Forgot your password?
typodupeerror
Security Technology

WarCloning, the New WarDriving? 154

Posted by ScuttleMonkey
from the now-everyone-with-a-laptop-in-their-car-is-gonna-get-searched dept.
ChrisPaget writes "After my legal skirmishes with HID a while back, The Register has coverage of my latest RFID work — cloning Passport Cards and Electronic Drivers Licenses from a moving vehicle. Full details will be released at Shmoocon this weekend, but in the meantime there's video of the equipment and articles all over the place."
This discussion has been archived. No new comments can be posted.

WarCloning, the New WarDriving?

Comments Filter:
  • by sempiterna (1463657) on Monday February 02, 2009 @06:29PM (#26700739)
    I'm very much afraid of government implementing rfid on a widespread level. I have to admit that if I was government, I'd probably push to do the same thing.

    Having Big Brother being able to know who I am by walking into a door of the court house, or if a police officer pulls you over and 'scans your arm', really scares me.

    The potential for abuse is tremendous.
    • Why? (Score:4, Insightful)

      by EmbeddedJanitor (597831) on Monday February 02, 2009 @06:38PM (#26700841)
      Right now the police can pull you over and ask for your license. Don't show it and you see the inside of a cell.

      And while you're driving around your car has license plates on it which can be scanned from far further than RFID.

      The potential for abuse is already there and has been for a long time.

      One cool thing with new tech is that it lifts the bar for the scammers. With RFID you need a lot more than a photocopier and laminator to make a fake drivers license.

      • Re:Why? (Score:5, Insightful)

        by faloi (738831) on Monday February 02, 2009 @06:43PM (#26700921)
        With RFID you need a lot more than a photocopier and laminator to make a fake drivers license.

        Yeah, you also apparently need a couple of hundred bucks worth of stuff. And the added "advantage" to RFID is that most people will probably actually believe it's secure and take the scan at face value, making it easier than ever to pass off fake ID most places.
      • Re: (Score:3, Insightful)

        your car has license plates on it which can be scanned from far further than RFID

        Very few people carry their car's license plates in their wallet or purses. For most of us, having RFID on our driver's license is akin to having RFID implanted in our skull.

      • One cool thing with new tech is that it lifts the bar for the scammers. With RFID you need a lot more than a photocopier and laminator to make a fake drivers license.

        I think in most places drivers license/government ID are now done on plastic cards (not laminated). Getting a color printer for those plastic ID cards will set you back quite a few grand, which is a lot more than this guy is paying to copy RFID. And this way gives minimum exposure vs. needing to have physical access to something to copy it.

        But, you know, there is not much defense against someone who waits to mug you in a lonely alleyway either. Maybe instead of focusing on preventing these sort of thin

        • Re: (Score:2, Informative)

          by troll8901 (1397145) *

          I think in most places drivers license/government ID are now done on plastic cards (not laminated). Getting a color printer for those plastic ID cards will set you back quite a few grand

          Just for the sake of argument, I think a consumer CD printer (e.g. Epson R240) can be modified to print onto a piece of rectangle. With the careful use of glossy ink, the end result may fool casual glances.

          The only problem, of course, is getting a stack of blank cards that are inkjet printable and looks professional.

      • Re:Why? (Score:5, Informative)

        by commodore64_love (1445365) on Monday February 02, 2009 @07:23PM (#26701321) Journal

        >>>Right now the police can pull you over and ask for your license. Don't show it and you see the inside of a cell.

        Perhaps in other countries, but not the U.S. The Supreme Court decided (v. Prouse) that a discretionary, suspicionless stop for a spot check of a motorist's driver's license and vehicle registration was invalid. The officer's conduct in that case was unconstitutional primarily on account of his exercise of "standardless and unconstrained discretion." A generalized roadblock that stopped all drivers would be allowed, but only in cases of border security or sobriety checks, not other tasks such as narcotics search.

        • Re: (Score:3, Informative)

          by Anonymous Coward

          The U.S. you refer to has ceased to exist: http://epic.org/privacy/hiibel/ [epic.org]. The officer still has to have "suspicion" but who isn't suspicious to a cop?

        • Re:Why? (Score:4, Informative)

          by RiotingPacifist (1228016) on Monday February 02, 2009 @08:48PM (#26702653)

          I suspect your laws are similar to what we have in the UK, in theory to pull you over / search you they need reasonable suspicion, in practice they can just make shit up.

          • The classic offense in the USA is "DWB", or "Driving While Black". That's not what they call it, but drive around the wrong neighborhood as a black man in a beat up car scanning house numbers, and you remain far more likely to be stopped by the police or local security than almost any other race or gender. There's been a lot of talk about how such discrimination can be avoided by "profiling", especially for not-very-random security checks, but try actually watching who gets pulled over for ID checks.
          • by radio4fan (304271)

            Actually, in the UK the police can stop any driver with *no* reason. They don't need reasonable suspicion of anything.

            On the plus side, you don't need to carry your licence with you.

        • Perhaps in other countries, but not the U.S. The Supreme Court decided (v. Prouse) that a discretionary, suspicionless stop for a spot check of a motorist's driver's license and vehicle registration was invalid

          They don't need much in the way of suspicion. Did you really believe seat-belt and cell phone/driving laws were about saving lives?

          So once they pull you over, if you don't show your id, you'll be hit with something along the lines of interference with an investigation, obstruction of justice, or resi

        • by hoggoth (414195)

          Good luck with that. If you start quoting court decisions you will likely see the hot end of a tazor really quick. And then you will be arresting on charges of resisting arrest, fighting with an officer, and several other charges that struck the officer's fancy while he watched you squirm on the ground in agony.

          I have several police officers in the family. This happens all the time.

        • Um, they do random license checkpoints in this state all the time, its how they get around the 'no drunk driver checkpoint' rulings. Something about if they take a classified ad out people who want to avoid it can. (Because of course, everyone reads the classified section of the dead tree newspaper).

          Of course, the courts here are also convinced that visiting a grocery store is reasonable suspicion of drunk driving.

      • Re: (Score:2, Insightful)

        by davester666 (731373)

        Using RFID isn't that big a leap for the police, as they already have access to all the information that it transmits, only with RFID, they may be able to retrieve the information without having to ask you (if you keep your DL,passport,whatever unshielded).

        Using RFID IS a big leap for everybody else. Suddenly, anybody who has the inclination can find out your name, address, SIN, your digitized picture and fingerprints. Without your knowledge or permission.

        With license plates, they do uniquely identify you

      • Re:Why? (Score:5, Informative)

        by _Sprocket_ (42527) on Monday February 02, 2009 @07:34PM (#26701505)

        Right now the police can pull you over and ask for your license. Don't show it and you see the inside of a cell.

        And while you're driving around your car has license plates on it which can be scanned from far further than RFID.

        Asking to see the license still requires asking. It also requires driving for one to be (legally) provided. RFID allows for scanning a crowd and (potentially) getting a crowd of identities in less than a second.

        OCR on license plates are very doable if you control the conditions. Make sure the vehicle is going the desired location and mount the camera in the perfect position. Back that up with occasional human to try and work out those cases where OCR fails. With RFID you put up antennas in a few strategic locations and you cover blocks of traffic without worrying about angles, lighting, and other bothersome conditions.

        The potential for abuse is already there. RFID makes it more efficient.

        • by CompMD (522020)

          "OCR on license plates are very doable"

          Already done. The British call it ANPR, automated number plate recognition. It is very good. Its used on speed cameras all over the UK. The technology was developed as an antiterrorism system originally. British intelligence wanted to be able identify vehicles used by IRA bombers.

          • by _Sprocket_ (42527)

            Sure. And I see it used daily at the local county's tollroad. Works pretty well. But the toll lanes create a reasonably controlled environment and it still requires an occasional human to manually read a percentage of images. I'd be curious as to how ANPR handles things - I couldn't imagine the technology to be that different.

      • Reminds me of the movie Gattaca, though. "Who looks at photographs anymore?" The problem with your statement is that people would likely start relying on a technology that doesn't really establish identity. It only establishes the authenticity of the document.

      • Yes, but if the bar is raised, for some stupid reason, the trust in such technology seems to increase.

        What this means is that when the "scammers" actually do succeed in defeating protections, their fakes have just that much more "believability".

        Think "Its so hard to duplicate, it must be real".

        Just more of the same "security theatre" we've seen in the past, but with the potential for serious repercussions, IF we put our trust in the system. Which, quite frankly, I do not.

      • Re: (Score:3, Interesting)

        by mckinnsb (984522)

        One cool thing with new tech is that it lifts the bar for the scammers. With RFID you need a lot more than a photocopier and laminator to make a fake drivers license.

        Not in every state of the US.

        Some states (see: Connecticut) have drivers licenses that are extremely difficult-if not impossible-to copy physically without having the exact same equipment that the DMV has. Connecticut's licenses in particular have layers of holographs and foil that overlap each other. A printer that can print on plastic combin

        • Some states (see: Connecticut) have drivers licenses that are extremely difficult-if not impossible-to copy physically without having the exact same equipment that the DMV has.

          So how hard would it be to scam/bribe a DMV worker?

          • Re: (Score:3, Informative)

            by mckinnsb (984522)
            Fair question, a la the recent XKCD-put motif of "A human target is almost always weaker than the tech". Although I don't think you are looking for an answer, I'll bite, mostly because I'm bored and sick. It depends on your DMV, and your DMV worker.

            First, all DMV's I've been to (NY/CT/MA) have CCTV cameras all over the place - so convincing a DMV employee to create a fake ID during work time is probably somewhat difficult. I would not be surprised if the machines used to produce licenses were set to shut
      • by smoker2 (750216)
        I am not a number, I am a free man.

        Are human rights to be restricted to those who have the mark ? How can you be anonymous if you can be scanned from a distance ?

        I can't think of anything primarily done for the sake of convenience, that has turned out without having nasty side effects. Personal motor cars, cheap mortgages, credit cards, fast food, plastic packaging, party line voting, etc.
        RFID is fine for bus tickets, or other temporary privileges but not for permanent personal ID.
      • by Yvanhoe (564877)
        When police filters people who enter a building or who attend a political meeting, it is visible. The control, abnormal, is made in public for everyone to see. A RFID control, however, can be a single box the size of a case hidden behind the door. That is a huge difference in practice. A thing that we often overlook when discussing privacy issues.
      • by HTH NE1 (675604)

        Right now the police can pull you over and ask for your license. Don't show it and you see the inside of a cell.

        Only if you've been witnessed driving without it. If you're a passenger or otherwise not driving, you can be compelled to truthfully identify yourself, but you don't need corroborating documentation.

        This doesn't mean the authority involved won't overstep his bounds and arrest you anyway for failure to comply with (IAOO -- In the Armed Officer's Opinion) a lawful order and/or interfering in police business.

    • Re: (Score:3, Interesting)

      by steelcaress (1389111)

      I always thought they should do more. I'm not particularly scared of it, but I always thought that since there's a massive amount of information available on you anyway, why not implement this in a useful way?

      Go to a job interview, they could have a resume, letters of recommendation, supervisor comments, phone numbers, etc already on file. No more wasted paper or wasted time filling out the same info on different forms.

      Go to a hospital, they could already have the meds you're on, anything you're allergic

      • by ushering05401 (1086795) on Monday February 02, 2009 @06:54PM (#26701049) Journal

        Who knows what your prospective employer etc would see in your file?

        Who knows if it would be true?

        Oh wait.. there could be some sort of efficient appeals process to get improper notations removed from your file just as easy as fixing your credit history after getting ID jacked...

        Boy, my grade school teachers didn't know how right they were when they threatened me with screwing up my 'permanent record.'

      • by Jurily (900488)

        Go to a job interview, they could have a resume, letters of recommendation, supervisor comments, phone numbers, etc already on file. No more wasted paper or wasted time filling out the same info on different forms.

        Go to a hospital, they could already have the meds you're on, anything you're allergic to, and any afflictions you currently suffer from along with symptoms, last blood pressure reading, x-rays, etc -- even if you've never been there.

        Enlist in the military, they'd need things for that, including competencies, education, etc.

        Likely this would result in employers having your medical record, the military having your CV, and hospitals your supervisor comments.

        Where would you store all that data? Who would authorize accesses? Why not just give them a CD containing the needed info?

        Also, the paperwork has one important aspect not covered by computers: the paper trail. Logs can be tampered with, a piece of paper signed by your doctor/employer/whatever in your safe can not.

        In the land of CYA it can be important.

      • by commodore64_love (1445365) on Monday February 02, 2009 @07:30PM (#26701423) Journal

        Go to a concentration camp; they could have a name, phone numbers, next of kin, final will and testament, etc already on file. No more wasted paper or wasted time filling out the same info on different forms. Just send them straight to the "showers" for processing.

        Go to a job interview; they could have a genetic workup, list of potential diseases, previous health expenditures, current debt accumulation, etc already on file. No more hiring of people who are sickly & likely to aste company resources, or are deep in debt and potential thieves. They can be weeded out immediately.

        Point:

        Having information so easily available is dangerous. It's loss of power by the citizen & a gaining of power by the politicians and the corporations.

    • Don't be scared (Score:3, Insightful)

      by Anonymous Coward

      We're safe. Cloning RFIDs is illegal.

    • Re: (Score:2, Interesting)

      No kidding.
      Any form of transmittable broadcast information can be cloned and hacked, so like you, don't trust them. I have an FasTrak on my car but it is stored in a metal case to prevent it from being cloned or tracked for no good reason.
      All companies that sell RFID and government agencies claim that their "technology" is safe, unhackable and unclonable but they haven't allow the real world (at least the hackers world) to have at it and truly prove they are safe, unhackable and unclonable. However, over ti

      • However, over time any encryption technology can be cracked with better and faster computers

        This is a common misconception. Modern encryption algorithms are strong enough that "better and faster computers" won't help break them; a classical computer powerful enough to brute force 256-bit AES is physically impossible. Even quantum computers will just mean that some specific techniques need larger keys to be secure.

        Encryption algorithms do occasionally get broken through mathematical trickery, but from a use

        • However, over time any encryption technology can be cracked with better and faster computers

          This is a common misconception. Modern encryption algorithms are strong enough that "better and faster computers" won't help break them; a classical computer powerful enough to brute force 256-bit AES is physically impossible.

          Do these RFID cards really use 256 bit AES encryption? Do they even use encryption? I assume they can't be super strong, given their limited size and the amount of power available to them, but I hope they at least reply differently given a replayed request?

        • Re: (Score:3, Interesting)

          by LingNoi (1066278)

          As usual XKCD has an answer to your "security" and it just came out today too. http://xkcd.com/538/ [xkcd.com]

    • by mugnyte (203225)

      You certainly don't want it to be like in the olden days, where people in the town would recognize you as soon as you walked in, including all of your reputation, simply by your face.

      • In the olden days, you could move to a new town and start over if you screwed up bad enough. Nowadays, you have to leave the country.
  • Saw a video linked at gizmodo. Neat stuff, Chris, if a bit scary.
  • by sls1j (580823) on Monday February 02, 2009 @06:40PM (#26700869) Homepage
    Looks like I'll be getting a matching tin foil wallet to go with the hat.
    • by Gojira Shipi-Taro (465802) on Monday February 02, 2009 @06:59PM (#26701103) Homepage

      Interestingly enough, when I got my new Passport Card, it came with a little Faraday Cage sleeve (metalized mylar) with the instruction to put the card there when not in use. I don't remember getting anything like that when I got my (RFID carrying) Passport a while back, so maybe there's some realization of the problem on the issuing end...

