Insecure RFID Passports Get Stamp of Approval

Friday, January 4th, 2008

U.S. State Department Approves RFID Passports Amidst Privacy Concerns

With the original incarnation slammed over security concerns, a new breed of RFID-enabled passports received the U.S. State Department’s stamp of approval last Monday. The new passports are set to launch this spring for U.S. citizens entering the United States through land and sea checkpoints.

Readable at up to 20 feet, the next-generation design is supposed to help increase passports’ security and reduce the omnipresent lines found at entry points around the country.

Compared to the previous generation of RFID passport – dubbed “e-Passports” – the new generation of RFID passports contain security features that are far more protected, with many of its developments based on the 4,000+ responses received by the State Department on a public request for comment in December 2006. New security features include:

A “randomized unique identification” system that produces a different ID each time the chip is accessed
A digital signature that can help identify when the passport’s data has been altered
A metallic insert in the passport’s spine and front cover that blocks radio signals when the cover is closed.

While many critics continue to express privacy concerns, the new security features are sufficient to pacify at least some of the passport’s vocal critics. “At the moment, the security protections in U.S. passports are pretty good,” said Ari Juels, Chief Scientist and Director of Massachusetts-based RSA Laboratories, in a December 14 statement to the Los Angeles Times.

The new passport design will use “vicinity read” RFID technology, as opposed to the previous generation “proximity read” technology, which need to be swiped at a scanner and were only readable from a few inches.

However, while the new passports are a definite improvement, critics stress that they are far from perfect. Critics have particularly attacked the new passports’ increased range, which many claim will help facilitate identity theft. In one example, mobile security company Flexilis found the passport’s metallic shielding inadequate, allowing for the passport’s transmitter to be read even when it is closed.

To demonstrate this, Flexilis posted a YouTube video demonstrating a proof of concept where a trashcan armed with an explosive charge detonates as a dummy equipped with the “shielded” passport passes by. The threat, it says, is that terrorists could use the passports’ increased range to selectively identify Americans in foreign lands, possibly taking action against them that may include bodily harm.

Despite the new passports’ flaws – which the Los Angeles Times says are nothing to lose sleep over – most everyone agrees that the changes are a much-needed improvement over the current RFID passport, which gained pariah status among security circles for notoriously weak security features.

Have Your Say: Insecure RFID Passports Get Stamp of Approval
Please read our posting guidelines before posting.
Alternatively you can discuss this report in our forum .

One Response to “Insecure RFID Passports Get Stamp of Approval”

pingback:
Posted: May 9th, 2008 at 4:16 pm

Summer, Security and Changing Travel « Margaret Schaut

[...] thing that it seems to me is missing, though, and that is an RFID cloaking pocket for passports and identification cards. Now with the new chips going into the passports and the [...]

Reply | Quote selected text | Link to this

SexyComments by BorkWeb

RSS TrackBack URL

Related News

This entry was posted on Friday, January 4th, 2008 at 10:16 pm and is filed under General, Science & Technology News, Surveillance, Civil Liberties & Human Rights News . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Translate: