[IP] more on STATE DEPT. TO RETHINK PRIVACY SUPPORT IN RFID PASSPORTS
------- Original message -------
From: Trei, Peter <ptrei@xxxxxxxxxxxxxxx>
Sent: 26/4/'05, 15:25
For IP, if you wish...
I'm afraid I can only give a one-and-a-half cheers for this
proposal. From a technical and security point of view,
it's half-baked.
While this certainly prevents silently skimming the data
off of a passport, it may still endanger American citizens
abroad.
It's not clear from the description if the chip remains
utterly silent in the absence of it's specific key. If
this is not the case - if it responds to an energizing
field by announcing its presence - then it's still the
electronic equivalent to wearing a US flag on your
back.
As such, it imposes needless dangers on Americans.
Since the claimed intended use is now to optically scan
the passport's barcode for the chip's key, and then
use that to unlock the chip, why is a wireless
component needed at all?
Why not embed a smartcard chip in the cover, with the
contacts exposed on the inside? That *would* be
secure against remote scanning, and allow much more
capable chips to be used.
Peter Trei
Joseph Lorenzo Hall <joehall@xxxxxxxxx>
> Sent: 26/4/'05, 11:41
>
> STATE DEPT. TO RETHINK PRIVACY SUPPORT IN RFID PASSPORTS
>
> Following criticism from computer security professionals and
> civil libertarians about the privacy risks posed by new RFID
> passports the government plans to begin issuing, a State
> Department official said his office is reconsidering a
> privacy solution it rejected earlier that would help protect
> passport holders' data. The solution would require an RFID
> reader to provide a key or password before it could read
> data embedded on an RFID passport's chip.
>
> <http://www.wired.com/news/privacy/0,1848,67333,00.html>
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/