Print 48 comment(s) - last by masher2.. on Aug 15 at 9:44 AM

Government officials insists new passports are secure

This week the US government plans to rollout new RFID passports to citizens nationwide. The new passports contain a chip which requires no power and contains duplicate information of what's printed on the passports. This way, government officials at air ports and other national borders can quickly verify the authenticity of printed information on the passports. DailyTech last reported that the US government planned to issue the new passports this month despite privacy concerns.

Despite the security benefits that the US government is boasting, security advocates and experts say that the new RFID passports present an increased level of danger for passport users. Because of the technology being used, remote RFID readers can read information off the passports for cloning or malicious use. The US government argues that this is no different than having someone steal a physical passport -- they wouldn't be able to use it anyway. Officials claim that the information be stored on the new passports are encrypted and cannot be copied and modified. Likewise, the information on the passports cannot be scrambled or changed because the chips are read-only.

The US State Department already has a fairly comprehensive Frequently Asked Questions website about the new electronic passports.  About half of the official Q&A from the State Department is with regard to security.  For example, the site claims "To prevent eavesdropping, Basic Access Control (BAC) is employed in the U.S. e-passport.  BAC is similar to a PIN used in ATM or credit card transactions.  In the case of the electronic passport, characters from the printed machine-readable zone of the passport must be read first in order to unlock the chip for reading.  Thus, when an electronic passport is presented to an inspector, the inspector must scan the printed lines of data in order to be able to read the data on the chip." 

Staff counsel at the Electronic Privacy Information Center in Washington said that "many of the advantages the industry is touting are eliminated by security concerns." However, a German security company has already demonstrated that information on the new passports can be copied and transferred to another device.  The State Department claims there is an anti-skimming technology in place to prevent this type of exploit specifically, though exact details of the counter-measure have not been revealed yet.

The new passports are being manufactured by Infineon Technologies, but production has not started yet. Other countries deploying new passport technologies include Japan, France and Canada. The new RFID passports are already being used in French international passports and Canada plans to introduce biometric passports sometime in 2007.  Japan's all-biometic passports are already being rolled out in select regions. The UK is still in the planning phases for its passports.

The new passports will cost roughly $97 per passport and includes a $12 security surcharge. The US government expects the technology to be fully deployed within the year. Those with regular passports will still be able to use them until the expiration date is reached.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Nightskyre on 8/14/2006 1:37:05 PM , Rating: 2
So, in other words, you're telling me that global companies that may or may not have their central offices in the States are held under the same set of restrictions (or freedoms) that the government is? I disagree with that.

Further, if there are RFid tags in money, now the companies have to pay the government money to access whatever encryption may be used on the money. More government income from business.

"Anytime you walk into a building the system will know what cards you are carrying and the name and address on those cards and will know how much cash you're carrying."

No, not really. When you swipe your credit card through a machine in a store, it doesn't transmit any address information, it transmits an account number. The same information the store would get from you using the card is the information they would/could get when you entered the store. The credit card companies would be in serious trouble if they started distributing customer's private information through a medium like an RFid on a credit card. Once again, this is an example of a paranoia over a new technology that is irrelevant because the information that is being transferred is already being transferred through another more archaic medium.

"With the advent of more and more products equipped with rfid readers for your home, they will be able to tell what room you are in in your own home."

This is, of course, assuming you carry your wallet when you take a shower, walk the dog, go to sleep, etc. It is also assuming your house is linked up to a central database somewhere, which is a HUGE assumption you are making that probably isn't true. Putting an RFid in a credit card is very different from saying "Hey, mister consumer, can I stick this box in your closet and plug it into your internet connection?"

"Of course the government will want these corporate rfid databases linked to government computers."

Aren't these the same types databases that the government can't obtain without a warrant or other such legal documentation that gives the government a reason to GET this information?

"There is even a company that wants to set up rfid billboards. The board will scan drivers as they pass or at a red light and show targeted advertisements to them."

You mean the billboard will show something I care about instead of local themepark X or three month-past festival show Y? Wow, that's tragic.

Finally, if there are any RFid tags anywhere, you could always just line your wallet with tin foil or find a more effective way to generate the Faraday effect.

And by the way. Who is this "They" that you always refer to? Aliens?

"Intel is investing heavily (think gazillions of dollars and bazillions of engineering man hours) in resources to create an Intel host controllers spec in order to speed time to market of the USB 3.0 technology." -- Intel blogger Nick Knupffer
Related Articles

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki