the reader? Deport him or wave him through anyway? An RFID chip, like the one in my dog, can be hermetically sealed and would be very resistant to failure.
Now, you know the step that they're already working on is RFID luggage claim tags and boarding passes. Easy to find out exactly which ticketed passengers are on board and what luggage is in the hold, making it easy to match passengers to their baggage. Is Mr. Schneier equally alarmed at RFID boarding passes and luggage claim tags?
Like most of other things the government does, they don't seem to have thought this idea through very well.
"An RFID passport or other electronic document would be transported in a Faraday envelope to prevent other readers from polling it."
Cool - a tin foil hat for my passport !
( I prefer the smart card route myself )
We should stop car and air travel because moving at speeds greater than 30 mph are very likely to cause death.
</sarcasm>
New technology can speed things up, reduce cost, and help government and businesses do their work more effectively.
RFID may be fine for tracking low-value merchantdise in a store, but it is definitely not the best solution to choose in places where privacy is important.
It wouldn't be necessary to use electrical contacts to store information. You could use mag-strips, just like evey credit card on the planet. You could also, if you want, print a barcode on the document that contained the equivalent information.
What do you do when a foreign national comes into LAX and darn, his passport won't connect to the reader?
You'd probably do the same thing you would do if their pasport was either missing or otherwise not available or illegible.
The tech doesn't have to be completely impervious to failure, any more than a current passport does. This would merely be another way to add usefuly information to the document that will aid automated validation techniques.
I'm not sure how Mr. Schneier feels about the RFID luggage tags. Perhaps you can ask him.
Get some aluminum foil and wrap it up. BTW, there are handbags with foil linings that shoplifters use to steal stuff. Metalized mylar, if conductive enough, would do the job just fine. It is all about attenuation as RFID works by induction and I believe it falls off as the square of the distance.
Get some aluminum foil and wrap it up. BTW, there are handbags with foil linings that shoplifters use to steal stuff. Metalized mylar, if conductive enough, would do the job just fine. It is all about attenuation as RFID works by induction and I believe it falls off as the square of the distance.
I do not know what the deal is but I am sorry I sending duplicate replies. There is a first time for everything.
The key obviously would be within the computer system that the readers are attached to. The same computer database that also holds all of your personal passport information linked to your passport number already, so there is no increased loss of privacy.
What there will NOT be is wholesale reading of embedded passport chips on the streets of Paris so thieves can identify Americans. The Panama hat, Hawaiian shirt over a white tee shirt, shorts, black socks, and black oxford shoes will do that.
It wouldn't be necessary to use electrical contacts to store information. You could use mag-strips, just like evey credit card on the planet. You could also, if you want, print a barcode on the document that contained the equivalent information.
This is proposed for US and foreign passports. The differing size and shape of various country's passports preclude mag stripe technology. Bar codes might not be able to hold enough information to include biometrics. (Then again, my kid has a Gameboy E-reader, and they get whole games stored in teeny dots on the edges of just 3 or 4 cards. But boy are the dots tiny and fragile.)
Ah, so you have a single key to decrypt every passport the US issues? Hmmm... There might be a problem with that. Would we allow other nations to read our passports? If so, it might as well not be encrypted. Would we want to be able to read the passports of other nations? Judging from this article, I'd say so. Again, crypto wouldn't be useful in such a case because the "secret" would be known by far too many untrustworthy parties.
Another danger not mentioned so far would be if some nasty dude were to decide that he wanted to really screw with people by setting off a EMP type weapon around a large crowd of people. (I've seen working models that were effective for decent distances in fairly small packages). I don't know if RFID cards would be more succeptable to such a weapon than other computerized devices, though I would not be suprised if they were due to the fact that the power to operate them is typically driven by the reader itself, rather than the RFID device.
Just making a blanket claim that "there will NOT be wholesale reading of embedded passport chips on the streets" does not make it true.If the information is considered valuable, it will happen.
The differing size and shape of various country's passports preclude mag stripe technology.
The passports are being redesigned anyway if they are implementing these security measures. I fail to see why the size and shape of a passport couldn't be changed at the same time.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.