Secondary Screening

Archives
By Date
April 2006
March 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
By Category
Airline Security Measures
Bicycles
Book Reviews
Congress
Data Mining
Department of Homeland Security
Freedom of Information
Government Secrecy
Miscellany
Other People's Writing
Privacy
Security Measures
The Courts
The New Web
Threat Level
Recent Entries
Change of Address
Privatized Registered Traveler On Track
Software Bug Shuts Down Nation's Busiest Airport
HostGator Rocks
But some butter is more butter than other butter
TSA Picks Privacy Player
AT&T Loses A Customer Over NSA Lawsuit
Jetsons Video Phone? Deaf Say Yes!
AT&T *69s EFF
Narus Not in the Know
Published articles
Wired News Articles
Links
Wired News
DefenseTech
Practical Nomad
BeSpacific
DHS Privacy Office
Memory Hole Blog
Electronic Privacy Information Center
Privacy Digest
Electronic Frontier Foundation
Homeland Security Institute
Secrecy News
Emergent Chaos
EPIC West's Chris Hoofnagle
Prawfs Blog with Daniel Solove
Ann Harrison
Reuter's Andy Sullivan
Schneier on Security
Talk Left
Reason's Hit & Run
W. David Stephenson
Phillip Carter's Intel Dump
Project on Government Oversight
Technology Liberation Front
Edward Felten's Freedom to Tinker
Contact
Email me
415.375.3150
Subscribe
Feed: Your Reader
Atom
RSS 1.0
RSS 2.0
RSD
About Ryan Singel
I'm a San Francisco-based freelance journalist who covers antiterrorism programs, civil liberties, the Internet and privacy.
« Unredacted | Main | Friday Bicycle Blogging »
April 26, 2005 | Encrypted Passports, Maybe?

2400 comments, a handful of news articles in some of the most respected media outlets in the world and one public debunking have got the State Department rethinking encryption of the proposed RFID passport.

After the ACLU demonstrated at this year's Computers, Freedom and Privacy conference that the RFID chip could be read from far further than the government had been claiming, the State Department's lead on the project, Frank Moss, is rethinking the necessity of some smart encryption.

That, according to Kim Zetter's follow-up to my earlier articles on the E-passport in today's Wired News.

Frank Moss, deputy assistant secretary for passport services, told Wired News on Monday that the government was "taking a very serious look" at the privacy solution in light of the 2,400-plus comments the department received about the e-passport rule and concerns expressed last week in Seattle by participants at the Computers, Freedom and Privacy conference. Moss said recent work on the passports conducted with the National Institute of Standards and Technology had also led him to rethink the issue.

"Basically what changed my mind was a recognition that the (reading distance) may have actually been able to be more than 10 centimeters, and also recognition that we had to do everything possible to protect the security of people," Moss said.[...]

Basic Access Control prevents skimming because it doesn't allow remote readers to access data on the passport without the passport being physically opened and scanned through a reader. It also prevents eavesdropping since it would encrypt the communication channel that opens when the data is sent from the chip to the reader.

Moss said the solution was originally rejected because the United States never planned to include more data on the RFID chip than what could be easily read simply by looking at the passport. That being the case, they believed that anti-skimming technology, such as metal fibers in the passport cover, would prevent anyone from surreptitiously reading a passport as long as it was closed. [...]

Full story here.

There's more of course.

The ACLU is filing a FOIA to see what the State Department's own tests had to say about read range.

Most of the 27 visa waiver countries, which have to start issuing some sort of E-passport by October, are pushing for another year to comply. If they don't get it, then visitors from countries such as England and Australia will have to go to U.S. embassies to get a visa.

Congressman James Sensenbrenner, the powerful head of the Judiciary Committee, doesn't want to let them have that time, and said it was those countries fault for choosing bad technology.

How long does that argument hold up if the U.S. delays the roll out of its own passport because it initially chose insecure technology?

Moreover his resolve may not hold up since the State department says it won't even have readers at ports of entry by then. Also the penalty for non-compliance is double-edged since the State Department really does not want to issue visas to German tourists at busy and understaffed embassies. (Understandable since no one really wants to talk to German tourists.)

Anyhow, moral of the story.

Get your passport now (it's good for 10 years), so you don't have to microwave it later if the government gets it wrong.

Posted by Ryan Singel at April 26, 2005 11:42 AM

 Trackback Pings

TrackBack URL for this entry:
http://www.secondaryscreening.net/cgi-bin/mt-tb.cgi/173
Powered by
Movable Type 3.2