US Government To Release Electronic Passport

XueCast writes "The federal government has announced that they will release new electronic Passport cards in either April or May 2008. The cards could be read wirelessly from up to 20 feet away, which could reduce the waiting time at border checkpoints. Deputy Assistant Secretary Of State For Passport Services, Ann Barrett said, "As people are approaching a port of inspection, they can show the card to the reader, and by the time they get to the inspector, all the information will have been verified and they can be waved on through.""

Uses Standard RFID Technology.

[Zymergy]

Tin foil billfolds and passport covers are already being sold: http://www.google.com/search?num=50&hl=en&safe=off&q=RFID+blocking+wallet&btnG=Search [google.com]

Nothing a microwave oven on high for 2-3 seconds (or a hammer and hard surface) won't solve: http://www.google.com/search?num=50&hl=en&safe=off&q=RFID+disabling+passport&btnG=Search [google.com]

These will be optional.

[SpudB0y]

You must opt-in to receive one of these terrorist magnets, so leave your tinfoil wallet at home.

Re:Ummm.

[XanC]

There are certainly ways [wikipedia.org] to perform key exchanges and begin encrypted communication without being vulnerable to eavesdropping.

My understanding (which may be wrong) of the main problem with these RFID devices is that there is in fact no handshaking or encryption, and that the device will happily spill its guts to anything that asks.

Re:Ummm.

[Propaganda13]

Why do you need a device with the range of 20ft? How about range of 2 inches and place the reader 20ft down the line?

Re:Ummm.

[mi]

[...] there is in fact no handshaking or encryption, and that the device will happily spill its guts to anything that asks.

There should not be much more "guts" to spill, than the passport number itself. This will not give an attacker much information at all — other than: "There exists a passport with this number," but in those few seconds, that it takes a person to walk up to the counter, their giant picture will already be on the officer's screen for verification...

It would still be a hole, but a much smaller one than it may seem at the first suspicious glance. It will, hopefully, be further narrowed by making these passports respond to RFID-readers only when they are opened and, maybe, only when directed towards the reader — simply by making the passport's cover with some RF-blocking material.

All of these measures will make your hypothetical eavesdropper rather impractical even without encryption.

People have been using EZ-Pass and similar (oppressive) RFID-readers for many years now to go through highway robbery, ehm, tools... Yet there are no stories of EZ-Pass numbers picked-up by hidden crooks and plugged into fake EZ-Pass devices for resale... Maybe, someone is doing it, but it sounds more difficult, than crossing into the US through the Southern border.

Re:Wonderful.

[Jah-Wren Ryel]

RTFA. This is a device that you get in addition to your passport. You probably leave the device in your car, and it comes with a metallic sleeve so you can shield it when you're not crossing borders. You do not take it with you when you go traveling on a plane.

Your point is moot. All US passports issued in the last year or so already have RFID's embedded in them. So it amounts to the same thing.

Furthermore, these new passports have a half-assed faraday cage built into the cover, but like so much of government it really is half-assed. All it takes is for the cover to be open by less than a centimeter, as might easily happen in lady's purse, and the RFID is no longer protected against unwanted access/detection.

How about people read the FA??

[RodgerDodger]

From the FA in question:

The $45 card will be optional and cannot be used for air travel. Travelers can opt for a more secure, if more costly, e-passport that costs $97 and contains a radio frequency chip that can only be read at a distance of three inches. Privacy and security experts said the new passport cards that transmit information over longer distances are much less secure.

Also in the FA it is stated that all that is contained is the passport number - presumably the rest of the details get looked up.

So, here we have a card that:
a) costs still more money.
b) can't be used at airports (just land and sea border crossings)
c) can't identify you to random strangers - they'll need access to the US passport database.

So the point of this is that when you're driving across the border from Canada, they've verified your passport details while you wait in the queue, then all they do is take a look at you and send you through to customs.

Of course, this same thing could be done by having a second checkpoint to do the Q&A stuff.

Now, can we please take all the comments about lines at the airport out of the discussion?

Re:"Waved on through..."

[Jerry Rivers]

"Foreign nationals can have legal residency in the US, but would normally be required to present a valid passport from their country of origin. Similarly, US citizens residing in other countries would be presenting a US passport."

This is partly false. U.S. permanent residents need only present their Permanent Resident Card to enter the U.S.. Of course, if they travel anywhere that requires they have a passport they would have one from their country of citizenship anyway. But Canadians, for example, do not need a passport to enter the U.S. if they are U.S. permanent residents, and they do not need a passport to enter Canada.

http://www.dhs.gov/xtrvlsec/crossingborders/whtibasics.shtm [dhs.gov]

Re:Ummm.

[Terri416]

You're pretty much right, but it depends upon which govt you ask, and when.

Originally, the concept was that a bus load of people could simply drive across the border and their passports would be read from the roadside as they passed. Sounds simple enough, but there was no assessment of the security. No handshake, no encryption. These designs would have lead to worse things than datatheft; think roadside bombs programmed to kill anyone with a passport in the name of Jack Bauer. Assassination was never so easy.

Because so many of the technical decisions were made then, and the politicians are too vain to flip-flop, we have a number of permanent problems and work-arounds.

Firstly, there's the RFID. This is wireless and interceptable. The cards are powered by the interrogation signal, so there's nowhere near enough power for the card to carry out encryption, so there's no authentication of the interrogation signal so anyone can interrogate the card. Therefore no crypto handshake. There's also no change in the cyphertext from one interrogation to the next, so assassins can still trigger a bomb using the cyphertext without the need to decrypt anything.

Another political decision was that the cards are to be contactless. No contacts. Really. You can't provide power or interrogate the cards by other means, so you can't do an end-run around the above problems.

This also means there can be no cryptographic authentication of the card itself. Hello forgeries. These forgeries will have their limits since the data can be digitally pre-signed. Hopefully, all the data is signed, but given the competence of the deciders, I wouldn't bet on it. Actually, I will. We all will.

There have been some attempts at making the cards less of a liability. Data can be pre-encrypted. However, the lessons of DVD CSS have taught us that One Key To Rule Them All is no security at all, so all cards must have unique encryption keys.

This leads to another problem: if you can't handshake (because there isn't power for crypto processing) how does the scanner at the airport discover the key, without the key being broadcast in the clear to everyone in 20m? The answer is some kind of optical scanner, so you have to put the passport on a scanner to allow the key to be read (almost in the clear), but without radio broadcast. This introduces the same inconvenience as a contact card, but without the security.

Don't allow your optically readable data area to be photographed (eg by a long lens). Really. This is your only real protection.

The schemes for optically scanning the keys varies. The dutch tried to mangle a key using personal data such as name, date of birth and passport issue date; this scheme was broken on a laptop in two hours by knowing only a few details and brute-forcing the rest. The best scheme which could be used would be to put a random number on the passport, send it to the issuing government's computers and get the key back that way; but then the computers could supply all the other info too, so why bother with the RFID? Another political decision rules this out - the passport must be readable without a network connection to central computers. Ho hum.

So the key must be stored on the card, and must be readable by any official reader. Remind you of anything? DVD CSS? We're back to the One Key problem again. This time it will be different (yeah, right). Criminals will have a choice: either find the One Key (a once-only task), or steal one of the hundreds of thousands of readers which will be distributed around the world and use that. Once that key is known, all the world's passports become open books.

So that's it. We're screwed. We are *so* screwed.

Your tax dollars at work!

Re:No air travel?!

[kabrakan]

Customs isn't mainly for crime, its for economics. At least at the canadian border, i see people held back all the time because they brought too many goods over and the receiving side wants to tax their stuff. The next thing they're worrying about is foreign food that could introduce diseases.

You're right that this is useless tech however. It takes about 4 seconds for a border officer to process your passport. The reason there are bottlenecks at ports of entry is because there tends to be a maximum of two border agents for every 50 people trying to cross.

Re:Awesome

[ozmanjusri]

What's really cool is that now terrorists can rig bombs that only kill people carrying American passports.

It's not just about Americans.

Australians have had to use RFID-embedded passports [dfat.gov.au] for the past couple of years to comply with US regulations. Can't say it's sped up my travels at all.

Re:Ummm.

[swillden]

Every security measure I've seen for RFID involves some encryption, and a "Handshake" between the reader and card. In a packed situation like an airport, it would be really easy to have an electronic device sniff this handshake, and by pretending to be a reader, lift multiple passport ID's off of people while passing by.

Umm, no. You should really learn something about cryptography and/or RFID before making statements like this.

1. If these can be read from 20 feet, they're true RFID tags, not contactless smart cards. That means (a) they can't carry any more data than a single ID number and (b) they don't have any sort of encryption.
2. If these cards did have encryption, and the implementors weren't idiots (and they're not), then it would not be possible to eavesdrop on the communications unless your reader knew some appropriate secrets.

In fact, what these devices have on them is either your passport number or some other unique ID which can be used to look up your passport data. Either way, there's no sensitive data here.

The real concern is the issue of being able to identify Americans at a distance. If you choose to get one of these cards, just be sure to wrap it in tin foil before you put it in your wallet.

Re:Ummm.

[Viceroy Potatohead]

That strikes me as somewhat disingenuous. The Yen has always been more closely equated with the cent than the dollar, Looking at the history [sauder.ubc.ca] of the Euro, it's pretty clear the value of your dollar is not as strong as it was, at least in comparison to the Euro (ie, you're not as rich as you were). Actually, that site [sauder.ubc.ca] is kind of interesting. The behaviour of your dollar compared to the Japanese's is very strange compared to a fairly consistent trend in the currencies of Canada, Britain, Australia, Malaysia, South Korea, China, Russia, the EU, or India. All of whom are major trade partners and/or highly competitive with the US. It's cherry picking a bit, I'd agree, because there are some counter-examples like Mexico, but with such a similar devaluation of your dollar happening throughout all these other markets, I wonder what's up with Japan.

Re:Awesome

[ozmanjusri]

It says so right on the page you've linked.

You mean where it says;

The ePassport will meet new US requirements to be introduced on 26 October 2006.

Or where it says

As of October 26, 2006, any passport issued on or after this date by a Visa Waiver Program (VWP) country must be an e-Passport for VWP travelers to be eligible to enter the United States without a visa.

on the DHS website [dhs.gov]?

Re:Ummm.

[YrWrstNtmr]

Can you name a single example of an American abroad being killed by terrorists (or by a dude in an alley in Paris) where the motive was the victim being from America, as compared to any wealthy nation?

Robert Stetham [wikipedia.org]
Leon Klinghoffer [wikipedia.org]
Many others [americanmemorialsite.com]