[IP] more on RFID passport data won't be encrypted
Begin forwarded message:
From: "Maney, Kevin" <kmaney@xxxxxxxxxxxx>
Date: October 17, 2004 12:03:30 PM EDT
To: dave@xxxxxxxxxx
Subject: RE: [IP] more on RFID passport data won't be encrypted
Dave:
I'm not sure all this hand-wringing is necessary. I talked about this
issue with Kevin Ashton, who headed the Auto-ID Center at MIT and
probably knows as much as anyone about RFID. He said that the chip
would go inside the folded passport. To have it read, one would have to
take the passport out of a pocket or purse, open it and hold it within
inches of a reader -- kind of like an Exxon/Mobil Speedpass. The idea
that some thief (or government agency) could wander around with a
reader and gather information is, he said, "absurd." To steal your
info, a thief would have to take your passport, Ashton said.
He added that it would be "trivial" to protect the passport's RFID chip
further by lining the cover with a material that would deter radio
waves. If not that, the truly paranoid could just wrap their passports
in aluminum foil.
Kevin
Kevin Maney
703 854 3489
www.kevinmaney.com
-----Original Message-----
From: owner-ip@xxxxxxxxxxxxxx [mailto:owner-ip@xxxxxxxxxxxxxx]On Behalf
Of David Farber
Sent: Saturday, October 16, 2004 11:56 AM
To: Ip
Subject: [IP] more on RFID passport data won't be encrypted
Begin forwarded message:
From: Russell Nelson <nelson@xxxxxxxxxx>
Date: October 16, 2004 4:30:34 PM GMT+01:00
To: dave@xxxxxxxxxx
Cc: Donna Wentworth <donna@xxxxxxx>, Bruce Schneier
<schneier@xxxxxxxxxxxxxxx>, Edward Hasbrouck <edward@xxxxxxxxxxxxx>
Subject: Re: [IP] RFID passport data won't be encrypted
Channelling Bruce Schneier here, I'd also point out that security
officials will come to rely on the RFID. They'll spend less time
scrutinizing the passport itself. The net effect will be to make
forgeries easier, not harder. (Thank you, Bruce; see, some of us
*are* paying attention to you.)
On a security and privacy level, I would rather have the evil US
government look me up in an Orwellian database, than have me
publishing the same information to everyone within RFID range.
Better, instead, to publish a database id. Still not very secure
given that many people will have access to that database, but we must
be clear: it's more secure than an unencrypted RFID chip.
I think there will be an alarmingly high failure rate of the RFID
chips in passports if it functions as described.
http://hasbrouck.org/blog/archives/000434.html
-----------------------------------------------------------------------
-
create either (1) an RFID passport with a bitwise copy of the chip
(organized criminals already use similar techniques to clone mobile
phone SIM cards),
--
--My blog is at angry-economist.russnelson.com | Violence never solves
Crynwr sells support for free software | PGPok | problems, it just
changes
521 Pleasant Valley Rd. | +1 212-202-2318 voice | them into more subtle
Potsdam, NY 13676-3213 | FWD# 404529 via VOIP | problems.
-------------------------------------
You are subscribed as kmaney@xxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at:
http://www.interesting-people.org/archives/interesting-people/
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/