[e-privacy] RFID in chiaro e in broadcast nei passaporti USA

Andrea Glorioso sama at miu-ft.org
Fri Apr 1 19:41:48 CEST 2005 

Ciao a tutti.

Da EFFector 18.11:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

* New US Passports Will Serve as Terrorist Beacons

The US State Department is pushing for what  may be the most misguided
and dangerous travel  "security" plan ever proposed:  putting insecure
radio-frequency identification (RFID) chips in  all new US  passports.
These   chips would broadcast your  name,  date of birth, nationality,
unique passport number, and any  other personal information  contained
in the passport to anyone with a compatible RFID reader.  That's right
- anyone, not just passport control.

"The upshot  of this is that  travelers carrying around RFID passports
are  broadcasting their    identity," observes security  expert  Bruce
Schneier.   "It means   that anyone   with  a reader   can learn  that
information, without  the passport holder's knowledge  or consent.  It
means that pickpockets, kidnappers,   and terrorists can easily  - and
surreptitiously -  pick Americans or  nationals of other participating
countries out of a crowd."

Astonishingly,  the State Department  proposal  abandons even the most
fundamental security protections.  Why broadcast passport data at all?
With machine-readable  travel documents that require  physical contact
between passport  and reader, you can rest  assured that your passport
will only be read when you intend to show  it, eliminating any risk of
surreptitious reading.  But the  State Department isn't only endorsing
contactless RFID technology for passports - it wants to broadcast your
personal information *in the  clear.* In other  words, it wants to use
digital signatures for authentication, but  doesn't want to encrypt or
otherwise protect  passport data, claiming  that the information isn't
worth protecting and    that encryption would interfere with   "global
interoperability."

This is especially disturbing in light of  the fact that safer options
are  readily available; the  government  already uses a  line-of-sight
LaserCard optical  memory card that can't  be read from your wallet or
purse for multiple-entry visa Border Control Cards ("LaserVisas").
  
Privacy   advocate   Bill  Scannell    calls   RFID-embedded passports
"terrorist beacons" - and that's  precisely what they'll become if  we
allow the State   Department   to move   ahead with this   plan.   The
Department is soliciting the public's input on  the new passports, and
the time to act is now - the  deadline for submitting comments is this
coming Monday,  April  4.  Follow the  links  below to  learn more and
submit your comments today:
 
US State Department Notice of Proposed Rule Making:
<http://www.eff.org/cgi/tiny?urlID=436>
(Federal Register; please note that all comments 
must include the Regulatory Identification Number,
RIN 1400-AB93, in the message subject line.)

Bruce Schneier: "RFID Passports":
<http://www.schneier.com/blog/archives/2004/10/rfid_passports.html> 

Bill Scannell's website: "RFID Kills": 
<http://www.rfidkills.com>

Edward Hasbrouck: "Deadlines Loom for RFID Tracking Chips 
in USA Passports":
<http://hasbrouck.org/blog/archives/000542.html>

: . : . : . : . : . : . : . : . : . : . : . : . : . : . :

--
Andrea Glorioso             sama at miu-ft.org         +39 333 820 5723
        .:: Media Innovation Unit - Firenze Tecnologia ::.
	      Conquering the world for fun and profit

More information about the E-privacy mailing list