For those who may not be familiar with the technology: Radio frequency identification, or RFID, is a generic term for technologies that use radio waves to automatically identify people or objects. A complete RFID system consists of transponders (commonly called tags), usually one per object or person to be tracked, an appropriate reader, and a host computer to process the data.
There are two types of tags: Passive and Active. Passive tags draw their operating power from the induced energy of the reader's field, while Active tags have their own battery.
Active tags have a longer range, and can transmit more complex data, but they tend to be large for a chip and they cost a lot more than passive tags. Conversely, passive tags cost very little, and can be made nearly microscopic, but they have a limited range and cannot store as much data.
If you want more information on RFID itself, Wikipedia has some good references, and Texas Instruments has an entire department dedicated to RFID. There's also a comprehensive paper on RFID privacy issues, at least as they relate to libraries, to be found here.
Now, with that out of the way: What the State Department is proposing is that the RFID-enabled passports carry at least a duplicate copy of all the passport holder's personal information, and a digitized photograph, encoded into the chip. They've left expansion room for, supposedly, biometric data such as a fingerprint or retinal scan.
In response to the massive number of negative comments from the initial proposal, the State Department has made two design changes to the template for the new passports. First: The data encoded on the chip will be encrypted, and under access control. The passport will have to be first scanned with an optical reader, and this initial scan will provide the decryption key for the information on the RFID chip.
Second: A metallic shield will be woven into the passport's covers, thus creating a Faraday Cage effect which will, in theory, prevent the chip from being read when the passport's covers are closed by attenuating any RF energy well below the point where the chip would become active.
For the truly paranoid, it will be easy enough to slip the entire passport into an ESD shielding bag, thus providing an additional layer of Faraday protection.
While it is good that the officials at State paid attention to the feedback they got, I still don't think they fully understand RFID technology and its potential for abuse. As Bruce Schneier has written in this article on Wired, there is yet another potential security hole that DoS overlooked.
This hole takes the form of the collision-avoidance technology that is hardwired into each and every RFID chip. The specific standard that the State Department has apparently chosen is ISO specification 18000-3, Mode 1. RFID chips conforming to this standard have a static and unique 64-bit serial number embedded as a manufacturer's ID. This number is used as part of the collision-avoidance protocol detailed in the standard. More importantly, it can, with the appropriate equipment, be read completely independent of any encryption or access controls present on the chip.
In other words, anyone with a reader can query any passport chip for its unique manufacturer ID number, and the chip will respond if it's in range no matter what kind of encrypted info it may be carrying.
There is a different anticollision protocol, described under ISO 14443A, which requires that a random number be returned from the chips as opposed to the static numbers referenced above. This is the one that Schneier advocates to close this loophole. Whether DoS will listen is anyone's guess.
I regret that I am unable to provide further technical details on the actual standards and collision-avoidance protocols. The documents describing said details are not freely available (the lowest cost I found was $220 per copy).
I have two opinions on this whole situation. First, I don't think chipping passports is going to make our borders any more secure. Any criminal (including terrorists) with the determination and resources to forge passports is going to find a way to do so no matter what obstacles DoS throws at them.
Second, I question whether the "vulnerability" represents the privacy threat that Bruce Schneier thinks it does. The only way I could see it being abused would be to track a person's movements, and even that will be sharply limited or curtailed the moment they close their passport and/or slip it into that wonderful little shielding bag.
Even if the chip's manufacturer ID does get read by someone other than Customs authorities, how in the Multiverse would whoever's doing the reading tie personal information about the holder to it? They'd either have to have access to the Customs computer system (unlikely if they don't work for Customs), or they'd have to literally engage their desired target in conversation, and start asking questions which would make nearly anyone suspicious.
One thing I'd like to know is whether anyone is going to cut back or eliminate international trips due to a perceived fear of being tracked. I'm certainly not going to...
![]](/web/20051215213948im_/http://www.kuro5hin.org/images/header/rt_edge3.gif){kind=small}
![[XML]](/web/20051215213948im_/http://www.kuro5hin.org/images/rssblue.gif){kind=small}
![[P]](/web/20051215213948im_/http://www.kuro5hin.org/images/print3.gif){kind=small}
