Privacy Threat in New RFID Travel Cards?

DemolitionX9 writes to tell us ZDNet has an interesting article rehashing the problems with privacy in future RFID-equipped travel documents and ID. The piece focuses on a recent speech given by Jim Williams, director of the Department of Homeland Security's US-VISIT program. From the article: "Many of the privacy worries center on whether RFID tags--typically minuscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number."

yes, but..

[ShaniaTwain (197446)]

..think of how this will protect your FREEDOM! and LIBERTY!

Cheap thrills posted by bat020

[Philip K Dickhead (906971)]

I did this today and it made me insanely happy for about 15 seconds.

Find a BT landline phone. Send a text message to it reading "The time space continuum is about to collapse." Wait by the phone. A few seconds later it will ring - and Tom Baker will read your message out to you!

Re:yes, but..

[uncoveror (570620)]

Yep, any terrorist with an RFID reader will be able to identify Americans to kill. It will give them a lot of freedom and liberty, me not so much.

practically speaking

[Douglas Simmons (628988)]

This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

Re:practically speaking

[dwandy (907337)]

This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse

Lots of ways, most immediately comes to mind:

1. Capture your data.
2. Encode to my chip.
3. Now I'm you, I can:
4. • Travel as you.
   • Commit various offences as you
   • Do whatever I want as you, and hell, the computer can't be wrong.
5. (mandatory) PROFIT!

But I'm sure more devious plots will come to other people's minds...

Re:practically speaking

[MojoRilla (591502)]

How is this any different from someone stealing your passport now?

RTFA.

The 96 digit number would be a key into a database, which would "automatically display the cardholder's picture and other biographic information on the border agent's computer screen."

The agent sees the person who is using the card doesn't match the stored information, and hauls you in.
Finally, according to the TFA, "They're also exploring using a card that would have to be activated by the user, through a fingerprint or some other biometric method, before any information could be read remotely."

Re:practically speaking

[SengirV (203400)]

The agent sees the person who is using the card doesn't match the stored information, and hauls you in.

That doesn't work too well in a passive setting, like along side of a road, or unmanned building entrances, etc...

On the back of my credit card, I have my endorsed name AND a note that says "please check ID". How often do you think they check my ID? Also, do you think EVERY place that is going to be using this cards has a nice pretty display to view the picture of the individuals? And if it's a simp

Re:practically speaking

[dwandy (907337)]

Maybe it is no different than today's threats, just new; "Why add another way to get hijacked?" should be the real question asked here, not "How is this different?". And if you believe that just because it's just a number you're safe, you just havn't thought it all the way through. From 30-ft, a disguise doesn't have to be perfect. And if you start by picking someone who looks somewhat like you, you can pretty much move around as them.

So, imho, it is different due to the perceived infallibility of computer

Re:practically speaking

[PowerKe (641836)]

How is this any different from someone stealing your passport now?

Because it's not even necessary to steal your passport, it's not even necessary to touch it. You can walk past someone at 25 feet and copy it. If you have an ordinary passport and keep it in a safe place all the time you can be pretty sure no one takes it without you knowing and if they steal it, you might notice it's missing.

Besides, if the RFID card is designed to be readable at 25 feet, it's probably possible to do so at a much longer distance using special equipment.

Re:practically speaking

[jim_v2000 (818799)]

Lots of ways, most immediately comes to mind:

1. Capture your data.
2. Encode to my chip.
3. Now I'm you, I can:
4.
* Travel as you.
* Commit various offences as you
* Do whatever I want as you, and hell, the computer

Re:Lay off the Philip K Dick.

[rossifer (581396)]

You'd also have to have the same finger prints and iris geometry...and that isn't on the card.

You didn't RTFA. The whole point of this card is so that people don't have to open their car windows or slow down at border crossings because the current border crossings interfere with commerce.

When cars are moving past the checkpoint at 30-60mph, which of the machines there are going to check finger prints and iris geometry again?

Regards,
Ross

Re:Lay off the Philip K Dick.

[idontgno (624372)]

When cars are moving past the checkpoint at 30-60mph, which of the machines there are going to check finger prints and iris geometry again?

I'm guessing it'll be like a toll booth change bucket; just toss your finger and your eyeball into the basket and you're off!

How you detach those components and grow them back later is your problem.

Re:Lay off the Philip K Dick.

[Ced_Ex (789138)]

Nearly everyone (who was white) was waved through. Canadian border was just as bad. Oddly, it was quite an ordeal to get into Canada, but coming back they just waved me through.

I've always had the situation when going into the US, they ask if I have and fresh fruit/vegetables or meats to declare. However, when I go into Canada, I'm always asked if I have any firearms or weapons to declare.

