Forgot your password?
typodupeerror

Privacy Threat in New RFID Travel Cards? 265

Posted by ScuttleMonkey
from the new-and-improved-tin-foil-wallets dept.
DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."
This discussion has been archived. No new comments can be posted.

Privacy Threat in New RFID Travel Cards?

Comments Filter:
  • yes, but.. (Score:5, Funny)

    by ShaniaTwain (197446) on Wednesday April 19, 2006 @01:04PM (#15158361) Homepage
    ..think of how this will protect your FREEDOM! and LIBERTY!



    • I did this today and it made me insanely happy for about 15 seconds.

      Find a BT landline phone. Send a text message to it reading "The time space continuum is about to collapse." Wait by the phone. A few seconds later it will ring - and Tom Baker will read your message out to you!
    • by sgant (178166)
      Jim Williams, director of the Department of Homeland Security

      Isn't this the guy that got busted as a pedophile?

      Ok, I know it isn't....but whenever I get the chance from now on, I'm going to do my part and belittle the Department of Homeland Security as much as I can. Hopefully distilling it into the joke that it is. I only wish I could get into press-conferences where they're speaking and ask that question. "Excuse me, were you the guy that was busted for being a pedophile"?

      If you couldn't tell, I'm a disil
    • Re:yes, but.. (Score:3, Insightful)

      by uncoveror (570620)
      Yep, any terrorist with an RFID reader will be able to identify Americans to kill. It will give them a lot of freedom and liberty, me not so much.
  • This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"
    • by dwandy (907337) on Wednesday April 19, 2006 @01:09PM (#15158406) Homepage Journal
      This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse
      Lots of ways, most immediately comes to mind:
      1. Capture your data.
      2. Encode to my chip.
      3. Now I'm you, I can:
        • Travel as you.
        • Commit various offences as you
        • Do whatever I want as you, and hell, the computer can't be wrong.
      4. (mandatory) PROFIT!
      But I'm sure more devious plots will come to other people's minds...
      • by MojoRilla (591502) on Wednesday April 19, 2006 @01:22PM (#15158535)
        How is this any different from someone stealing your passport now?

        RTFA.

        The 96 digit number would be a key into a database, which would "automatically display the cardholder's picture and other biographic information on the border agent's computer screen."

        The agent sees the person who is using the card doesn't match the stored information, and hauls you in.
        Finally, according to the TFA, "They're also exploring using a card that would have to be activated by the user, through a fingerprint or some other biometric method, before any information could be read remotely."
        • by SengirV (203400)
          The agent sees the person who is using the card doesn't match the stored information, and hauls you in.

          That doesn't work too well in a passive setting, like along side of a road, or unmanned building entrances, etc...

          On the back of my credit card, I have my endorsed name AND a note that says "please check ID". How often do you think they check my ID? Also, do you think EVERY place that is going to be using this cards has a nice pretty display to view the picture of the individuals? And if it's a simp

        • by dwandy (907337)
          Maybe it is no different than today's threats, just new; "Why add another way to get hijacked?" should be the real question asked here, not "How is this different?". And if you believe that just because it's just a number you're safe, you just havn't thought it all the way through. From 30-ft, a disguise doesn't have to be perfect. And if you start by picking someone who looks somewhat like you, you can pretty much move around as them.

          So, imho, it is different due to the perceived infallibility of computer

        • How is this any different from someone stealing your passport now?

          They can do it without your knowledge.

          They can do it N times a day, N = number of folks who are in range.

          They can hold on to the stolen data indefinitely, until it is useful, again without your knowledge.

          Your question is kile asking, "how is an MP3 file different from a physical CD?" I think the answer to that is obvious...
        • by PowerKe (641836) on Wednesday April 19, 2006 @02:10PM (#15158968)

          How is this any different from someone stealing your passport now?

          Because it's not even necessary to steal your passport, it's not even necessary to touch it. You can walk past someone at 25 feet and copy it. If you have an ordinary passport and keep it in a safe place all the time you can be pretty sure no one takes it without you knowing and if they steal it, you might notice it's missing.

          Besides, if the RFID card is designed to be readable at 25 feet, it's probably possible to do so at a much longer distance using special equipment.

        • by tarkas (238632)
          Perhaps we're asking the wrong questions. The various faults of remotely read RFID-like devices used as ID's have been beaten like a dead horse over the last few months; RFIDs are sorely wanting. If the intent is only to provide a mechanism to ease border crossings; even it's pretty iffy - there are too many competing methods that are more secure, and less expensive to implement.

          If, however, your goal is not to provide a fool-proof form of Passport, but rather to normalize the use of a remotely (and cover
      • That ID is tied to biometric data and corroborating identification -- e.g scans of foreign passport/visas/drivers license etc. etc. Oh, and PHOTOGRAPHS.

        All that is on that damned card is an index number. So, sure, you go right ahead and swipe that baby at customs and have a good time with SGT Ufia.

        Honestly, do you people really think these things through? Cripes. The ID by itself is totally, 100%, COMPLETELY USELESS to anyone but the person associated with it unless you have madd haxx0r $|<i||z and can a
        • That ID is tied to biometric data and corroborating identification -- e.g scans of foreign passport/visas/drivers license etc. etc. Oh, and PHOTOGRAPHS.
          ...
          Honestly, do you people really think these things through? Cripes. The ID by itself is totally, 100%, COMPLETELY USELESS

          I like indignant people who yell that someone else hasn't thought it through, when they in fact havn't thought it through.... :)

          So here goes: I'm a bad-guy (tm). I want to move through a busy border without being noticed.
          So, I wa

          • You'd also have to have the same finger prints and iris geometry...and that isn't on the card.

            The amount of work you'd have to go through to make this ID useful as a "forgery" is so ridiculous as to make it possible only for those who have access to a government intelligence agency's resources...or a checking account large enough to simulate such.
            • Have you ever gone through a border crossing? I came back through Mexico once with some prescription drugs and they wouldn't let me declare them. They only looked at my ID because I laid it down on the counter. Nearly everyone (who was white) was waved through. Canadian border was just as bad. Oddly, it was quite an ordeal to get into Canada, but coming back they just waved me through.

              I'd say this will make them even less strict. Also, if someone stole your RFID info and came across in a car later lin

              • Nearly everyone (who was white) was waved through. Canadian border was just as bad. Oddly, it was quite an ordeal to get into Canada, but coming back they just waved me through.

                I've always had the situation when going into the US, they ask if I have and fresh fruit/vegetables or meats to declare. However, when I go into Canada, I'm always asked if I have any firearms or weapons to declare.
            • You'd also have to have the same finger prints and iris geometry...and that isn't on the card.

              You didn't RTFA. The whole point of this card is so that people don't have to open their car windows or slow down at border crossings because the current border crossings interfere with commerce.

              When cars are moving past the checkpoint at 30-60mph, which of the machines there are going to check finger prints and iris geometry again?

              Regards,
              Ross
              • When cars are moving past the checkpoint at 30-60mph, which of the machines there are going to check finger prints and iris geometry again?

                I'm guessing it'll be like a toll booth change bucket; just toss your finger and your eyeball into the basket and you're off!

                How you detach those components and grow them back later is your problem.

            • Are you reading Minority Report or TFA?
              TFA says nothing about the database containing biometric data, nor does it say that any other biometric data will be checked*. And quite frankly, if the border does start getting iris and/or fingerprint scans for everyone ...well, then WTF is the RFID for? You are then eliminating all the benefits of having an RFID system: you still need the person to stop and present.
              What would be the benefit compared with a carried paper passport with your picture and a bar code?

              *

      • Lots of ways, most immediately comes to mind:

        1. Capture your data.
        2. Encode to my chip.
        3. Now I'm you, I can:
        4.
        * Travel as you.
        * Commit various offences as you
        * Do whatever I want as you, and hell, the computer
        • yeah, i guess what I'm saying is that today ID numbers get stolen and misused... and none of them are broadcast.
          So there is nothing in today's reality that leads me to believe that this new ID number won't also be "stolen", and won't also be misused...

          Anyone who thinks that "it will never happen" doesn't live on Planet Earth... or at least not in my reality.... or maybe they just have never written or maintained software before...
          The phrase "it will never happen" is uttered right before the unhandled exp

    • by Nos. (179609)

      Imagine that these ids can be read from a distance. Now suppose a chain of stores, say some clothing stores, installs sensors and begins reading these tags. You sign up for their "monthly mailing list", and now they know who you are and what your unique ID is.

      After a trip, you get an email/letter saying, "Thanks for visiting our [exotic destination] location. We hope you enjoyed your trip". Okay, not terrible, but I don't really want clothing stores knowing where I take my vacations.

      Now, substitute

    • by drinkypoo (153816) <martin.espinoza@gmail.com> on Wednesday April 19, 2006 @01:11PM (#15158423) Homepage Journal

      There is off the shelf hardware that will allow you to read RFID tags (with varying levels of reliability) from ranges in excess of thirty feet. A collection of RFID tags produces a sort of constellation even if they are not unique. For instance, the guy who has the bottle of scope mouthwash, the bag of fritos flamin' hot, and the #2 philips screwdriver at this intersection is probably the same guy who has the same stuff at the next intersection. This allows you to positively track someone based on checkpoints, even without a unique RFID like your passport will be. Furthermore, even if some of the tags don't scan properly, the percentage similarity can be compared from point to point and you can get a fairly positive match anyway.

      With Unique tags, then you don't need to go even that far, of course.

      If you cannot imagine why this is a bad thing, then truly, you should read 1984.

    • by Tackhead (54550) on Wednesday April 19, 2006 @01:11PM (#15158425)
      > This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

      "Ground Beef a L'amerique".

      Ingredients:

      1 Terrorist.
      1 RFID reader.
      1 Pringles can.
      1 Blasting cap.
      1 Pound of boom-boom stuff.

      Assemble recipe. Bake in broad daylight on side of road until American tour bus comes by.

    • "This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

      It's quite simple. If you're travelling abroad, it's possible that someone would want to target you based on your nationality from a discrete range. This was proven possible at the blackhat convention, (see the link below). I appreciate that TPTB are paying attention to this issu
    • This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

      If you are an American, this has nothing to do with you, if you are visitor , someone MAY be able to read your travel entry visa number... what makes me curious is what exactly can you do with a entry visa id number? Its kinda like being able to read your vehicle VIN number, like havi
      • Imagine what would happend if all those evil thiefs can steal your car's VIN number... Then they can.......they can.... I got nothing....

        They can steal your VIN and they can go to a shady dealer and make some key blanks that fit your locks (often based on the VIN. If you've got a chipped key, they can either get a known good ecu and swap that as part of the theft or they can tow your car.

    • The condition that makes RFID tags in any capacity (not just long range ones) unsafe and irresponsible is the insecurity of identification systems in the government/big business system. As things are now, Social Security numbers and other forms of identification can be used against the holder to steal money from them. Credit card companies are getting worse and worse, and they are not held back by bought and paid for congress.

      RFID is bad because it makes the job of criminals much easier, and there has bee
    • A passport that emits RFID information from any distance more than a few inches would be a serious danger to Americans traveling. Criminals can set up a cluster of RFID readers on a busy street and identify Americans by the RFID signals received. Then these people can be targeted for kidnapping, robbery, extortion, or murder specifically because of their nationality.
      Even a RFID passport that emits only a few inches can be a danger if the criminals use more powerful amplifiers on their RFID
      • Even a RFID passport that emits only a few inches can be a danger if the criminals use more powerful amplifiers on their RFID receivers.

        Transmitters are powerful, receivers and preamps are sensitive.
        • As far as I know, there are no passive RFID readers, so his comment is correct. The reader
          has to be powerful enough to energize the RFID tag at the distance. If it can do that, since
          the RFID chip uses inductive coupling (as opposed to being a transmitter itself), then the
          reader is automatically sensitive enough to read it.
          • Don't buy it. Agreed that an RFID "reader" has both a transmitter and receiver and the goal of longer range might be accomplished with either/or a more powerful transmitter or a more sensitive receiver, but it still grates my nerves to hear of "powerful receiver". You'd never speak of a "sensitive transmitter".
          • You have assumed that the reader and what I will call the activator are the same device.

            The activator works by creating a variable magnetic field in a general area. The RFID tag converts this to energy and rebroad casts it in a pattern that the reader picks up.

            All that is needed to snoop is to have a reciver near where someone ELSE has set up a normal reader.

            Could I point a parabolic antenna at the enterance to a retail stote and read every tag that gets energized by the doorway arch?

            The RFID tag should on
            • RFID and wireless smartcards use something called "Inductive Coupling" to transfer information
              from the card to the reader. What this means is that the antenna coils in the RFID and the
              reader create a loosely coupled transformer. When the RFID or smartcard wants to send
              information to the reader, it switches on/off a load connected to the antenna which changes
              the impedance of the whole system, including the impedance of the antenna on the reader. These
              changes in measured impedance are detected by the reader a
      • Its not like our passports hide the fact of who is an American and who isn't when in a foreign country. We stand out like sore thumbs.
    • ...how exactly could someone exploit this RFID range to make my life worse?

      Muggers would be forced to employ a technical assistant who would scan prospective victims as they approached. Only those with lots of cash or a great credit score would be mugged.

      Hmmm.. This might actually help you, depending on your financial situation.

      Bet it would hurt the bigshots who pass the law, though. Wait! On second thought, they'll probably write themselves an exemption and not have to carry RFIDs.

    • I witnessed a hit and run. It took photos. The local city council doesn't want to slow traffic through this perticular residential neighborhood, as they are using it as an unofficial alternate route for the state highway. They are doing this because the local money doesn't want a new freeway built. (the land for the freeway is already owned, and cleared. The local police tell the victims of the hit and run that they don't take reports on hit and runs, as it is a civil matter. I report this to the city
    • Nevermind 1984, can you say ID targetted explosive devices?

      RFID identification that could be read from afar would be every single hitmans and political terrorists wet dream.

      The very idea that anyone the least concerned with security would fail to realize the ways such things could be exploited speaks volumes.
    • 1. Sit at airport with scanner
      2. Watch as families enter security to depart on trip to Disneyland or wherever
      3. Use list of families now on vacation to compile a list of addresses so you can pilfer their houses


      I am sure there are plenty of other ways to abuse this, but this is just the first one that popped into my head.

  • by Gyga (873992) on Wednesday April 19, 2006 @01:06PM (#15158380)
    ...What is to stop someone from "accidentally" bumping into you with their scanner in their pocket?
    • ...the fact that they don't have the database to match the "ID" in the RFID, perhaps?

      I mean, how useful would it be to you to have a list of all the social security numbers of everyone in a baseball stadium if you didn't have any of the names? Hell, you might as well just randomly generate the numbers.

      Wouldn't be to terribly risky for me to say that my SSN is 872-46-2392 (it's not) if there's no way for you to get any other identifying information with which to match it as by itself it is totally useless.
      • Re:Perhaps... (Score:2, Informative)

        by Waffle Iron (339739)
        I mean, how useful would it be to you to have a list of all the social security numbers of everyone in a baseball stadium if you didn't have any of the names?

        If RFID cards become pervasive, a gray market in matching serial numbers to real IDs will pop up just like there's currently a market among spammers for e-mail addresses. Any unscrupulous merchant with an RFID reader could harvest positive IDs from their customers at the checkout counter.

        The key difference with SSNs is that you can't read them rem

        • Sparing the details, there are only 771M possible SSNs currently out there. If you came from, say, Vermont, the odds of guessing your SSN correctly, in order, the first time would only be a 1:2M. It's easier to calculate a valid SSN than to harvest one by any means.

          What's NOT easy to do is match the other _necessary_ information to make that number useful and that is no different for this or any other number, whether stored in an RFID chip, printed in a barcode or tatooed on your butt.

        • The key difference with SSNs is that you can't read them remotely from everyone who walks by.

          Until, for security reasons, SSN cards get rfid tags. Sometime after driver's licenses I'd wager

    • Well, I'd tend to try to avoid someone walking through the airport bumping into everyone he possibly could.


  • Give me a yagi and I'll read your tagy.
  • by Bubba-T (578601) on Wednesday April 19, 2006 @01:10PM (#15158414)
    Set off a Bomb when person id code 46465456456489715678984 walks by

    • by Anonymous Coward
      Person id code 46465456456489715678984 has very vocally expressed negative opionions about us, let's stage a little accident for him.
    • Set off a Bomb when person id code 46465456456489715678984 walks by

      Terrorists typically don't target specific people, by this I mean target Fred Smith versus targeting any generic American. They target locations. They blow up the WTC, the Madrid train station, a Mosque, or a bar in Bali. Killers target specific people, and using RFID to kill a specific person is overkill (pun intended). There are many, far easier ways, to target specific person. Now if the original can be moderated funny, I would hav

    • Nearly everyone carries them and they broadcast a number that just as well identifies you--but even better, you can call it up to make sure the right person is carrying it at the time.
  • Not with my RFID Blocking Kit RFID Blocking Kit Shirt [thinkgeek.com]!!
  • In other news ... (Score:3, Insightful)

    by PatrickThomson (712694) on Wednesday April 19, 2006 @01:18PM (#15158496)
    In other news, walking around with a bizzare skin disorder that makes microscopic copies of your passport flake off and fall on the ground may be a risk to your identity.

    (I choose such an odd analogy because rfid readers are about as hard to obtain as microscopes. Not everyone will have one on them but it's not exactly mil-spec hardware)
    • Hey, the chemicals for LSD are at least as hard to obtain. As is the skill to make it. Still, there are people creating the drug.

      Why would you think that someone who REALLY wants your ID has harder times getting it? We're not talking about Joe Shmoe Average and his cat, and not the highschool scriptkid next door. Yes, those babies cost a fortune (for Mr. J.S.Average, at least), but it's peanuts to someone organised to do something 'bad' with 'em.
      • Buying an RFID reader won't currently put you on a watchlist. LSD precursors will, if my memory of american drug policy serves me well.

        The argument "someone who wanted this information would get it anyway" is a flawed one, I just can't see the flaw.
  • Please hurry the development of space tech so I can move to another planet, should it be necessary.
  • by Animats (122034) on Wednesday April 19, 2006 @01:22PM (#15158529) Homepage
    RFID takes terrorism to the next level. The next step, of course, is the land mine that only blows up when someone from the US is near it.

    And yes, some terrorist groups do have the capability to build custom electronics. You can see examples of IRA custom circuit boards in the Imperial War Museum [iwm.org.uk], London.

  • No control (Score:5, Interesting)

    by Billosaur (927319) * <wgrother@NosPAm.optonline.net> on Wednesday April 19, 2006 @01:22PM (#15158536) Journal
    Many of the privacy worries center on whether RFID tags--typically miniscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number.

    Unless the Feds are going to come up with an air-tight encryption scheme, this is a recipe for disaster. This isn't like the EZPass I have on my car, which is only linked to my account and determines if I have enough to pay the toll. These chips will potentially carry a lot of personal and very useful information, especially if you're a crook looking to use somebody's id to get across the border or to create fake identity documents for sale.

    Frankly, this whole idea is mainly a panacea. If it works, the bad guys will simply sneak across the thousands of miles of undefended and unmonitored border we have in the US. Others will start turning innocent people into mules by swiping their identities and using them to get things across. Instead of making the borders of this nation more secure, the government is creating even more insidious ways for someone to come into this country. I think it's time to go back to the drawing board.

    • The way I see it, even if the effective broadcast range is 3 feet, what's to stop terrorists from strolling down the halls of an airport, duplicating a valid RFID transmission on a programmable card, and assuming that person's identity? Or for other identity thieves to do the same thing, capturing hundreds of valid IDs in minutes, and selling them to interested third parties? This could be done passively and completely undetected!

      Even within the fraud-free bubble the government imagines this technology
      • Yeah, that bored looking guy playing solitaire on his laptop, complaining about his delayed flight?

        He's playing solitaire alright, but that PDA has an RFID scanner built in, and he's not syncing to keep his calendar up to date.

        Take a batch of stolen identities and just fly around the country for a few days, using credit cards made out to the names of stolen identities to finance the trip.

        You don't even have to take any international flights, just go through a few airports that have international terminals.
    • If it creates a problem, all the more a reason for stricter laws and more surveillance. For your safety, of course.
  • Could more powerful or modified scanners be used to read the RFID chips only designed to be read from a short distance?

    IANARFIDE (I Am Not An RFID Engineer) ;)
  • by Weaselmancer (533834) on Wednesday April 19, 2006 @01:26PM (#15158567)

    Why not put a switch in the antenna's path? To use the card, you have to push a contact button to turn it on? That would stop passive scanning, right?

  • by hpa (7948) on Wednesday April 19, 2006 @01:31PM (#15158606) Homepage
    The U.S. gov't will start issuing RFID-equipped passports this fall. How long until we see the first U.S.-citizen-triggered bomb?
  • by u16084 (832406) on Wednesday April 19, 2006 @01:38PM (#15158662)
    Mastercard and their PAYPASS cards? https://mbe2stl101.mastercard.net/hsm2stl101/publi c/login/ebusiness/mobile_commerce/paypass/index.js p/ [mastercard.net] Its RF also .. The range is about 2 inches... Im able to pull up to a gas pump, swipe my wallet next to the scanner and off im go. heres the documentation on their stuff https://mbe2stl101.mastercard.net/hsm2stl101/publi c/login/ebusiness/mobile_commerce/paypass/document ation/index.jsp/ [mastercard.net]
  • Blue sniper (Score:4, Informative)

    by Spy der Mann (805235) <<spydermann.slashdot> <at> <gmail.com>> on Wednesday April 19, 2006 @01:38PM (#15158664) Homepage Journal
    Remember this gadget [tomsnetworking.com]?

    Who says there won't be a RFID-Sniper in the future?
  • I knew keeping tinfoil around would come in handy! :)

    Seriously, if I get an RFID card, it's going inside a Faraday cage wallet. I don't mind RFID, but I'm going to control who I display to.

  • You can just put a transceiver in a fanny pack and some antennae in some strategic locations and then bump into people. Pickpockets do it all the time. I bet this would even work with the new RFID credit cards.
  • by Anonymous Coward on Wednesday April 19, 2006 @01:48PM (#15158764)
    Let's clear a few things up, because there is a little FUD here... IANAL, but I am in the RFID business for commercial use (inventory management and the like)

    1. RDID tags come in a HUGE variety of types. You have to choose the right tag for the job. For example, is the item liquid? Is it metal? Is it a large crate? A small one? Etc. My guess is for a passport, the RFID tag would be a very short range (2-3" read type).

    2. There are active (like those attached to your toll tags, or to large pallats & containers). These have batteries in them. A passport won't have a battery in it.

    3. There are passive tags. These get charged by the antenna, that makes the circuit work. Think crystal radio here... same sort of concept. It charges the circuit, then the reader reads the tag.

    4. The tags generally (although they can) carry only a serial or lookup number. NOT specific information. The more info, the more expensive the tag. Some newer tags CAN carry things (like product expiriation dates, inventory dates, etc.)

    5. There are tags that can be both programmed and are read only. Depends on the type of tag. Both active and passive tags can do this. This means the reader can also program the tag.

    6. Readers are NOT hard to get. It's a commerical device. However, in most cases, the reader is specific to the tag type. There are SOME standards coming out now with the gen2 tags, but they are not in wide deployment. The readers are NOT CHEAP.

    So, here's my guess of what they would (or SHOULD) do:

    --very short range passive tag (would require the passport to nearly touch the reader)
    --Read only tag
    --Tag would only contain some sort of authentication string that would be read, decrypted, and authenticated to see if passport is real.
    --Tag would contain some sort of lookup string, which would be read, then queried on the backend systems to make sure the tag matches what's on the passport.

    ALL this can be done with protection of privacy, IF DONE RIGHT! It's being done today, specifically in the pharma industry.

    • ALL this can be done with protection of privacy

      True, if you mean by privacy that someone else can't read your data without access to the database. However, the problem is that someone can still copy your RFID tag and write new data about you in the database. For example with this passport someone could cross the border with a copy of your RFID, marking you as being out of the country.

      You could make this harder by using active tags that use a private key to sign messages but don't reveal the private key

  • defcon 2005 (Score:5, Informative)

    by farker haiku (883529) on Wednesday April 19, 2006 @01:52PM (#15158815) Journal
    At defcon 2005 some guys set a record for reading passive tags at 69 feet [makezine.com]. With pics :)
  • Why do they have to be broadcasting RFID tags? Why can't they have a physical interface? You know, like the magentic strip on the back of everything? I don't see why we can use a physical contact patch on it instead of a broadcasted signal. After all, we've been using physical contact for interfacing devices for decades in the computer world and for centuries in other walks of life.

    I wouldn't have a bit of a problem if a contact patch were used instead of a broadcasted signal. Not like it would be hard
  • by hey (83763)
    Sorry, but RFID just seems like so dumb.
    Now border guards just scan the barcode. What's wrong with that???
  • Sniffer (Score:3, Interesting)

    by J05H (5625) on Wednesday April 19, 2006 @02:16PM (#15159016) Homepage
    One potential threat for American travellers carrying this kind of chip is a sniffer weapon. The hi-tech version is an RFID sensitive smart missile and the dumber version is an IED in Cairo that sits and waits for Joe Sixpack to walk by. If you think I'm full of it, the Russians used a cell-phone sniffing missile to kill a Chechen general. For US RFID passports in other countries, all the munition needs to do is detect the chip's presense.

    I want my "papers" to stay paper, please. Bar code them or whatever, but don't delibrately make it prone to identity theft, hacking or IEDs.

    Josh
  • Based off of The RFID Blocking Wallet [rpi-polymath.com] anyone?
  • If you've done nothing wrong you have nothing to fear This wonderful new technology will enable us, your benign and caring government to protect you from identity theft/terrorists/child molestors Unfortunately, its not really effective if those pesky terrorists/id thieves/child molestors can simply chose not to carry any RFID tags.. so of course you won't mind if we embed this RFID tag in your baby's cranium while its still soft ? Its for your protection.
  • So keep your ID cards in a lead wallet. First there were tinfoil hats, then lead wallets. What will be next?
  • by Stephen Samuel (106962) <samuelNO@SPAMbcgreen.com> on Wednesday April 19, 2006 @04:09PM (#15160069) Homepage Journal
    The DHS, put out a Request For Information (RFI) looking for someone who had the technology to read ID tags from 25 feet away at 55MPH [bcgreen.com]... Through the skin of a bus... All the passengers at once.

    They seem to suggest that they only want it so that they can identify people stopped at border checkpoints.

  • by SmoothTom (455688) <Tomas@TiJiL.org> on Wednesday April 19, 2006 @04:28PM (#15160238) Homepage
    The Homeland Security site, in the section that discusses the testing of the current RFID equipped '94's, suggests reading the info contained in the chops from up to 100 feet away on a regular basis:

    * US VISIT intends to build upon the technologies and management systems previously employed for entry in order to realize an automated entry exit process. RFID technology offers a solution for a potentially faster, biometrically enhanced entry exit operation.

    * Using an automatic identifier, RFID technology can detect a visitor at a distance (up to 100 feet) and provide primary inspection with entry information. RFID technology can also provide a mechanism for an accurate and timely record of exits without requiring visitors to interrupt their travels by stopping or even slowing down to check out.
    ...
    * US VISIT will ensure that our visitors' information is always protected. The RFID technology used by US VISIT will protect sensitive information because it will read only a randomly-generated number that links to visitors' information stored securely in a database. It will also be tamper proof and difficult to counterfeit or surreptitiously read.

    (From a Homeland Security Press Release [dhs.gov].

    Not only that, this is discussing doing that while the RFID equipped form is in the possession of the person in a moving car...

    A couple of inches? Yeah, right.

    --
    Tomas

Time sharing: The use of many people by the computer.

Working...