      • I got a new Passport Card and plain old Passport at the same time, and the card had a sleeve while the Passport did not. I wondered whether the jacket of the Passport was lined and could only be scanned when open, but haven't bothered to investigate.

        • Re: (Score:3, Informative)

          by kaatochacha (651922)
          I just received a new US passport. The passport itself has a blurb about being shielded when closed. Don't know if this is true or not, as I haven't checked it myself, but the covers feel like there's something in them.
          • by Jherek Carnelian (831679) on Monday February 02, 2009 @09:01PM (#26702835)

            I just received a new US passport. The passport itself has a blurb about being shielded when closed. Don't know if this is true or not, as I haven't checked it myself, but the covers feel like there's something in them.

            It is true and it is not. Building a faraday cage into the cover was one of the "concessions" they made in response to all the complaints about privacy issues. But... it only really works if the covers are tightly pressed together. Leaving it open a quarter inch or so may be enough to prevent official readers from picking up the RFID, but not enough to protect against someone with a reader with more juice - like anyone who is up to no good will certainly have.

      • by MadHats (469265)

        A couple of years ago I invested $10 in a metal travel wallet [retro51.com] that functions as a de facto Faraday Cage. Or you could spend 8x that on a microwoven stainless steel version [wired.com]...

    • Shoulda got it a long time ago... Its not like we didn't all see this coming. Anyone with half a brain knows that when you add technology to something simple and relatively secure, you then allow it to become complex and easily exploited.

      E-voting?

  • WarCloning? (Score:5, Funny)

    by spyder913 (448266) on Monday February 02, 2009 @06:42PM (#26700913)

    WarDriving = Driving around finding open APs.
    "WarCloning" = Driving around cloning RFID stuff.

    Shouldn't it be "CloneDriving" or something else? Though I suppose all of them are equally dumb. So nevermind...

    • Re: (Score:2, Informative)

      by spacerog (692065)
      No. I know your being funny, or at least modded that way, but the correct prefix is 'war' as in WarDialing, as in War Games (the movie), which is were the term comes from. "WarCloning" is a perfectly acceptable term.

      - SR

      • by cellocgw (617879)

        No. I know your being funny, or at least modded that way, but the correct prefix is 'war' as in WarDialing, as in War Games (the movie), which is were the term comes from. "WarCloning" is a perfectly acceptable term.
        Are you sure?
        I was given the impression, way back when, that WARdriving was a semi-acronym for "wireless access reconnaissance" driving.

    • "...what do freedom fighters fight?"

      ~ The late, great George Carlin
    • CloneDriving is an activity that takes place on a golf course. It's very similar to seal clubbing, but mostly seems to involve sheep.
  • by hwyhobo (1420503) on Monday February 02, 2009 @06:44PM (#26700935)
    Take a lesson from London video cameras and spread the RFID readers at each intersection, and now you can track everyone in the city remotely.
  • Protection (Score:5, Interesting)

    by riceboy50 (631755) on Monday February 02, 2009 @06:46PM (#26700955)
    The first thing I did after receiving my RFID-embedded passport was to pick up one of these [travelonbags.com].
    • by chill (34294) on Monday February 02, 2009 @06:56PM (#26701059) Journal

      Really? The first thing I did was pick up one of these [about.com], which I already had on hand at the house. Mine is *guaranteed* effective. :-)

    • Re: (Score:3, Insightful)

      by pluther (647209)

      The first thing I did was to put it in the microwave.

      We are still supposed to do that to all our mail, right? To protect against anthrax? (Are we still living in fear of that? It's hard to keep up sometimes.)

      Surely Homeland Security can't be upset at us for doing what they told us to do!

    • by chill (34294)

      Just out of curiosity, have you tested the effectiveness of that shielding wallet? If so, how?

