| Author |
 Topic  |
|
|
darwin
>> Denizen of the Citizens Band <<
USA
5454 Posts |
 Posted - 10/04/2004 : 23:50:43
|
Some time ago we had a thread about RFID chips and how they might or might not lead to more of an erosion of our privacy. Well, now the Bush administration wants US and foreign passports to have RFID chips. Here's a disturbing article from a security expert about what it might mean if this happens.
http://www.schneier.com/blog/archives/2004/10/does_big_brothe.html
But the Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that's a very bad thing.
These chips are like smart cards, but they can be read from a distance. A receiving device can "talk" to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.
Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.
Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily--and surreptitiously--pick Americans or nationals of other participating countries out of a crowd.
It is a clear threat to both privacy and personal safety, and quite simply, that is why it is bad idea. Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
Security is always a trade-off. If the benefits of RFID outweighed the risks, then maybe it would be worth it. Certainly, there isn't a significant benefit when people present their passport to a customs official. If that customs official is going to take the passport and bring it near a reader, why can't he go those extra few centimeters that a contact chip--one the reader must actually touch--would require?
The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.
Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can't be done.
Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it. |
|
|
Cult_Of_Frank
= Black Noise Maker =
Canada
11687 Posts |
Posted - 10/05/2004 : 07:46:49
|
Well, the way around this would be for them to store your passport number on the RFID and then access it through the databases as they do now. Then you're just a number walking around and the actual information is as secure as it ever was.
But that's an aside... I wholeheartedly agree that you don't run around shouting personal information at any frequency. There is tremendous potential for abuse, and while RFIDs small enough to be embedded in a piece of paper are not going to transmit 20m, they could probably do up to 1m with some tuning. We need to be very cautious about allowing them to include these things in any item that personally identifies an individual, and I would say that we do NOT want to see this on any level.
For his plan to work, other countries would have to be behind it, so at least it's not entirely in his/US hands.
 "Join the Cult of Frank 2.0 / And you'll be enlightened (free for 1.x members)" |
 |
|
|
Johnny Yen
= Cult of Ray =
USA
408 Posts |
Posted - 10/05/2004 : 10:08:50
|
I don't think they will catch on for a while, cause earlier this year a German company released RFDump which allows people to hack the chips.
"The RFDump software allows a user equipped with an RFID reader, a laptop or PDA, and a power supply to rewrite the data stored in ISO 15693 tags, the most common tags used to host the EPC (Electronic Product Code) information traditionally stored in bar codes."
The official site:http://www.rf-dump.org/
and an article with the above quote: http://www.ciol.com/content/search/showarticle.asp?artid=60179 |
|
|
|
Daisy Girl
~ Abstract Brain ~
Belize
5305 Posts |
Posted - 10/05/2004 : 10:29:33
|
| Wow. Thanks for sharing this article Darwin. What a scary thought... I am totally opposed to this! |
|
|
| |
Topic |
|
|
|
RFID passports - less privacy
