|
Biometric Passports Set to Take Flight
|
View this Thread in Original format
| Trancer-X |
Biometric Passports Set to Take Flight
Monday, March 21st, 2005
Technology - PC World
Erin Biba, Medill News Service
It's official. Your passport is going high-tech.
Biometric passports have made it out of the discussion and testing phase. The State Department's Office of Passport Policy, Planning, and Advisory Services recently announced that it is ready to begin issuing biometric passports.
These passports, which feature an RFID chip, will bring about speedier and more secure entry into and exit from the United States, the government says. However, critics say the technology behind the passports is flawed and puts your personal privacy at stake.
The New National ID
According to the State Department's proposed implementation rule, the agency plans to issue the first passport carrying an RFID chip by mid-2005.
That chip includes all the personal data found on the information page of today's passports. It also contains a biometric component--a digital facial image.
Within a year, all passports issued in the U.S. will feature this technology.
The new passports will comply with requirements set forth by the International Civil Aviation Organization. In 2003 that group adopted a global plan for the implementation of machine-readable passports containing biometric information for its 188 member countries, the United States included.
Your New Passport
The RFID chip will contain a chip identification number (printed on the chip when it is manufactured) and a digital signature (a series of numbers assigned to the chip when the passport is issued). The two numbers will be stored in a central government database along with the personal information contained on the information page.
Once the chip is printed, the information stored on it cannot be altered. Because of this, the Department of State has decided to eliminate today's passport amendments: Going forward, if your information changes, you'll need a new passport.
Normally you have to pay a fee to receive a new passport, but under the new system you'll have one year from when your information changes to apply for a new passport free of charge. That's key, as the price of passports will go up to cover the cost of the new technology. Congress has authorized a $12 surcharge to all new passports, which brings the cost of new 10-year passports from $85 to $97.
Protecting Your Information
The State Department says that information contained in the passport chip will not be encrypted because it's no different from that viewable on the information page. Plus, it says, encrypted data takes longer to read and requires more complicated technology, which makes it difficult to coordinate with other nations.
One of the primary concerns with using RFID chips in the new passports is that the chips can be read from a distance. That means that, potentially, someone with the proper equipment could access the data on your passport if they are physically close enough.
How close is in question. Some privacy experts allege that the RFID chips can be read from as far away as 30 to 65 feet, while government officials say it can be read only in close proximity. The State Department will require all chip readers to be electronically shielded so that electronic signals sending and receiving information will not be transmitted beyond the reader. Additionally, each passport will contain an anti-skimming feature designed to prevent identity thieves from activating and reading the chip from a distance, they say.
The State Department may be trying to protect your privacy, but public interest groups like the Electronic Privacy Information Center say the technology itself is a poor choice.
"Anybody with a little bit of money can read the passports at a distance without getting your consent," says EPIC Technology Fellow R.P. Ruiz. "As a citizen, I would have serious doubts about carrying a U.S. passport. I would feel my government is placing me at unnecessary undue risk."
Ruiz says RFID technology is a scary choice when it comes to electronic identification. "What does being readable from a distance have to do with authenticating a person's identity?" he says. "Why the heck is this not a contact card?"
More Secure?
A contact card, which would be readable by placing a passport or card through a slot (like a credit card), Ruiz says, would significantly reduce the risk of identity theft. RFID "is great technology for tracking cattle; it's absolutely horrible technology for tracking people.
"People who want to read it will [and will do so] at a very safe distance," he says. He also says this type of technology makes it easy to "surreptitiously track anyone's comings and goings. It makes it very easy to target people in public places."
Another area of concern for Ruiz: State Department rules state that if your new passport's electronic chip is damaged or stops working you don't have to replace it. The agency reasons that since that same information resides on the data page of the passport, there's no need to replace a damaged chip.
Ruiz finds that policy puzzling. "If that component is broken," he says, "it's no more secure than what we have now."
If you're concerned about the security of the upcoming passports, Ruiz offers this advice: "Get your paper copy right now before they go electronic."
Passports are valid for a long time, he notes. "You can have five to ten years for [the State Department] to see the error of their way and do it right later," he says.
http://www.pcworld.com/news/article...120112%2C00.asp |
|
|
| zig |
| I cant wait:rolleyes: ......another good reason not to travel to the US.......anyway less than 20% of Americans have passports and probably a good percentage of these are either out of date or have never been used............. |
|
|
| ali92 |
| quote: | Originally posted by zig
I cant wait:rolleyes: ......another good reason not to travel to the US.......anyway less than 20% of Americans have passports and probably a good percentage of these are either out of date or have never been used............. |
I thought it was around 3 %. Well, I better get mine soon before they go with this RFID BS. I don't like the idea of this. Probably a data miner's gold mine. :-( |
|
|
| zig |
| quote: | Originally posted by ali92
I thought it was around 3 %. Well, I better get mine soon before they go with this RFID BS. I don't like the idea of this. Probably a data miner's gold mine. :-( |
Probably a good idea to get it soon.....ive heard some talk of this in Europe......that Europeans will have to have these passports eventually to travel to the US,or they wont be allowed in.....so we wont have a choice.....
I did a little bit of research on the 20% figure....but its a hard one to pin down from information on the web...but i think 15-20% is probably accurate.....personally i allways thought it was a lot lower....apparently there has been a nearly doubling of applications for passports in the last ten years....but again this is hard to pin down...have the appliications been from American citizens or from people trying to get into the US...... |
|
|
| St_Andrew |
| If the information is not encrypted, wouldnt it be really easy to reprogramme your chip!? :conf: |
|
|
| Yoepus |
This:
| quote: | Originally posted by Trancer-X
That chip includes all the personal data found on the information page of today's passports. It also contains a biometric component--a digital facial image. |
Contradicts this:
| quote: | [color=#33ccff]
The RFID chip will contain a chip identification number (printed on the chip when it is manufactured) and a digital signature (a series of numbers assigned to the chip when the passport is issued). The two numbers will be stored in a central government database along with the personal information contained on the information page.
|
If the first is true - that is just dumb and not secure.
If the second is true - you only have an ID (like the passport number) stored/emitted by the RFID chip. The personal information is contained in a centralized database. You then match the ID on the RFID chip with the ID in the central database to get the information on the passport holder.
This this is secure, and is no more or less safe then current technology today and I don't see the fuss.
From this article I can not make heads or tails of what exactly is on the chip. If its just two pairs of numbers, there is no privacy threat. |
|
|
| ali92 |
| quote: | Originally posted by Yoepus
This:
Contradicts this:
If the first is true - that is just dumb and not secure.
If the second is true - you only have an ID (like the passport number) stored/emitted by the RFID chip. The personal information is contained in a centralized database. You then match the ID on the RFID chip with the ID in the central database to get the information on the passport holder.
This this is secure, and is no more or less safe then current technology today and I don't see the fuss.
From this article I can not make heads or tails of what exactly is on the chip. If its just two pairs of numbers, there is no privacy threat. |
* sighs. It's never just what they say. You bet there will be more 'reserved' space on that chip for future expansion. There are tiny chips that can hold a full 32 or 64 MB right on the tip of your smallest finger now. That's a lot if it's plain text. I'd be looking out if I were you. Mid-2005 sounds scarey too, as that's exactly when I'm to leave here (1 June 2005). I hope I'm not one of the 1st to get the new passport. I'd rather be one of the last to get the old (current) one. |
|
|
| Dervish |
LOL What a big fuss about nothing.
1) The data is exactly the same as is on the actual passport.
2) The data will be unreadable.
N.B. Yes you could probebly get the card to send the data, but it'd be encrypted to . And you need to "resonably" close to get the (encrypted and unuseable) data especially a RFID tag which has a picture in it. Think about it the RF tag gets it's power via coil induction (distance is a big, big deal) and to transmit that much data you'd need alot of power.
Only possible problem is if they start to not observe the same level of checks on the pass itself. Which can (unlike most things) be legislated against.
Also it makes passports much harder to fake (you'd need to know the encryption key(s) for the RF chips.... not going to happen), also it makes tracking everyone much easier. Again complacency is the only possible probeblem.
Some of you might be thinking ahh but why can't you spoof the reader by monitoring the (say a stolen passport, which by the way could now be disabled, that is the id marked as nicked, rather than just not checked) tags responce. But the responce of the tag is a function of the reader power input, which is random and it knows what it's looking to get back, when it doesn't your ed. |
|
|
| St_Andrew |
| quote: | Originally posted by Dervish
LOL What a big fuss about nothing.
1) The data is exactly the same as is on the actual passport.
2) The data will be unreadable.
N.B. Yes you could probebly get the card to send the data, but it'd be encrypted to . And you need to "resonably" close to get the (encrypted and unuseable) data especially a RFID tag which has a picture in it. Think about it the RF tag gets it's power via coil induction (distance is a big, big deal) and to transmit that much data you'd need alot of power.
Only possible problem is if they start to not observe the same level of checks on the pass itself. Which can (unlike most things) be legislated against.
Also it makes passports much harder to fake (you'd need to know the encryption key(s) for the RF chips.... not going to happen), also it makes tracking everyone much easier. Again complacency is the only possible probeblem.
Some of you might be thinking ahh but why can't you spoof the reader by monitoring the (say a stolen passport, which by the way could now be disabled, that is the id marked as nicked, rather than just not checked) tags responce. But the responce of the tag is a function of the reader power input, which is random and it knows what it's looking to get back, when it doesn't your ed. |
i agree there is a big fuss over nothing, but the article stated that there will be no encryption, which is kinda weird :S |
|
|
| ali92 |
| quote: | Originally posted by St_Andrew
i agree there is a big fuss over nothing, but the article stated that there will be no encryption, which is kinda weird :S |
Big fuss over nothing when the data isn't even _encrypted_? |
|
|
| St_Andrew |
| quote: | Originally posted by ali92
Big fuss over nothing when the data isn't even _encrypted_? |
It's not really any private information in your passport. Name, date of birth, city of birth, etc, "OMG THEY KNOW MY BIRTHDAY"... i couldnt care less if someone got that infortmation, and the information is in an even more easily readable format right now, on a paper in your passport! |
|
|
| ogvh5150 |
Like Yoepus is implying, there does seem to be an avenue of abuse based on the information in the media about it.
The next step after rfid passports would be subdermally implanted chips. Even that would be immune to abuse. Only the location of the information stored has passed from being carried in inorganic material to organic. All else would be the same. |
|
|
|
|
