Metal shields and encryption for US passports

时间:2019-03-02 07:16:04166网络整理admin

By Kurt Kleiner New US electronic passports will use encryption and a metal shield to protect the data they contain. The move is in response to criticism that the passports would not be secure, and perhaps downright dangerous to carry. But critics remain unconvinced. “It’s a terrible idea,” says Kurt Opsahl, a lawyer with the Electronic Frontier Foundation (EFF), a non-profit organisation based in San Francisco, US, dedicated to defending civil liberties in the digital age. In an effort to make passports harder to forge, the US and other countries plan to place Radio Frequency Identification (RFID) chips inside their passports. These chips would contain the same information as that printed on the passport, but in a digital form that would be hard to change without detection. When placed under a reader, radio waves “read” the tags which then broadcast back the information they contain. Similar tags are routinely used in stores for inventory control. But when the US State Department announced its plans in February, security experts and privacy advocates objected. Without any protection, the passports might be “skimmed” – read at a distance by strangers as people walked through any public place. The weakness could allow a government to track someone, or allow a criminal to steal the names, digital photos and passport numbers of people on the street. Some critics even worried that the chip could act as a trigger to detonate a bomb when someone with an American passport walked by. In response, the US state department announced this week that it would include “anti-skimming material” inside the covers of the passport. This probably means a plate or grid of metal that would shield the chip against being read unless the passport was opened. The other change announced is that the reader will have to send a personal identification number (PIN) to activate the chip. The PIN will be derived from information printed on the inside pages of the passport, so the passport will have to be optically scanned before the chip can be read. The PIN will also be used to encrypt the communication between the reader and the chip so that no one can electronically eavesdrop as the chip is being read. “This is a step forward. But I don’t think the state department has yet demonstrated that you can use an RFID tag in an identity document and still protect the data,” says Barry Steinhardt, a lawyer who deals with electronic privacy issues for the American Civil Liberties Union in New York, US. Steinhardt thinks the government should scrap the idea of an RFID chip. He says they should include the information on an encrypted 2D barcode, which would eliminate the possibility of the information being read at a distance. “We think this is a dangerous experiment that needs to be tested by the security community,” says Opsahl at the EFF. “For a truly objective test they should make the passports available to university research teams and others to see if somebody can break through it.” The state department will start testing the new passports in December with US government employees,