Gubmint Tests Passport RFID...
Roy M. Silvernail
roy at rant-central.com
Tue Aug 9 11:40:39 PDT 2005
Quoting Tyler Durden <camera_lumina at hotmail.com>:
> And since one's passport essentially boils down to a chip, why not implant
> it under the skin?
You say that as though it hasn't been considered.
> As for the encryption issue, can someone explain to me why it even matters?
It doesn't, actually. There is no clear and compelling reason to make a
passport remotely readable, considering that a Customs agent still has to
visually review the document. And if the agent has to look at it, s/he can
certainly run it through a contact-based reader in much the same way the
current design's submerged magnetic strip is read.
> It would seem to me that any "on-demand" access to one's chip-stored info is
> only as secure as the encryption codes, which would have to be stored and
> which will eventually become "public", no matter how much the government
> says, "Trust us...the access codes are secure."
This story says the data will be encrypted, but the key will be printed on the
passport itself in a machine-readable format. Once again, this requires manual
handling of the passport, so there's *still* no advantage to RFID in the
official use case.
> (ie, they want to be able to read your RFID wihtout you having to perform
> any additional actions to release the information.)
Yup. Bruce Schneier nailed the real motivation almost a year ago:
Interestingly, even the on-document keying scheme doesn't address the
fundamental problem. Nowhere is it said that the whole of the remotely readable
data will be encrypted. If a GUID is left in the clear, the passport is readily
usable as a taggant by anyone privy to the GUID->meatspace map. Without access
to the map, the tag still identifies its carrier as a U.S passport holder.
Integrating this aspect into munitions is left as an exercise for the reader.
> The only way I see it making a difference is perhaps in the physical
> layer...encryption + shielding is probably a lot more secure than encryption
> without shielding, given an ID "phisher" wandering around an airport with a
> special purpose briefcase.
This isn't about phishing. That's just a bonus.
Roy M. Silvernail is roy at rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
More information about the cypherpunks-legacy