E-Passport In the Works

ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports — about 13 million will be issued in 2006 — will contain such chips.'"

10 years

[lawpoop]

Passports are valid for 10 years upon issue, IIRC. Are you telling me that secure passport tech will slowly be phased in over 10 years? Because we all know how often Americans travel overseas.

If anything, this will raise the value of existing non-RFID passports, since they are more easily modified to indentify someone else.

Americans traveling to other countries.

[krell]

"Because we all know how often Americans travel overseas."

Hey, I went to New Mexico twice in the last 6 years. That's fairly often, I think.

Re:Americans traveling to other countries.

[clickclickdrone]

I used to find the low number of Americans with passports rather scary and insular until someone pointed out you only get 2 weeks vacation a year. With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.
Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday :-)

Re:

[OakDragon]

...you only get 2 weeks vacation a year.

Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

Wow, who pays for that?

Re:

[Anonymous Coward]

uh, what? I literally get two weeks of vacation a year. Anything more than that is "leave without pay". If I tried to take my two weeks of vacation all at the same time and also take two weeks of leave without pay my supervisor would deny it and probably have me fired. I don't know anyone who can "arrange their vacation time vs. work time quite easily" - everyone has to get it approved by a supervisor and rarely takes more than a few days at a time.
If I lived in the EU I would get 4 to 6 weeks of paid vacat

Re:

[CastrTroy]

I think that what he is referring to, is that the minimum allowed that your employer is allowed to give you is 2 weeks, wheras in Europe (or parts of Europe), it's 6 weeks. Of course in the US, if you have a good high status job, you can get more holidays, although I'm sure in Europe you can too. I know someone from Germany who gets 3 months off per year. And they don't work at a school.

Re:

[Rosonowski]

I don't think there's anything about a minimum of vacation time, at least not for hourly wage earners. I don't get ANY vacation time, so any time I want to take off, I have to figure out how to make up the money.

Re:

[CastrTroy]

I'm unsure of how it works in the US, but in Canada, they can either give you the money when you take the time off, or give you an 4% on every pay cheque, and not pay you when you take the time off. They may also decide to give you the 4% at any time throughout the year in 1 lump sum, regardless of whether or not you are taking vacation. You may never actually take vacation, especially with part time jobs, because you may not feel you need it, but you should still be getting paid for it.

Re:Americans traveling to other countries.

[Grishnakh]

Is your employer one of these places that works everyone 35 hours a week to get out of paying benefits?

You say this like it's a bad thing. Employees need to stop worrying about their little personal lives and worry more about providing shareholder value. Not taking any vacation, working unpaid overtime, etc. are all great ways to achieve this. How about some volunteer work? Volunteer to work weekends, for no pay. Or volunteer with your spare time to do chores, like yardwork, for your boss so that he can concentrate on providing more shareholder value.

Won't somebody please think about the shareholders??!!

Re:Americans traveling to other countries.

[Maximilio]

Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

"Prefer?" I prefer quite a bit more time off. I would imagine most people do. The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground and causes them to change jobs on an average of every two or three years and careers on an average of every 10 or 15 years. You ask, stupidly, who pays for Europeans' 6 weeks holiday -- obviously as a cultural norm the employer shells it out. It's a quality of life issue.

But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle. I think, given 6 weeks of guilt-free holiday, most Americans would take it gladly.

Re:

[Anonymous Coward]

Yes, individually you probably would like 52 weeks of paid time off, as a society though, Americans aren't fond of vacations. As an ex-pat living in Italy, it still irritates me to no ends that around august, nothing is open. Its also irritates me that people take so much time off. For example, one day out of the week my favorite restaurant is closed (on Tuesdays). No, of course its a small thing, but if you come here don't be expecting to be able to get breakfast tacos at 3AM here. (mmmm...midnight tacos..

Re:Americans traveling to other countries.

[PPGMD]

It can also be frustrating to those working on a tight schedule.

One of my clients is a developer company, based in Mexico City, but with offices in most of the vacation hot spots in the US (because they own high rises in all those cities). There were having issues with their ERM, because it was a fixit session it was scheduled between other trips, and I only had two days on site. Well that wouldn't have been an issue, if they didn't stop working everyday for 3 hours to have lunch and watch the World Cup.

I don't know what it is, but the way we work versus the way that work is done in Europe and Latin America, is hugely different. I like to relate, to the Super Market that was across the street from where I was staying in Amsterdam, they were open M-F 10am-5pm, for an American that is unfathomable, Europeans are used to it, and adept to it, and I did too (by adept I mean I mostly ate at restraunts that were open later in the evening) when I was there for 3 months on a project. But it's quite strange for someone who's last job involved making a 1am Taco Bell run during my 11pm - 11am shift.

Re:

[Mr. Underbridge]

So emigrate.

Re:

[phulegart]

what kind of contradictory Bullshit are you spewing? First you say...

"The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground"

Which clearly indicates you believe that U.S. Citizens are pushed against their will to work as much as they do, because the CEOs and other corporate bigwigs want to increase the amount in their already overfull pockets. Then you say...

"But please, don't insinuate that

Re:

[Grishnakh]

Personally I've never had a job where I had 2 weeks official vacation time per year. And I'm a U.S. Citizen.

Sounds like you're either a workaholic, or you need a new job. I had 2 in my first job, 5 in my second job (state government; paid better than the private companies in the area were paying too!), and 3 in my third (current) job. And I've always been able to actually use that time. And in my current job, I get an additional 8 weeks off every 7 years. Not quite up to European standards, but much bet

Re:Americans traveling to other countries.

[badasscat]

Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

Are you kidding me? "As a nation", we take what we can get. And all we can get is 2 weeks per year or less.

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

Wow, who pays for that?

If the entire society accepts that this is normal, then no one pays for it.

Let's face it - the world works the way it does because we accept that the world works that way. If it worked differently, we'd accept that too. I mean, who's "paying" for the fact that you're sleeping 8 hours a day rather than working? You, and the rest of American society (at least to this point) has drawn the line at having at least enough time off every day to sleep. Nobody "pays" for that; that's just the way society has chosen to work. Could companies make more money if all of their employees worked 24 hours a day, 7 days a week? Sure. But you don't "pay" for something that never existed in the first place. That downtime is just downtime, not a debt that needs to be paid.

We Americans are overworked. We work more hours, on average, than any other nation in the world (yes, including places like Japan, which lets its employees have an average of 25 non-weekend days off per year). But it's not by and large because we want to, it's because we're demanded to and because employers have decided for us that this is the cultural norm. Someday, maybe we'll get in step with the rest of the world and realize that there are more important things in life than work.

Re:

[Kadin2048]

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

Actually, very few people in my line of w

Re:

[TClevenger]

I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

Out of the people who I've encountered who don't take their full 10 days (14 days? What country do you live in?), nearly all are concerned that either their work will pile up and overwhelm them on their return, or will get piggybacked onto their already overworked coworkers (and in return, they'll be picking up the slack for the coworkers.) Thus,

Re:

[HungWeiLo]

here [arstechnica.com]

This, of course, runs contrary to the common view that American workers are lazy and unproductive. However, there is an interesting catch. Because workers in the US tend to put in more hours than their European counterparts, the rankings change when you look at productivity per hour worked.

Norwegians lead the world with an output of $38 per hour worked last year. French workers were in second place, averaging $35 an hour, the report said. Belgians were third at $34, followed by Americans at $

Re:

[rahrens]

Your comment is unwarranted, insulting and uneducated in its attitude about the modern Germany.

Germany is a modern industrial nation that has worked hard to overcome the disaster that was WWII. It was the first of the Axis nations to pay off its war debt, and has done all it could to counteract the influence of the National Socialist Party and all it did to the people of Europe.

The people of Germany suffered as much as the rest of Europe did (exclusive of the victims of the Holocaust) from the horrors of t

Re:

[i.r.id10t]

Folks just aren't working in the right places. I get 2-3 weeks off every between the fall and spring semesters (christmas time), paid, since the college I work at is closed. I also get spring break off (usually the week of my birthday in March), paid, since the college is closed. And then all the little 3 and 4 day weekends for labor day, etc. And then I also get my "regular" paid time off/vacation time plus sick days. Sure, working in education doesn't pay as much as it could, but for the amount of ti

Re:

[CagedBear]

With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.

This is true. In fact, I live in upstate NY and feel it would take a lifetime just to fully explore my own state let alone the rest of the coutry. There is a whole lot to do in the U.S. and not nearly enough time to do it in.

Re:Americans traveling to other countries.

[morgan_greywolf]

I, for one, welcome our new McDonald's-cramming, identity-stealing, drive-by-shooting North American overlo......

oh, never mind.

passports soon required for mexico and canada

[peter303]

I recall the date is Dec. 31, 2006, though there might be exceptions for a few miles across the border.

Renewable

[gerf]

You can renew your passport without replacing it. It's cheaper than getting a new one too!

Re:

[plague3106]

At what price are we paying though? These will be faked in time as well, and probably not that much time.

Also, it ignores the fact that all the Sept 11 terrorists had valid passports / drivers licenses. How exactly does this help us again?

WHY?

[rkhalloran]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

Re:WHY?

[gEvil (beta)]

It's all about appearances. Nothing more, nothing less. If the general population thinks that high-tech passports are more secure, then high-tech passports are what they general population will get.

Re:

[muellerr1]

Either that, or some chip manufacturer is in bed with the government.

Re:WHY?

[Red Flayer]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

The same reason we can't take bottled water on an airplane -- pandering to gullible voters.

Re:WHY?

[eno2001]

Because... some stupid fucking PHB somewhere heard that RFID is the "next big thing (TM)" and just had to have it before those damn Canadians do. I honestly think that's all it comes down to. Someone thinks RFID sounds cooler than 70s mag stripe technology. If you ask me it's fucking stupid. Of course what do I know, I hate the direction the United states has taken the past six years. I'm fucking trapped here though because I can't just afford to pick up and leave. Have to make the best of in these hard times.

Re:

[kevin_conaway]

A 'chipped' passport would be susceptible to drive-by scanning

Doesn't really sound like it. From the TFA:

He said the e-passports must be brought within 3 inches of a radio-frequency identification device that works in combination with other security features to prevent unauthorized peeking into the chip.

Anti-skimming/eavesdropping measures

[SgtPepperKSU]

More info form department of state [sfgate.com]:

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed; Basic Access Control (BAC) technology, which requires that the data page be read electronically to generate a key that unlocks the chip, will prevent skimming and eavesdropping; and a randomized unique identification (RUID) feature will mitigate the risk that an e-passport holder could be tracked. To prevent alteration or modification of the data on the chip, and to allow authorities to validate and authenticate the data, the information on the chip will include an electronic signature (PKI).

Re:

[Overzeetop]

3" from the "designed" reading equipement, not from a "modified" directional antenna. Besides, if someone can get clsoe enough to pick your pocket, they can be close enough for a walk-by reading.

Not quite that easy.

[Kadin2048]

Read the post above yours. The covers of the passport act like a Faraday cage. I'd still like to see tests of whether you can saturate the passport with enough RF to actuate the chip using a small parabolic antenna (and disregarding normal safety standards), but it does seem like they've considered this possibility. That's a small good sign.

More importantly though, if they can pick your pocket, they can just steal your passport and then do anything with it that they want, so I think that's really not a grea

Re:

[lawpoop]

<tinfoil hat> It's a small step to get people prepared for implanted RFID chips. Same reason they want to implant soldiers and medical patients. </tinfoil hat>

Re:

[Volante3192]

Cause it's technology! It's clearly unbreakable.

Frankly, I'd be worried about a magstripe even. Why not use a 2D barcode, like DataMatrix? It'd speed up the process, not susceptable to interference, corruption or loss, and it's just as secure.

Technology is not a miracle cure, but they keep treating it as such. What'll happen if power goes down to their fancy RFID readers, cause power NEVER goes out at LAX...

Re:

[dhasenan]

2d barcodes can't hold that much data; or rather, their data density sucks. You've got an analog portrait and you're trying to convert that to a binary 2d barcode in perhaps four times the area, with pixels that measure millimeters across.

If the power goes down, they won't authenticate passports. Perhaps at the Mexican border, they'll stop anyone who looks Hispanic until the power returns. Perhaps at LAX, they'll stop anyone who speaks with a non-American accent (those who have American accents have either

Re:

[Threni]

> adds nothing a mag-stripe couldn't,

If it's done properly it would be harder to produce. Anyone can write to a mag-stripe, but the Chip and Pin system in the UK, for instance, is more secure.

Re:

[clickclickdrone]

>Chip and Pin system in the UK, for instance, is more secure.
That'll be the one where the PIN terminals let everyone else in the queue watch you type in your number because the so called protective sides are so small or badly positioned as to be useless.

Re:

[clickclickdrone]

>What's the point?
Because Joe Public will see the govt are doing *something* and be happy. The fact that those of us with half a brain know it's a waste of time is irrelevent.

Re:

[supabeast!]

"What's the point?"

It has TECHNOLOGY! The technology will solve all out problems! Next we can add encryption to the technology so that it will be even more technological! And because Americans can't even wrap their heads around evolution, there's no way this nation of idiots will figure out what a load of BS this is and demand that politicians stop wasting resources on pork like this and actually get something done!

Re:WHY?

[amliebsch]

If the chip only carries an encrypted photo of myself, then thieves can't steal any information that they couldn't get by looking in my general direction. But it does make the passport much more difficult to forge, and more difficult to use fraudulently. That seems pretty reasonable to me.

Re:

[amliebsch]

I just agree with the comments that it's probably a more inefficient way to handle it than others.

What, in your opinion, would be more efficient? I actually have thought about it, and it seems like a reasonably good idea.

Re:

[Dun Malg]

I don't say "don't do it", I say "actually THINK before doing it"

I suspect they did think about it, as opposed to you. Maybe you should come back when you have actual, arguable objections to the system, rather than vague but dire predictions of some unenumerated "fiasco".

RFID passports have foil covers

[peter303]

The RFID passtports have to be opened to be read due to protective foil covers. However, here's still alleged advantages of chip compared to a magnetic stripe. Foil covers wont prevent a hotel or bank from reading the chip.

Completly uterly false

[aepervius]

A RFID chip has got an enormous advantage in comparison to magnetic stripe : no meccanical part for the reading.

But if you had comparied to a bar-code tag (2D or 1D) then you would have been right : this bring nothing.

Re:

[Ucklak]

I'm not in favor of this tech but since when can one assume anothers physical identity by merely driving by?
Isn't the purpose of adding a photo within the hash forcing a visual check?

Re:

[HTH NE1]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

It's to help the terrorists target Americans, adding fuel to the fire of the War on Terror. And once the encryption is broken, not only will they know there's an American in their midst, they'll also be able to identify the specific target from the photo.

Re:

[Lord Ender]

The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

Re:

[Andrewkov]

This technology will just encourage unlawful face transplanting. Haven't you seen that John Travolta movie?

BECAUSE!

[TiggertheMad]

The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

Ah, but what if the 'Thief' doesn't want to so much steal your identity, as pick an American tourist out of a crowd of hundreds of other tourists? This isn't giving you a secure digital picture. It's painting a huge bulls-eye on your forehead...

Re:

[Kadin2048]

Yeah, because 90% of Americans aren't painfully obvious in a crowd in any foreign city already.

Seriously; even in most Western countries, the "average American" sticks out like a recently-hammered thumb; doubly so when they start talking.

Only a very small percentage of Americans will ever pass as a native in any other country except their own.

Already customs lines at SFO for this

[Skyshadow]

Came back through SFO from Edinburgh yesterday and saw signs for a couple of dedicated test lanes for this (they were closed, but they were all set). I was wondering what the heck it was about.

American Made

[neonprimetime]

A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

Why do we always have to get everything from the Germans? (beer & cars for example) Why can't the government contract this out to good ol' American workers? Especially since it deals with National Security?

Re:

[Red Flayer]

Why do we always have to get everything from the Germans? (beer & cars for example)

Gee, that's funny -- GM (American) is the largest automaker in the world, and the largest supplier of autos domestically. InBev is the world's largest brewer, it's headquarters are in Belgium but it is a truly global company.

Why can't the government contract this out to good ol' American workers?

Because gool ol' American workers don't exist anymore. Actually, that's not quite right -- good ol' American manufacturing p

Re:

[gothzilla]

The industrial age is over. Corporations are now global and span across the borders of many different countries. When looking for the best company to do the job, you don't limit yourself to only companies that are solely located in the USA. That would be silly.

Infineon has plants in Asia, North America, Europe, and Africa. They have representative offices in 42 states in the USA, as well as in many different countries around the globe. Why shouldn't they be allowed to bid for the project?

Infineon's USA plan

encrypted?

[Lord Ender]

When they say "encrypted," do they actually mean digitally signed? Being able to provide a digitally signed (by a government key) passport photo in a machine-readable form would be good for security.

But simply encrypting the message with a symmetric key (as seems indicated by the blurb) would be bad for security, because many people would have the key, and so it would provide a false sense of security.

Re:

[kevin_conaway]

From The Dept of State [state.gov]

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is f

Scene at the customs office

[krell]

"Mr.... let's see 5AVE On Va1iumViagraCialis? Yes, everything checks out. Welcome to America!"

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:I blame it on the lack of logic today

[pilgrim23]

Entebe Incident; The Hijackers went around the plane asking for Israeli Passports. Now it is so much easier. Welcome to the new world of "Wand and Shoot".

Re:

[kevin_conaway]

One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak: 1) All computer security systems have been defeated. 2) This is kinda like one of them thar computer security systems that has been defeated. 3) I'm carrying this thing around the world,

More Lack of Logic

[dereference]

Well, according to the TFA: The chips carry an encrypted digital photograph of the passport holder..

Remember everyone, just by going out in public you are letting the world know what you look like! Time to start investing in brown paper bags

You seem to be missing the whole point here. According to logic, it doesn't really matter what contents are being stored on this chip. It could be an encrypted random number for all anyone cares, since (as the GP correctly noted) the very existence of any such

Re:

[HarmlessScenery]

1) All computer security systems have been defeated.
2) This is kinda like one of them thar computer security systems that has been defeated.
3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American. If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

This seriously got mod'ed up?

Come

Re:

[volsung]

If the problem is so bad, maybe Americans should be supplied with passports disguised as 'insert country of choice', and all given elocution lessons before they leave the US?

That's called the CIA.

anti-pirate passports!

[invader_allan]

We all know that paper is so easy to modify, so we need to go to chips. Chips are more secure, while harder to duplicate. Like game chips, which don't get coppied freely like paper products such as books. Books can also be "emulated" in pdf or e-text formats. Chips can't be emulated or falsely burned with someone elses data!

Heh heh

[rice_burners_suck]

I bet there won't be a device in existance that can actually read the chip that will be embedded in these passports. I say that because my Permanent Resident card (greencard) is supposedly the most advanced ID card ever made, with all kinds of weird embedded information and whatnot, making it impossible to counterfeit. Or at least that's the theory, because although they spend ridiculous amounts of money to make these cards contain all that personal information, there is reportedly not a machine in existance that can read the information off the card. Typical government nonsense. It's like trying to invent the modem with enough funds to build just one.

And if we're already on the subject of the government, why are they spending all this money to make sure passports can't be faked, greencards can't be faked, etc., if there is absolutely positively nothing being done to stop the flood of immigrants, criminals, drugs, and terrorists that are crossing our totally unprotected borders into this country every day? Every time this issue comes up, idiots say it's racism. Sorry, it's not racism to stop people and things that shouldn't be here illegally from coming here illegally.

Re:

[megaditto]

On topic: Why not store the fingerprint/retina image/DNA digest-linked profile on a centralized server? At the border you provide a finderprint (or DNA in case of amputation, etc.) and your info is pulled up from a secure database. In terms of security this should be better than surrendring the control over the ID (passport) token and its info to a spy or a terrorist?

Off topic: Funny how most anti-immigration crusaders seem to be either rustic yokels or recently naturalized citizens. We welcomed you into th

Renewed my passport last month

[FreeUser]

I just renewed my passport last month, despite having a little over 3 years left before it would have expired. Now I'm damn glad I did...in ten years time, when I have no choice but to renew again, at least I won't be getting Version 1.0 of the US Government's Made-to-be-cracked ePassport.

bomb makers can now target americans

[RichMan]

So now the bomb makers can design bombs to explode when a certain number of american passports are within range.

They don't need to correctly talk to the passports only determine that they are american passports.

Re:

[moosesocks]

Not sure why this was modded as funny.

This could potentially become a huge problem for Americans traveling overseas, especially considering that the Government advises Americans abroad to not advertise the fact, while at the same time, they're equipping us with radio beacons that scream "HEY! OVER HERE! THAT'S RIGHT! HERE! LOOK! AMERICAN! AMERICAN!"

US Department of State announcement

[SgtPepperKSU]

I actually ran into this a few days ago while looking into getting a passport. They announced [state.gov] this on the 14th.

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients).

It seems the passports will come with their foil hats pre-installed ;-)

Been thinking about this one.

[NiteHaqr]

What with the UK government wanting to force an ID card on us - seems applicable to Passports/Driving Licenses too.

Take a standard Credit Card sized plastic card.

Put a chip on it like credit cards use - not an RFID tag, just a simple chip that can store ONE piece of info.

That piece of data will be unique to that person, and is their ID in the system.

On the card we print a photograph, their name and date of birth.

When the card is presented at an appropriate terminal, a database lookup is done for the ID. The card reader then displays a "virtual" version of the card.

Visual inspection will allow the person doing the Identity Check to confirm the persons ID.

ID cards to be updated every 5 years, replacements for lost/stolen/damaged to be charged at cost, and be available within 2 working days, with designated places (like police stations) being able to print out temporary ID papers until replacement card arrives.

As long as downloads to terminals are encrypted, and the credentials of the operatives inputting data onto the system are checked, we have a secure system with no privacy concerns that SHOULD be cheap to implement.

Other systems, Passport Control etc could be tied to the database with your ID reference number becoming your Passport number - Give each person a pin number (or if you really insist use biometric information) and you have a bank/credit card that should also help prevent fraud.

Anyone see any holes in my plan?

Re:

[morgan_greywolf]

Anyone see any holes in my plan?

Yep. Reliance on a very large central database. What if the database goes down? What if the database gets hacked? With the very large number of people you would have to have entering data into the system, chances are one or more those people will allow unauthorized access into the system, either intentionally or unintentionally.

What if the person checking ID loses connectivity to the database?

Example: I want to steal $25,000 out of your account. I forge your passport, c

Re:

[Dark Coder]

Plenty of holes.

Put more than one thinking caps on.

I have a chipped UK passport

[OriginalArlen]

And, as I have no intention or interest in visiting the US, I gave it 30 seconds in the microwave. Problem solved. They've been issuing these things over here since the end of July - I missed the deadline for a "real" passport by 5 days. Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me. They can't store a 40K jpeg in an RFID tag, at most it could be a (small) hash, but that would be useless as obviously another image of my face will have a com

Re:

[Rob T Firefly]

Anyone got any idea what the UKPO means by asserting this thing's "biometric"?