Re:practically speaking

[Nos. (179609)]

Imagine that these ids can be read from a distance. Now suppose a chain of stores, say some clothing stores, installs sensors and begins reading these tags. You sign up for their "monthly mailing list", and now they know who you are and what your unique ID is.

After a trip, you get an email/letter saying, "Thanks for visiting our [exotic destination] location. We hope you enjoyed your trip". Okay, not terrible, but I don't really want clothing stores knowing where I take my vacations.

Now, substitute

Re:practically speaking

[drinkypoo (153816)]

There is off the shelf hardware that will allow you to read RFID tags (with varying levels of reliability) from ranges in excess of thirty feet. A collection of RFID tags produces a sort of constellation even if they are not unique. For instance, the guy who has the bottle of scope mouthwash, the bag of fritos flamin' hot, and the #2 philips screwdriver at this intersection is probably the same guy who has the same stuff at the next intersection. This allows you to positively track someone based on checkpoints, even without a unique RFID like your passport will be. Furthermore, even if some of the tags don't scan properly, the percentage similarity can be compared from point to point and you can get a fairly positive match anyway.

With Unique tags, then you don't need to go even that far, of course.

If you cannot imagine why this is a bad thing, then truly, you should read 1984.

Re:practically speaking

[Tackhead (54550)]

> This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

"Ground Beef a L'amerique".

Ingredients:

1 Terrorist.
1 RFID reader.
1 Pringles can.
1 Blasting cap.
1 Pound of boom-boom stuff.

Assemble recipe. Bake in broad daylight on side of road until American tour bus comes by.

Re:practically speaking

[PaulK (85154)]

"This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

It's quite simple. If you're travelling abroad, it's possible that someone would want to target you based on your nationality from a discrete range. This was proven possible at the blackhat convention, (see the link below). I appreciate that TPTB are paying attention to this issu

Re:practically speaking

[Em Ellel (523581)]

This is all very intriguing, but how exactly could someone exploit this RFID range to make my life worse? I can only think of things that would make it better. Could someone explain less abstractly than "Didn't you read 1984?"

If you are an American, this has nothing to do with you, if you are visitor , someone MAY be able to read your travel entry visa number... what makes me curious is what exactly can you do with a entry visa id number? Its kinda like being able to read your vehicle VIN number, like havi

Re:practically speaking

[Penguinoflight (517245)]

The condition that makes RFID tags in any capacity (not just long range ones) unsafe and irresponsible is the insecurity of identification systems in the government/big business system. As things are now, Social Security numbers and other forms of identification can be used against the holder to steal money from them. Credit card companies are getting worse and worse, and they are not held back by bought and paid for congress.

RFID is bad because it makes the job of criminals much easier, and there has bee

Targeted Americans in foreign lands

[Simonetta (207550)]

A passport that emits RFID information from any distance more than a few inches would be a serious danger to Americans traveling. Criminals can set up a cluster of RFID readers on a busy street and identify Americans by the RFID signals received. Then these people can be targeted for kidnapping, robbery, extortion, or murder specifically because of their nationality.
Even a RFID passport that emits only a few inches can be a danger if the criminals use more powerful amplifiers on their RFID

A minor nit....

[HotNeedleOfInquiry (598897)]

Even a RFID passport that emits only a few inches can be a danger if the criminals use more powerful amplifiers on their RFID receivers.

Transmitters are powerful, receivers and preamps are sensitive.

Even if it was a few inches...

[Gyga (873992)]

...What is to stop someone from "accidentally" bumping into you with their scanner in their pocket?

Perhaps...

[C10H14N2 (640033)]

...the fact that they don't have the database to match the "ID" in the RFID, perhaps?

I mean, how useful would it be to you to have a list of all the social security numbers of everyone in a baseball stadium if you didn't have any of the names? Hell, you might as well just randomly generate the numbers.

Wouldn't be to terribly risky for me to say that my SSN is 872-46-2392 (it's not) if there's no way for you to get any other identifying information with which to match it as by itself it is totally useless.

Let me be the first to say

[eclectro (227083)]

Give me a yagi and I'll read your tagy.

RFID triggered terrorist bombs

[Bubba-T (578601)]

Set off a Bomb when person id code 46465456456489715678984 walks by

Or RFID triggered goverment bombs

[by Anonymous Coward]

Person id code 46465456456489715678984 has very vocally expressed negative opionions about us, let's stage a little accident for him.

I'm not scared!!!!

[ShyGuy91284 (701108)]

Not with my RFID Blocking Kit RFID Blocking Kit Shirt [thinkgeek.com]!!

In other news ...

[PatrickThomson (712694)]

In other news, walking around with a bizzare skin disorder that makes microscopic copies of your passport flake off and fall on the ground may be a risk to your identity.

(I choose such an odd analogy because rfid readers are about as hard to obtain as microscopes. Not everyone will have one on them but it's not exactly mil-spec hardware)

I don't want to be tagged!

[Bromskloss (750445)]

Please hurry the development of space tech so I can move to another planet, should it be necessary.

Re:I don't want to be tagged!

[HermanAB (661181)]

Sure, but only citizen numbers 4975637200 till 4975637299 are allowed to leave...

Terrorism applications

[Animats (122034)]

RFID takes terrorism to the next level. The next step, of course, is the land mine that only blows up when someone from the US is near it.

And yes, some terrorist groups do have the capability to build custom electronics. You can see examples of IRA custom circuit boards in the Imperial War Museum [iwm.org.uk], London.

No control

[Billosaur (927319)]

Many of the privacy worries center on whether RFID tags--typically miniscule chips with an antenna a few inches long that can transmit a unique ID number--can be read from afar. If the range is a few inches, the privacy concerns are reduced. But at ranges of 30 feet, the tags could theoretically be read by hidden sensors alongside the road, in the mall or in the hands of criminals hoping to identify someone on the street by his or her ID number.

Unless the Feds are going to come up with an air-tight encryption scheme, this is a recipe for disaster. This isn't like the EZPass I have on my car, which is only linked to my account and determines if I have enough to pay the toll. These chips will potentially carry a lot of personal and very useful information, especially if you're a crook looking to use somebody's id to get across the border or to create fake identity documents for sale.

Frankly, this whole idea is mainly a panacea. If it works, the bad guys will simply sneak across the thousands of miles of undefended and unmonitored border we have in the US. Others will start turning innocent people into mules by swiping their identities and using them to get things across. Instead of making the borders of this nation more secure, the government is creating even more insidious ways for someone to come into this country. I think it's time to go back to the drawing board.

Re:No control

[spyrochaete (707033)]

The way I see it, even if the effective broadcast range is 3 feet, what's to stop terrorists from strolling down the halls of an airport, duplicating a valid RFID transmission on a programmable card, and assuming that person's identity? Or for other identity thieves to do the same thing, capturing hundreds of valid IDs in minutes, and selling them to interested third parties? This could be done passively and completely undetected!

Even within the fraud-free bubble the government imagines this technology

What about more powerful scanners

[Onymous Hero (910664)]

Could more powerful or modified scanners be used to read the RFID chips only designed to be read from a short distance?

IANARFIDE (I Am Not An RFID Engineer) ;)

Devil's advocate - switch the antenna

[Weaselmancer (533834)]

Why not put a switch in the antenna's path? To use the card, you have to push a contact button to turn it on? That would stop passive scanning, right?

Re:Devil's advocate - switch the antenna

[spyrochaete (707033)]

Smart! You can actually line your wallet with tinfoil (stick a sheet in the billfold) to block or garble the outgoign RFID broadcast. That way you only reveal your code when you take the card out of your wallet.

Re:Devil's advocate - switch the antenna

[Em Ellel (523581)]

This is perhaps the most reasonable approach to RFID technology that I have read on slashdot. A simple idea to combat a complex problem. Thank you, you've made my day.

One of the more interesting suggestions in the article is to make the document into a book-style (like passport) and make the cover from RF blocking material - meaning you have to open the "book" to be scanned.

A boon for terrorists

[hpa (7948)]

The U.S. gov't will start issuing RFID-equipped passports this fall. How long until we see the first U.S.-citizen-triggered bomb?

I'm not sure if this applies But What About..

[u16084 (832406)]

Mastercard and their PAYPASS cards? https://mbe2stl101.mastercard.net/hsm2stl101/publi c/login/ebusiness/mobile_commerce/paypass/index.js p/ [mastercard.net] Its RF also .. The range is about 2 inches... Im able to pull up to a gas pump, swipe my wallet next to the scanner and off im go. heres the documentation on their stuff https://mbe2stl101.mastercard.net/hsm2stl101/publi c/login/ebusiness/mobile_commerce/paypass/document ation/index.jsp/ [mastercard.net]

Blue sniper

[Spy der Mann (805235)]

Remember this gadget [tomsnetworking.com]?

Who says there won't be a RFID-Sniper in the future?

Clear up some of the FUD

[by Anonymous Coward]

Let's clear a few things up, because there is a little FUD here... IANAL, but I am in the RFID business for commercial use (inventory management and the like)

1. RDID tags come in a HUGE variety of types. You have to choose the right tag for the job. For example, is the item liquid? Is it metal? Is it a large crate? A small one? Etc. My guess is for a passport, the RFID tag would be a very short range (2-3" read type).

2. There are active (like those attached to your toll tags, or to large pallats & containers). These have batteries in them. A passport won't have a battery in it.

3. There are passive tags. These get charged by the antenna, that makes the circuit work. Think crystal radio here... same sort of concept. It charges the circuit, then the reader reads the tag.

4. The tags generally (although they can) carry only a serial or lookup number. NOT specific information. The more info, the more expensive the tag. Some newer tags CAN carry things (like product expiriation dates, inventory dates, etc.)

5. There are tags that can be both programmed and are read only. Depends on the type of tag. Both active and passive tags can do this. This means the reader can also program the tag.

6. Readers are NOT hard to get. It's a commerical device. However, in most cases, the reader is specific to the tag type. There are SOME standards coming out now with the gen2 tags, but they are not in wide deployment. The readers are NOT CHEAP.

So, here's my guess of what they would (or SHOULD) do:

--very short range passive tag (would require the passport to nearly touch the reader)
--Read only tag
--Tag would only contain some sort of authentication string that would be read, decrypted, and authenticated to see if passport is real.
--Tag would contain some sort of lookup string, which would be read, then queried on the backend systems to make sure the tag matches what's on the passport.

ALL this can be done with protection of privacy, IF DONE RIGHT! It's being done today, specifically in the pharma industry.

Re:Clear up some of the FUD

[PowerKe (641836)]

ALL this can be done with protection of privacy

True, if you mean by privacy that someone else can't read your data without access to the database. However, the problem is that someone can still copy your RFID tag and write new data about you in the database. For example with this passport someone could cross the border with a copy of your RFID, marking you as being out of the country.

You could make this harder by using active tags that use a private key to sign messages but don't reveal the private key

defcon 2005

[farker haiku (883529)]

At defcon 2005 some guys set a record for reading passive tags at 69 feet [makezine.com]. With pics :)

Sniffer

[J05H (5625)]

One potential threat for American travellers carrying this kind of chip is a sniffer weapon. The hi-tech version is an RFID sensitive smart missile and the dumber version is an IED in Cairo that sits and waits for Joe Sixpack to walk by. If you think I'm full of it, the Russians used a cell-phone sniffing missile to kill a Chechen general. For US RFID passports in other countries, all the munition needs to do is detect the chip's presense.

I want my "papers" to stay paper, please. Bar code them or whatever, but don't delibrately make it prone to identity theft, hacking or IEDs.

Josh

That's Six Inches???!!!

[Stephen Samuel (106962)]

The DHS, put out a Request For Information (RFI) looking for someone who had the technology to read ID tags from 25 feet away at 55MPH [bcgreen.com]... Through the skin of a bus... All the passengers at once.

They seem to suggest that they only want it so that they can identify people stopped at border checkpoints.

Even the Homeland Security site says 100 feet...

[SmoothTom (455688)]

The Homeland Security site, in the section that discusses the testing of the current RFID equipped '94's, suggests reading the info contained in the chops from up to 100 feet away on a regular basis:

* US VISIT intends to build upon the technologies and management systems previously employed for entry in order to realize an automated entry exit process. RFID technology offers a solution for a potentially faster, biometrically enhanced entry exit operation.

* Using an automatic identifier, RFID technology can detect a visitor at a distance (up to 100 feet) and provide primary inspection with entry information. RFID technology can also provide a mechanism for an accurate and timely record of exits without requiring visitors to interrupt their travels by stopping or even slowing down to check out.
...
* US VISIT will ensure that our visitors' information is always protected. The RFID technology used by US VISIT will protect sensitive information because it will read only a randomly-generated number that links to visitors' information stored securely in a database. It will also be tamper proof and difficult to counterfeit or surreptitiously read.

(From a Homeland Security Press Release [dhs.gov].

Not only that, this is discussing doing that while the RFID equipped form is in the possession of the person in a moving car...

A couple of inches? Yeah, right.

--
Tomas

Re:Mark of the Beast!

[DrXym (126579)]

You'd have a point if people walked around with one, and possibly more barcodes visible upon their person.

Re:Marketing Ideas

[geoffspear (692508)]

Yes, we all saw Minority Report. If you think the personalized ads were the scariest thing in the movie, you'd got problems.

Re:I don't get it!

[scronline (829910)]

Security and convience don't exist in the same sentence or device. You can't have one without the other.

I don't see the difference with long lasting...a chip is a chip. For that matter, why can't a magnetic strip be used since it's supposedly just holding a unique number that is used to contact a database anyway?

So you're going to tell me that a radio signal is more reliable than a direct connect? I want some of what you're smoking.

Re:I want a RFID reader

[Foobar of Borg (690622)]

I'd love to see who is coming and going in and out of whatever building I'm in - and make a database of people of interest so my wearable computer could page me whenever one's around.

This ability would make it well worth these RFID ids being mandated.

Or, as the pedophile official in DHS might say, "Think of the children, 'cause I sure do!"