Friday, April 29, 2005

RFID in Passports: Encryption is a Good Thing

[T]he U.S. State Department [has decided] to drop a requirement for additional security measures in next-generation U.S. passports. The specifications have yet to be finalized.

Neville Pattinson, director of technology development and government affairs for smart card provider Axalto Americas, said Friday (April 29) that adding security measures such as "Basic Access Control" and a metallic shield cover to U.S. passports could "completely make the information [stored in the e-passport] undetectable."

Pattison originally disclosed the results of a National Institute of Standards and Technology e-passport trial held last summer in which he said NIST testers were able to lift "an exact copy of digitally signed private data" from a contactless e-passport chip 30 feet away.

* * * *

Bruce Schneier, a security technology expert, noted in his online blog, "The devil is in the details, but this [Basic Access Control] is a great idea. It means that only readers that know a secret data string can query the RFID chip inside the passport." |Link|

What the fuck are they thinking? We should demand encryption. I'm writing my Senators again. I recently wrote them to oppose John Bolton's nomination. He'd be a disaster as Ambassador to the UN.

No comments: