backtop


Print 48 comment(s) - last by masher2.. on Aug 15 at 9:44 AM

Government officials insists new passports are secure

This week the US government plans to rollout new RFID passports to citizens nationwide. The new passports contain a chip which requires no power and contains duplicate information of what's printed on the passports. This way, government officials at air ports and other national borders can quickly verify the authenticity of printed information on the passports. DailyTech last reported that the US government planned to issue the new passports this month despite privacy concerns.

Despite the security benefits that the US government is boasting, security advocates and experts say that the new RFID passports present an increased level of danger for passport users. Because of the technology being used, remote RFID readers can read information off the passports for cloning or malicious use. The US government argues that this is no different than having someone steal a physical passport -- they wouldn't be able to use it anyway. Officials claim that the information be stored on the new passports are encrypted and cannot be copied and modified. Likewise, the information on the passports cannot be scrambled or changed because the chips are read-only.

The US State Department already has a fairly comprehensive Frequently Asked Questions website about the new electronic passports.  About half of the official Q&A from the State Department is with regard to security.  For example, the site claims "To prevent eavesdropping, Basic Access Control (BAC) is employed in the U.S. e-passport.  BAC is similar to a PIN used in ATM or credit card transactions.  In the case of the electronic passport, characters from the printed machine-readable zone of the passport must be read first in order to unlock the chip for reading.  Thus, when an electronic passport is presented to an inspector, the inspector must scan the printed lines of data in order to be able to read the data on the chip." 

Staff counsel at the Electronic Privacy Information Center in Washington said that "many of the advantages the industry is touting are eliminated by security concerns." However, a German security company has already demonstrated that information on the new passports can be copied and transferred to another device.  The State Department claims there is an anti-skimming technology in place to prevent this type of exploit specifically, though exact details of the counter-measure have not been revealed yet.

The new passports are being manufactured by Infineon Technologies, but production has not started yet. Other countries deploying new passport technologies include Japan, France and Canada. The new RFID passports are already being used in French international passports and Canada plans to introduce biometric passports sometime in 2007.  Japan's all-biometic passports are already being rolled out in select regions. The UK is still in the planning phases for its passports.

The new passports will cost roughly $97 per passport and includes a $12 security surcharge. The US government expects the technology to be fully deployed within the year. Those with regular passports will still be able to use them until the expiration date is reached.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

protecting your data
By Mclendo06 on 8/14/2006 10:46:36 AM , Rating: 2
Would keeping the passport in a metallic ESD bag except for when you are at the passport desk prevent malicious individuals from reading the data off of it?




RE: protecting your data
By imaheadcase on 8/14/2006 10:52:12 AM , Rating: 2
Like the article said it does not matter if someone reads it, they can't do anything with the data from a passport.


RE: protecting your data
By masher2 (blog) on 8/14/2006 11:01:30 AM , Rating: 3
> "Like the article said it does not matter if someone reads it, they can't do anything with the data"

First of all, they can determine you're an American...which is a security risk in itself in many countries. One can even imagine detonators, automatically primed to set off explosive caches, as soon as someone carrying an American passport walks by.

Secondly, the security behind the US passports has already been cracked, allowing in theory at least a person to read the entire contents of your passport remotely:

http://news.com.com/2061-10789_3-6102333.html


RE: protecting your data
By TomZ on 8/14/2006 11:04:54 AM , Rating: 2
I agree with the above concerns, and I think RFID passports are a security risk, and a solution looking for a problem. It seems to expose citizens to all kinds of new potential threats simply in order to save a fraction of a second during passport processing. Why couldn't one of many alternative systems have been used, for example a barcode ID that brings up your identitiy information from a database?


RE: protecting your data
By rrsurfer1 on 8/14/2006 11:19:52 AM , Rating: 2
My guess is someone made a whole bunch of money selling this technology to the government... probably with heavy lobbying.


RE: protecting your data
By PrinceGaz on 8/14/2006 11:18:25 AM , Rating: 2
Okay so other people can determine that you are an American, but they can't use that data to create a passport for themselves so it doesn't impact on national security. The worst that might happen is that you could be kidnapped and/or killed, but national security is not compromised so there is nothing to worry about. I'm not worried about it anyway.

P.S. I am not American.


RE: protecting your data
By TomZ on 8/14/2006 11:47:51 AM , Rating: 2
I think the greater concern is with individual security, not national security. The ability to forge or duplicate passports is the same with and without RFID. What is different with RFID is potential problems with individual security.


RE: protecting your data
By imaheadcase on 8/14/2006 12:50:52 PM , Rating: 1
lol "see you are an american". Like the insignia or the plane ticket is not a clue. Or that your speak english? lol

Making mountians out of mole hills.

Btw they removed the data from passport, they did not read it.


RE: protecting your data
By Soviet Robot on 8/14/2006 2:00:52 PM , Rating: 2
Yeah :| Because only Americans speak english


RE: protecting your data
By masher2 (blog) on 8/14/2006 3:19:05 PM , Rating: 2
Or that Americans cannot speak other languages as well. Or that you continually speak while on a train, bus, or while on a crowded city street.

Seriously, its not that hard for most Americans to blend in reasonably well in a crowd in most foreign locations. That is, unless they have one of these new passports.


RE: protecting your data
By nilepez on 8/14/2006 5:43:12 PM , Rating: 2
He said detonators wired to go off if you're american. Maybe you're unusual, but most of us don't walk around the streets with our airline ticket stub in hand.

As for english, it sounds like you've never left the country. Hard as it is to believe, many, if not all foreigners cannot distinguish between the various english accents, including Britsh vs American. They certainly won't differentiate between Canadian and American.

The system will be cracked (I guess it already has) and identities will be stolen.

There is no security that can't be defeated and this is no exception.


RE: protecting your data
By Knish on 8/14/2006 6:30:25 PM , Rating: 1
quote:
He said detonators wired to go off if you're american. Maybe you're unusual, but most of us don't walk around the streets with our airline ticket stub in hand.


I am guessing you haven't travelled overseas much. I have an Israeli and a US passport. Whenever I travel, especially to Asia, I *always* have my passports with me.

1.) No one steals it from my hotel room
2.) If you get arrested or in trouble and need to go to the embassy, your passport is the only thing anyone will accept as far as identification
3.) Considering the turbulence in the world, if I had to get out of the country *fast* I am not going to screw around and go back to the hotel room -- I'm booking it to the airport and I already have my passports with me.



RE: protecting your data
By FITCamaro on 8/14/2006 3:19:42 PM , Rating: 2
As someone else said, the security has already been cracked. But even if it hadn't, eventually it would be. There is no encryption out there that is 100% crackproof. Sure it might just take a little longer, but it can and will be done. If major government systems like the FBI and CIA can be cracked, you can be damn sure something like a security key on an RFID chip will be.


RE: protecting your data
By Spinne on 8/14/2006 10:56:03 AM , Rating: 2
Probably, yes. Bthen every time you pass by a hidden passport reader, you'll have the marines stopping you to see what you're doing walking around with no passport.
On another note, let me guess, so far passports from different countries are not mutually readable, right? So if I did go to Japan or wherever, my electronic passport would be useless, right?


RE: protecting your data
By rrsurfer1 on 8/14/2006 11:31:40 AM , Rating: 2
Another good point. If they are going to do it, the tech should at least be standardized for use anywhere in the world. Easier said than done but I don't think there's really need for these passports at this time, so a bit of a delay for standardization would have been fine.


RE: protecting your data
By Master Kenobi (blog) on 8/14/2006 11:03:12 AM , Rating: 2
with such a small amount of data, one could toss a 256-bit AES encryption key on there and good luck to any hacker trying to break it.


"I'd be pissed too, but you didn't have to go all Minority Report on his ass!" -- Jon Stewart on police raiding Gizmodo editor Jason Chen's home

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki