template

Homeland Security tries passport spin

Well that makes us feel better

03.30.05

"Let's say you are in Beirut, carrying a passport with an RFID tag," said Steinhardt. "A terrorist with a portable reader device could easily tell who is the American (in a public space)."

University of California at Berkeley assistant professor David Wagner, who researches computer security and cryptography, has reviewed engineering studies of the type of RFID tag that will be used in passports. Wagner called Steinhardt's terrorist scenario "absolutely conceivable."

"And," said Wagner, "unlike an ID with a bar code or magnetic strip, you'd never know your card has been read." - Wired News

WE HAVE written a few stories lately about how the US government was using insecure ID tags on the new breed of passports. Using this system, we said, customs people and spies will be able to read your passport in a crowded room without you knowing it.

According to Wired, Homeland Security says we have got the whole thing all wrong. The US government will not use radio-frequency identification tags in the passports it issues to millions of Americans in the coming years.

Instead, the government will use "contactless chips" or “contactless integrated circuits” in fact anything other than Radio Frequency ID (RFID) tags. How could we have got it so wrong? Well the difference between contactless chips and the RFID we thought they were using is… um nothing really. In fact it is a different word for the same thing.

Homeland Security's Broghamer insisted that the contactless chips for ID documents are vastly different from RFID tags used in retail supply chains, because contactless chips must be held very close to a reader device to be activated and to transmit their data.

RFID manufacturers are typically making radio tags for ID documents that comply with ISO/IEC 14443, the contactless chip industry technology standard. This standard limits transmission ranges to a distance of about 4 inches. Other RFID tags can be read at distances up to 30 feet, making them easier targets for identity thieves trying to capture their data, said Broghamer.

Broghamer would not admit to something engineers testing ISO/IEC 14443-compliant chips have demonstrated, however: that electronic eavesdroppers up to 30 feet away can capture data (including biometric records) while it is being sent by the chips to an authorized reader device. - Wired News

Homeland Security is aware that there is a bit of a privacy debate raging over RFID tags and wants to pretend they are something they are not.

This is a little tricky because computer scientists, data-encryption experts, journalists and even the makers of the contactless chips themselves agree that the Homeland Security Department is using RFID technology.

The Homeland Security Department say they worry that the public will confuse the RFID tags in ID documents with those used by retailers, such as Wal-Mart, to track consumer goods.

In the Wired article, the American Civil Liberties Union accuses Homeland Security of engaging in doublespeak, to dupe Americans into accepting RFID tags on their passports.

They hit out at the "frightening, Orwellian use of the language". The only difference between the Passport contactless chips and the shop RFID tags is that Homeland Security tags have faster processors and more storage capacity. It is just as insecure. We still recommend wrapping your passport in tin tin foil.

The Homeland Security Department's employee ID card will use state-of-the-art authentication and encryption systems to protect the department and its employees from identity thieves and spies with unauthorized RFID tag readers, said Broghamer.

But the chips in passports will not have any of those digital security features, said Homeland Security Department spokeswoman Kimberly Weissman. "We want it to be compatible," she said, "with as many reader devices used by other countries as possible." - Wired News