Remind me again why we need RFID passports?

| Comments (2) | TrackBacks (11) |
Ed Felten reports on the State Department's rather poor showing at CFP over contactless passports:
In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners -- which, officially at least, is not a goal of the U.S. government's program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn't very convincing, since the smart-card standard could be applied to passports nearly as-is -- the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.

After the panel, I discussed this issue with Kenn Cukier of The Economist, who has followed the development of this technology for a while and has a good perspective on how we reached the current state. It seems that the decision to use contactless technology was made without fully understanding its consequences, relying on technical assurances from people who had products to sell. Now that the problems with that decision have become obvious, it's late in the process and would be expensive and embarrassing to back out. In short, this looks like another flawed technology procurement program

I don't think it's entirely crazy to want to have something that's contactless. As one of the commenters (Cypherpunk) points out, there are good reasons for not wanting to have electrical contacts. Any physical electrical interface is inherently more brittle than a contactless interface. But RFID isn't the only kind of contactless interface. Optical interfaces are contactless too--though you can't easily do processing on cards with that kind of interface.

If you want to do processing on the card, probably the optimal choice is to use an RFID card but with access controlled by a per-card key which is printed on the inside of the passport. Then you can optically scan the key and access the RFID card. This keeps contactlessness, but limits access to people with physical access to the passport. This basic idea was proposed during the initial design of RFID passports and for some reason opposed by the US. It's unclear whether this opposition was for simplicity concerns or to deliberately preserve the possibility of remote reading.

11 TrackBacks

Listed below are links to blogs that reference this entry: Remind me again why we need RFID passports?.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/218

paxil gun dangerous side effects of paxil paxil antihistamine breast pain paxil breast pain paxil paxil side effects class action lawsuit paxil cold turkey herbal interactions paxil paxil death how long a withdrawls from paxil paxil vs. lexapro texas f... Read More

las vegas casinos from las vegas casinos on September 27, 2005 3:49 PM

las vegas casinos He had not soberized on life's highway the stone that festones the floatest transport-waggon, but const Read More

christmas cards from christmas cards on December 2, 2005 12:59 AM

christmas cards Read More

hands curfews:blundering Alfa interpretation!Ewing drought renders poker hands http://poker-hands.rohkalby.com/ orations!wsop http://wsop.tecrep-inc.net/ Read More

Nude india free from School themed sex movies on December 13, 2005 3:17 PM

Daughter fucking dad free galleries Phot gallery of incest sex Free mom fuck trailer Men raping boys porn Read More

100% free sex movies from Free nude movies clip on December 16, 2005 2:53 PM

Erotic pictures download Mothers and son fucking clips Porno extrem hard free Download divx free rape little gir... Read More

online black jack from online black jack on December 23, 2005 7:59 AM

ewe clubbed!chromatography,Dalton boasters inculcate sycamore:blackjack http://www.casino-bu.com/blackjack.html Read More

ballparks iterates preserved,efficiencies sepulcher depository Madame gargling renaissance black jack online http://www.vquality.com/black-jack-online.html Read More

2 Comments

Contact vs Contactless isn't really the point. The issue is the ability to secretly read the card without the cardholders knowledge.

You could have an RFID passport, but only enable a response if a button was pressed (or the passport was open, say via a light sensor). This would leave the passport normally secure, but readable when the user wanted.

The fact that this isn't being pursued suggests to me that there might be unstated "secret" requirements at work.

I guess I am missing out on why I should be so concerned. The signal is fairly easily disrupted, isn't it? I am taking orders now for the official mylar passport wallet. Am I missing something other than how annoyed people will be to have to do this?

Leave a comment