Home > Domestic Policy, Tech > RFID passports

RFID passports

I thought this was interesting:

Passports to get RFID chip implants

Sweeping new State Department regulations issued Tuesday say that passports issued after that time will have tiny radio frequency ID (RFID) chips that can transmit personal information including the name, nationality, sex, date of birth, place of birth and digitized photograph of the passport holder. Eventually, the government contemplates adding additional digitized data such as “fingerprints or iris scans.”

In regulations published Tuesday, the State Department claims it has addressed privacy concerns. The chipped passports “will not permit ‘tracking’ of individuals,” the department said. “It will only permit governmental authorities to know that an individual has arrived at a port of entry–which governmental authorities already know from presentation of non-electronic passports–with greater assurance that the person who presents the passport is the legitimate holder of the passport.”

To address Americans’ concerns about ID theft, the Bush administration said the new passports will be outfitted with “antiskimming material” in the front cover to “mitigate” the threat of the information being surreptitiously scanned from afar. It’s not clear, though, how well the technique will work against high-powered readers that have been demonstrated to read RFID chips from about 160 feet away.

Safe enough? Later we find out that if the cover’s open, there’s not much protection:

Privacy advocates told CNET News.com that the anti-skimming device was a decent start. But if the cover of the passport happens to be open, all bets are off, said Bill Scannell, a privacy advocate who founded the site RFIDkills.com. “They’ve built little baby radio stations into peoples’ passports and covered it with concrete,” he said, “but when the little hatch is open, you can still hear the music.”

Still, that doesn’t sound like a huge issue. There’s also some, apparently sketchy, encryption:

In addition, the passports will use “Basic Access Control,” a reference to storing a pair of secret cryptographic keys in the chip inside. The concept is simple: The RFID chip disgorges its contents only after a reader successfully authenticates itself as being authorized to receive that information.

Computer scientists, however, have criticized that encryption method as flawed. In a recent paper (PDF here), RSA Laboratories’ Ari Juels, and University of California’s David Molnar and David Wagner, warned that the design of the encryption keys is insufficiently secure. They said that the use of a “single fixed key” for the lifetime of the e-passport creates a vulnerability.

It’s not airtight, but is it good enough anyway? I can’t say that I have the answer, but it doesn’t look like a cause for hysteria.

Categories: Domestic Policy, Tech
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: