RFID Passports... Close, But Not Quite
from the one-more-step-please dept
Last week, we wrote about the new plans by the State Department to put RFID chips in passports, noting that the precautions they took this time around looked much better, and hoped that they would do an adequate job protecting peoples' information. Bruce Schneier has chimed in to say that, indeed, the two big steps they took (shielding and access control) are absolutely steps in the right direction that others should follow, but there's still one more problem they need to fix. The chips broadcast unique IDs to help readers isolate the signal of a single chip, and it's not clear how these unique IDs are implemented. Schneier is afraid that the implementation can lead to vulnerabilities. But, more importantly, seeing that this point was missed, it points out how hard it really is to make things like this truly secure. There's always "something else" that opens you up to security holes, especially when the details of how something is implemented aren't made clear. The worst case scenario is finding out about yet another security vulnerability, well after these passports are out there.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
Simple -- random number generator + database of used numbers = unique ID
Embed it in the paper of a passport and ship to the printing office.
When assigned, the code is associated with a person -- just as every US passport issued has a unique passport number on it today.
Don't everybody freak
[ link to this | view in chronology ]