backtop


Print 27 comment(s) - last by Zoomer.. on Jan 7 at 12:12 AM

Critics decry the design's increased range

With the original incarnation slammed over security concerns, a new breed of RFID-enabled passports received the U.S. State Department’s stamp of approval last Monday. The new passports are set to launch this spring for U.S. citizens entering the United States through land and sea checkpoints.

Readable at up to 20 feet, the next-generation design is supposed to help increase passports’ security and reduce the omnipresent lines found at entry points around the country.

Compared to the previous generation of RFID passport – dubbed “e-Passports” – the new generation of RFID passports contain security features that are far more protected, with many of its developments based on the 4,000+ responses received by the State Department on a public request for comment in December 2006. New security features include:

  • A “randomized unique identification” system that produces a different ID each time the chip is accessed
  • A digital signature that can help identify when the passport’s data has been altered
  • A metallic insert in the passport’s spine and front cover that blocks radio signals when the cover is closed.

While many critics continue to express privacy concerns, the new security features are sufficient to pacify at least some of the passport’s vocal critics. “At the moment, the security protections in U.S. passports are pretty good,” said Ari Juels, Chief Scientist and Director of Massachusetts-based RSA Laboratories, in a December 14 statement to the Los Angeles Times.

The new passport design will use “vicinity read” RFID technology, as opposed to the previous generation “proximity read” technology, which need to be swiped at a scanner and were only readable from a few inches.

However, while the new passports are a definite improvement, critics stress that they are far from perfect. Critics have particularly attacked the new passports’ increased range, which many claim will help facilitate identity theft. In one example, mobile security company Flexilis found the passport’s metallic shielding inadequate, allowing for the passport’s transmitter to be read even when it is closed.

To demonstrate this, Flexilis posted a YouTube video demonstrating a proof of concept where a trashcan armed with an explosive charge detonates as a dummy equipped with the “shielded” passport passes by. The threat, it says, is that terrorists could use the passports’ increased range to selectively identify Americans in foreign lands, possibly taking action against them that may include bodily harm.

Despite the new passports’ flaws – which the Los Angeles Times says are nothing to lose sleep over – most everyone agrees that the changes are a much-needed improvement over the current RFID passport, which gained pariah status among security circles for notoriously weak security features.





Comments     Threshold


This article is over a month old, voting and posting comments is disabled

My only question
By FITCamaro on 1/4/2008 10:15:30 AM , Rating: 5
Why increase the range? Isn't it a good thing that the old ones were normally only readable up to a few inches away? I would prefer it that way.

I'm all for RFID passports to make things quicker and more secure. But they really shouldn't make it readable up to 20 feet away. It should be a few inches so you have to say touch the passport to a sensor that reads the data.

The good thing is that theres already shielded passport holders for these things to stop them from being read.




RE: My only question
By tdawg on 1/4/2008 11:07:37 AM , Rating: 2
I can't see why they'd increase the range so drastically either. If you have to open them up to have them read by the RFID machine, then they can't just be relying on some sort of area grid covering an entryway to scan all people coming down a hallway. Imagine the software trying to track everybody at once, when one or more international flights come in and hundreds of people are going through the system at once. Not to mention trying to physically find the one passport holder in the crowd that raised a red flag?

Why couldn't they just leave the range as small as it was, setup more reader stations and have people flow through the queues? We have to do it for security checkpoints and this doesn't require TSA x-ray techs to monitor it all. If it's so seamless, people won't really have to stop, they'll just pass by the machine and swipe their passport.


RE: My only question
By Alexstarfire on 1/4/2008 11:51:16 AM , Rating: 2
Because that'd help the passenger. I thought everyone figured out that they were trying to find ways to slow us down and make it more of a hassle. 20-ft is way too big an area. All it takes is 1 person with a 3rd party/hacked reader in an airport to get the personal information of hundreds, potentially thousands of people in a matter of minutes.


RE: My only question
By Polynikes on 1/4/2008 12:32:41 PM , Rating: 3
I agree, but I'd just rather not have one of these at all. It doesn't take long to flip open a paper one and put the first page under a scanner. If anything it'll take a couple seconds more, which you have plenty of to waste when getting interviewed at customs.


RE: My only question
By 16nm on 1/4/2008 3:57:13 PM , Rating: 2
quote:
The good thing is that theres already shielded passport holders for these things to stop them from being read.


Really? I've never heard of this before, but I'm glad to learn that someone's got it covered. lol


RE: My only question
By Screwballl on 1/5/2008 1:16:43 AM , Rating: 2
now they just need to combine this with facial and eye recognition so someone isn't using someone else's Passport


RE: My only question
By MatthiasF on 1/6/2008 2:40:45 PM , Rating: 2
I agree, the range provides a sinister opportunity.

Maybe they could make a kill switch? Like a soft button (a spot on the passport you press) that you have to hold in for the RFID to respond to a scanner?

Least it would limit the abuse to specific areas if you had to do something on your part for the RFID to respond.


Why not...
By Strunf on 1/4/2008 11:43:36 AM , Rating: 2
Why not a credit card like passport? Or have the passport included on your ID card...
You have to wait that people move on (walk) so there's close to no difference between just walking and walking while passing the card through a scanner.

Anyway I don't even get the point of this, around here the queues exist at the baggage check and the RFID can't do a thing about it.




RE: Why not...
By sonoran on 1/4/2008 3:01:15 PM , Rating: 2
quote:
Why not a credit card like passport?

You haven't travelled internationally much, have you? Foreign border control points like to stamp your passport as a record of when you entered...and when you're supposed to leave. Entry stamp on the way in - exit stamp on the way out. That way they can tell if you overstayed your visa. How could they stamp something like a credit card?

The size and format of passports has apparently been pretty standardized for a long time.


RE: Why not...
By Alexstarfire on 1/4/2008 8:15:07 PM , Rating: 2
Well, I'm sure that it'd be done digitally just like they do with the RFID tags. Hope you just had a lapse in logic there.


RE: Why not...
By morton on 1/4/2008 11:33:31 PM , Rating: 2
So you're volunteering to foot the bill to supply the readers and databases and support systems to every immigration checkpoint in every country where someone holding one of your credit card passports is likely to enter or exit from?


RE: Why not...
By Strunf on 1/5/2008 4:23:52 PM , Rating: 2
The same guys footing the bill for the RFID would do it for this kind of thing... the other countries would just adapt. A scanner and a database would pay for itself in no time on any country that has a high volume of travelers, and other countries could have this kind of passport for their own travelers too, I don't see any reason to think the passport format we have now is the best we can get.


RE: Why not...
By Zoomer on 1/7/2008 12:12:59 AM , Rating: 2
In the meantime, you would be denied entry to these countries. Good move!


Ring the dinner bell.
By Misty Dingos on 1/4/08, Rating: 0
RE: Ring the dinner bell.
By TomZ on 1/4/2008 12:22:45 PM , Rating: 4
Without said "paranoids," government power would grow unchecked and personal liberties eroded. History has proved that time and again.


RE: Ring the dinner bell.
By sweetsauce on 1/4/2008 6:35:36 PM , Rating: 3
Privacy paranoids? You should be thanking god there are still people in this country willing to fight against stupid things done by our government. The "privacy paranoid" is a dying breed in this country, enjoy them while it lasts.


Actually these have been...
By Marlin1975 on 1/4/2008 10:50:04 AM , Rating: 2
in use a lot longer. DC and some other PP offices has been using the new passports for a while. So if yours came from the DC office, or one of the other ones that were first, then you already have it.
Also it has not been a secret or anything. So if you are alarmed by this pull your head out of the sand.

<-- Works for State (Consular Affairs)




By Marlin1975 on 1/4/2008 10:54:08 AM , Rating: 2
Also the need for 20feet allows faster service and more ease of reading in the long run. 20 feet is not that far anyways. Its not like "the man" is driving by your house and using the secret mind reading powers of RFID in your passport to control you.


By Alexstarfire on 1/4/2008 11:48:19 AM , Rating: 2
I know, I actually got my passport literally a month before they switched to the new electronic ones. That just sucks ass for me. Not a problem yet, but it might be in a few years if I wanna go out of the country. I'd rather not have to go pay for a new one before it's set to expire in 10 years.


20 Feet is ridiculous
By iiiceaser on 1/4/2008 10:41:58 AM , Rating: 3
I agree with the previous comment. Why in the world would we need to be identified from 20 feet away? Truly, an inch is about all that is needed. This seems like a step backwards to me. An RFID chip that can only be read from inches away is really the best/primary security feature you can have... I'm glad I just renewed my passport a few months ago so I won't have to have one of these...




RE: 20 Feet is ridiculous
By frobizzle on 1/4/2008 11:54:48 AM , Rating: 2
20 feet? Does that mean I can use it in the EZ-Pass lane on the New York State Thruway?


Randomized unique identification?
By sonoran on 1/4/2008 3:10:57 PM , Rating: 2
quote:
A “randomized unique identification” system that produces a different ID each time the chip is accessed
Ok, can someone explain how an ID number...that's random...actually identifies anything? If it's random how could it identify a specific person, or a specific passport?




By TomZ on 1/4/2008 5:14:29 PM , Rating: 2
The "random" number is probably used to look up information about the passport holder in a database. In other words, the passport just stores a "passport number" or something like that - and then the passport number, after being read, is used to find the name, address, etc. of the holder in the database.


By Rugar on 1/4/2008 12:22:11 PM , Rating: 2
Seriously, start right now designing a line of attractive passport covers or bags which can block the RF signal. Once you have that in place, start pointing out to people how far away the signal can be read (ignoring if it could be decrypted or not) even when your passport is closed and in your pocket/purse/bag and show them your line of "security" products.

Sounds like an opportunity to make money to me.




Tin Foil
By mattclary on 1/4/2008 1:32:31 PM , Rating: 2
It's not just for making hats now! New! Tin Foil Passport Shields by Ronco!




Ridiculous
By DLeRium on 1/5/2008 12:06:11 PM , Rating: 2
Like many people have said... 20 ft? What is this. Electronic toll? The US needs to get a clue with smart cards and stuff. After visiting Hong Kong, Korea and Taiwan, I'm most impressed with HK's Octopus cards. Korea comes a close second with Taiwan trailing behind. Either way, this is better than WTF we have in the Bay Area. Translink for busses that doesn't even cover the entire bay and BART using EZ-Rider or whatever incompatible separate system it thinks is suitable. Just make it like Mastercard's Paypass/Visa's Wavepay or those Asian transit passes and you'll be fine.

I'm already hesitant to use these cards when my student ID, credit card, rapid transportation card are all smart cards.




RFID
By sek200 on 1/6/2008 9:18:17 AM , Rating: 2
Sounds like Ghetto




"When an individual makes a copy of a song for himself, I suppose we can say he stole a song." -- Sony BMG attorney Jennifer Pariser
Related Articles
US Launches RFID Passports
August 14, 2006, 9:53 AM
RFID US Passports Coming in August
July 14, 2006, 11:49 AM













botimage
Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki