Gubmint Tests Passport RFID...

Roy M. Silvernail roy at rant-central.com
Tue Aug 9 11:40:39 PDT 2005


Quoting Tyler Durden <camera_lumina at hotmail.com>:

> And since one's passport essentially boils down to a chip, why not implant
> it under the skin?

You say that as though it hasn't been considered.

> As for the encryption issue, can someone explain to me why it even matters?

It doesn't, actually.  There is no clear and compelling reason to make a
passport remotely readable, considering that a Customs agent still has to
visually review the document.  And if the agent has to look at it, s/he can
certainly run it through a contact-based reader in much the same way the
current design's submerged magnetic strip is read.

> It would seem to me that any "on-demand" access to one's chip-stored info is
> only as secure as the encryption codes, which would have to be stored and
> which will eventually become "public", no matter how much the government
> says, "Trust us...the access codes are secure."

http://wired-vig.wired.com/news/privacy/0,1848,67333,00.html?tw=wn_story_related

This story says the data will be encrypted, but the key will be printed on the
passport itself in a machine-readable format.  Once again, this requires manual
handling of the passport, so there's *still* no advantage to RFID in the
official use case.

> (ie, they want to be able to read your RFID wihtout you having to perform
> any additional actions to release the information.)

Yup. Bruce Schneier nailed the real motivation almost a year ago:

http://www.schneier.com/blog/archives/2004/10/rfid_passports.html

Interestingly, even the on-document keying scheme doesn't address the
fundamental problem. Nowhere is it said that the whole of the remotely readable
data will be encrypted. If a GUID is left in the clear, the passport is readily
usable as a taggant by anyone privy to the GUID->meatspace map.  Without access
to the map, the tag still identifies its carrier as a U.S passport holder. 
Integrating this aspect into munitions is left as an exercise for the reader.

> The only way I see it making a difference is perhaps in the physical
> layer...encryption + shielding is probably a lot more secure than encryption
> without shielding, given an ID "phisher" wandering around an airport with a
> special purpose briefcase.

This isn't about phishing. That's just a bonus.
-- 
Roy M. Silvernail is roy at rant-central.com, and you're not
"It's just this little chromium switch, here." - TFT
SpamAssassin->procmail->/dev/null->bliss
http://www.rant-central.com





More information about the cypherpunks-legacy mailing list