      • by riceboy50 (631755)
        I haven't had a chance yet, but it should be easy to wave it next to an RFID reader. The ones I have encountered will beep if they are able to ping the chip, even if they don't know what to do with the information.
      • The shield that comes with the passport card is effective, at least as far as my research so far has suggested. It's worth mentioning though that according UW / RSA, the shields supplied with the electronic drivers license in Washington are ineffective at preventing reads (although they do reduce range somewhat) - http://www.rsa.com/rsalabs/node.asp?id=3557

      • by rthille (8526)

        It didn't seem to help protect the passport when I put the passport in the sleeve, then the sleeve & passport together in the microwave...

        • Re: (Score:3, Funny)

          by chill (34294)

          I do believe the magnetron in the microwave is a tad more energetic than your average RFID reader. Well, I hope it is anyway. If not, we're going to have some seriously upset -- and sterile -- border control agents.

          Thanks for the input, though.

    • by Rogerborg (306625)
      You there! Hand in your geek credentials. Real nerds don't buy, they make their own [rpi-polymath.com].
  • I would like to get both passport and driver's license covers.

    A google has so much noise that I cannot find the signal.

    Any links to to something other than mumetal by the sheet?

    • by Anonymous Coward on Monday February 02, 2009 @06:52PM (#26701015)

      For your driver's license, just use what I have for many years: an "Altoids" tin (or similar item). Perfectly sized for drivers licenses, credit cards, and other such things, and completely impervious to RF scanning technologies. I use one for my "wallet".

      For a passport, well, they *did* have those jumbo tins a while back... ;)

    • by PayPaI (733999)
      I've got one of these [idstronghold.com] for a passport, and it looks like they have card size sleeves as well.
    • by pjt33 (739471)

      Unless you use your passport a lot (as in weekly) you can make your own and it will last for a couple of years. Take a sufficiently large sheet of metal foil and lay it flat. Cover it with duct tape. Fold and tape, and add a Velcro (or clone) fastener to keep it closed. I've had an RFID passport for about four years now and my second homemade wallet is still going strong, even though I fly internationally every few weeks.

      The trickier one is how to shield cards which you want to use more frequently than that

  • I hope they do a lot of damage so that they scare enough people so that they finally start protesting against those terrible plans.

  • Are rfid tags available for the consumer right now? As another person pointed out the city of london is creating a grid of tracking stations so anybody can be located and followed remotely.. but if these tags can be cloned then why not buy up a million or two rfid tags, program the buggers and distribute them throughout big cities (inside car bumpers? tractor trailers? covertly inject them in food if their small enough..) This should really cause headaches for the people tracking..
    • I'm afraid you can't just copy the rfid tag of a passport or a visa card because the serial number is r/o while some parts are r/w (if I'm not wrong);
      Also there is the law of Copyright, which protects passports, travelling documents and even money...

      although you might be able to stuff those databases with "known test cards" ...

      It's quite freightening, soon as rfid can be cloned perfectly, I hope it'd cause the world again to swap to alternative more controlled technologies again.

  • RFID Gathering (Score:5, Informative)

    by CaptCovert (868609) on Monday February 02, 2009 @07:09PM (#26701187)
    What worries me about all of this is not that the RFIDs can be picked up while driving around. A little consumer education (you are supposed to worry about who you give your SSN to, and you don't just leave your other PII laying around in plain sight usually) in the form of RF-blocking wallet linings will fix that. What I'm worried about is what happens in 5 years, when advances in RF technology (it is the new form of governmental ID, after all. Technology WILL follow suit) allow for hardware that I can hide on my person (antenna down the back of a coat lining, wired to a recorder in my pocket, or hell, dropped in the lining somewhere). At that point, all it takes is one man sitting in a train station or airport. You pull your ID out for scanning, and I harvest it. You may as well walk around with your SSN printed on your shirt.
  • by anand78 (832850) on Monday February 02, 2009 @07:13PM (#26701223)
    The XR400 used in the drive through was a UHF reader. Reading a UHF tag is not as easy as the author described. All you have to do is put it against your body, and the salt water attenuates the signal, thus making the tag unreadable. Making such broad statements as scrap the whole real ID or national id, will be valid, if the author showed some substance.
    • by couchslug (175151)

      "All you have to do is put it against your body, and the salt water attenuates the signal, thus making the tag unreadable. "

      The old "prison wallet" looks better and better.

