U.S. changes mind about RFID-enabled passports (sort of)
Following some intense pressure from privacy advocates, the U.S. government has admitted that their plan to put RFID
chips in people's passports had some potentially huge security problems. The original design had an RFID chip that
would broadcast personal information to speed up the processing of travellers, but in an interview Tuesday Frank E.
Moss, deputy assistant secretary of state for passport services, said: "You do perhaps face a risk of a reading without
the knowledge of the passport bearer, and that is obviously something we want to protect against." Um, yeah. But
despite the many possible problems with RFID technology, the government is still going ahead with plans to use them in
passports, only now they'll be more secure. The new plan is to use data printed on the new passport to unlock the RFID
chip before it transmits anything.
[Via BoingBoing]
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 1)
mehool @ Dec 19th 2005 2:14AM
So now they have to scan the passport, and then the RFID will be activated? what's the point of the RFID then if you have to scan the item first?
mehool @ Dec 19th 2005 2:14AM
i guess RFIDKills.com agrees with me: "Earth to State Department: if you're going to manually scan our passports, why bother using RFID? "
Tyme @ Dec 19th 2005 2:14AM
Damn, we all read those futuristic books and they are all scary, no privacy futures. So why do we put ourselves in those situations??? Damn RFID, dammit to hell.
David:moua @ Dec 19th 2005 2:14AM
But what is the distance for the RFID used ?
My contactless card for transport works ~7cm away without obstacle,
and it's dificult to use it with more than ~10 credit cards between.
If passports use the same thing, you can't read it if you don't have my wallet on your hands.
[David:moua]
Lee Gibson @ Dec 19th 2005 2:14AM
Isn't this the electronic equivalent of writing your PIN on your ATM card?
Wow. If it wasn't so nefarious, I'd say it was stupid.
Et Tu @ Dec 19th 2005 2:14AM
We;ve had RFID tags in our passports for a number of years now and it does cut queue times at the immigration checkpoint.
Heck, not being required to face a bitchy immigration officer is always a plus in my book.
Ultimongo @ Dec 19th 2005 2:14AM
Hmmm...
Sounds about as useful as a TV remote control unit, that you operate from the TV's front panel.
Your tax dollars in action.
/me slaps the State Department. Twice.
Loraan @ Dec 19th 2005 2:14AM
Response to #4: In any RF communication medium, one should be careful of relying on distance or signal weakness for protection. Sure, a standard reader can't query the chip outside of a short distance, but a standard reader is designed for maximum cheapness at minimum acceptable effectiveness. An attacker may be motivated to spend far more money to exceed the minimum design requirements of the system.
In other words, a standard reader is cheap and has a cheap little antenna and radio. An attacker could spend more money to get an expensive antenna and radio and end up able to query the card from a much greater distance. For example, BlueTooth has a specified range of about thirty feet, but hackers used a custom antenna to pick up BlueTooth signals in devices at a distance of over a mile!
atFault @ Dec 19th 2005 2:14AM
"But what is the distance for the RFID used ?"
The transport industry sometimes uses RFID equipment that can communicate up to 50 feet. However, the units that do this are around a cubic foot in size, so no worry of getting one of those embedded in you passport. The ones that are used on pets, and are currently being braved by some people, have a consistent range of about 1 inch.
What I don't understand is that once they punch in the printed data so they can access the information in the system that the serial number in the RFID points to is don't they have both keys in the system? Seems to me this is a bit of smoke and mirrors. If the data really is secure and is only going to be used for 'official' use then who the hell cares if there is a second key that you are going to give them anyway?
BolderX @ Dec 19th 2005 2:14AM
"But what is the distance for the RFID used ?"
It was suppose to be 10 cm when they first introduced it. Problem was they started testing and found out it was possible to get a reading from 30 feet away.
If the governments want to use RFID for this purpose then they may as well implant the chip into your body. Then you wouldn't need that silly passport book at all!
theSAWzall @ Dec 19th 2005 2:14AM
Everyone could just get lead-lined passport holders.
Except, the time saved in line would just be lost with the slower run to the connecting flight.
Drew @ Dec 19th 2005 2:14AM
If they really want to streamline the process they're better off using spread spectrum RFIDs with encryption. With a range of 3-5 feet passengers would then be able to walk through a metal detector - like gate and have their passports automatically scanned. That will expedite the process. What the State Department is really trying to do here is prevent passport forgery all the while they're marketing this new technology as convenience to us, the passenger, when in essence it's going to be more of a nuisance. Entering a code printed on the passport to unlock an RFID tag is hardly expeditious or streamlined.