Follow-Up: Chips in US Passports looking "not so secure"

reveal

Adventurer
http://www.cnn.com/2004/TECH/ptech/11/29/electronicpassports.ap/index.html

WASHINGTON (AP) -- The Bush administration opposed security measures for new microchip-equipped passports that privacy advocates contended were needed to prevent identity theft, government snooping or a terror attack, according to State Department documents released Friday.

The passports, scheduled to be issued by the end of 2005, could be read electronically from as far away as 30 feet, according to the American Civil Liberties Union, which obtained the documents under a Freedom of Information Act request.

Though the passports wouldn't include transmitters of their own, they would have antennas to allow a reader to capture the data.

The ability to read remotely, or "skim," personal data raises the possibility that passport holders would be vulnerable to identity theft, the ACLU said. It also would allow government agents to find out covertly who was attending a political meeting or make it easier for terrorists to target Americans traveling abroad, the ACLU said.

Frank Moss, deputy assistant secretary of state for passport services, said the United States wants to ensure the safety and security of Americans traveling abroad.

"We are still hard at work at ensuring the security and integrity of the data on the chip," Moss said.

He said, however, encrypting the data might make it more difficult for other countries to read the passports.

"It flies in the face of global interoperability," Moss said.

In a memo drafted in August 2003, Moss dismissed objections that information could be copied remotely.

"There is little risk here since we plan to store only currently collected data with a facial image," he wrote. "The U.S. will recommend against the use of PINs (personal identification numbers) or other methods that might be required to unlock a chip for reading."

Moss said in a telephone interview on Friday that the passport data does not need to be encrypted because it does not include fingerprints. Stealing fingerprint data might allow unauthorized access to automatic teller machines or secure computer networks.

Barry Steinhardt, an ACLU lawyer, said skimming photographs and other data from passports does present a problem: thieves could strip away the owner's face and replace it with their own.

"At a minimum, it should be encrypted to prevent unauthorized access by terrorists," Steinhardt said.

Passport data can be protected by enclosing the document in a metal pouch or adding metal fibers to the cover, two options the State Department is exploring, Moss said.

The United States and other countries have been working for at least two years to set new passport standards with the International Civil Aviation Organization, a group affiliated with the United Nations that sets aviation standards.

The documents obtained by the ACLU show that information technology experts and countries including Canada, Germany, the Netherlands and Britain share the suspicion that the international standard set for the electronic passports inadequately protects privacy and security. The standards don't require that data be encrypted.

All new U.S. passports issued by the end of 2005 are expected to have a chip containing the owner's name, birth date, issuing office and a "biometric" identifier -- a photo of the owner's face.

The ACLU warns that the chips ultimately might contain far more data and be embedded in drivers' licenses.

Last month, the Government Printing Office awarded contracts to four companies to develop chip packages that could be incorporated in passports. One or more companies will win a contract for the passports by year's end, and the U.S. government will begin issuing them to officials and diplomats starting early next year.
 

log in or register to remove this ad

1. This will probably end up straying too far over into the realms of politics.

2. The chips only contain the carriers name, birth date & photo. Encryption isn't really a great need there.
 

Krieg said:
1. This will probably end up straying too far over into the realms of politics.

Yeah I see it being closed pretty quickly...

If you really want to be frightened, think about how these are pretty much the same chips Walmart already uses on it's products and are gaining popularity with other stores. They are used to track inventory and for security reasons. Sounds harmless until you find out that the chip reader is only a hundred or so dollars.

So what? Well, now you have the potential for people to drive down the block and "see" who has the most expensive stuff...

**BTW*** Welcome to Neuromancer/Shadowrun :-p
 
Last edited:

There was a thread on here a little while ago discussing the chips to be implemented in passports. A lot of people, myself included, didn't like the fact that they could be read from a distance. It seems our fears were correct; it can happen.

Yes, this info is not great but it can be used against you. Also, what if it DOES become standard in driver licenses? A lot of states use your SSN as your ID number. Or even if they have your standard ID number it's enough to look you up and get your SSN. Scary times.
 


RFID certainly has some potentially troubling uses, but keep in mind that the low frequency chips (which is the majority of the applications they are currently looking at) only have a detection range of around 5 feet or less.

That certainly has potential for abuse, but only with a great deal of expense and effort on the part of someone looking to exploit it.

Personally I would be more worried about the GPS tranceiver you have in your cell phone. :)
 


Piratecat said:
Thanks for using good sense, gang. No need to close this thread so long as it doesn't stray into politics.


Ok, all clear the mods are gone.. commence arguing ;) KIDDING!!!

In anycase, Walmart (grummble) is also backing their inclusion on prescription drugs. So far only on the Bulk supplies to combat theft of large orders, but they're also looking into putting them eventually on individual prescription bottles...

The thing that gets me is the chips are small enough to be woven into fabric and not detected. Has anyone ever seen Minority Report? Where the adds are tailored to each person? COmbine these things with the cookies/popups ideas, and voila...

"Hey guy, I see you like GAP sweatshirts!!!"


**Oh yeah** I almost forgot, there's apparently a Bar in France that has one of the readers and patrons with a tab, and one of these chips implanted under their skin can pay for the drinks on their Tab just by walking through the door/scanner...

The Cyberpunk lover in me says sweeeeet. The paranoid in me says oh noooo...
 
Last edited:

reveal said:
According to the article, the passports can be read from as far away as 30 feet. That's what troubles me.

Never trust anything the media reports as being anywhere close to accurate. :D

Without knowing the exact specifications of the chips going into the passports I couldn't say definitively, but 30 ft is on the high end of the spectrum for most current RFID plans.

FWIW there is a higher powered chip design that can be read out to 75-100ft or so, but they are a good bit more expensive.
 

When I read the story, the ACLU was the one that said it could be read out to 30 feet. I'm sure that of course is the "in best possible conditions" figure, but still.

In anycase, when I first read about the things a couple of years ago, they entioend that really the reader itself plays a lot into how far away it can be read, and "theoreticaly" you could build a reader that can read the current chips from much farther away.

It's quite possible though that I'm completely wrong there, as I'm not an expert on the things. :)

One thing that scares me, is like the French bar thing I mentioned... Ok if more places start doing it, how convinient right? Won't ever have to carry my ATM card in my wallet anymore. Until someone wants to steal my "card" and just cuts it out of my body. Yikes.
 

Remove ads

Top