| « Hunter S. Thompson's Dead | Main | An Imperfect Storm » |
Dennis Bailey over at Open Society Paradox points to an Economist article critical of RFID-enabled passports, which will include all data from the data pages of a passport -- including a digital version of the passport picture -- on a unencrypted 64K RFID chip.
He then defends going forward with the plan, despite the objections:
While it makes sense to try and employ encryption technology to scramble the passport's information, we need to keep in mind that even though any technology can be hacked that shouldn't stop us from going forward to implement new solutions. This new passport would be much harder to forge than the older paper-based version and for that reason, it is an improvement.
This is both right and wrong.
The U.S. government has no plans to use encryption, which means that no other country's passports will use it.
Bailey is right that the new passport will be harder to forge with the inclusion of RFID chips, especially since the chip would be digitally signed to prevent changes to the data in the chip. That's a solid security measure.
But, the chips create a new hazard, since older passports, which have a ten year expiration, will remain valid until they expire.
An unencrypted RFID enabled passport can be skimmed by a hidden reader most easily when the bearer is showing it at a money-changer, giving it to a hotel for safe keeping in the safe or checking into a hostel.
The data -- inluding the digital photo -- can then be used to create a phony version of the *old* passport, using the name, passport number, and possibly even the picture of a real passport holder.
The person whose ID has been swiped would have no idea their passport has been copied, unlike someone whose passport has been lost and reported.
This is a genuine security risk.
There are other considerations (which I don't have time to get into here), but this scenario by itself is, as they say, a non-trivial problem.
Moreover, the most significant opposition I've heard and reported on regarding RFID-enabled passports isn't from neo-luddites.
It's from folks in the high-tech security business and even from the government's own contractors, who seem to think the proposal actually is not an improvement over current passports.
Posted by Ryan Singel at February 21, 2005 06:24 PM
Trackback PingsTrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/124
Listed below are links to weblogs that reference New Not Always Improved:
» Secondary Screening: New Not Always Improved from Privacy Digest: Privacy News (Civil Rights, Encryption, Free Speech, Cryptography)
Dennis Bailey over at Open Society Paradox points to an Economist article critical of RFID-enabled passports, which will include all data from the data pages of a passport -- including a digital version of the passport picture -- on a unencrypted 64K RFID [Read More]
Tracked on February 22, 2005 09:09 AM
» Small Bits of Chaos: Passports, Financial Crypto from Emergent Chaos
Ryan Singel has a good post on chipped passports: Bailey is right that the new passport will be harder to forge with the inclusion of RFID chips, especially since the chip would be digitally signed to prevent changes to... [Read More]
Tracked on February 22, 2005 10:26 AM
» Passport Discussions from The Open Society Paradox
In response to Ryan Singel's comments on my passport post: Ryan, I'm glad I can give you some good fodder for discussion. In response I'd argue that there are many ways to forge the old paper-based passports - just ask... [Read More]
Tracked on February 22, 2005 05:00 PM
» RFID Kills from Emergent Chaos
The US Government is pushing a plan to add radios to every passport in the world. These radios will broadcast all the information in your passport to any immigration officer, id thief, or terrorist who wants it. Want to... [Read More]
Tracked on March 28, 2005 07:35 AM