  • Couple of points - just because you can see a tag of the Passports RFID, doesn't mean you can do anything meaningful with that data. Having just traveled from US to London to Amsterdam and back, I got to say - good luck trying to walk through the check points with bogus data. Any nerd who thinks he can make a fake passport just because he can scan RFID is going to have his 30 year old cherry popped in real jail.
  • by SethJohnson (112166) on Monday February 02, 2009 @08:09PM (#26702087) Homepage Journal


    This fellow doesn't demonstrate cloning anything. He's just reading RFID codes in the video.

    Seth
  • Its a lie (Score:2, Informative)

    by dlmarti (7677)
    The Author claims you can read the SSID and reprogram another tag with this SSID. This is not true. The SSID is not a R/W field. While technically you could create an active device to pretend to be a tag with the fake SSID, it certainly is not trivial.
    • by Muad'Dave (255648)
      The tags read in the video appear to be standard Class1Gen2 UHF tags encoded in EPC GDTI-96 format. Nothing would prevent you from writing that tag ID into any number of tags - I have programmed Class1Gen2 UHF tags for use with DOD CAGE codes in this exact manner.
    • by Richy_T (111409)

      There are R/W tags out there. The one I was working with, I was able to make emulate another read-only tag that we used.

  • by Miseph (979059) on Monday February 02, 2009 @11:00PM (#26704161) Journal

    We should make RFID highly controlled instead. Once we make RFID ownership illegal then only criminals will have RFID, and they'll be a whole lot easier to find.

    Hey, it works for guns, right?

  • If the RFID is nothing but an ID number and the actual data is in a database somewhere, how would this be worse than, say, writing down the license plate numbers of the cars you see?

  • by LuYu (519260) on Tuesday February 03, 2009 @04:26AM (#26706397) Homepage Journal

    I thought about this when I first heard the news about RFIDs being included in passports -- and money. Now that there is a practical implementation, it is time for a bunch of privacy advocates to get a marquee style display and go to an international airport. They could stand outside of the arrivals customs area and scan and display people's personal information in order to demonstrate how completely these tags violate the passengers' Fourth Amendment rights.

    The sign might look something like this:

    Hello John Doe!
    Your passport number is #########
    Your SSN is ####-##-###
    You are carrying two MasterCards, one Visa card, and one Diner's Club card.
    You are carrying seven 100 dollar bills and ten 20 dollar bills. Say hello to Ben and Andy for us!
    This information has all been made publicly available courtesy of Uncle Sam and your banks.
    If you are offended by this sign, please contact your Congressmen as soon as possible.
    If you would like further information, ask one of our friendly volunteers for an explanatory pamphlet!!

    Have a Nice Day!

    That should get people's attention. And it should be quite entertaining until the airport authorities figure it out. When they do, it would also be nice to point out that Freedom of Assembly is also an inalienable right!

  • It seems that quite a few people missed the fact that TFA refers only to "proof of concept".

    First of all, the odds that this technology will stand still are zero. Second, anybody who wanted to get really nasty would find a way to access the remote databases and do a little creative matchmaking. After all, it's not like anybody's ever managed to walk off with a few million tax records and credit card numbers and stuff like that before, is it? I seem to recall DB breaches were getting so common it was n

  • ...3 standard EPC [slashdot.org] tags formatted as GDTI-96's [epcglobalinc.org] (non-PDF) [gs1.org]. The GS1 Company Prefix [gs1.org] is 0893599002, and the Document Type is 1. The serial numbers are there as well, but I'm not going to post them.
  • This story's been online for hours now, and there's no Clone War jokes? Alright, everyone. Turn in your geek cards. And I know which one of you have them. (Thanks RFID!)

"Success covers a multitude of blunders." -- George Bernard Shaw

Working...