Chips in Your Passport
 

Mr Schneier thinks the passport chips are not yet perfected. Can be read from several feet away.

I like the idea of putting the passport in a microwave to kill the chip

you may have to register to read this, but registration is free, and they do not spam.

http://www.washingtonpost.com/wp-dyn...23.html?sub=AR

Has anyone here put their new RFID passport in the microwave to disable the chip?

I plan to give mine some Hammer Time.

The original post is two years old. By now the RFID chips are safe by today's standards. The chip can only be read if the card-reader hes a key which is created when the passport is swiped through the optical reader. Without swiping the passport you can't read it! It is actually easier to steal your passport and read the pages with your own eyes than trying to read from a distance with some kind of listening device.

Information like biometric data which can also be stored on the RFID chip can only be read when again the right key is calculated by the card reader and on top of this the reader has the right digital certificate to authorize itself. The encryption algorithm used by the RFID chip is safe by today's standards.

So there is no need for microwaves (I would not recommend this anyway because it will leave burn marks on your passport) or for a hammer.

I just keep mine in an ID Stronghold carry slip :D

Really? When did they change the encoding of the data on the RFIDs? My understanding was that there was not a way to get all the countries that would be reading the RFID to cooperate on the encoding scheme so it wasn't happening.

I renewed mine just before the RFID was becoming the default in passports so I have a few years left without. That being said, if one does feel compelled to deactivate it, definitely go the hammer route. A microwave approach will leave marks and that would be bad.

IATA sets the standards for the RFID chips and there is every year or two a conference where topics like interoperability, security and new requirements are discussed.

Every RFID chip in every passport has two sections. One section for information which are already printed on the first page of your passport. This section is only protected by a basic access rule. The second section of the RFID chip contains your fingerprints and other biometrics if a country is collecting this information. To access this information the card reader needs a special digital certificate which is created by the issuing country for its passports. Right now the IATA works on the system to distribute these digital certificates between countries on a voluntarily base. So far only the issuing country can access these biometric information. The EU is working to allow access to EU passports by all EU members but this will probably will take another few years before it will work.

So for example: My German passport has my fingerprints stored but only German authorities can access them. If I fly to the United States the immigration officer can only read data like my name, nationality, birth-date etc. but not my fingerprints.

As I said before. The RFID chips are safe compared to today's standards. This however can change in 10 or 20 years and this is in my eyes the only real problem. Encryption algorithms which are unbreakable today like AES could be broken in 10 to 20 years depending on improvements of computer technology.

Thanks for bringing this up. I am just about to renew my passport, and I was considering buying an RFID-shielding passport case (and also possibly a wallet of the same type, to protect any chip-embedded credit cards).

However, the idea of an easy-to-use, reasonably-priced pouch seems like a more cost-effective way to accomplish the same goal without tampering with the original document or card.


https://www.idstronghold.com/

This is very interesting, expecially in light of the rumours on the Travel Safety & Security board that the US will start collecting fingerprints of its citizens when they enter. It's interesting to know that Germany already has them.

I guess it is relative. I actually consider my biographic data to be worthy of protecting, and you've acknowledged that it is on the part of the chip that has no protections at all. No swipe to generate a key to read it. Just pass by with a RFID reader and that data, along with the encrypted biometric bits, is there for the taking. Is that truly safe??

You missunderstood me. Without swiping the passport you can't read the RFID chip. The chip won't answer if he doesn't get the right key. The only difference is that the biographic data isn't encrypted like the biometric data which requires in addition to swiping a digital certificate. So again. It is easier to steal a passport than reading the RFID chip from a distance.

When was this change implemented? It certainly was not part of the initial spec for the RFID passport chips AFAIK.

And I agree that it is easier to steal one, but I have some control over that while it is on my person. I can't control radio waves nearly as well.

You are right, that it wasn't in the first specs but they found out that this was a pretty stupid idea and that they need at least some basic protection. I think at one of the IATA conferences the member states agreeded on the access rules.

And yes Germany collects the fingerprints of German citiziens when they apply for a passport. They scan the left and right index-finger.

So, how does this supposed keyed encryption mesh with the story coming out of San Francisco this week? Here's a full story from The Register in the UK.

A guy with off-the-shelf parts cloned two passports that he never had physical contact with. :eek:

Tell me again how I have nothing to fear???

I'm guessing that the answer is that the data that is being broadcast at that point has no personally identifying information in it so I shouldn't worry. I'm not buying.

Ok, I read the above article. It said no personal information can be gathered from the RFID, just a number. So ok, the number can be used to forge things just like your SS# can be used without your name, and a DL# can be used without your name or address. My new passport card (the size of a credit card) came with a protective envelope that stops anyone from reading anything off it at all according to the article.

So the big deal is to keep the passport card in it's protected sleeve and keep a new passport in a protective pouch. It's to late to stop the march of technology.