kingrat

This is a technology meets security meets privacy issue I've been following. (I always mean to write about these things as I follow them, but there's so many that I never really get around to it.) Anyway, the U.S. government has been proposing to add RFID chips to passports for a couple of years. The idea being that you could prevent forged passports from being used by encoding the information on the chip, as well as make country entry more speedy because they can be read faster. Only thing was, if you have unencrypted information on the chips, anyone can walk by and read all the personal information about you if they want. At least they can if they have an RFID reader. And these days people have been building systems that can read radio signals from quite some distance. It's not the same thing, but someone just built a system that could access an 802.11g wireless system from over 100 miles away. An unamplified wireless system. I can't connect to my system from more than a few tens of yards. In the original passport RFID proposal, the security was essentially keep snoopers more than a couple of feet away and they won't be able to read it.

The new proposal, though not officially adopted yet, is better.

The most important feature they've included is an access-control system for the RFID chip. The data on the chip is encrypted, and the key is printed on the passport. The officer swipes the passport through an optical reader to get the key, and then the RFID reader uses the key to communicate with the RFID chip. This means that the passport-holder can control who has access to the information on the chip; someone cannot skim information from the passport without first opening it up and reading the information inside. Good security.