more on RFID passport data won't be encrypted

[David Farber <dave () farber net>]

Begin forwarded message:

From: "Maney, Kevin" <kmaney () usatoday com>
Date: October 17, 2004 12:03:30 PM EDT
To: dave () farber net
Subject: RE: [IP] more on RFID passport data won't be encrypted

Dave:

I'm not sure all this hand-wringing is necessary. I talked about this 
issue with Kevin Ashton, who headed the Auto-ID Center at MIT and 
probably knows as much as anyone about RFID. He said that the chip 
would go inside the folded passport. To have it read, one would have to 
take the passport out of a pocket or purse, open it and hold it within 
inches of a reader -- kind of like an Exxon/Mobil Speedpass. The idea 
that some thief (or government agency) could wander around with a 
reader and gather information is, he said, "absurd." To steal your 
info, a thief would have to take your passport, Ashton said.

He added that it would be "trivial" to protect the passport's RFID chip 
further by lining the cover with a material that would deter radio 
waves. If not that, the truly paranoid could just wrap their passports 
in aluminum foil.

Kevin



Kevin Maney
703 854 3489
www.kevinmaney.com



-----Original Message-----
From: owner-ip () v2 listbox com [mailto:owner-ip () v2 listbox com]On Behalf
Of David Farber
Sent: Saturday, October 16, 2004 11:56 AM
To: Ip
Subject: [IP] more on RFID passport data won't be encrypted




Begin forwarded message:

From: Russell Nelson <nelson () crynwr com>
Date: October 16, 2004 4:30:34 PM GMT+01:00
To: dave () farber net
Cc: Donna Wentworth <donna () eff org>, Bruce Schneier
<schneier () counterpane com>, Edward Hasbrouck <edward () hasbrouck org>
Subject: Re: [IP] RFID passport data won't be encrypted

Channelling Bruce Schneier here, I'd also point out that security
officials will come to rely on the RFID.  They'll spend less time
scrutinizing the passport itself.  The net effect will be to make
forgeries easier, not harder.  (Thank you, Bruce; see, some of us
*are* paying attention to you.)

On a security and privacy level, I would rather have the evil US
government look me up in an Orwellian database, than have me
publishing the same information to everyone within RFID range.
Better, instead, to publish a database id.  Still not very secure
given that many people will have access to that database, but we must
be clear: it's more secure than an unencrypted RFID chip.

I think there will be an alarmingly high failure rate of the RFID
chips in passports if it functions as described.

> http://hasbrouck.org/blog/archives/000434.html
>
> -----------------------------------------------------------------------
> -
>
> create either (1) an RFID passport with a bitwise copy of the chip
> (organized criminals already use similar techniques to clone mobile
> phone SIM cards),

--
--My blog is at angry-economist.russnelson.com  | Violence never solves
Crynwr sells support for free software  | PGPok | problems, it just
changes
521 Pleasant Valley Rd. | +1 212-202-2318 voice | them into more subtle
Potsdam, NY 13676-3213  | FWD# 404529 via VOIP  | problems.

-------------------------------------
You are subscribed as kmaney () usatoday com
To manage your subscription, go to
  http://v2.listbox.com/member/?listname=ip

Archives at: 
http://www.interesting-people.org/archives/interesting-people/

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/