Print 48 comment(s) - last by masher2.. on Aug 15 at 9:44 AM

Government officials insists new passports are secure

This week the US government plans to rollout new RFID passports to citizens nationwide. The new passports contain a chip which requires no power and contains duplicate information of what's printed on the passports. This way, government officials at air ports and other national borders can quickly verify the authenticity of printed information on the passports. DailyTech last reported that the US government planned to issue the new passports this month despite privacy concerns.

Despite the security benefits that the US government is boasting, security advocates and experts say that the new RFID passports present an increased level of danger for passport users. Because of the technology being used, remote RFID readers can read information off the passports for cloning or malicious use. The US government argues that this is no different than having someone steal a physical passport -- they wouldn't be able to use it anyway. Officials claim that the information be stored on the new passports are encrypted and cannot be copied and modified. Likewise, the information on the passports cannot be scrambled or changed because the chips are read-only.

The US State Department already has a fairly comprehensive Frequently Asked Questions website about the new electronic passports.  About half of the official Q&A from the State Department is with regard to security.  For example, the site claims "To prevent eavesdropping, Basic Access Control (BAC) is employed in the U.S. e-passport.  BAC is similar to a PIN used in ATM or credit card transactions.  In the case of the electronic passport, characters from the printed machine-readable zone of the passport must be read first in order to unlock the chip for reading.  Thus, when an electronic passport is presented to an inspector, the inspector must scan the printed lines of data in order to be able to read the data on the chip." 

Staff counsel at the Electronic Privacy Information Center in Washington said that "many of the advantages the industry is touting are eliminated by security concerns." However, a German security company has already demonstrated that information on the new passports can be copied and transferred to another device.  The State Department claims there is an anti-skimming technology in place to prevent this type of exploit specifically, though exact details of the counter-measure have not been revealed yet.

The new passports are being manufactured by Infineon Technologies, but production has not started yet. Other countries deploying new passport technologies include Japan, France and Canada. The new RFID passports are already being used in French international passports and Canada plans to introduce biometric passports sometime in 2007.  Japan's all-biometic passports are already being rolled out in select regions. The UK is still in the planning phases for its passports.

The new passports will cost roughly $97 per passport and includes a $12 security surcharge. The US government expects the technology to be fully deployed within the year. Those with regular passports will still be able to use them until the expiration date is reached.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Master Kenobi on 8/14/2006 1:25:24 PM , Rating: 2
Yea pretty much. This just makes it that much easier. In the long run this is cheaper than maintaining the archaic system we have now. Risk is minimal if its either checking against a database and has no real data on the tag, or they are using a 128-Bit AES or higher encryption, which would be just as easy to implement. And this helps to eliminate human error during the visual checking phase. It's bound to rub some the wrong way but I would have to say these people dont have security clearances. If they think a little RFID tag is "big brother", try going for a security clearance, your entire life is basically an open book, but you go through with it, because thats whats required. RFID tags are no less secure than receiving your bills in the mail with all of your personal and billing information on them.

By Dustin25 on 8/14/2006 2:32:08 PM , Rating: 2
Nightskyre is sitting in his car at a red light. The billboard in front of him has found that he is a frequent purchaser of Viagra and genital wart cream. The Walgreen's up the road is a paid sponsor of the billboard and has a special on just those products. So as Nightskyre is sitting there, the billboard begins to flash the words "Nightskyre, come get a great deal on Viagra and Jim's genital wart cure-all for everyday low low prices just five miles down the road on the right." This of course is just a joke and an exaggeration, but anyone who is cool with targeted advertisement needs to get their head examined. It's not about the advertisement, it's about how companies collect info for that advertisement that irritates me.

By Nightskyre on 8/14/2006 2:51:42 PM , Rating: 2
Is that so? Stop using your credit cards, don't use e-mail, and, oh goodness, please make sure you never ever use G-Mail, or anything Google related, for that matter.

Once again you're assuming a lot of things.

1. That billboard is emitting some serious radio waves if it can pick up my credit card's RFid tag in my wallet. Let's ignore for now the illegality of Walgreens collecting credit card information and pretend I have a "Frequent Savers" card instead. Oh, wait. Why do these (pre-existing) cards exist at virtually every store in the country? Because people are willing to give up privacy for convenience. I save 5% off my purchase and the company tracks what I buy. This is common now. They can, in turn, target me with ads. Hell, even now supermarkets print coupons that are based on what you just bought. Connecting this to my Stop'n'Shop card is just as easy.

So, we've now established that "frequent saver" cards must NOT be something Dustin25 has in his wallet, because he's afraid of companies gathering information about him.

2. Credit cards will have RFid's in them? If that billboard could pick up the RFid at LEAST 40-50 feet away, I'd be pretty impressed. By the time the billboard read my id and started to display the new sign (after accessing its non-local database) I'd be long gone, or gone very soon.

This is, as I mentioned, assuming we ignore the fact that retail companies cannot store my credit card information without my permission, AND that the credit card company has already provided its decryption software to the billboard company (the encryption can be done via hardware and wired into the card reader at the store, thereby retaining the credit card company's right to private encryption information)

And, since it seems to be ignored in, I dunno, every post I've made so far, holy Faraday effect, Batman.

By Knish on 8/14/2006 6:31:55 PM , Rating: 2
Is that so? Stop using your credit cards, don't use e-mail, and, oh goodness, please make sure you never ever use G-Mail, or anything Google related, for that matter.

Don't forget AOL either. Actually especially AOL :)

"This is about the Internet.  Everything on the Internet is encrypted. This is not a BlackBerry-only issue. If they can't deal with the Internet, they should shut it off." -- RIM co-CEO Michael Lazaridis
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki