Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


An RFID Passport to Trouble



 By: Chris Gonsalves
2005-05-09
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
RFID-enabled passports pose privacy, security risks.

Its welcome news that the State Department is now rethinking its ill-advised effort to embed RFID tags in U.S. passports, but by all indications, the government isnt backing off the idea completely and is looking instead for ways to soothe the concerns of security experts and civil libertarians.

There is, however, only one right way to treat the concept of these de facto national identification cards in the form of high-tech travel documents: Put a spike in them.

Since last year, the State Department has said it wants RFID chips in new U.S. passports by next year. The idea is to make it harder to forge or alter a passport, as well as to speed processing of travelers at customs checks. But the plan ignores significant risks to privacy and security and not just a few technical hurdles the feds have yet to address.

Maybe the best reason to nix the idea of the chip-laden passport is the real question of its usefulness. If the feds get their way, the chip will include essentially the same personal data that is on the passport, along with, maybe, some biometric data such as a fingerprint.

Resource Library:

The sum of the data being about even, the issue becomes whether falsifying such information is a real threat in our effort to secure our borders. Last year, the State Departments Diplomatic Security office investigated about 3,000 cases of alleged passport fraud, which resulted in 615 arrests.

Consider that the department issues some 7 million passports per year, and the incidence of fraud is revealed to be insignificant relative to the number of these documents in circulation at any given time.

If Sept. 11, 2001, is our touchstone for such matters, it should be noted that none of the hijacker terrorists was using altered U.S. documentation, though two of them were using stolen Saudi Arabian passports, something the State Departments proposal wont address.

That said, the price we could pay for a questionable amount of added safety is too high. What began as a program to read RFID data with special scanners from a maximum distance of 10 centimeters has now been shown to be a system with an effective range of closer to 30 feet.

Add to that the governments initial insistence that the data not be encrypted—an effort not to share our advanced encryption with the rest of the worlds customs authorities—and the stage is set for private information to be stolen and misused.

The American Civil Liberties Union weighed in on the matter last month, asking the government to release test data on RFID passport prototypes to determine the readable distance.

"One of the key questions we want to answer is: How far away can these chips be read?" said Barry Steinhardt, director of the ACLUs Technology and Liberty Project. "A press account from last year reported that in government tests the chips could be read from 30 feet away. The government has denied this, but since theyre keeping the actual test results secret, its hard to know what to believe. The American people deserve to know, and we intend to find out just what the capabilities of this technology will be."

I have never in my career sided with the ACLU so completely. But in this case, it is the voice of reason.

In published reports last month, federal officials said such complaints about potential identity theft and concerns about the security of the RFID system are what led them to reconsider the program. But the State Department still seems intent on burying chips in passports, assuming it can answer those questions, even though the payoff remains in doubt.

But what should really be informing the debate of RFID-enabled passports is the inherently un-American concept of a new and distasteful form of national identification card—this idea that all of our personal data will be carried with us to be read, mined and used absent consent by folks who just want to know who we are and where were going.

In calling for further investigation, Steinhardt said the RFID passports have "the potential to leave us vulnerable to identify theft, to terrorists interested in singling out Americans traveling overseas, or to the emergence of routine tracking by the government or private sector." He added that the passports must "be subject to the full, informed national debate they deserve."

E-mail eWEEK Executive Editor/News Chris Gonsalves at chris_gonsalves@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: An RFID Passport to Trouble
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Chris Gonsalves
 


x}ks8q8c=mGJɖkǶL*EB%);'ΗSOx-ɜbKh4Fw?Hpur&56%3E}"Iͽ{#(~p(IFA)v@{iFuۚ8A&q@~sfwD%x_@jO D.Rk2 Z575'47'x2)X$8z@'AjZ$6m(GJ|,ZB;"?*B43 \2ITߦuB)~{Te䆡;g? )+Xi,"(?c&u ͟Qg^/ԡcFՉ4ٮq4]"X'[vRB(#bF]߂GCHݤNoޤ@d`jĤI2-XF2K*-aӑkux 5\ap)zXY6n@w(\'p}j bArxư#4ie$DJH n>tUj%ᆞ?I$ס"Ouml_k| tns<"s~3 CoE-b6Z mO |lM=R~%D"SHuhs 2 eþ;JP+qV*cx`9ؖ3lTzEÝ3۟_(UU=.GA GmGh[Iw^׵vCq={grԹx'rH.ǂ |'[oLV)UjT:(|aBjL@tXB,=DF n|%rX>,ivdf1{PdXIc/YTU9Df9vNmҹtnotNOn3do̲5<ZMӀ Zvf#?[ ֫۳5mݻ퓳 iw>uO;}d_ܹOlDM Wh6w0N/=?!&@"rVJzPR ~hN\w4?\tOIAҩ,m0dN`mY\H!-Oa(7fhX@?$eR2Z-8Zut( kPy۬)MZ!rƒ uKsQ8nZK0[RFp\ ДQ#\ذ 1"%̟hJ@Ջ"}Et"Aͩ8 (J!b^3tɋ BD4?CC7=aB+Y,h.2W-CzY[5'jtamE՘is_eޡ:Y5xiuO~S35ލhX.B2i%!8W5MGV=LLTf~\CU9-zQnũl :2X jXR7XaQlA`:g1>QӚ#qRO#Gs>H2AG61^K ucj>; a V8;t#uӹ=W45(h`GI l"]LR}l8d$)s>yp;L-`֠wKGHb1LTM@# ,zC @lgk6G~[>l0s٣tN\KQo m""D% R h4A'EBENNA7fw$]Vi+RaD4T*nOu$]wV*+esRأXB YX/E_R23#CdɬaX91{MfT`"[ᛥLKak`FZ,cM;1M{:eXY`}= 3ܲM҂%Ll;!i`2Ґ(e`9ޟFa]:<f335{80q}`] ktӴ٦r`8) 0:|Ch2iM/5SN`cܑ^̜07ÚL ~Dg虅m>M5i :SڶESJoBoڅRU眺_dA_fMjlȜu>IVB17O)wf@amx*:#wT4tz~#JCݼ~hé;h{q#%MAw=U檳@ulX+nMo?JՍI8T*ەa]jk-R:Wd7Bɶ/²xcP6B6Rk ҚaY^`(tMʆТaچzCTCA 5:m _&TY9V0zESZ2ej[`B]PeܠQ@7%XsPQ[ |tkuꟺPCߵɧK|> S=dsqu3$?;`ϟQ,C* ) >Eװ DؙZWS{<`m1Jx>hx# d\6XbO`#Všk/f;ˋ°Y]4~|2t:!2lLsCm0 ǖ "^l"_=)V}B~* iO5 &^PGe d^ `M`Rc׶݇| :lF֝BQZ>-B.-g \\ipf^DZLhKgAqA0*L\y.|VwVN0\n}OДa˘;|q7Nl*IrIQ)xkMf9oLI3ۉhȈ0Aq_xHEAxZhp B@U.)L-9Hz -[ hg [Qzn3 ;TR':AÒ?DFScO}ܴ>?CU^oVSw,"ZTjSCjv\Vkov Ls1ǔ)V3G )Nb_ћzoř1Ftr8  `3\xk}`䣇*,*pز|˘/ 儩xT*i3"#Мv*'L-`Z>5Oᗬ{)0v\ j y 8._Q>Y7i` 922f`KH h_7`wg*Q :@uWta{)X]QiSZm9]Q˶*SNkX@Aܚ:z,-HT0  d44} *zIe߯yboY څHB:GdDC>+`v*7Gw6Jh)6YS!RW dĞee[etkC鳨<3p{2s񖯧ޖOmwn;hi-uQjy.Am /5r/6ߦI39旉^_䞫VI% d,fqNg0cp&vN{56us0X3f~V`pl1\GA>э'a*r1g6~zi1b`{7=;#[(4OQ5rRl2y6PC*lγ>^#2!= =%?s?^i0{T*JZӳ$*+@:b2t9t=d}{c5NZ:<*C)TʜYe/(QUmq'F.,%e.N1)Q,&v}j;_&I|SeUȣV)kY+T\U񋰷8C+`-XRj#L*"Go&ŏ[o(urmN3HG~T>Uʠˏ}b*kZQR>*rk4rO,ش,>6W"h -z; ezzX-,sK"hJgԋ_q[rn)ty4ņ5ѣ(4CFup0 O+os{KIlϱkK{@u?3RlɪV?T%봺%I?NM= h+QܓG\\7hoy!?"X7Swguṡ) R#Zִ2hw ĶVU %D.-ӄ>ZrYç,D,_t2jUk`Wɠ< j\h?CMM8qc oR9 "_KLCVi&3,`jRUܘ㏌&}VWO(0h_hmdU]uv@ޏ]IKm=8?"%SY{1aunSo2MĜykNEm 1O[bt#1݇%N9{7l'iiQ-uьyjtJ9S"\ (6H P6,OҼe=lI1 iK"ih$bbVȆRoݺڞ6<5ޥ]ƙB凝ƗHNϣ ,-WY+4$/i\A1 h",G<(m1>b%h4eW&Bzc'xr'|xj}DyUyQ=,{GNÚĶ{3 >= ](3vcvd\:Gw*b9,_}hrrӅ[ `jwt=z{Oj]!3}A&XnL xqf=' t9 7X136q=wvb#({A\[ ("Ξ[ ezclҿǥܷrtg`?#Wi] :7u09Js dނ>#ᛷ 6n2'|2JO$hשּ~QOƭo/fCYda}?H/bqOKn<4 tRTsd{i6$BUU+jۻAZEVe.t՗^|;9qiɤ@7YM (f~\;pOʠ%cc}d}ݸw[f1viÉfoJP|}& ~W]?PI=뻿~=mҊ(r_ZDNqw5U${II5)xs<-K`RToy^Av6`#Fm"fcME[ot4/`9<[&kDQggI,gHK?FP#OwFr?k % ɾc <~{3"pn.; ׌V@OE()ΩnSTmjJE)EX]./z[|𐍍myrS<:zʎ7_Jw ?Dr PV2ަkghDGp$ cx9J~أwZNOcsĆeIŠa7}ҩJwTjjC\Kv:V4)]y%.0A``,IAY9є\hu.7zT$6}/bmkb-]뇁tE)5F5Lr/~ecFQ3|AKjmA/=} ˵%Db?$&3SwnRu)S:\bnOpP! иpD?ED:ܩUʶU~yfLsV&1W;Wl vl!UUI-m;Ү3:R+FjSШc!A`<D)B(O"D)o>;i2^uu f.\֋׸.F\²{ܗh|+0MM^皹Żr¡)rB需Wޜ:`%8pɥ>ZAn3D EbkeN77$$i^vߵ3nB]"gtqW7o7o7o7oJ{ }NMKޞg9(#n}^7R˟-?puC1$@ #V`i_z$"Dߡn/L%^dۉ`v`S 1}(} / Xs&n\$xhK w(9^,Ġ &/yq{3/݁ԜP˘K^h%^G[@זN `j`!psSSn0f7$@4Hރ$ $N $a <hKtj>-Yu|Qģ=E)#$(SH} B9`#ݶǎH @$^:K4 bnVv9ZFbx&īHbI>FD'}"'_<KE[Wݒj/ 2uH's i09@w$wu}۔Z7,**EP ?lD7L_r.s!ߜߜߜߜ_ӵV`n.Sa>R~ԟtٺۖI1ؐ216kRK;c>Er) ^f9=Go}@"?mzܲ;y3h L$v Wav=ªzb W+k{6=knSs'. 31>qɵ{`H'lD&.CMJR` %'ϤҺi{w4R]|tNm/1RMͱ4. /Oy"oU,UU 4ԙyQiBY?ѝq1T劯4QBfK P+"|6n(Gt:8tBso u_/P4WW9c!VUړg0_g˫^.Gn{ʹ#jzm!7C}M\!W{SPK ߃t:̝["[f;ޘwBΡka d;17LHj~ж}A+=V4 mY[`}X{9y0m-mYѧ3d!{WRrZZN h[Eczx,DC2CbCR4t86gobf3&e<= m~1j3$=ܬG98Z!O}k҃%>?w}LTg{2`&? _ 7*⥽^Vx᱓qK\!ȼ -^Nړ-َ!NDX ъ#;Ћg2dVW!Lm+r|vw= L_3rя"v@9 es^$7>k_A'-gMӬjgϡ?6 ?=XNfTn#n$XG}K:iLڇODog/ :âIY0NYfl.pìfo۟`\n]GLǔuTQ Nx^tJ)LőEG|f2N&oU#Dcঐ_~*nA'H JCvxٝ' |XU]{N9-(= 멩j~kK-8tYWSzqCvQJrz˽a =ʵm~|vDyWDi."F%Qe9L g<5v1h}P2D#=%17$e(c$Gs4V55x +E>Jj=="G@Ÿ R"RЮ(> 6 l?QX2Lzmʹ<8^z0jsϙTh,ZNtUĥpL1Q%RZ YE]ɖ1xy[/>Lz'5aLg7P;IU6'a|Q@*VH5i|^kik6j=!ɣ`5<]Zvn&+kxzJ2Ko^7G'ܬTM- GܭǞܐSmQNab,j7o"n:Je-l'Z+`miX>H'ºFTif۸zVcTj~Ew(/97yj]SjZYS#({k9jH]TӃR'7%քO,9XieZ{rcu[IϝGz^hRyGRa)d p}`(%LtxZډRB{?~Gfs <z1߽Z׻kKKE0%oq_ \5o$x]+jB߶"|tNfs':Gth'&nUZtRtfT["}Fso?jsa碷Qqma,-^a}o+ZKɶ8+.R%? @\wtc2q@$}/Hk4__CϪI&[q{Va`DvôUh5%mF6(xlti5~gvB!1E \ЭB9ϪͲ;IoP}sY?e=a '2u?|yBJZ]{FGȚZG7t(J wKݲY@J?>o{ɀ }Nϼ0]ǰ`rfVIpRt=:rtԨ)ʁ*|{#`  cWR[7geiE^~|LR ] 4Bq0h1B:߰|cc|?뽩e2'{xCbRWkJ%zu3ʰLaԑ}K<śAYUH,ǯ9\4W PRx 4 V cvFCd2`f:p Z iN?Oo׃nt.zx Z[4zu'tNz_N{׿u:7ݫAyf0cQlB_d,Ǜ,# rvպ0;eNq(gg:ͅfU/y.r9,4/JM`.Y<J*Q^& ƕ^-ӄ-xec:nt}-ZI-;N|vuIS:jS#ZuR'M&7bS߹HShF&5+ۺv)))-VNy{9mAS~ 姛π>g9G([hw7cvr:UN9~s?(esȁ]2g|.9y9\KOѫ_}O9P~S7([N%_^U\]_?=/r qu7?79Ӈsr?P>'(WӿO@O9ۼrosڿ\'I9ru S)Jy/*苼k Oy射:)?}VU<_`k9t Ϳ {K;[?[vO{BX\jvr+^vfeo4vkYAN;/6J^c/K^dz  SG0%nsOkz>srxvY^][;\;Yo)P/Y#IcDge0AC$Cfi qkޢDFEk@ǫU?f69xž~UbxaQbl}6Tq< 5RYu8% HMԳpN٣8!r7xӯ.h {pCö0A |$U˚VVk[*j= fDDç*R'Ӏe`rX)&K<# .=m^et fMȡ!p<@fJ5Gk(x>Xxϸc6D |_,mRfh0l|ygM~ o'2Pd Sebb{ˈLbT|Jx nq 9 ܛ]|LAÆ^Vٍv"n<2Nw1z6es4ǝa&rV2AA?vXh =xQ\}~ O?gb+3ȥ`" 9oٔ^^gCB ΅G*˗ X62Y8xX E!f[Nؒ1feKIn_!]x@5ĺ"91<(xkläL]RPxUg Sq}$!3F8|K9H%)~[#rF331#qy] p+XY#r9cbV).<)O?n'[nEG\<>aiЄ.^p穎TU|A>cx Lw65'TbM?_v{[=/R`G-]m Dxkyf#%3WZP/jdV@8̛l+~;]#+b C>`]R>ǔ+.)tO˰Oŕ͌:_,{QFbVA#q얢unD gwx>Y:}#s!?"LnH2m^^kte(n aaXˣŬ"D0Ȯ'Z:rsh{h۟sTHهl&~&TH9l{+ЃT~tFK-^ /F"@Ԃ'g"e})IDy)/́/($3}E. xqeQg T,7\tV.+Z_,w5Z݋_xH%D}Sw qFk'O(Uƥ2p>8ZS|ڻ$`gd/=i-EmEKBݴ;Y B*EwjW񲞽P0EChś|`bhP