Forgot your password?
typodupeerror

E-Passport In the Works 300

Posted by Zonk
from the chip-makers-pleased dept.
ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports — about 13 million will be issued in 2006 — will contain such chips.'"
This discussion has been archived. No new comments can be posted.

E-Passport In the Works

Comments Filter:
  • 10 years (Score:3, Interesting)

    by lawpoop (604919) on Tuesday August 22, 2006 @11:34AM (#15955778) Homepage Journal
    Passports are valid for 10 years upon issue, IIRC. Are you telling me that secure passport tech will slowly be phased in over 10 years? Because we all know how often Americans travel overseas.

    If anything, this will raise the value of existing non-RFID passports, since they are more easily modified to indentify someone else.
    • by krell (896769) on Tuesday August 22, 2006 @11:41AM (#15955844) Journal
      "Because we all know how often Americans travel overseas."

      Hey, I went to New Mexico twice in the last 6 years. That's fairly often, I think.
      • by clickclickdrone (964164) on Tuesday August 22, 2006 @11:50AM (#15955942)
        I used to find the low number of Americans with passports rather scary and insular until someone pointed out you only get 2 weeks vacation a year. With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.
        Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday :-)
        • by OakDragon (885217)
          ...you only get 2 weeks vacation a year.

          Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

          Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

          Wow, who pays for that?

          • Re: (Score:2, Informative)

            by Anonymous Coward
            uh, what? I literally get two weeks of vacation a year. Anything more than that is "leave without pay". If I tried to take my two weeks of vacation all at the same time and also take two weeks of leave without pay my supervisor would deny it and probably have me fired. I don't know anyone who can "arrange their vacation time vs. work time quite easily" - everyone has to get it approved by a supervisor and rarely takes more than a few days at a time.
            If I lived in the EU I would get 4 to 6 weeks of paid vacat
          • by CastrTroy (595695)
            I think that what he is referring to, is that the minimum allowed that your employer is allowed to give you is 2 weeks, wheras in Europe (or parts of Europe), it's 6 weeks. Of course in the US, if you have a good high status job, you can get more holidays, although I'm sure in Europe you can too. I know someone from Germany who gets 3 months off per year. And they don't work at a school.
            • Re: (Score:3, Informative)

              by Rosonowski (250492)
              I don't think there's anything about a minimum of vacation time, at least not for hourly wage earners. I don't get ANY vacation time, so any time I want to take off, I have to figure out how to make up the money.
              • by CastrTroy (595695)
                I'm unsure of how it works in the US, but in Canada, they can either give you the money when you take the time off, or give you an 4% on every pay cheque, and not pay you when you take the time off. They may also decide to give you the 4% at any time throughout the year in 1 lump sum, regardless of whether or not you are taking vacation. You may never actually take vacation, especially with part time jobs, because you may not feel you need it, but you should still be getting paid for it.
          • by Maximilio (969075) on Tuesday August 22, 2006 @12:17PM (#15956164) Homepage Journal
            Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

            "Prefer?" I prefer quite a bit more time off. I would imagine most people do. The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground and causes them to change jobs on an average of every two or three years and careers on an average of every 10 or 15 years. You ask, stupidly, who pays for Europeans' 6 weeks holiday -- obviously as a cultural norm the employer shells it out. It's a quality of life issue.

            But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle. I think, given 6 weeks of guilt-free holiday, most Americans would take it gladly.

            • Re: (Score:2, Interesting)

              by Anonymous Coward
              Yes, individually you probably would like 52 weeks of paid time off, as a society though, Americans aren't fond of vacations. As an ex-pat living in Italy, it still irritates me to no ends that around august, nothing is open. Its also irritates me that people take so much time off. For example, one day out of the week my favorite restaurant is closed (on Tuesdays). No, of course its a small thing, but if you come here don't be expecting to be able to get breakfast tacos at 3AM here. (mmmm...midnight tacos..
              • by PPGMD (679725) on Tuesday August 22, 2006 @01:43PM (#15956916) Journal
                It can also be frustrating to those working on a tight schedule.

                One of my clients is a developer company, based in Mexico City, but with offices in most of the vacation hot spots in the US (because they own high rises in all those cities). There were having issues with their ERM, because it was a fixit session it was scheduled between other trips, and I only had two days on site. Well that wouldn't have been an issue, if they didn't stop working everyday for 3 hours to have lunch and watch the World Cup.

                I don't know what it is, but the way we work versus the way that work is done in Europe and Latin America, is hugely different. I like to relate, to the Super Market that was across the street from where I was staying in Amsterdam, they were open M-F 10am-5pm, for an American that is unfathomable, Europeans are used to it, and adept to it, and I did too (by adept I mean I mostly ate at restraunts that were open later in the evening) when I was there for 3 months on a project. But it's quite strange for someone who's last job involved making a 1am Taco Bell run during my 11pm - 11am shift.

            • Re: (Score:3, Insightful)

              So emigrate.
            • Re: (Score:3, Insightful)

              by phulegart (997083)
              what kind of contradictory Bullshit are you spewing? First you say...

              "The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground"

              Which clearly indicates you believe that U.S. Citizens are pushed against their will to work as much as they do, because the CEOs and other corporate bigwigs want to increase the amount in their already overfull pockets. Then you say...

              "But please, don't insinuate that
              • Re: (Score:3, Interesting)

                by Grishnakh (216268)
                Personally I've never had a job where I had 2 weeks official vacation time per year. And I'm a U.S. Citizen.

                Sounds like you're either a workaholic, or you need a new job. I had 2 in my first job, 5 in my second job (state government; paid better than the private companies in the area were paying too!), and 3 in my third (current) job. And I've always been able to actually use that time. And in my current job, I get an additional 8 weeks off every 7 years. Not quite up to European standards, but much bet
          • Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

            Are you kidding me? "As a nation", we take what we can get. And all we can get is 2 weeks per year or less.

            I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

            Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

            Wow, who pays for that?


            If the entire society accepts that this is normal, then no one pays for it.

            Let's face it - the world works the way it does because we accept that the world works that way. If it worked differently, we'd accept that too. I mean, who's "paying" for the fact that you're sleeping 8 hours a day rather than working? You, and the rest of American society (at least to this point) has drawn the line at having at least enough time off every day to sleep. Nobody "pays" for that; that's just the way society has chosen to work. Could companies make more money if all of their employees worked 24 hours a day, 7 days a week? Sure. But you don't "pay" for something that never existed in the first place. That downtime is just downtime, not a debt that needs to be paid.

            We Americans are overworked. We work more hours, on average, than any other nation in the world (yes, including places like Japan, which lets its employees have an average of 25 non-weekend days off per year). But it's not by and large because we want to, it's because we're demanded to and because employers have decided for us that this is the cultural norm. Someday, maybe we'll get in step with the rest of the world and realize that there are more important things in life than work.
            • Re: (Score:3, Insightful)

              by Kadin2048 (468275)
              I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

              I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

              Actually, very few people in my line of w
              • Re: (Score:3, Insightful)

                by TClevenger (252206)
                I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

                Out of the people who I've encountered who don't take their full 10 days (14 days? What country do you live in?), nearly all are concerned that either their work will pile up and overwhelm them on their return, or will get piggybacked onto their already overworked coworkers (and in return, they'll be picking up the slack for the coworkers.) Thus,

        • by i.r.id10t (595143)
          Folks just aren't working in the right places. I get 2-3 weeks off every between the fall and spring semesters (christmas time), paid, since the college I work at is closed. I also get spring break off (usually the week of my birthday in March), paid, since the college is closed. And then all the little 3 and 4 day weekends for labor day, etc. And then I also get my "regular" paid time off/vacation time plus sick days. Sure, working in education doesn't pay as much as it could, but for the amount of ti
        • Re: (Score:2, Insightful)

          by CagedBear (902435)
          With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.

          This is true. In fact, I live in upstate NY and feel it would take a lifetime just to fully explore my own state let alone the rest of the coutry. There is a whole lot to do in the U.S. and not nearly enough time to do it in.
      • I recall the date is Dec. 31, 2006, though there might be exceptions for a few miles across the border.
    • You can renew your passport without replacing it. It's cheaper than getting a new one too!
  • WHY? (Score:5, Insightful)

    by rkhalloran (136467) on Tuesday August 22, 2006 @11:35AM (#15955786) Homepage
    A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?
    • Re:WHY? (Score:5, Insightful)

      by gEvil (beta) (945888) on Tuesday August 22, 2006 @11:38AM (#15955816)
      It's all about appearances. Nothing more, nothing less. If the general population thinks that high-tech passports are more secure, then high-tech passports are what they general population will get.
    • Re:WHY? (Score:4, Insightful)

      by Red Flayer (890720) on Tuesday August 22, 2006 @11:40AM (#15955832) Journal
      A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?
      The same reason we can't take bottled water on an airplane -- pandering to gullible voters.
    • Re:WHY? (Score:5, Insightful)

      by eno2001 (527078) on Tuesday August 22, 2006 @11:40AM (#15955834) Homepage Journal
      Because... some stupid fucking PHB somewhere heard that RFID is the "next big thing (TM)" and just had to have it before those damn Canadians do. I honestly think that's all it comes down to. Someone thinks RFID sounds cooler than 70s mag stripe technology. If you ask me it's fucking stupid. Of course what do I know, I hate the direction the United states has taken the past six years. I'm fucking trapped here though because I can't just afford to pick up and leave. Have to make the best of in these hard times.
    • A 'chipped' passport would be susceptible to drive-by scanning

      Doesn't really sound like it. From the TFA:

      He said the e-passports must be brought within 3 inches of a radio-frequency identification device that works in combination with other security features to prevent unauthorized peeking into the chip.
      • by SgtPepperKSU (905229) on Tuesday August 22, 2006 @11:55AM (#15955970)
        More info form department of state [sfgate.com]:
        The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed; Basic Access Control (BAC) technology, which requires that the data page be read electronically to generate a key that unlocks the chip, will prevent skimming and eavesdropping; and a randomized unique identification (RUID) feature will mitigate the risk that an e-passport holder could be tracked. To prevent alteration or modification of the data on the chip, and to allow authorities to validate and authenticate the data, the information on the chip will include an electronic signature (PKI).
      • 3" from the "designed" reading equipement, not from a "modified" directional antenna. Besides, if someone can get clsoe enough to pick your pocket, they can be close enough for a walk-by reading.
        • Read the post above yours. The covers of the passport act like a Faraday cage. I'd still like to see tests of whether you can saturate the passport with enough RF to actuate the chip using a small parabolic antenna (and disregarding normal safety standards), but it does seem like they've considered this possibility. That's a small good sign.

          More importantly though, if they can pick your pocket, they can just steal your passport and then do anything with it that they want, so I think that's really not a grea
    • by lawpoop (604919)
      <tinfoil hat> It's a small step to get people prepared for implanted RFID chips. Same reason they want to implant soldiers and medical patients. </tinfoil hat>
    • Cause it's technology! It's clearly unbreakable.

      Frankly, I'd be worried about a magstripe even. Why not use a 2D barcode, like DataMatrix? It'd speed up the process, not susceptable to interference, corruption or loss, and it's just as secure.

      Technology is not a miracle cure, but they keep treating it as such. What'll happen if power goes down to their fancy RFID readers, cause power NEVER goes out at LAX...
      • Re: (Score:3, Insightful)

        by dhasenan (758719)
        2d barcodes can't hold that much data; or rather, their data density sucks. You've got an analog portrait and you're trying to convert that to a binary 2d barcode in perhaps four times the area, with pixels that measure millimeters across.

        If the power goes down, they won't authenticate passports. Perhaps at the Mexican border, they'll stop anyone who looks Hispanic until the power returns. Perhaps at LAX, they'll stop anyone who speaks with a non-American accent (those who have American accents have either
    • Re: (Score:2, Insightful)

      by Threni (635302)
      > adds nothing a mag-stripe couldn't,

      If it's done properly it would be harder to produce. Anyone can write to a mag-stripe, but the Chip and Pin system in the UK, for instance, is more secure.
      • >Chip and Pin system in the UK, for instance, is more secure.
        That'll be the one where the PIN terminals let everyone else in the queue watch you type in your number because the so called protective sides are so small or badly positioned as to be useless.
    • >What's the point?
      Because Joe Public will see the govt are doing *something* and be happy. The fact that those of us with half a brain know it's a waste of time is irrelevent.
    • Re: (Score:3, Insightful)

      by supabeast! (84658)
      "What's the point?"

      It has TECHNOLOGY! The technology will solve all out problems! Next we can add encryption to the technology so that it will be even more technological! And because Americans can't even wrap their heads around evolution, there's no way this nation of idiots will figure out what a load of BS this is and demand that politicians stop wasting resources on pork like this and actually get something done!
    • Re:WHY? (Score:5, Insightful)

      by amliebsch (724858) on Tuesday August 22, 2006 @11:52AM (#15955951) Journal
      If the chip only carries an encrypted photo of myself, then thieves can't steal any information that they couldn't get by looking in my general direction. But it does make the passport much more difficult to forge, and more difficult to use fraudulently. That seems pretty reasonable to me.
    • The RFID passtports have to be opened to be read due to protective foil covers. However, here's still alleged advantages of chip compared to a magnetic stripe. Foil covers wont prevent a hotel or bank from reading the chip.
    • A RFID chip has got an enormous advantage in comparison to magnetic stripe : no meccanical part for the reading.

      But if you had comparied to a bar-code tag (2D or 1D) then you would have been right : this bring nothing.
    • by Ucklak (755284)
      I'm not in favor of this tech but since when can one assume anothers physical identity by merely driving by?
      Isn't the purpose of adding a photo within the hash forcing a visual check?
    • by HTH NE1 (675604)
      A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

      It's to help the terrorists target Americans, adding fuel to the fire of the War on Terror. And once the encryption is broken, not only will they know there's an American in their midst, they'll also be able to identify the specific target from the photo.
    • Re: (Score:3, Interesting)

      by Lord Ender (156273)
      The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.
      • Re: (Score:3, Funny)

        by Andrewkov (140579)
        This technology will just encourage unlawful face transplanting. Haven't you seen that John Travolta movie?
      • BECAUSE! (Score:3, Interesting)

        by TiggertheMad (556308)
        The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

        Ah, but what if the 'Thief' doesn't want to so much steal your identity, as pick an American tourist out of a crowd of hundreds of other tourists? This isn't giving you a secure digital picture. It's painting a huge bulls-eye on your forehead...
  • by Skyshadow (508) * on Tuesday August 22, 2006 @11:36AM (#15955795) Homepage
    Came back through SFO from Edinburgh yesterday and saw signs for a couple of dedicated test lanes for this (they were closed, but they were all set). I was wondering what the heck it was about.
  • American Made (Score:4, Insightful)

    by neonprimetime (528653) on Tuesday August 22, 2006 @11:37AM (#15955804)
    A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

    Why do we always have to get everything from the Germans? (beer & cars for example) Why can't the government contract this out to good ol' American workers? Especially since it deals with National Security?
    • Why do we always have to get everything from the Germans? (beer & cars for example)

      Gee, that's funny -- GM (American) is the largest automaker in the world, and the largest supplier of autos domestically. InBev is the world's largest brewer, it's headquarters are in Belgium but it is a truly global company.

      Why can't the government contract this out to good ol' American workers?

      Because gool ol' American workers don't exist anymore. Actually, that's not quite right -- good ol' American manufacturing p

    • by gothzilla (676407)
      The industrial age is over. Corporations are now global and span across the borders of many different countries. When looking for the best company to do the job, you don't limit yourself to only companies that are solely located in the USA. That would be silly.

      Infineon has plants in Asia, North America, Europe, and Africa. They have representative offices in 42 states in the USA, as well as in many different countries around the globe. Why shouldn't they be allowed to bid for the project?

      Infineon's USA plan
  • encrypted? (Score:5, Insightful)

    by Lord Ender (156273) on Tuesday August 22, 2006 @11:37AM (#15955810) Homepage
    When they say "encrypted," do they actually mean digitally signed? Being able to provide a digitally signed (by a government key) passport photo in a machine-readable form would be good for security.

    But simply encrypting the message with a symmetric key (as seems indicated by the blurb) would be bad for security, because many people would have the key, and so it would provide a false sense of security.
    • From The Dept of State [state.gov]

      The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is f

  • by krell (896769) on Tuesday August 22, 2006 @11:38AM (#15955817) Journal
    "Mr.... let's see 5AVE On Va1iumViagraCialis? Yes, everything checks out. Welcome to America!"
  • by MikeRT (947531) on Tuesday August 22, 2006 @11:41AM (#15955838) Homepage
    One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak:

    1) All computer security systems have been defeated.
    2) This is kinda like one of them thar computer security systems that has been defeated.
    3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
    4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American.

    If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.
    • by pilgrim23 (716938) on Tuesday August 22, 2006 @11:53AM (#15955957)
      Entebe Incident; The Hijackers went around the plane asking for Israeli Passports. Now it is so much easier. Welcome to the new world of "Wand and Shoot".
    • Re: (Score:3, Insightful)

      by kevin_conaway (585204)

      One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak: 1) All computer security systems have been defeated. 2) This is kinda like one of them thar computer security systems that has been defeated. 3) I'm carrying this thing around the world,

      • More Lack of Logic (Score:3, Insightful)

        by dereference (875531)

        Well, according to the TFA: The chips carry an encrypted digital photograph of the passport holder..

        Remember everyone, just by going out in public you are letting the world know what you look like! Time to start investing in brown paper bags

        You seem to be missing the whole point here. According to logic, it doesn't really matter what contents are being stored on this chip. It could be an encrypted random number for all anyone cares, since (as the GP correctly noted) the very existence of any such

    • Re: (Score:2, Interesting)

      1) All computer security systems have been defeated.
      2) This is kinda like one of them thar computer security systems that has been defeated.
      3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
      4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American. If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

      This seriously got mod'ed up?

      Come

      • by volsung (378)
        If the problem is so bad, maybe Americans should be supplied with passports disguised as 'insert country of choice', and all given elocution lessons before they leave the US?

        That's called the CIA.
  • by invader_allan (583758) on Tuesday August 22, 2006 @11:42AM (#15955852)
    We all know that paper is so easy to modify, so we need to go to chips. Chips are more secure, while harder to duplicate. Like game chips, which don't get coppied freely like paper products such as books. Books can also be "emulated" in pdf or e-text formats. Chips can't be emulated or falsely burned with someone elses data!
  • Heh heh (Score:5, Interesting)

    by rice_burners_suck (243660) on Tuesday August 22, 2006 @11:42AM (#15955853)
    I bet there won't be a device in existance that can actually read the chip that will be embedded in these passports. I say that because my Permanent Resident card (greencard) is supposedly the most advanced ID card ever made, with all kinds of weird embedded information and whatnot, making it impossible to counterfeit. Or at least that's the theory, because although they spend ridiculous amounts of money to make these cards contain all that personal information, there is reportedly not a machine in existance that can read the information off the card. Typical government nonsense. It's like trying to invent the modem with enough funds to build just one.

    And if we're already on the subject of the government, why are they spending all this money to make sure passports can't be faked, greencards can't be faked, etc., if there is absolutely positively nothing being done to stop the flood of immigrants, criminals, drugs, and terrorists that are crossing our totally unprotected borders into this country every day? Every time this issue comes up, idiots say it's racism. Sorry, it's not racism to stop people and things that shouldn't be here illegally from coming here illegally.

    • by megaditto (982598)
      On topic: Why not store the fingerprint/retina image/DNA digest-linked profile on a centralized server? At the border you provide a finderprint (or DNA in case of amputation, etc.) and your info is pulled up from a secure database. In terms of security this should be better than surrendring the control over the ID (passport) token and its info to a spy or a terrorist?

      Off topic: Funny how most anti-immigration crusaders seem to be either rustic yokels or recently naturalized citizens. We welcomed you into th
  • I just renewed my passport last month, despite having a little over 3 years left before it would have expired. Now I'm damn glad I did...in ten years time, when I have no choice but to renew again, at least I won't be getting Version 1.0 of the US Government's Made-to-be-cracked ePassport.
  • by RichMan (8097) on Tuesday August 22, 2006 @11:47AM (#15955911)
    So now the bomb makers can design bombs to explode when a certain number of american passports are within range.

    They don't need to correctly talk to the passports only determine that they are american passports.
    • Re: (Score:3, Insightful)

      by moosesocks (264553)
      Not sure why this was modded as funny.

      This could potentially become a huge problem for Americans traveling overseas, especially considering that the Government advises Americans abroad to not advertise the fact, while at the same time, they're equipping us with radio beacons that scream "HEY! OVER HERE! THAT'S RIGHT! HERE! LOOK! AMERICAN! AMERICAN!"
  • by SgtPepperKSU (905229) on Tuesday August 22, 2006 @11:51AM (#15955945)
    I actually ran into this a few days ago while looking into getting a passport. They announced [state.gov] this on the 14th.
    The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients).
    It seems the passports will come with their foil hats pre-installed ;-)
  • by NiteHaqr (29663) on Tuesday August 22, 2006 @11:54AM (#15955965) Homepage
    What with the UK government wanting to force an ID card on us - seems applicable to Passports/Driving Licenses too.

    Take a standard Credit Card sized plastic card.

    Put a chip on it like credit cards use - not an RFID tag, just a simple chip that can store ONE piece of info.

    That piece of data will be unique to that person, and is their ID in the system.

    On the card we print a photograph, their name and date of birth.

    When the card is presented at an appropriate terminal, a database lookup is done for the ID. The card reader then displays a "virtual" version of the card.

    Visual inspection will allow the person doing the Identity Check to confirm the persons ID.

    ID cards to be updated every 5 years, replacements for lost/stolen/damaged to be charged at cost, and be available within 2 working days, with designated places (like police stations) being able to print out temporary ID papers until replacement card arrives.

    As long as downloads to terminals are encrypted, and the credentials of the operatives inputting data onto the system are checked, we have a secure system with no privacy concerns that SHOULD be cheap to implement.

    Other systems, Passport Control etc could be tied to the database with your ID reference number becoming your Passport number - Give each person a pin number (or if you really insist use biometric information) and you have a bank/credit card that should also help prevent fraud.

    Anyone see any holes in my plan?

    • Re: (Score:3, Insightful)

      Anyone see any holes in my plan?

      Yep. Reliance on a very large central database. What if the database goes down? What if the database gets hacked? With the very large number of people you would have to have entering data into the system, chances are one or more those people will allow unauthorized access into the system, either intentionally or unintentionally.

      What if the person checking ID loses connectivity to the database?

      Example: I want to steal $25,000 out of your account. I forge your passport, c

    • by Dark Coder (66759)
      Plenty of holes.

      Put more than one thinking caps on.
  • And, as I have no intention or interest in visiting the US, I gave it 30 seconds in the microwave. Problem solved. They've been issuing these things over here since the end of July - I missed the deadline for a "real" passport by 5 days. Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me. They can't store a 40K jpeg in an RFID tag, at most it could be a (small) hash, but that would be useless as obviously another image of my face will have a com
    • Anyone got any idea what the UKPO means by asserting this thing's "biometric"?
      It means there's a Star Trek fan in the PO who finally got a chance to use technobabble on the job.
    • We (the Netherlands) also recently went to the chip-embedded biometric passwords: Afaik, it's biometric as the different proportions of your face are stored in there: For example, one is not allowed to laugh/smile/frown when having a passport-photograph taken, as it would mess up the 'default' state of your face.

      As (one of) the definitions of biometric is : A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an enrollee.
      I
    • Re: (Score:3, Interesting)

      by Dun Malg (230075)

      Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me.

      From www.passport.gov.uk
      "How will facial biometrics work? Facial recognition will map various features on the face, for example, the distances between eyes, nose, mouth and ears. The measurements will be digitally coded and held on an electronic chip secured in the passport page."

      Your passport required a picture, right? Congradulations! You have been biometricized!

  • by davidwr (791652)
    1) phase in new tech you know isn't bug-free
    2) wait for major security hole to be found
    3) come up with a fix
    4) ???
    5) PROFIT!!!

    Step 4 is to make people who want the fix to pay for a replacement passport.

    The e-voting-machine vendors are taking the same approach. Ditto many other technology vendors.
  • by Androclese (627848) on Tuesday August 22, 2006 @12:04PM (#15956051)
    It's an arms race against those that would forge a US Passport; they are using technology to make the Passport better. We know they are being faked right now under the current technology, so now they have added this chip with a digital picture of you to make it harder for them to duplicate.

    Will it eventually be hacked/copied? Yes. Does that mean we throw up our hands in the air and stop trying? Taking a defeatist attitude gets us nowhere. When this one gets hacked, we'll add more forgery deterrents. Take at look at the US currency; its the same thing.

    It is just one more tool we can use to keep pace/ahead with those that want to forge them.
    • by lawpoop (604919) on Tuesday August 22, 2006 @12:37PM (#15956318) Homepage Journal
      I agree that we need to continue to constantly increase our security measures, but I believe there is a danger in supposed security measures which actually *don't* increase security. It causes the users of such measure to relax their guard, assuming that they are safe when they actually may not be.

      As far as anti-counterfeiting measures, the 9/11 terrorists had valid passports and IDs, so how exactly would this prevent terrorism? If an immigration official lets his guard down because a person has an RFID passport, he may be ignoring other tip-offs that would alert him to suspicious activity. This would probably only really effect illegal immigration.

      Again, no one is saying that we shouldn't increase security measures. But let's not claim that this is a panacea, or going to do something that is actually can't. Americans seem to have the belief that some simple technology will solve any problem we encounter. The reality is that we have to hire and train competent personnel in immigration and security. Mass surveillance, face recognition, gait recognition, etc. will not keep us safe from terrorism; motivated terrorists will always outsmart the machine or system. What we need is human intelligence, building contacts and infiltrating groups. These sorts of technological fixes are just to pacify jittery Americans into thinking that something is being done.
    • Re: (Score:3, Insightful)

      by Sycraft-fu (314770)
      Yep, it's just like any of the other security advances. The passport revision just prior to this one, the one I have, already has a hidden pciture on it. It's on the opposite side of the main picture and shows up only under UV light. Agian something that is possible to duplicate (I mean of course it's possible to duplicate, it was possible to make it in the first place) but it's another layer.

      The idea is that the easiest method of passport forgery is just to alter the picture. You nab my passport, stick you
  • by mpapet (761907) on Tuesday August 22, 2006 @12:09PM (#15956089) Homepage
    Forget about the so-called security. It's "secure" to the vast majority of voters.

    The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.

    This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.

    FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.
    • by Moraelin (679338) on Tuesday August 22, 2006 @12:41PM (#15956354) Journal
      So I went to the shop yesterday to buy a couple of PSP games. So I pull out my plastic debit card to pay with it. They have these numeric pads with a slot for the card and a small LCD display around here in a lot of shops. (The super-markets and such just ask you for a signature, but almost everyone else has a PIN pad.)

      "Oh," says the clerk, "the connection's been down the whole afternoon."

      It's not even the first time something like that happens. It's not often, but it does happen.

      So for purchasing games or groceries, ok, I can just pull some banknotes out of the wallet. But it kinda scares me that I'd have to depend on something like that at an airport.
    • Re: (Score:3, Informative)

      by swillden (191260) *

      FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

      Actually, they not only store the photograph on the chip, but they store a fairly large, high-quality photograph (~30KB). The reference data set used for testing implementations of the ICAO electronic passport is almost 50KB in size, total. T

  • As featured a couple of weeks ago in this article [wired.com] on Wired, these RFID chips have already been hacked. From TFA:

    LAS VEGAS -- A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

    The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Syst

  • In light of terrorism, illegal immegration, identity theft and white collar crime, we will need not only passports with chips, but national IDs with smart chips too.

    Not just your appearance, but your fingerprints, iris pattern, voice patterns and probably eventually unique DNA markers will be necessary. And a good long PIN or passphrase.

    Those predicted bar codes on the forehead and arm look pretty likely, too.

    "I'm sorry officer, my USB port is down. Could you use my saliva?"
  • Missing the point (Score:2, Informative)

    by BigJavaGeek (649952)
    Most posters here are missing the point. The RFID tags are not used to store the images, just a reference to your ID in a database. It's about the same level of additional security the CVV (3 digit number on back of credit card) provides on top of your credit card number. It's a second factor that can provide a verification for the primary data (the picture/name in your passport). It's also like adding the little plastic strip inside US currency. You don't accept money from someone that is blank paper
  • by ai3 (916858) on Tuesday August 22, 2006 @01:08PM (#15956589)
    In Germany we have RFID passports since last year. This despite much criticism (the old passports were considered one of the most secure documents ever). The new passport costs 59 euros, the old one was just 26 euros, so I got myself an old one just before the deadline.

    In my opinion, the e-passport was largely introduced to secretly subsidize the biometrics sector: The interior minister responsible for the e-passport, Otto Schily, joined two biometrics companies this month :)

    Source (german only, sorry): http://www.silicon.de/enid/cio/21505 [silicon.de]

Kill Ugly Processor Architectures - Karl Lehenbauer

Working...