--- "Roy M. Silvernail" <roy@rant-central.com> wrote:

Quoting Tyler Durden <camera_lumina@hotmail.com>:

...

And since one's passport essentially boils down to a chip, why not implant it under the skin?

You say that as though it hasn't been considered.

Good point. As many of us know, there are groups of well-educated people who spend all their time on the analysis of technology: think tanks. Who can possibly say what sorts of universal, 'machine-readable' identification systems are considered, and which modes of use they imagine? Many of the studies that are conducted under the umbrella of think tank resarch is, of course, proprietary and restricted in distribution. Knowledgable individuals can do only so much (in their spare time, for instance) towards doing their own analysis of leading-edge technology use and misuse, and most people know this. So, why is it that there seem to be no open source groups who, like people in the free software movement might write software, produce non-trivial papers on the results of their brainstorming sessions? If we can agree that the research of closed NSA think-tank groups might be of immense interest to people with a vested interest in the use or misuse of emerging technologies, then it follows that open source intelligence analysis of technology is a field that is both very much wide-open for exploration, and also quite critical. People like Bruce Schneier do a good job more or less on their own in their respective fields, but it seems that there is likely a significant quality gap in what can be done by individual experts, and what might be accomplished by groups of savvy intellectuals. However, the playing field is such in the public realm most discussion and analysis of these kinds of issue are relegated to science fiction, academic journals, mailing lists, and of course blogs. There seems to be a reluctance on the part of a great many people to bring a more rigorous and wide ranging type of analysis to such fields, and I am not quite sure why. Nevertheless, for those who are at all aware of the kind of product produced by conventional think-tank groups, it is evident that there are large gaps in the areas of consideration and fields of study covered by the open-source analysis field. This obviously affects the quality of debate in the public sphere.

...

As for the encryption issue, can someone explain to me why it even matters?

It doesn't, actually. There is no clear and compelling reason to make a passport remotely readable, considering that a Customs agent still has to visually review the document. And if the agent has to look at it, s/he can certainly run it through a contact-based reader in much the same way the current design's submerged magnetic strip is read.

...

It would seem to me that any "on-demand" access to one's chip-stored info is only as secure as the encryption codes, which would have to be stored and which will eventually become "public", no matter how much the government says, "Trust us...the access codes are secure."

http://wired-vig.wired.com/news/privacy/0,1848,67333,00.html?tw=wn_story_rel...

This story says the data will be encrypted, but the key will be printed on the passport itself in a machine-readable format. Once again, this requires manual handling of the passport, so there's *still* no advantage to RFID in the official use case.

...

(ie, they want to be able to read your RFID wihtout you having to perform any additional actions to release the information.)

Yup. Bruce Schneier nailed the real motivation almost a year ago:

http://www.schneier.com/blog/archives/2004/10/rfid_passports.html

"Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it." I have a different threat model. I suggest that incompetence is _often_ deliberate and, at least to those who orchestrate such things, is designed to leave or provide cracks in arbitrary systesm that will be expoited. This may be defensible in cases where someone wants to encourage child molesters to expose their operations to sophisticated intelligence and surveillance activities, but is harder to defend when such policies affect the integrity of the money supply, or the transportation infrastructure, or ....

Interestingly, even the on-document keying scheme doesn't address the fundamental problem. Nowhere is it said that the whole of the remotely readable data will be encrypted. If a GUID is left in the clear, the passport is readily usable as a taggant by anyone privy to the GUID->meatspace map. Without access to the map, the tag still identifies its carrier as a U.S passport holder. Integrating this aspect into munitions is left as an exercise for the reader.

...

The only way I see it making a difference is perhaps in the physical layer...encryption + shielding is probably a lot more secure than encryption without shielding, given an ID "phisher" wandering around an airport with a special purpose briefcase.

This isn't about phishing. That's just a bonus.

Yep. Regards, Steve __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

--- Tyler Durden <camera_lumina@hotmail.com> wrote:

Whaddya know. Thompson said something that didn't make me want to beat him to death...

Too bad for you that I cannot say the same about what you write.

...

I have a different threat model.

I've reached more or less the same conclusion. Or at least, incompetence may not be deliberate per se, but the byproduct of a system that needs to appear to care but is otherwise silently incented not to. Checking bags in the NYC transit system is the ultimate example of this: Completely, absolutely pointless in the face of a determined foe. (Meanwhile, of course, there's all sorts of state shennanegins that are possible through such an arrangement.)

No fucking shit. Thanks for pointing this out to me.

The obvious question is how much 9/11/01 is an example of this. For me, the conspiracy theories just don't quite add up (close though) but a moderately sharpened Occam's razor leads one to believe that some 'deliberate' holes were left open, which bin Laden, et al exploited. (I actually still believe that Bush didn't expect that level of damage, however.)

I don't know Bush, personally, and so I feel that it would be improper to suggest that his unspoken cost-benefit analysis resulted in a particular set of actions.

As for the integrity of the money supply, I must succumb to temptation and question whether the Stalinst model of a demand economy (servicing an endless war on terror) hasn't been looked at by folks such as Wolfowitz, Cheney and so on.

Suckkumb all you want. Regards, Steve __________________________________________________________ Find your next car at http://autos.yahoo.ca

On Wed, 17 Aug 2005, Tyler Durden wrote:

Gee whiz I'm scared. Look, since you're angling for some stats, come on over to New York. I'll meet you on the corner of 135th Street and St Nicholas Avenue (we call that neighborhood Harlem).

Actually, isn't that technically "Spanish harlem"?

Look for me: 6'1", 220 lbs and looking EXACTLY like someone would look after 7 years of GoJu training...I'm the guy even the locals won't fuck with.

I know many of those locals, and 7 years of GoJu aint gonna do shit for a 1200fps projectile.

-Tyler Durden

Remember, L-IIIa is your friend. :-) -- Yours, J.A. Terranson sysadmin@mfn.org 0xBD4A95BF I like the idea of belief in drug-prohibition as a religion in that it is a strongly held belief based on grossly insufficient evidence and bolstered by faith born of intuitions flowing from the very beliefs they are intended to support. don zweig, M.D.