RFID Cards for U.S. Visitors

The Department of Homeland Security is testing a program to issue RFID identity cards to visitors entering the U.S.

They'll have to carry the wireless devices as a way for border guards to access the electronic information stored inside a document about the size of a large index card.

Visitors to the U.S. will get the card the first time they cross the border and will be required the carry the document on subsequent crossings to and from the States.

Border guards will be able to access the information electronically from 12 metres away to enable those carrying the devices to be processed more quickly.

According to the DHS:

The technology will be tested at a simulated port this spring. By July 31, 2005, the testing will begin at the ports of Nogales East and Nogales West in Arizona; Alexandria Bay in New York; and, Pacific Highway and Peace Arch in Washington. The testing or "proof of concept" phase is expected to continue through the spring of 2006.

I know nothing about the details of this program or about the security of the cards. Even so, the long-term implications of this kind of thing are very chilling.

Posted on August 2, 2005 at 6:39 AM • 63 Comments

Comments

KeithAugust 2, 2005 7:13 AM

"I know nothing about the details of this program or about the security of the cards."

The chilling part is neither does DHS (most likely). As you and many others know, government is rushing to the idea of RFID without fully realizing the privacy and security issues. I cannot imagine they figured it out in the few months they have considered the technology.
--
-Ke

Michael AshAugust 2, 2005 7:17 AM

Forget about privacy or other things, what happens when you lose your RFID card? Are you going to have to go through a great deal of administrative hassle with your local US consulate before you can take your next vacation to the US? So much for the American international tourism industry....

GradyAugust 2, 2005 7:59 AM

"... what happens when you lose your RFID card? Are you going to have to go through a great deal of administrative hassle with your local US consulate before you can take your next vacation to the US?"

Forget hassle. What's the lucky guy who finds your card going to do with it when the border guard trusts the information on it implicitly? How long before they consider automated border crossings with human inspection only when the cards flag someone as suspicious? Great money saver there, reduce your workforce by a pretty large margin. Not real secure though.

Matti KinnunenAugust 2, 2005 8:01 AM

I already speculated on this in my blog.

But if this becomes standard way of treating
visitors, I am sure there will be less visitors.
Well, it may prevent the stupid terrorists,
but it will prevent clever professionals
for sure.

AxelAugust 2, 2005 8:06 AM

"...access the information electronically from 12 metres away ..."?!

Quick, order stock in tin foil manufacturers!

DevanAugust 2, 2005 8:07 AM

My question is- what does this do that we can't do already? There already should be records of legal travellers in the US. Illegal ones have always gotten in under the radar or with forged documents. This is only one more thing to forge.

SmokeAugust 2, 2005 8:32 AM

Ok, so we have to have a passport.
We have to have fingerprinting now.
Next comes the RFID.

[queue the soapbox]

I am 100% certain that if I have to go jumping through hoops to get to visit the USA, I just wont go. I'll go to New Zealand or Canada or the UK. I have friends there too. It will sadden me, but I suspect it will hurt the US more when they lose out on trade with my company and my skills as a professional, any recourse to my doctoral theses, or the benefit of my skills - not to mention everyone else it herds to other greener pastures without the electric fences and cattleprods. Say goodbye to your tourism industry. Say hello to painful problems for anyone who makes even a small mistake. Say goodbye to those long queues at the airport customs desk and hello to longer ones at the tech support section. Say goodbye to privacy. Say hello to identity theft and RFID forgeries. I wonder if the next time the terrorsts invade, the DHS will go searching for some guy called "GW. Bush" and "Mr Rumsfeld" from Washington DC.. or at least thats what the RFID tags say.... hmm?

[/soapbox]

I just do not trust people with this kind of tech. It is too easy to get out of hand. if I can figure out how to use and abuse it then there surely has to be any number of blackhats out there far smarter than I am who can do the same or worse.

And I seriously doubt there are enough whitehats out there to combat them, who arent actually blackhats themselves, working for blackhats unawares, or being paid enough to bother doing anything on their US government salaries (being as we the article is about the US in this case).

ChrisAugust 2, 2005 8:35 AM

I have visited the US several times this year. With the current US Customs procedure, I am required to have a machine-readable passport, which the friendly customs agent scans when I hand it to him. After that, the agent takes a picture of me with a little eyeball cam connected to his computer, and he takes fingerprints of both my index fingers.

When I entered the US the first time this year, I thought this would be a one-time shot, but no, they did the same thing again afterwards also.

These new procedures already made reconsider some travels to the US. The new RFID thingy is a further step in the same direction.

dmcAugust 2, 2005 9:21 AM

What threat model are they trying to address?

I don't hear anything terribly chilling in the snippets provided. As others have pointed out, visitors are already required to provide passports on the way in, so I'm not sure what the RFIDs are adding. The only extra bit of information would seem to be the exit date/location, which hardly seems terribly useful for anything but traffic analysis.

Will visitors be required to present these RFIDs at other than crossing points? *That* would be chilling, but I didn't see any mention of it in the original posting. From the posting, it sounded like a visitor would be issued an RFID, and could cheerfully leave it in their hotel room or safe deposit vault until such time as they leave the US.

Am I missing something?

Jo_AvaAugust 2, 2005 9:21 AM

Canadian citizens are the only people in the world exempt from US-VISIT. - Kingston Whig-Standard

Well, gee, thanks. And how long is that gonna last?

Come to Canada instead.

Jo_AvaAugust 2, 2005 9:30 AM

@dmc

What's chilling are the various privacy and international law implications.

From the Whig-Standard article cited in the post:

"Though the new devices don’t violate Canadian law, because visitors are under the jurisdiction of American law once inside the U.S., Cockfield said their use raises disturbing questions about how the technology may be used in the future.

'If I’m close to the border and still on Canadian ground and a U.S. customs guard is scanning me and finding out personal information about me, that actually might be a violation of Canadian law because they’re collecting information on a Canadian resident who is still in Canada,' Cockfield said.

He said the devices smack of a 'Martha Stewart-like prison tracking device.'

'It’s one thing to have a police officer approach you and ask for your identification, but it’s another thing for somebody sitting in an office somewhere in Washington to track all your movements through a satellite signal,' he said.

. . .

'I kind of feel uncomfortable because I don’t know what that device is doing and I don’t know where that device is reporting,' he said. 'Although they say it will expedite your entry through the border, it may be doing something else, too.' "

This is different than providing a passport. First of all, in order to show a border guard a passport, you actually have to approach the guard, who then has to interact with you. Believe it or not, I'd actually rather have a human being assess whether I am who I say I am than a distant machine. Removing the human element is part of what chills me.

MathFoxAugust 2, 2005 9:32 AM

@dmc

As an "alien" (foreigner) you allready are expected to be able to show that you have the right to "enjoy the honour" to be on US territory. Most likely, the US immigration "officers" will staple the RFID card in your passport. (Yes, stock up some tinfoil, before it's made illegal as "circumvention device".)

DarkFireAugust 2, 2005 9:35 AM

To be blunt, the only thing I find chilling is the degree of paranoia in the orriginal article...

[SNIP]
“It’s intrusive and these are worrisome developments,��? he said.
[SNIP]

Intrusive? How exactly does this differ from being approached by a cop & asked for your passport at the border?

[SNIP]
...track all your movements through a satellite signal,��? he said.
[SNIP]
What? how did we suddenly get from a UHF short-range datalinked card to some nebulous references to being tracked by satellite? That just sounds like plain old conspiracy theorising!

[SNIP]
“Although they say it will expedite your entry through the border, it may be doing something else, too.��?
[SNIP]

Do these people actually think that the government *cares* enough about them to actually be interested in them? This sounds like a healthy case of over-inflated ego mixed with a healthy dose of extreme paranoia.

Which leads me to ask a different question: why are these individuals scared of the government knowing where they are? What are they doing to engender this fear?

In general I would imagine that said government is going to be muchg more interested in WHY a given individual is being so voiciferous about a given subject, rather than where they do their shopping on a Saturday morning.

For god's sake, look out - here come the alien conspiracies!!!

NickAugust 2, 2005 9:37 AM

This is just a pilot program. The government is using it to decide whether this technology is viable or not. The same thing is going on with registered traveler and pretty much EVERY major government initiative.

@Bruce
Shouldn't new technology be tried using exactly this type of approach? I understand that there are potential problems but that's what the pilot is for. It is only 4 border crossings after all.

@Michael Ash
I'd assume that losing your RFID card would follow a similar process to losing your VISA only that your RFID card can be more easily deactivated because it's electronic.

@Smoke
I am 100% certain that you already have to jump through hoops to visit the U.S.

Don't you think it is harder to forge an electronic RFID card than a VISA that is paper based?

"Long lines at tech support?" Have you every tried to cross the border from Mexico to the US? It takes hours, even for US citizens. You sit in a line that's 2 miles long.

@Devan
From the article:
"Border guards will be able to access the information electronically from 12 metres away to enable those carrying the devices to be processed more quickly."

This isn't a free pass to cross the border; it just makes legal border crossings more efficient. One would hope that this would allow illegal border crossings to be identified more easily but that's probably one of the things the pilot will be used to determine.

@Chris
The U.S. is trying to shore up the borders. Some of that means getting rid of the paper-based system we have now and getting electronic passports and VISAS. I don't think this will be the end of tourism or immigration in the U.S.

R.B. BoyerAugust 2, 2005 10:02 AM

Isn't it possible to shield the issued card from any prying readers by placing it into a Faraday cage-like bag? Like an anti-static bag or an envelope of aluminium foil?

At least then you could keep the card secured until someone was *supposed* to read it.

NickAugust 2, 2005 10:16 AM

Here is an example of why this is not a good idea.

http://www.popcenter.org/Problems/...

In addition, the Florida legislature passed a law requiring that regular license plates be issued to replace the easily identifiable ones on rental vehicles

We have something that means people can be targetted.

JohnJAugust 2, 2005 10:32 AM

@dmc: "...so I'm not sure what the RFIDs are adding."

Profit to the contractor's bottom line, of course.

And if these are insittuted at border crossings, what's to stop them from being embedded in roadways (federally funded interstates at a minimum), over the doorways of federal buildings/landmarks, etc.? Properly done, the movement of US visitors could be tracked far more thoroughly, cheaply, and in an automated fashion than we can do today. And the gov't wouldn't need access to commercial databases or have worries about getting data from foreign governments. Do you think the public, and certainly the visitors, would actually be informed when sensors are added to places other than border crossings?

Andre LePlumeAugust 2, 2005 10:49 AM

They need to re-brand this initiative.

Call it EZPassport. If you have RFID, you breeze through, and have higher duty-free limits. If you don't, you go through the manual toll booth.

It works on our highways.

GustavoAugust 2, 2005 11:03 AM

>“It has a range of 10 to 15 metres."

>"...track all your movements through a satellite signal...��?

I'm not really an expert here, but doesn't the range of communications depend on the power of the transmitter?

I mean, if the card can only transmit up to 15 meters, how could it possibly be read by a satellite? Ok, the satellite might send messages to the card, but it wouldn't be able to receive the answer, would it?

>“The UHF frequency that we’ve chosen makes it impossible to locate a specific person.��?

Now that's a very bold use of the 'impossible' word!

Timmy303August 2, 2005 11:17 AM

Re: RFID security

Google for Delchi's Spiderbox and more recently Kaminsky's work in the area. The information on an RFID card can be read and duplicated by an interloper using the same technology that the authorities use to read the card, only the data theft is completely low-profile and the victim never knows that it has happened.

RFID is only effective as an access control method in a business setting when used in conjunction with turnstyles and guards comparing the photograph they capture from the card with who they see using it, and even that is not secure enough for more sensitive environments.

AleksAugust 2, 2005 12:01 PM

I really does not anything against RFID card, but whoever was designer of this pilot project had to have in mind that threat is also very big from some of US citizens - the one with legal US passport who will be not asked to have RFID card

bobAugust 2, 2005 12:25 PM

Apparently they're targetting non-canadian citizens: http://ottawa.cbc.ca/regional/servlet/View?...

They can choose however they want for their pilot, I don't know the ins and outs of the study, my main concerns are touched on in a few previous comments:
- where else they could consider mounting detectors to 'track' people
- possibility of stolen/lost cards and how that should negate the possibility of 'implicit' trust of the cards

I don't think it's possible to 'forge' them. Isn't it just an id that maps into a database, and hence unless you forge the identity (ie the key, to act as someone who's already got one) whats the big deal (provided the implied trust issue is dealt with).

OrwayAugust 2, 2005 12:44 PM

This will be able to be used as a standard "government-issued ID" by hotels and anyone else who wants it for any reason. Expect to be required to hold the card at all times, and expect it to be the only recognized "government-issued ID" for foreigners when they enter any publicly controlled area like the Smithsonian museum. Domestic driver's licenses have much more information in them than this will have, and they have to be presented when traveling anywhere or entering government buildings.

So placing foreigners under this kind of surveillance is really just a nice way for the US government to treat them the same way it's already treating US citizens.

Matti KinnunenAugust 2, 2005 12:49 PM

@Orway

So, US government mistreats you, so it should mistreat others too. Right.

More seriosly, aliens have to carry and present their passports already now. So, no need to add RFID for this purpose.

Pat CahalanAugust 2, 2005 1:02 PM

@JohnJ

> Profit to the contractor's bottom line, of course.

Spot on. The biggest problem I've seen with the post-9/11 U.S. security agenda is that many many people with no idea of what security is are suddenly in charge of implementing sweeping changes in everything. Suddenly you can throw money at a "security" project without much in the way of real oversight -> I'm reminded of defense contracts in the Regan era.

It makes politicians look good ("We're doing something!"), it makes the generally uneducated populace feel better ("Look, they're doing something!"), and it enables an entire industry to jump out of the public shadow and sell sell sell.

Frankly, I applaud Mr. Schneier for pointing out the absurdities in his blog instead of lobbying to get Counterpane big time contracts doing nothing effective for lots of money.

OrwayAugust 2, 2005 1:05 PM

Matti, they have to carry and present passports already, but there are over 130 countries out there, most of them with their own passports, and the RFID will provide a standardized format that can be easily put into whatever database you have, just like the soon-to-be standardized domestic drivers' licenses.

Matti KinnunenAugust 2, 2005 1:16 PM

@Orway

Why not try to standardize the passports? Like going to the UN and making a proposal. Like trying to fix the real problems with security in the world, not leaving problems fester and try to cover them up with RFID or something.

HollowVictoryAugust 2, 2005 1:23 PM

Orway, let's say every country decides to follow the US and demand that visitors to their countries get a RFID card issued in that country when they visit. Then depending on how many countries you travel to you are forced to have a collection of different RFID cards at home. For some reason I find a card issued by your own country that is recognized by all other countries a much more suitable idea. Don't we already have one of those?

Ari HeikkinenAugust 2, 2005 1:25 PM

So they're testing that RFID stuff with foreigners now (trying to keep US people happy) but then at some point just take it in use for everyone. Clever. I bet the best effect of all that fingerprinting, photographing and generally treating foreigners as criminals is only to keep clever people out of the country.

NoxAugust 2, 2005 1:28 PM

I predict that this system will be used as a reason to put RFID detectors in many places that are considered sensitive.

The next obvious step is a national RFID card. I'm not being paranoid, nor do I particularly care about a national RFID card, but once the infrastructure is in place for THIS system, it will leverage the next phase.

I would expect to see these detectors in airports, courthouses, and other sensitive places.

If I were designing the system, I'd work towards ubiquitous detector placement. Mall entrances, street corners, etc - all feeding back to realtime and batch analysis mechnisms to detect abnormal travel patterns.

Feed the travel patterns of murderers, terrorists, subversives etc into the system and tell it to find people who behave the way they do.

Scrutiny can protect you. The only question is, do you want that kind of protection?

- nox

NathanAugust 2, 2005 1:41 PM

I for one welcome our RFID mandating overlords.

Seriously though, could I toss my RFID chipped passport in the microwave for a few seconds, fry the chip, but not damage the passport? Would the govmt. require working RFID chips? Could I just say, "Huh, guess I sat on it a little too hard".

Davi OttenheimerAugust 2, 2005 2:51 PM

@ Nathan

Good thought, but Microwaves do not necessarily damage RFID chips without doing damage to the passport as well. So unless you have fire regularly coming out of your pants, your story might not be believable. A better/more reliable method is to simply disconnect the antenna with an extremely sharp pin or razor.

Personally I still find it noteworthy that cattle ranchers are fighting against RFID deployment in their herds due to privacy concerns related to where/how the data is stored by the government. If the ranchers are able to force a better system for their cattle, maybe they wouldn't mind fighting for the human herd(s) as well?

Davi OttenheimerAugust 2, 2005 3:04 PM

@ Gustavo

"doesn't the range of communications depend on the power of the transmitter"

Yes, there have been some demonstrations where RFID is read from over 100 meters away.

RFID seems so well suited to highly organized and very controlled environments like warehouses for wholesale/bulk inventory and pick operations, that the trade-offs might be more obvious than we realize. Until humans are able to fit into neat little boxes and have an ID with the equivalent worth of a shipment of pickles, RFID just might not be the right solution to manage our whereabouts.

Timmy303August 2, 2005 3:07 PM

I find that sometimes certain security projects defeat themselves rather handily once the implementers find that they don't work at all and everyone else stops taking them seriously.

Imagine something sensitive like a passport that was 1) readable by everyone that walked within 15 feet of you and 2) easily duplicable with some inexpensive equipment. Given passports are a form of authentication, how long will it be before blatant forgery becomes such a rampant problem that the whole project is scrapped? I doubt it would be long.

Jeff CarrollAugust 2, 2005 3:12 PM

'If I’m close to the border and still on Canadian ground and a U.S. customs guard is scanning me and finding out personal information about me, that actually might be a violation of Canadian law because they’re collecting information on a Canadian resident who is still in Canada,' Cockfield said.


Particularly since US Customs already operates in all the Canadian airports I've visited.

This is just dopey. If you happen to leave your RFID-enabled passport at home, what then? Shoot to kill? Clearly, if DHS is really serious about wanting to be able to identify people (rather than documents), they should be subdermally implanting the RFID tags.

On the other hand, I can't help wondering whether the life of the Brazilian illegal killed in the London underground the other day might have been spared had he been carrying an RFID passport. I doubt it, but still...

Bruce SchneierAugust 2, 2005 3:15 PM

@ Nick

"Shouldn't new technology be tried using exactly this type of approach? I understand that there are potential problems but that's what the pilot is for. It is only 4 border crossings after all."

Yes, testing is always beneficial before full deployment. But even before testing, there should be cost-benefit trade-off analysis.

VasuAugust 2, 2005 3:49 PM

@David
Personally I still find it noteworthy that cattle ranchers are fighting against RFID deployment in their herds due to privacy concerns related to where/how the data is stored by the government. If the ranchers are able to force a better system for their cattle, maybe

True, but cattle != foreigners. I guess my plans just changed!. Thats pretty interesting that I will be treated from next time on 'worse' than cattle.. Huh, whatever...

ECMpukeAugust 2, 2005 6:22 PM

RFID remote reading is easily defeated with shielding. An anti-static bag, a metallic pouch, a shielded briefcase...anything...so surreptitious interrogation is not possible for people who take simple precautions.
Eventually, some smarty will embed a sensitive interrogation detector in a cell phone, so you will have warning of an interrogator before you approach it.
For someone like me who's played for years in the electronic countermeasures field, RFID is like ringing the dinner bell.

shrevzAugust 2, 2005 8:40 PM

So why is the government so fond of RFID chips rather than contact chips? My guess is that it is because they are the prefect partner for face recognition. Face recognition is not really good at finding out who you are - but it's great at verifying that you match your digital photo.

I'm guessing that what the DHS/alphabet agency of choice/Big Brother is trying to do is set up cameras with RFID snoopers. As you walk through the airport, the cameras verify your RFID matches your face. Even if only 90% of the people are carrying RFID, this allows the security goons to focus on the remaining 10%.

If I'm right, the reason the government is insisting on RFID is because face recognition didn't quite deliver on the promise of automated surveilence - but combined with RFID it will.

Be Very Afraid indeed.

Davi OttenheimerAugust 2, 2005 8:51 PM

@shrevz

"face recognition didn't quite deliver on the promise of automated surveilence"

Don't count your chickens yet...face recognition has improved exponentially recently, and the flaws with automated surveillance are not necessarily the fault of the technology.

Bruce SchneierAugust 2, 2005 9:27 PM

"Don't count your chickens yet...face recognition has improved exponentially recently, and the flaws with automated surveillance are not necessarily the fault of the technology."

And the technology will only get better. So even if it doesn't work today, it will in some small number of years.

jammitAugust 2, 2005 11:46 PM

What I'd like to know is how exactly will RFID for the visitors help the US in catching and/or tracking terrorists? Perhaps maybe a "post mortem" after an attack might be helpful, sort of like looking at the log files after you've been rooted.

Nigel SedgwickAugust 3, 2005 4:00 AM

shrev> "If I'm right, the reason the government is insisting on RFID is because face recognition didn't quite deliver on the promise of automated surveillance - but combined with RFID it will."

Watchlist performance (1:N implicit claim 'I am not on the watchlist') is broadly N times more difficult than verification performance (1:1 claim 'I am the authorised holder of the RFID chip/card'). This is irrespective of whether the biometric modality is "face" or something else.

"Face" has the primary advantage that it is easier to capture an image, at all and without explicit co-operation, than most/all other biometric modalities.

However, as a biometric, "face" does not have particularly good performance: intrinsically (ie lots of people in the world look quite similar to each other), because of changes with age, health, mood, hairstyle, makeup, disguise, etc.

shrev> "Be Very Afraid indeed."

What of? If it works well enough, the bad guys will get caught and the good guys will (with automatic scanning) not be troubled overmuch. If it does not work well enough (ie too many false alarms, or too many false rejects to warrant value for money), its use will be phased out.

The main fear I have is of wastage of taxpayers' money, on something that prior analysis might find unlikely to be worthwhile. [Note. There also might be some inconvenience during any transition/evaluation period, before over-zealous officials adjust their expectations to the actuality.]

Davi Ottenheimer> "Don't count your chickens yet...face recognition has improved exponentially recently, and the flaws with automated surveillance are not necessarily the fault of the technology."

Performance of all biometrics is improving. In so far as they are all moving, through technological improvements towards an intrinsic upper limit imposed by population variation, that might be (sort of) exponential, though different for each biometric modality.

However, your "exponential" presumably means "significantly useful". I doubt it. But please do produce your figures on your anticipated operating point (FMR/FNMR) and cost/benefit analysis.

Bruce Schneier> "And the technology will only get better. So even if it doesn't work today, it will in some small number of years."

I cannot dispute "it can only get better", on cost as well as technological performance. However, so will the competing technologies and operating procedures, biometric and non-biometric.

Even ignoring the competition, will it be "good enough" in your small number of years? How many years, and (as for Davi) what is your projected operating point (FMR/FNMR) and cost/benefit analysis for that sort of timescale?

Don't forget to include, in your FMR (for verification against stolen/cloned RFID chip/card) that this should not be "zero-effort" by any bad guy/gal, but should include some effort in selection of "victim" according to sex, age, ethnicity, similar facial appearance and possible disguise.

It might be possible that the face biometric will exceed my expectations, but I have no where near the optimism of Davi or Bruce.

Best regards

Nigel SedgwickAugust 3, 2005 5:02 AM

I'd like to add a bit of clarification to my comment above, as I didn't make it clear enough, later in the comment, that there are 2 different issues.

Shrev's issue was that the face biometric would be used for verification against a single claimed identity given by the RFID chip (perhaps because of "desperation" to use face and given that it did not work well enough for watchlists).

I am sceptical that face will work well enough for that 1:1 claim verification at border points. Reasons for this include the one that most performance reports for face are for zero-effort impostors. Thus I warn:

"Don't forget to include, in your FMR (for verification against stolen/cloned RFID chip/card) that this should not be "zero-effort" by any bad guy/gal, but should include some effort in selection of "victim" according to sex, age, ethnicity, similar facial appearance and possible disguise."

Davi and Bruce are actually, at least in part, claiming that the facial biometric is, or soon will be, good enough for use with watchlists.

I am sceptical of that too. In addition to requiring performance that is around N times better than verification (with N persons on the watchlist, for the same false detection rate and equivalent miss rate), the bad guy/gal is required to disguise so they don't look like the watchlist photograph of themselves. This must be easier than disguising oneself to look sufficiently like another specific person (even if a carefully selected one), which is the RFID verification case.

In the watchlist case, it is (of course) appropriate to evaluate the FMR against all persons, rather than those matching somewhat to specific characteristics such as sex, age, ethnicity, facial characteristics, etc. This is because the false matches are of each watchlist template against the public in all its variety.

Another difference between the watchlist case and the verification case is that of the origin of the photograph used for the biometric template. With verification, there is (usually) a co-operative genuine subject. With a watchlist, there is only what the operating agency can lay their hands on, which is more likely (though not necessarily) to be of lower quality (especially in uncontrolled circumstances of illumination, etc) and not given with co-operation. All of this has an adverse effect on biometric performance.

Thus I am sceptical of both verification and watchlists in border applications. However, I do accept that suitability for application depends on a fairly detailed analysis, which is at least somewhat different in each particular case.

Best regards

davidAugust 3, 2005 5:18 AM

@Aleks
> threat is also very big from some of US citizens - the one with
> legal US passport who will be not asked to have RFID card

Well, I just renewed my passport though it would not have expired until next June, I hope I got in under the wire before all US passports have RFID chips in them. I'll find out when the new one arrives. The website says that August is the month when the program is being rolled out to government employees, in which group I do not qualify, and will not while its current fascist directions continue.

Modifying your passport is illegal, that will include disabling the RFID chip. Still, I wonder how effective might be the damage that could plausibly be construed as accidental.

Anyway, there's a pocket in my Tom Binh bag that's being lined with aluminum foil and an anti-static bag.... How can I test whether that really blocks remote reading? Any ideas?

Ari HeikkinenAugust 3, 2005 7:04 AM

"How can I test whether that really blocks remote reading? Any ideas?"

Put a small battery powered radio receiver tuned to a local radio station in it and see if it blocks the channel.

GrainneAugust 3, 2005 8:52 AM

"In late June, the State Department announced that new passports will have a metallic lining to prevent unauthorized reading of the tags."

Sooo, isn't that just against the purpose of the cards? I take it you'd have to open your passport to have it scanned then. But isn't opening your passport for viewing what you do already..
And as far as security goes someone could have a hidden unauthorized scanner near to check points to collect information.. In the end 'where there's a will there's a way'

nick6999August 3, 2005 9:01 AM

I live in the UK and will never, ever visit the US, as much as I would like to. I take my tourist pounds to other countries and encourage my friends to do likewise.
Yours is a land where Tazers are used as weapons against the public routinely, where police officers are empowered to act as judge, jury and executioner on the sidewalk and where your border people now want to regard potential tourists as their property, to do with as they please. Governments are supposed to represent the people's interests, not their own. Enjoy your country, I'll enjoy mine.

ECMpukeAugust 3, 2005 4:30 PM

nick6999...funny...we fought a revolutionary war to get away from very invasions of privacy that we now take for granted and against which you now have better protections than we.
However...at one time I did sign the official secrets act which changes the game a little.
So far, we don't have anything quite as far-reaching.
Give us time.

Steven FisherAugust 3, 2005 8:07 PM

I wish I could dramatically say that this will stop me from every travelling to the states, but the honest truth is that I reached that point some time ago.

ExodusAugust 4, 2005 1:32 AM

Whith this kind of fake security, Identity Theft is going to explode.

One simple proof of successfull Identity Theft and the entire system will turn into a security nightmare. And attacks these systems are known.

It like banks deploying security solutions vulnurable to ordinary known viruses.

The biggest security threat to US seems to be the Homeland Security itself.

JoeAugust 4, 2005 7:34 AM

Nice. So now it'll always be possible to recognize a foreigner from twelve metres away...

Hey! I have an idea: Why not force all those foreigners to wear the Star of David fully visible on their chests? I mean, it's not like that would hurt anybody.

dav1d3August 4, 2005 7:34 AM

Does this mean that in the U.S. privacy is a right only for U.S. citizen and an optional for visiting foreigners..? It sounds really fascist to me...

davidAugust 4, 2005 9:05 AM

> Does this mean that in the U.S. privacy is a right only
> for U.S. citizen and an optional for visiting foreigners..?
> It sounds really fascist to me...

What makes you think "privacy is a right ... for U.S. citizen?"

Check into the implications of the REAL ID Act as well as the imminent issuance of all US passports with RFID chips in them.

davidAugust 4, 2005 9:07 AM

> It sounds really fascist to me...

By any objective definition of the term, the US is indeed a Fascist state as of right freakin' now.

I know it connotes Nazi Germany but that is not your textbook definition of Fascist. Look it up.

AndrewAugust 5, 2005 11:32 AM

Just put the RFID device in a 'Faraday cage' or shielded container when you are not going through the border.

ECMpukeAugust 5, 2005 12:14 PM

Right, Andrew.
Pay attention folks! RFID is EASILY defeated.
As I said before, RFID, to an old ECM hand like me, is like ringing the dinner bell.
It's very brittle technology and easily broken.
Expect to find anti-RFID websites, sensitive interrogation detectors (even built in to cell phones eventually), spoofers, jammers, killers as soon as it becomes a decent business for folks like me.

LeliaDecember 12, 2005 8:43 PM

Being a Canadian senior I remember the days when Canada and the U.S. viewed each other as "family" How sad that we have allowed immigrants from countries with violent backgrounds enter our midst in such numbers that we are now suspicious of the very friends that built the tourism trade in the U.S and Canada.

HeleneOctober 23, 2006 3:34 PM

Hello
I am Canadain,and just discover today that the card I had in my windshield is a transmittor.I go to the USA often,I mail used books.I had the regular decals for the USA Custums in my windshield for years.Last year they sent me this white card with a small electronic "thing " in the middle.They said that it was to be scan by the customs officer,well they never did.and a year after a Custom Officer slip that it was a transmitter.I am very angry,not that I am being check while in the USA but that I have that thing all the time and am being check while being in Canada.This is spying .I don't think an American would agree to being spy by Canadian Customs.
Helene

Abroad JobsNovember 18, 2007 10:39 AM

Orway, let's say every country decides to follow the US and demand that visitors to their countries get a RFID card issued in that country when they visit. Then depending on how many countries you travel to you are forced to have a collection of different RFID cards at home. For some reason I find a card issued by your own country that is recognized by all other countries a much more suitable idea. Don't we already have one of those?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..