Schneier on Security
A blog covering security and security technology.
« Aerial Surveillance to Detect Building Code Violations |
| The Legacy of DES »
October 4, 2004
Since the terrorist attacks of 2001, the Bush administration--specifically, the Department of Homeland Security--has wanted the world to agree on a standard for machine-readable passports. Countries whose citizens currently do not have visa requirements to enter the United States will have to issue passports that conform to the standard or risk losing their nonvisa status.
These future passports, currently being tested, will include an embedded computer chip. This chip will allow the passport to contain much more information than a simple machine-readable character font, and will allow passport officials to quickly and easily read that information. That is a reasonable requirement and a good idea for bringing passport technology into the 21st century.
But the Bush administration is advocating radio frequency identification (RFID) chips for both U.S. and foreign passports, and that's a very bad thing.
These chips are like smart cards, but they can be read from a distance. A receiving device can "talk" to the chip remotely, without any need for physical contact, and get whatever information is on it. Passport officials envision being able to download the information on the chip simply by bringing it within a few centimeters of an electronic reader.
Unfortunately, RFID chips can be read by any reader, not just the ones at passport control. The upshot of this is that travelers carrying around RFID passports are broadcasting their identity.
Think about what that means for a minute. It means that passport holders are continuously broadcasting their name, nationality, age, address and whatever else is on the RFID chip. It means that anyone with a reader can learn that information, without the passport holder's knowledge or consent. It means that pickpockets, kidnappers and terrorists can easily--and surreptitiously--pick Americans or nationals of other participating countries out of a crowd.
It is a clear threat to both privacy and personal safety, and quite simply, that is why it is bad idea. Proponents of the system claim that the chips can be read only from within a distance of a few centimeters, so there is no potential for abuse. This is a spectacularly naïve claim. All wireless protocols can work at much longer ranges than specified. In tests, RFID chips have been read by receivers 20 meters away. Improvements in technology are inevitable.
Security is always a trade-off. If the benefits of RFID outweighed the risks, then maybe it would be worth it. Certainly, there isn't a significant benefit when people present their passport to a customs official. If that customs official is going to take the passport and bring it near a reader, why can't he go those extra few centimeters that a contact chip--one the reader must actually touch--would require?
The Bush administration is deliberately choosing a less secure technology without justification. If there were a good offsetting reason to choose that technology over a contact chip, then the choice might make sense.
Unfortunately, there is only one possible reason: The administration wants surreptitious access themselves. It wants to be able to identify people in crowds. It wants to surreptitiously pick out the Americans, and pick out the foreigners. It wants to do the very thing that it insists, despite demonstrations to the contrary, can't be done.
Normally I am very careful before I ascribe such sinister motives to a government agency. Incompetence is the norm, and malevolence is much rarer. But this seems like a clear case of the Bush administration putting its own interests above the security and privacy of its citizens, and then lying about it.
This article originally appeared in the 4 October 2004 edition of the International Herald Tribune.
Posted on October 4, 2004 at 7:20 PM
• 35 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Thanks for the article "The Security of RFID Passports"!
If one must scan the passport with an optical reader in order to
obtain the key with which to decrypt the RFID information, then
what's the point of using RFID? The only benefit RFID provides over a
contact chip is the ability to read the card at a distance (and
presumably some additional reliability, although I doubt that even
the most frequent user will approach the use of a smart credit card).
Furthermore, once they're required to optically scan the passport,
then it seems that they may as well encode all the data optically.
The only advantage of RFID there is possibly greater storage
capacity, something a contact chip could provide. (Although, as far
as I know, RFID systems hold very little data).
Finally, there are at least two classes of RFID: those that avoid
collisions and those that don't. A passport that must be held by hand
an optically scanned can use the latter of these, and not require any
Many of these points are moot, of course, if the State Department's
ulterior motive is the ability to read passports at a distance...
I first sent previous comment, and then understood, WHO is this blog's owner :)
I do not agree to these views. I have been working on RFID since a couple of years.Though security is still an issue, the reader has to be in close proximity to the passport to read the contents of the tag.Also , the information on the passport is anyway with the govenment authorities of the country that you are trying to enter.
Related Pages in AI Topics: General Index by Topic to AI in the news ... World chess champion Vladimir Kramnik defends tenaciously to draw computer Deep ...
Sounds like some of the folks are missing the point. There is no doubt that new technology will make RFID readers much more sensitive and increase the ability to read RFIDs from a distance. Also, current (commercial readers) are not designed to be sensitive. Now imagine that Homeland "Security" or Al Qaeda wanted to develop a RFID reader that would work over longer distances....I'm sure it would be very possible.
My biggest concern is being overseas and being remotely identified as American. Just imagine the possibilities for terrorism and surveillance. You could build a bomb that wouldn't go off until a certain number of American's were in the area. You could plant small mines or other explosive devices that would go off if an American walked by. You could place a sensor near a sidewalk and identify Americans for kidnapping. From reading Mr. Schneier's post, it appears remote identification is possible.
I have to get a new passport. If I get one of the new RFID versions (the system is not yet setup to give everyone the new passport) I'm going to make myself a small, light, faraday cage (that will fit within a pocket) to store the passport in while I have the passport in my possession.
I agree with lownslowav8r; in that being singled out, or being identified as an American, would be a great concern we would have to deal with. If our own government can identify things about us, such as medical or personal information about us, then there is no telling who else can do the same thing!! Too dangerous!
Hey guys! theres a Company called paraben that makes a cover for your passport. i was told of it late last year. i was thinking it was a joke and finally purchased one for 19.95 in march 07 after getting it i tried many things to prove this thing "fake" but it really works really good! it not kept signals from the passport inside the cover i also put my cellphone in there on speakerphone in a conversation. as soon as i put it inside my phone lost its connection and i tried to call my phone but it would not ring! as soon as i took my phone out it regained the full signal and began to ring! give it a try. im going overseas on april 19th and i feel alot better now going!
"And he causeth all, both small and great, rich and poor, free and bond, to recieve a mark in their right hand, or in their forehead: And that no man might buy or sell save he had the mark."
Hilter used the barcode on people in Nazi Germany, the mark of the beast of now is the RFID chip. Bush Sr. spoke of a new world order during his presidency and it has continued to be a rising threat. The laws of opening borders are already in motion. Prepare for the future now...DO NOT ACCEPT implantation...Research what has been forewarned in many religions and Sumerian Artifacts, don't stop until you are aware of the dangers that threaten us all. Ignorance is NOT bliss.
I agree with shoshe.
DO NOT ACCEPT implantation........
.....don't stop until you ar aware of the dangers that threaten us all. Ignorance is NOT bliss
tell me if im wrong!? to turn the idea around: apart from only reading the RFID chip, i guess it is also possible to create an chip with a fake identity "maybe buy it in thailand". As an terrorist u can carry a clean signal with you around? it kind of makes you invisible in crowds..
Does anyone know an easy way to disable the RFID chip in passport or other ducuments? (5-10 seconds in the microwave possibly?). It would seem that a shadow business of disabling the chips so it looks like malfunction might be a good defnese against identity theft or other nefarious attempts to read passport chips.
I am not a religious person by any means. However, it is just un natural and a large coincidence that this stuff appears in many religious scriptures. If this rfid chip does get implanted in passports and in humans, we will be sitting ducks. We will have no choice but to comply to everything we are told. It could be a way to possible control humans or population. Anyone see that movie w/Denzel Washington- Manchurian Candidate??
Lets not be sitting ducks, fight for our rights. Say no to RFID chips.
man i knew it was coming the fact that 9/11 was an inside job and these chips coming as a result of "better security" doesn't suprise me in the words of BOB MARLEY stand up for your rights,don't give up the fight....
We have RFID chips, mind control towers (supposedly cell towers), Federal Reserve quacks, chemtrails, NWO, terrorists, a corrupt government, cameras everywhere you go (even in toilets), and so much more then can be mentioned here. When are people going to wake up and take action to stop this crap...We seem to do whatever we're told to do walking blindly like a herd of cattle towards doom. If "we the people" don't take action soon it'll be too late.
I agree with the last few comments. It's scary what's happening to our freedoms and this world is turning into some version of Orwell's 1984. Know that we the people,are strong and powerful and that is why the need to control us is so great-so the much smaller elite class can keep achieving their agendas. We must fight. Everyone go to www.zeitgeistmovie.com and get fired up about this!
The information about the individual is not stored on the chip. What the chip contains is a serial number which is used by the database to lookup the records which conatin personal information, which already exist inside your credit card company, the government records involving your SS, income, etc, and in your Insurance claims. It is not possible to take personal information from the chip itself, the database must be hacked. This is a threat, but it has been a threat since the digitization of record keeping, meaning that there is not any significantly larger danger now that the serials are used to identify a person on the RFID tags.
I have done a lot of research on this, as I believe a family member has these in his body. They are being used for mind control. If you do not believe this check: www.secretangel.tv website. America is called the "Land of the Free"????? Not any more!!! We are at present consulting a attorney who is also a MD. I believe there are a lot more people out there who suffer from this.
You see the problem with these RFID chips is the potential of what they could be used for in the not too distant future... whilst they only hold a "serial code" to access a database, it should be noted that that in itself is plenty enough to allow them to be used for numerous things far more controlliing than many would want to believe possible.
Imagine them replacing your debit/credit card... you go to pay for something and they scan your implanted RFID to allow access to your personal bank accounts etc.... hmmmm... Its the database that matters, not whats stored on the card. One world government, one world bank... one central controlling force of the entire population... Sound scary? It really could happen.
RFID is seriously bad news.
Barcodes is the "666"
It was said in many religions including the last Chapter of the Christian Bible way over a thousand years before any of this NOT to take "the mark of the Beast". (Shoshe)
Why some people think of this as Secure? I am not American but a One world government... It is a world problem.
What ever they say, they kind of forget that we are still Human beings NOT computers!!! (humans come from nature - invented the computer and we can destroy it too).
Work and society is controlling enough, why exept government control. And what if the chip gets hacked (system at) We don't wanto live in your system!
God has already given us the gift of Free will and it can never be taken from us.
This is a time where us Humans have to realize our own power and when we do that, no one can take our Liberty.
What about electropollution
Electromagnetic frequencies (EMF) and electromagnetic radiation (EMR) that comes from batteries, radios, computers, cellphones, microwaves AND PROBABLY THE RFID CHIP TOO - if it plugs, plays, runs or opperates on batteries and even wireless - can you just imagine the RFID chip inplanted into your body...
BAD idea!!! Your health is probably at RISK as well... (radiation causes CANCER!)
The nation and world is much more powerfull than the government!
QUOTE:"Hilter used the barcode on people in Nazi Germany"
Absurd! The "barcode" wasn't even invented yet! The Nazi's tattooed a number on the wrist - not a barcode.
What nonsense. If you don't like the idea say so - but inventing crap like this is counter-productive. There is no plan to "implant" RFID chips into people without their consent!
I think this is all very scary and people need to wake up.
There is such a huge control on us already it seems so hard to change but it must be possible.
The Government are so clever, they will have people actually wanting the chips put inside them, thinking they will need them for there own protection.
People have to be aware. Please everyone watch www.zeitgeistmovie.com. Then try and get as many people who are followers of there government to watch it. Maybe then when we are all advised or made to have chips put inside us people who before would have asked no questions might start to think a bit more. Things have to change. We deserve better.
Uh, hate to burst your bubble. But 'teh terraists' should have no trouble picking americans out of a crowd in foreign countries without resorting to constructing a rube-goldberg-esque plot using as yet not invented RFID tech. We are very distinctive when we go abroad.
Why would they go through the expense and trouble to invent some sort of device to scan people's passport's from a distance when they can just strap a bomb to a fanatic and blow up any tourist attraction with obnoxious folks wearing fanny packs crowded around it?
For Bruce, to correct your comment, the idea of the barcode began in 1932 and began implementation measures in 1948. There may not be an idea to implant people against their will, but what if that was the only means of accessing your accounts and other information. Behind that idea would be to create something that seems ideal to the average person, more convenient (because we love convenience), and readily accessible. We lose driver license, credit cards, and other personal information all the time. What if banking institutions made it seem as though it would be more beneficial for them not to have clients that lost information and gave incentives for those with RFID chips...What if paper currency was not widely accepted as it is now? This may be thinking outside of the box and there may not be a sign of that happening any time soon, but just what if? It would not be force to say that it would be in your "best interest" to get it, or to be able to function as you do now.
Being ignorant to something that has been fortold by God to him be the Glory. We are living in the last days were men will be deceiving and being deceive, this chip is becoming a convience to the world to save money, to protect your idenity, and to know terrorist from a non-terrorist and ultimately buy and sell and get medical care. The times are evident of the evil powers that are in the world causing these events to happend bringing in this one world unity we called globallization, the devil will use his old tricks and that is use ourselves our action and our decisions against us and cause us to believe a lie before the truth. Remember this it is written in the Bible "for we are not dealing with flesh and blood but principalities,rulers in dark places, evil spirits".
QUOTE "I do not agree to these views. I have been working on RFID since a couple of years.Though security is still an issue, the reader has to be in close proximity to the passport to read the contents of the tag.Also , the information on the passport is anyway with the govenment authorities of the country that you are trying to enter."
Thanks, there is absolutely no reason and no advantage to having a tracking chip in your passport. You go through the same customs line and can just as easily swipe a magnetic card. The chip is there to track you. At home, or abroad. WAKE UP. Read "The History of Inflation" to find out what kind of people come to power after the destruction of a national currency. Read about Stalin's Russia, Hitler's Germany, and you'll probably realize Mike "Stalin" Chertoff's true agenda. When you trade freedom for anything you get slavery. The opposite of freedom is not safety, you can't trade it for safety. WAKE UP.
so you made this original post in 2004 and that meansthat in the past 4 years the goverments has had the chance to put these devicies in...have they.............is that constitutional and doesnt the Bush administration have to go through thoe other checks and balences
Today was the day that I was 'chipped' by the government. At port facilities around the nation people are walking into offices set up by the government and the TSA (Transportation Security Administration) to be screened for receiving a TWIC card. (Transportation Worker Identification Credential) the authority for collecting this information and to conduct a security threat assessment is 49 U.S.C.114, 40113, and 5103a. This is perfectly legal and is in coordination with the USCG and TSA. To begin with this will cover those persons who are required to enter secured areas at port facilities/ vessels.
My understanding is that this will eventually become a national ID card, it has a photo, barcode, your fingerprint and yes.. inside is a chip.
Do I think this will damn my soul to eternal flame?
Is this in anyway going to make accessing my personal information easier to some nefarious crimminals out there?
No to both questions.
Is my banking on there or anything that has to do with my finances?
There isn't anything on there that couldn't be easily be found out by taking the time and searching.
It just says, 'Hey! this guy is a good guy, go look for terrorists, as yes 'crimminals' elsewhere.
Oh by the way.. something you all should know, when it comes your way if you are a crimminal, have a warrant out for you, an attachment, didn't pay your back child support, or are an illegal alien... 'click, click' yer outta here!!!
There is no more running, because there is soon no place to hide.
Just got my passport. I'm upping my donation to the ACLU.
to bruce: It doesnt matter if you agree to get it or not. Consent doesnt mean anything anymore, especially with something that small you'd never know anyway. Next Flu shot you get it could be there and never know its been implanted. Any shot for that matter. They will find a way to do it without you ever knowing
After reading some of the above post... I am scared of what you people think bout other things.. are you afraid to leae your houses?? The government has other things on their plate that are more important the watching you and where you go... I guess you dont trust banks either??? keep your money in the house, dont watch tv because is the devil... I read the book... I also live my life.. not in fear.. if you do not like who is in the office... "vote" point blank...
I am going outside to play with my kids.. with out tin foil on my head...
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.