backtop


Print 48 comment(s) - last by masher2.. on Aug 15 at 9:44 AM

Government officials insists new passports are secure

This week the US government plans to rollout new RFID passports to citizens nationwide. The new passports contain a chip which requires no power and contains duplicate information of what's printed on the passports. This way, government officials at air ports and other national borders can quickly verify the authenticity of printed information on the passports. DailyTech last reported that the US government planned to issue the new passports this month despite privacy concerns.

Despite the security benefits that the US government is boasting, security advocates and experts say that the new RFID passports present an increased level of danger for passport users. Because of the technology being used, remote RFID readers can read information off the passports for cloning or malicious use. The US government argues that this is no different than having someone steal a physical passport -- they wouldn't be able to use it anyway. Officials claim that the information be stored on the new passports are encrypted and cannot be copied and modified. Likewise, the information on the passports cannot be scrambled or changed because the chips are read-only.

The US State Department already has a fairly comprehensive Frequently Asked Questions website about the new electronic passports.  About half of the official Q&A from the State Department is with regard to security.  For example, the site claims "To prevent eavesdropping, Basic Access Control (BAC) is employed in the U.S. e-passport.  BAC is similar to a PIN used in ATM or credit card transactions.  In the case of the electronic passport, characters from the printed machine-readable zone of the passport must be read first in order to unlock the chip for reading.  Thus, when an electronic passport is presented to an inspector, the inspector must scan the printed lines of data in order to be able to read the data on the chip." 

Staff counsel at the Electronic Privacy Information Center in Washington said that "many of the advantages the industry is touting are eliminated by security concerns." However, a German security company has already demonstrated that information on the new passports can be copied and transferred to another device.  The State Department claims there is an anti-skimming technology in place to prevent this type of exploit specifically, though exact details of the counter-measure have not been revealed yet.

The new passports are being manufactured by Infineon Technologies, but production has not started yet. Other countries deploying new passport technologies include Japan, France and Canada. The new RFID passports are already being used in French international passports and Canada plans to introduce biometric passports sometime in 2007.  Japan's all-biometic passports are already being rolled out in select regions. The UK is still in the planning phases for its passports.

The new passports will cost roughly $97 per passport and includes a $12 security surcharge. The US government expects the technology to be fully deployed within the year. Those with regular passports will still be able to use them until the expiration date is reached.


Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: RFID
By Nightskyre on 8/14/2006 2:02:14 PM , Rating: 2
Once again, I refer to the Faraday effect. Additionally, unless your clothing is lined with RFid tags, you have no requirement to carry anything that is going to have an RFid tag in it. Until I see laws that mandate the carrying of an RFid equipped device, I still don't see the issue. I also don't care who talks to who in the government. Until we as citizens get to the point where we cannot restrict our personal use of RFid equipped devices, it is a moot point. Many if not most Americans are willing to sacrifice privacy for convenience. This is just another example of that.

The obvious dispute to this would be RFids in cash. If cash has RFids in it, how can we avoid them? In this case, I submit to you exhibit A - The nameless transaction. The whole point of cash is that it is a universal medium that does not contain personal information by which the second party of a transaction can identify the first. I can go into any store at any time with any number of bills of any denomination and purchase anything. Granted, large purchases could cause the raising pf an eyebrow or two, but the point stands.


RE: RFID
By masher2 (blog) on 8/14/2006 4:55:30 PM , Rating: 2
> "unless your clothing is lined with RFid tags, you have no requirement to carry anything that is going to have an RFid tag in it. "

You mean, except for the RFID in your new passport, I assume.

> "I can go into any store at any time with any number of bills of any denomination and purchase anything. Granted, large purchases could cause the raising of an eyebrow or two"

It'll do more than "raise eyebrows". If you purchase anything with more than $10,00 in cash, it'll result in a form 8300 filed immediately to the IRS...and, depending on the circumstances, federal agents at your door asking questions.


“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki