Wednesday, 30 August 2006
"NOW WE KNOW WHERE YOU WANT TRAVEL"
I'm off to Montréal as an observer on behalf of the Identity Project at next week's International Civil Aviation Organization (ICAO) Symposium on Machine-Readable Travel Documents (MRTD's, a/k/a passports and visas in which are embedded secretly and remotely readable RFID chips).
So far as I can tell, this will be the first time any privacy, civil liberties, or human rights organization or entity has attended an ICAO meeting. ICAO has pressed ahead with its RFID passport plans, ignoring protests from a broad international civil society coalition. It will be interesting to see if ICAO pays any greater attention to the numerous vulnerabilities in the RFID passport scheme that have now been demonstrated:
- The unique ID number transmitted by each RFID chip as as session initiation and collision avoidance key can be used as a tracking number, even if the rest of the data on the passport is encryped.
- The encryption of the rest of the data on the RFID chip has been broken in as little as 2 hours on a PC.
- Even without breaking the encryption, the data on the chip can be read and copied onto a blank chip to create a bitwise "clone" of the original chip, and used to impersonate the passport holder and fool an RFID passport reader into thinking it has read a different passport when really it has read the data from a the cloned chip. (Although it didn't involve a passport, the identical technique was used in this on-camera demonstration of the real-world remote cloning of the RFID chip a California legislator's badge, and use of it to open locked doors in the State Capital building in Sacramento.)
- The layer of metal foil being added to the outer covers of USA passports as RF shielding is ineffective if the passport gaps open even slightly. Even a 1/4 inch (7 mm) gap between the outer edges of the passport covers allowed reading of the data on the chip in the passport from 1 1/2 inches (4 cm) away, well within the plausible range of approach for a "bump" attack through clothing or a purse; a 1/2 inch (12 mm) gap extended the tested read range to 4 inches (10 cm).
- Without shielding, the ISO 14443 standard RFID chips being used in new USA passports can be read from at least half a meter (18 inches) away using current technology, even under much worse than optimal conditions.
Where is all this going? As I've discussed previously , governments' desires for surveillance of travellers' movements coincide with the desires of airlines and airports for business process automation .
The result is the Orwellian vision of the future of travel depicted in this truly creepy video (my favorite line in the video is the one I've used as the title of this article) produced as a demonstration ot the USA Transportation Security Administration (TSA) of a would-be contractor's patented (but not unique, unfortunately) "Method for Tracking and Processing Passengers and their Transported Articles".Link | Posted by Edward on Wednesday, 30 August 2006, 21:15 ( 9:15 PM) | TrackBack (0)