Privacy Threat in New RFID Travel Cards? 265
DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."
Re:practically speaking (Score:5, Informative)
- Capture your data.
- Encode to my chip.
- Now I'm you, I can:
- Travel as you.
- Commit various offences as you
- Do whatever I want as you, and hell, the computer can't be wrong.
- (mandatory) PROFIT!
But I'm sure more devious plots will come to other people's minds...Re:practically speaking (Score:5, Informative)
RTFA.
The 96 digit number would be a key into a database, which would "automatically display the cardholder's picture and other biographic information on the border agent's computer screen."
The agent sees the person who is using the card doesn't match the stored information, and hauls you in.
Finally, according to the TFA, "They're also exploring using a card that would have to be activated by the user, through a fingerprint or some other biometric method, before any information could be read remotely."
Blue sniper (Score:4, Informative)
Who says there won't be a RFID-Sniper in the future?
Re:Perhaps... (Score:2, Informative)
If RFID cards become pervasive, a gray market in matching serial numbers to real IDs will pop up just like there's currently a market among spammers for e-mail addresses. Any unscrupulous merchant with an RFID reader could harvest positive IDs from their customers at the checkout counter.
The key difference with SSNs is that you can't read them remotely from everyone who walks by.
Clear up some of the FUD (Score:5, Informative)
1. RDID tags come in a HUGE variety of types. You have to choose the right tag for the job. For example, is the item liquid? Is it metal? Is it a large crate? A small one? Etc. My guess is for a passport, the RFID tag would be a very short range (2-3" read type).
2. There are active (like those attached to your toll tags, or to large pallats & containers). These have batteries in them. A passport won't have a battery in it.
3. There are passive tags. These get charged by the antenna, that makes the circuit work. Think crystal radio here... same sort of concept. It charges the circuit, then the reader reads the tag.
4. The tags generally (although they can) carry only a serial or lookup number. NOT specific information. The more info, the more expensive the tag. Some newer tags CAN carry things (like product expiriation dates, inventory dates, etc.)
5. There are tags that can be both programmed and are read only. Depends on the type of tag. Both active and passive tags can do this. This means the reader can also program the tag.
6. Readers are NOT hard to get. It's a commerical device. However, in most cases, the reader is specific to the tag type. There are SOME standards coming out now with the gen2 tags, but they are not in wide deployment. The readers are NOT CHEAP.
So, here's my guess of what they would (or SHOULD) do:
--very short range passive tag (would require the passport to nearly touch the reader)
--Read only tag
--Tag would only contain some sort of authentication string that would be read, decrypted, and authenticated to see if passport is real.
--Tag would contain some sort of lookup string, which would be read, then queried on the backend systems to make sure the tag matches what's on the passport.
ALL this can be done with protection of privacy, IF DONE RIGHT! It's being done today, specifically in the pharma industry.
defcon 2005 (Score:5, Informative)
Re:Informative? WTF? (Score:1, Informative)
Re:Devil's advocate - switch the antenna (Score:4, Informative)
One of the more interesting suggestions in the article is to make the document into a book-style (like passport) and make the cover from RF blocking material - meaning you have to open the "book" to be scanned.
Even the Homeland Security site says 100 feet... (Score:3, Informative)
Not only that, this is discussing doing that while the RFID equipped form is in the possession of the person in a moving car...
A couple of inches? Yeah, right.
--
Tomas
Re:Clear up some of the FUD (Score:3, Informative)
ALL this can be done with protection of privacy
True, if you mean by privacy that someone else can't read your data without access to the database. However, the problem is that someone can still copy your RFID tag and write new data about you in the database. For example with this passport someone could cross the border with a copy of your RFID, marking you as being out of the country.
You could make this harder by using active tags that use a private key to sign messages but don't reveal the private key itself. However, you could still impersonate someone if you work together with a partner in proximity of the victim and you proxy the signal. A way to defend against that would be very strict timings in the reader, but this would probable make the RFID tag too expensive as well. (If you allow 1 millisecond variation in response time, you could proxy the signal 150 km)
It might be possible to do it right, but it probably won't be done.
Re:Clear up some of the FUD (Score:1, Informative)