<$BlogRSDURL$>

Official development blog for the PARANOIA roleplaying game. No description is available at your security clearance. The Computer is your friend.

Sunday, July 19, 2009

Your passport needs a tinfoil hat 

A July 12, 2009 Washington Post story by Todd Lewan, "Special alloy sleeves urged to block hackers?", discusses the dangers posed by US passports and driver's licenses tagged with radio frequency identification chips (RFIDs or "arphids"):
To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver's licenses in "radio-opaque" sleeves. That's because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader techonology. [...]

Another test on the enhanced driver's license demonstrated that even when the sleeve was in pristine condition, a clandestine reader could skim data from the license at a distance of a half yard. Will Americans consistently keep their enhanced driver's licenses in the protective sleeves and maintain those sleeves in perfect shape - even as driver's licenses are pulled out for countless tasks, from registering in hotels to buying alcohol? The report's answer: "It is uncertain ... "

And when the sleeves come off, "You're essentially saying to the world, 'Come and read what's in my wallet,'" says Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, D.C. [...]

Some RFID critics wonder: Could government officials read the microchips in an enhanced driver's license or passport card by scanning people via satellite or through a cell phone tower network?

The short answer is no - because the chips in PASS cards and EDLs are "passive," or batteryless, meaning they rely on the energy of readers to power up. Passive tags are designed to beam information out 30 feet. [...]

[A] system called STAR, that adapts deep-space communications technologies to read passive tags from distances greater than 600 feet, was announced last year by a Los Angeles startup called Mojix, Inc. It uses "smart antennas" and "digital beam forming" to process signals in four dimensions - time, space, frequency and polarization. Mojix, founded by a former NASA scientist, promotes the technology for supply chain management and asset tracking.
Science fiction writer and futurist Bruce Sterling blogs about the WaPo story in his July 19, 2009 "Beyond the Beyond" entry "Arphid Watch: Passport Sleeves":
Here’s the Obama State Department shrugging about their RFID train wreck, and hoping nobody notices that the previous Administration installed zillions of terror-friendly radio beacons in the purses and pockets of the American civil population. [...]

Given their mournful fait accompli on the ground, they probably lack any rational alternative, except to INSIST that everybody go buy some tinfoil hat for their passport, in which case the Global War on Terror situation looks even more aggressively crazy than it was before. Not to mention the tremendous publicity boon for RFID hackers seeking employment with terrorist hotel-bomber types, who’d no doubt love to bug any doorway anywhere on Earth, and automatically count the vulnerable foreigners walking through it.

Also, according to the original genius plan, you were supposed to be using these safe-and-secure arphid beacons to merrily zip through airports, en-masse, subway-style, like with [London Underground] Oyster cards. Seen any of that jolly high-tech activity anywhere lately? Me neither. Instead we’ve created a huge, botched superpower effort that is paranoid, semi-secret, global in scale, leaky in security and at best semi-functional. “Gothic High-Tech.”

Comments: Post a Comment

Copyright © 2004-2013 by Greg Costikyan and Eric Goldberg. All your rights are belong to us. No bloody Creative Commons here! Bwahahaha!
No, seriously. If you make non-commercial use of stuff here, that's fine, but we reserve all commercial rights, and all rights to prepare derivative material on things posted here. In addition, posters of comments must be aware that we reserve the right to use whatever material they post here, and/or derivative works therefrom, in PARANOIA, supplementary products, licensed products, or derivative work, without any compensation whatever, for all time to come and throughout this universe and any alternate universes that may be discovered. At our discretion, and without obligation, we may, if it strikes our fancy, make a good faith effort to credit you for stuff we use, but we can't promise it won't slip our minds, in the hurly-burly of meeting deadlines. (Actually, we intend to do that, but it's possible we'll screw up.) By posting comments, you grant us a non-revocable, perpetual, non-exclusive license to use whatever you post, in whatsoever fashion we deem useful, here or in any other forum, in PARANOIA or in any and all future products, including but not limited to derivative works, and specifically but not exclusively including the microbrewery beer, ale and porter; salty and sugary snack; and tattoo design rights deriving therefrom. Woohoo! Is that enough legalese for you? The Computer is Your Friend.

This page is powered by Blogger. Isn't yours?