RFID Passports (1 Viewer)

pete

pete

chronic procrastinator
Staff member
Since 1999
Joined
Nov 14, 1999
Messages
63,169
Solutions
3
Location
iPanopticon
Website
thumped.com
Bruce Schneier says:

Renew Your Passport Now!

If you have a passport, now is the time to renew it -- even if it's not set to expire anytime soon. If you don't have a passport and think you might need one, now is the time to get it. In many countries, including the United States, passports will soon be equipped with RFID chips. And you don't want one of these chips in your passport.

RFID stands for "radio-frequency identification." Passports with RFID chips store an electronic copy of the passport information: your name, a digitized picture, etc. And in the future, the chip might store fingerprints or digital visas from various countries.

By itself, this is no problem. But RFID chips don't have to be plugged in to a reader to operate. Like the chips used for automatic toll collection on roads or automatic fare collection on subways, these chips operate via proximity. The risk to you is the possibility of surreptitious access: Your passport information might be read without your knowledge or consent by a government trying to track your movements, a criminal trying to steal your identity or someone just curious about your citizenship.

At first the State Department belittled those risks, but in response to criticism from experts it has implemented some security features. Passports will come with a shielded cover, making it much harder to read the chip when the passport is closed. And there are now access-control and encryption mechanisms, making it much harder for an unauthorized reader to collect, understand and alter the data.

Although those measures help, they don't go far enough. The shielding does no good when the passport is open. Travel abroad and you'll notice how often you have to show your passport: at hotels, banks, Internet cafes. Anyone intent on harvesting passport data could set up a reader at one of those places. And although the State Department insists that the chip can be read only by a reader that is inches away, the chips have been read from many feet away.

The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a "meaningless stunt," pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.

This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding.

Whatever happens, if you have a passport with an RFID chip, you're stuck. Although popping your passport in the microwave will disable the chip, the shielding will cause all kinds of sparking. And although the United States has said that a nonworking chip will not invalidate a passport, it is unclear if one with a deliberately damaged chip will be honored.

The Colorado passport office is already issuing RFID passports, and the State Department expects all U.S. passport offices to be doing so by the end of the year. Many other countries are in the process of changing over. So get a passport before it's too late. With your new passport you can wait another 10 years for an RFID passport, when the technology will be more mature, when we will have a better understanding of the security risks and when there will be other technologies we can use to cut the risks. You don't want to be a guinea pig on this one. This op-ed originally appeared in the Washington Post.
http://www.washingtonpost.com/wp-dyn/content/...
Click to expand...


Don't bother rushing down to Molesworth Street - you're too late

http://www.rte.ie/news/2006/1016/passports.html
 
To mark today's launch, Minister Ahern presented a group of people, randomly selected from around the country, with a new E-Passport.
Click to expand...

Lucky randomers. nobody seems to mind all this kinda thing except journalists and nerds though. in britain theyre looking into putting a chip (or something) in every car and monitoring them all by satelitte and tolling them according to the milage they clock up, except that theres then a record of everywhere that car ever goes.

beastnumber23.jpg
 
Are the new passports RFID or just smartchipped?
Reading biometric info can be done on a smartchip, though it needs physical contact with the reader.
RFID can be scanned by anyone with a reader within a fixed distance.

I have dual citizenship (Irish and Hong Kong).
When I got my Hong Kong citizenship I had to give them both of my thumb prints which I wasn't expecting. I was horrified. Still, I gave it to them. On the plus side there's no queue for passport checks when I arrive. I stick my card into a machine, scan my thumbprint and walk out. Plus they take your thumbprints to the states when you arrive too.

Two of the world's super powers have my prints on file.
Bastards!!!
 
the strange guy said:
Are the new passports RFID or just smartchipped?
Reading biometric info can be done on a smartchip, though it needs physical contact with the reader.
RFID can be scanned by anyone with a reader within a fixed distance
Click to expand...


Good question. Although there's no actual mention of RFID technology on the Foreign Affairs website:
The ePassport is the same as a traditional passport with the addition of a small integrated circuit (or “chip”) embedded in the datapage. The chip will securely store biographical information which is displayed on the datapage of the passport and a digital image of the photograph of the holder.


The ePassport incorporates a number of important security features designed to protect the identity of the bearer. A special code is used to write data to the microchip, the chip is protected by a secure electronic "key", and an additional access code guards against electronic eavesdropping or "skimming" of information on the microchip.
Click to expand...



I can't see how "electronic eavesdropping" would be relevant to non-RFID tech, unless that's some dumbed down way of trying to say all the data is encrytped so can't be illicitly read after it's been scanned to a computer....

 
Come to think of it Lala, do you have one of those HKID cards too?

pete: I think you're right, they must mean it's encrypted. You can't eavesdrop on a chip that can't broadcast data wirelessly.
 
electricnews.net says:

The new, high-tech document includes a secure, contactless electronic chip to store encrypted digital information on the holder's identity, biographical information and a digital image identical to that of the holder.
Click to expand...
 
Fuhhhhhhhhhhk Dah!
Sounds like RFID alright.
Every Irish nerd will be popping their passport into the microwave before going on holiday from now on.

I've remembered now that the last time I applied for my passport (last year), they stated something along the lines of 'no smiling' and the need for a 'neutral expression' for the photo. This is probably for some kind of facial recognition algorithm they have/are going to have in place.
 
the strange guy said:
I've remembered now that the last time I applied for my passport (last year), they stated something along the lines of 'no smiling' and the need for a 'neutral expression' for the photo. This is probably for some kind of facial recognition algorithm they have/are going to have in place.
Click to expand...
I was flying out of gatwick weekend before last and the passport check guy was asking some people to stare into a camera for a second without smiling. Plus going into florida last year they scanned my eyes individually.
 
how big a leap is it from these kinda iris scan things to the type you could have on traffic lights picking up everyone who goes by (like in minority report)? Im just wondering from a technological point of view rather than a paraniod one (that can come in a few minutes)
 
Shaney said:
how big a leap is it from these kinda iris scan things to the type you could have on traffic lights picking up everyone who goes by (like in minority report)? Im just wondering from a technological point of view rather than a paraniod one (that can come in a few minutes)
Click to expand...

Emm.

Lets just that the US has infinate processing power. They dont, but they do have a lot.
So... even if they could instantly process all the information (ie get from iris to person, which they cant, cause even running a finger print match nationwide takes lots of hours) they would still have to move it back and forward across a network.
This is definately impossible. There is no way that they can move that much data around. No way Jose. Not even close.

Even... say, they are just looking for one or 30 person(s). And, they are not continiously moving data, they can just send a single search out over all retinal scanners one time, and all they have to do is ping a home base with a co-ordinate when they got a match... even then, the technology is definately not able to scan retinas through windscreens and the like.

I would be completely amazed if a retinal scan would ever work with out you knowing you are being scanned TBH. (I only know this cause one lad that works with us on image analysis also works for DARPA, and has a reasonable idea about what the US military has in that area. And they are no where close apparently.)

But, yeah, the bandwidth just kills it out of the blocks. And the processing powere isnt there yet. And the scanner technology is not close.

Seriously... a turing machine type computer cannot do this sort of work in the way you are thinking. You would need to have DNA or Atomic computers, or some other kind of fucking unbelievably parallel processing going on to get that sort of work done.

And that shit is MILES away. Seriously. Miles. And bandwidth just always sits there, killing everything.

Even if they had a perfect pic of your face, and say a finger print, it would still be hours before they filtered you out of everyone else... and that is assuming they have staggering computational power, which they are willing to use on this sort of thing.
When they are not listening to Echelon and everything else that actually they care about.
 
oh well.

Irish passports go RFID, and naked
By Thomas C Greene in Dublin
Published Monday 23rd October 2006 13:45 GMT

The Irish government has begun issuing RFID passports with biometric data that can be read at a distance to comply with US regulations for its visa waiver programme.

But unlike the RFID passports the USA is now issuing, the Irish ones lack a security feature preventing them from being skimmed, or read surreptitiously.

The US government has gone to the trouble of fitting its passports with a layer of foil that interferes with skimming attempts when the document is closed. The Irish government has not. A local lobbying outfit called Digital Rights Ireland (DRI) has complained (http://www.digitalrights.ie/2006/10/20/new-irish-passports-have-rfid-chip/) that the new passports are ripe for remote privacy invasion. As of course they are.

Unfortunately, DRI has taken that a step further, fretting in a recent interview (http://www.timesonline.co.uk/newspaper/0,,176-2415780,00.html) with the Sunday Times that the unprotected passports could leave Irish travelers "open to targeting by terrorists".
We find that to be quite a stretch, since Ireland remains neutral in the GWOT. While we wouldn't expect a terrorist attack to be called off because Irish citizens might become casualties, we're fairly confident they would be among the last people actively targeted.

But forgetting terrorists for a moment (not easy, we know, with everyone and his brother playing that card), there are significant privacy issues attached to carrying a document that broadcasts your name, nationality, date of birth, digital photo, fingerprint(s), tax number, and sundry other tidbits either in the system now, or scheduled to be added in the future.
Meanwhile, identity thieves have exhibited miraculous powers of imagination and Herculean initiative in exploiting the simplest holes in data security. This passport, while not an open book today, will likely become one long before its many holes are patched.

A simple layer of foil in the cover would help, although it's hardly a privacy panacea. Recent tests have shown that the RFID chips can be cloned (http://www.theregister.co.uk/2006/08/04/e-passport_hack_attack/). It's also been found possible to read an unprotected chip from as far away as 30 feet (http://www.riscure.com/2_news/passport.html). And it has been demonstrated that RFID systems are vulnerable to viruses (http://www.theregister.co.uk/2006/03/15/rfid_tags_infected_by_virus/).
This is merely the start of a string of vulnerabilities we can expect to hear about, and the system is only now getting underway. Some of the best ones might not be discovered by researchers, but might instead be exploited by criminals for quite some time, until they're finally discovered and a fix is found.

Furthermore, passports are often used as ID cards, not merely as travel documents. The potential for skimming in that situation is virtually unlimited.
The whole scheme is meant to prevent people flying on fraudulent passports. And indeed, if it weren't for the cloning potential, this would be a help, although not a comprehensive fix. It is still quite easy to get an authentic passport with phony documents. I got one with nothing more than a birth certificate, a picture ID, and an application on which my signature had been witnessed by a notary public.

I was asked to swear that the information on the application was accurate, which I did. Perhaps I might have flinched if I'd been lying, but I doubt many criminals would.

With that, I received the passport in less than 24 hours. I think it unlikely that the authenticity of the birth certificate, the picture ID, and the notary public's stamp could have been verified in that time, unless I'd been the passport office's only customer. Most likely, if any verification is done, it's done on a fraction of the applications.

The RFID/biometric component has been grossly oversold as an authenticity panacea. It's hi-tech, scientific and all that, so it impresses the man in the street, who now feels that international criminals, illegal aliens, and terrorists will have a harder time operating. But this scheme might actually make life easier for them, since the overall perception of the biometric passport is one of enhanced security and sophistication. Which means that a bogus one will be even more convincing than it should be, and less likely to be challenged.

Besides not addressing the issue of authenticity terribly well, from a privacy point of view, RFID is the worst possible technology. But it seemed so next-generation to State Department bureaucrats, it was irresistible. A less fancy chip that can be read only through contact, such as those deployed on some credit cards, would be far more secure in terms of privacy. Of course, a layer of foil in the cover, which the US passports have and the Irish ones lack, will at least be helpful in this regard.

This scheme may yet prove to be a terribly expensive blunder. While no one has yet demonstrated a technique for tampering with the data on an RFID chip, we can certainly expect one to surface. Probably long before the first generation of super passports will have expired, prompting - well, what? A mass, international passport recall? Who will pay for that? And how will passport offices manage to replace millions of defective passports while still issuing new ones in a reasonable period of time? Or will we just live with the fact that many millions of passports are unreliable?

RFID isn't going to fix the problem that it's intended to fix, that is, the proliferation of bogus travel documents, yet it will become a boon to identity thieves. Basically, it's a bit worse than what we had. But it is hi-tech, scientific, and all that. Which, for the US State Department, is enough. ®
Click to expand...


http://www.theregister.co.uk/2006/10/23/smart_chips_for_smart_crooks/
 
Shaney said:
how big a leap is it from these kinda iris scan things to the type you could have on traffic lights picking up everyone who goes by (like in minority report)?
Click to expand...

slightly reassuring that traffic control here don't even keep recordings of the camera footage because it would cause them too much hassle, mind.
 
When the Brits tried out their Mandrake facial recognition system, a few years ago in York(?) (I think), they had it down to a few seconds. Of course, the amount of people they had in their trial database was quite small. But if they're actually "looking for you at the time", then you'd be screwed. Theoretically.

The licence plate scanners they have in London are incredibly fast. But then, that's just OCR and a database.

The other thing that people seem to forget is that these technologies are not designed for now. They're designed for the future. When the processing power will be there. That could be a year away; it could be ten. Once the controls are in place, they'll always be there.

Put it this way. By the time everyone has a new passport, they'll be more than capable of telling who you are by your pheromones.

So relax; we're all fucked.

Consume, Obey, Produce.
 
What biometric data is stored in the passport? Iris scans aren´t accurate enough (around 99% I think) and digital photographs don´t count as biometric. Have they started fingerprinting people with their passport application? Does that mean I have to go to Molesworth St. to get a new passport?

edit... Apparently digital photographs do count as biometrics. They´re using face mapping technology, something I only thought they were using in computer games.

"Structural dimensions of facial features are taken from an applicant's passport photograph and converted into digital data which is stored on a chip in the document."
http://news.bbc.co.uk/2/hi/americas/6080384.stm
 
Coming through tampa monday morning they had this sort of... Box? Two steel walls either side of you, one glass wall in front of you, back open. They used it on approximately one in six people, person walks in, glass doors closed in front of you, and over the space of about half a second about twenty or so little air pressure cannons go off sticking the person's clothes to their body, presumably on specific points to get an exact reading of their body shape. Was very very weird.
 
RSJ said:
Coming through tampa monday morning they had this sort of... Box? Two steel walls either side of you, one glass wall in front of you, back open. They used it on approximately one in six people, person walks in, glass doors closed in front of you, and over the space of about half a second about twenty or so little air pressure cannons go off sticking the person's clothes to their body, presumably on specific points to get an exact reading of their body shape. Was very very weird.
Click to expand...

did they have those new machines that let you see through everyones clothes? did they?
 
lurlow said:
Happened to me in Gatwick a couple of weeks ago. He didn't say don't smile though. I was grinning like a moron.
Click to expand...

They do that at some UK airports now they take a picture when you go through security and when you present your boarding card at the gate the photo taken at security is pulled up toensure you havent echanged you boarding card after going through security.

It is for the same reason that the air stewardess asks to see passport and boarding card at the gate ie to ensure the person presentin themselves at the gate is the same parson that checked in originally and is the person named on the ticket.
 
New posts

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Activity
So far there's no one here
Old Thread: Hello . There have been no replies in this thread for 365 days.
Content in this thread may no longer be relevant.
Perhaps it would be better to start a new thread instead.

21 Day Calendar

Vinnie
Lau (Unplugged)
The Sugar Club
8 Leeson Street Lower, Saint Kevin's, Dublin 2, D02 ET97, Ireland

Similar threads

pete
Translating the thumped.com forums interface to Irish
2
Replies
23
Views
2K
Denny Oubidoux
Denny Oubidoux
pete
  • Question
What's the story with the Digital Euro?
2 3
Replies
42
Views
3K
Cormcolash
Cormcolash
Deadmanposting
Self-improvement, philosophy, self-help etc
2 3
Replies
45
Views
2K
Deadmanposting
Deadmanposting
dunderhead
  • Question
Ryanair Calendar Question
Replies
6
Views
591
ernesto
ernesto
rettucs
Smokers
3 4 5
Replies
83
Views
2K
Jill Hives
Jill Hives

Support thumped.com

Support thumped.com and upgrade your account

Upgrade your account now to disable all ads...

Upgrade now

Latest threads

Latest Activity

Loading…
Back
Top