It means there's a Star Trek fan in the PO who finally got a chance to use technobabble on the job.

Re:

[88NoSoup4U88]

We (the Netherlands) also recently went to the chip-embedded biometric passwords: Afaik, it's biometric as the different proportions of your face are stored in there: For example, one is not allowed to laugh/smile/frown when having a passport-photograph taken, as it would mess up the 'default' state of your face.

As (one of) the definitions of biometric is : A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an enrollee.
I

Re:

[Dun Malg]

Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me.

From www.passport.gov.uk
"How will facial biometrics work? Facial recognition will map various features on the face, for example, the distances between eyes, nose, mouth and ears. The measurements will be digitally coded and held on an electronic chip secured in the passport page."

Your passport required a picture, right? Congradulations! You have been biometricized!

It's a revenue plot

[davidwr]

1) phase in new tech you know isn't bug-free
2) wait for major security hole to be found
3) come up with a fix
4) ???
5) PROFIT!!!

Step 4 is to make people who want the fix to pay for a replacement passport.

The e-voting-machine vendors are taking the same approach. Ditto many other technology vendors.

I don't see the problem here...

[Androclese]

It's an arms race against those that would forge a US Passport; they are using technology to make the Passport better. We know they are being faked right now under the current technology, so now they have added this chip with a digital picture of you to make it harder for them to duplicate.

Will it eventually be hacked/copied? Yes. Does that mean we throw up our hands in the air and stop trying? Taking a defeatist attitude gets us nowhere. When this one gets hacked, we'll add more forgery deterrents. Take at look at the US currency; its the same thing.

It is just one more tool we can use to keep pace/ahead with those that want to forge them.

Re:I don't see the problem here...

[lawpoop]

I agree that we need to continue to constantly increase our security measures, but I believe there is a danger in supposed security measures which actually *don't* increase security. It causes the users of such measure to relax their guard, assuming that they are safe when they actually may not be.

As far as anti-counterfeiting measures, the 9/11 terrorists had valid passports and IDs, so how exactly would this prevent terrorism? If an immigration official lets his guard down because a person has an RFID passport, he may be ignoring other tip-offs that would alert him to suspicious activity. This would probably only really effect illegal immigration.

Again, no one is saying that we shouldn't increase security measures. But let's not claim that this is a panacea, or going to do something that is actually can't. Americans seem to have the belief that some simple technology will solve any problem we encounter. The reality is that we have to hire and train competent personnel in immigration and security. Mass surveillance, face recognition, gait recognition, etc. will not keep us safe from terrorism; motivated terrorists will always outsmart the machine or system. What we need is human intelligence, building contacts and infiltrating groups. These sorts of technological fixes are just to pacify jittery Americans into thinking that something is being done.

Re:

[Sycraft-fu]

Yep, it's just like any of the other security advances. The passport revision just prior to this one, the one I have, already has a hidden pciture on it. It's on the opposite side of the main picture and shows up only under UV light. Agian something that is possible to duplicate (I mean of course it's possible to duplicate, it was possible to make it in the first place) but it's another layer.

The idea is that the easiest method of passport forgery is just to alter the picture. You nab my passport, stick you

The Main Reason is it's Faster

[mpapet]

Forget about the so-called security. It's "secure" to the vast majority of voters.

The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.

This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.

FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

And the obvious problem is...

[Moraelin]

So I went to the shop yesterday to buy a couple of PSP games. So I pull out my plastic debit card to pay with it. They have these numeric pads with a slot for the card and a small LCD display around here in a lot of shops. (The super-markets and such just ask you for a signature, but almost everyone else has a PIN pad.)

"Oh," says the clerk, "the connection's been down the whole afternoon."

It's not even the first time something like that happens. It's not often, but it does happen.

So for purchasing games or groceries, ok, I can just pull some banknotes out of the wallet. But it kinda scares me that I'd have to depend on something like that at an airport.

Re:

[swillden]

FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

Actually, they not only store the photograph on the chip, but they store a fairly large, high-quality photograph (~30KB). The reference data set used for testing implementations of the ICAO electronic passport is almost 50KB in size, total. T

Already hacked, even before rollout

[MrAtoz]

As featured a couple of weeks ago in this article [wired.com] on Wired, these RFID chips have already been hacked. From TFA:

LAS VEGAS -- A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Syst

National ID and passport--fingerprint, PIN etc.

[BrentRJones]

In light of terrorism, illegal immegration, identity theft and white collar crime, we will need not only passports with chips, but national IDs with smart chips too.

Not just your appearance, but your fingerprints, iris pattern, voice patterns and probably eventually unique DNA markers will be necessary. And a good long PIN or passphrase.

Those predicted bar codes on the forehead and arm look pretty likely, too.

"I'm sorry officer, my USB port is down. Could you use my saliva?"

Missing the point

[BigJavaGeek]

Most posters here are missing the point. The RFID tags are not used to store the images, just a reference to your ID in a database. It's about the same level of additional security the CVV (3 digit number on back of credit card) provides on top of your credit card number. It's a second factor that can provide a verification for the primary data (the picture/name in your passport). It's also like adding the little plastic strip inside US currency. You don't accept money from someone that is blank paper

How it works in Germany

[ai3]

In Germany we have RFID passports since last year. This despite much criticism (the old passports were considered one of the most secure documents ever). The new passport costs 59 euros, the old one was just 26 euros, so I got myself an old one just before the deadline.

In my opinion, the e-passport was largely introduced to secretly subsidize the biometrics sector: The interior minister responsible for the e-passport, Otto Schily, joined two biometrics companies this month :)

Source (german only, sorry): http://www.silicon.de/enid/cio/21505 [silicon.de]

Re:

[Bryansix]

Who cares if it can be cloned. The information on it is your picture. How is having a clone of your picture going to help anyone trying to steal your identity?

Re:

[gstoddart]

Who cares if it can be cloned. The information on it is your picture. How is having a clone of your picture going to help anyone trying to steal your identity?

Because when they clone it, then figure out how to add their photo to the passport, they end up with a valid passport, in your name, with their photo on it.

That's how. Or, do you believe that a government program is going to make a completely secure technology?

Cheers

Re:

[Bryansix]

That desn't make any sense. What does cloning have to do with defeating the encryption. They are two totally seperate problems for hackers.

Re:

[gstoddart]

That desn't make any sense. What does cloning have to do with defeating the encryption. They are two totally seperate problems for hackers.

Of course they are. But, how long before people can duplicate your passport, and then update it with a new picture? (Or steal the original, and update the photo)

I find it highly unlikely they will be able to create secure technology which won't be subjected to both of these things. Especially since they're rushing it out and haven't tested or proven the technology yet

Re:

[Dun Malg]

Of course they are. But, how long before people can duplicate your passport, and then update it with a new picture?

Who knows? That depends entirely on the encryption. Point is, you brought up the fact that some guy cloned a passport RFID chip as if it was somesort of evidence that the scheme had been partially cracked or something. Bitwise copying is a trivial acomplishment. It's like saying "they've already opened the door and walked into the bank, how long can it be before they've pilfered the safe?"

Re:

[SgtPepperKSU]

Guess I will need to get me one of these sooner than expected [difrwear.com]

It comes with one already [state.gov]... that is, if you trust a government issued one.

Yes, also

[gerf]

You can throw your new one in a microwave just in case :D

Re:

[Dun Malg]

You can throw your new one in a microwave just in case :D

Heh. I can't think of anything that would invite more scrutiny than a new RFID passport where the RFID chip was mysteriously totally inert.

Re:

[Dun Malg]

I ask because I thought there was already a story in the news how at defcon they hacked a passport ID system.

Bitwise copying the content of an RFID chip that's part of a biometric ID system yields a duplicate passport that can still only be used by the person the original was issued to. Grunwald is a grandstander. He should come back when he can actually modify the content.