Quoting Tyler Durden <camera_lumina@hotmail.com>:
And since one's passport essentially boils down to a chip, why not implant it under the skin?
You say that as though it hasn't been considered.
As for the encryption issue, can someone explain to me why it even matters?
It doesn't, actually. There is no clear and compelling reason to make a passport remotely readable, considering that a Customs agent still has to visually review the document. And if the agent has to look at it, s/he can certainly run it through a contact-based reader in much the same way the current design's submerged magnetic strip is read.
It would seem to me that any "on-demand" access to one's chip-stored info is only as secure as the encryption codes, which would have to be stored and which will eventually become "public", no matter how much the government says, "Trust us...the access codes are secure."
http://wired-vig.wired.com/news/privacy/0,1848,67333,00.html?tw=wn_story_rel... This story says the data will be encrypted, but the key will be printed on the passport itself in a machine-readable format. Once again, this requires manual handling of the passport, so there's *still* no advantage to RFID in the official use case.
(ie, they want to be able to read your RFID wihtout you having to perform any additional actions to release the information.)
Yup. Bruce Schneier nailed the real motivation almost a year ago: http://www.schneier.com/blog/archives/2004/10/rfid_passports.html Interestingly, even the on-document keying scheme doesn't address the fundamental problem. Nowhere is it said that the whole of the remotely readable data will be encrypted. If a GUID is left in the clear, the passport is readily usable as a taggant by anyone privy to the GUID->meatspace map. Without access to the map, the tag still identifies its carrier as a U.S passport holder. Integrating this aspect into munitions is left as an exercise for the reader.
The only way I see it making a difference is perhaps in the physical layer...encryption + shielding is probably a lot more secure than encryption without shielding, given an ID "phisher" wandering around an airport with a special purpose briefcase.
This isn't about phishing. That's just a bonus. -- Roy M. Silvernail is roy@rant-central.com, and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com