Join Date: Apr 2001
Location: Lyss (Switzerland)
While checking up on some of this stuff, I happened across an interesting discussion on another site.
Bruce Schneier was describing a possible alteration to the RFID-in-Passports-hooked-to-biometric-database idea that the US want to introduce.
Basically, to "alleviate security concerns", the system was going to additionally have the following:
1) The data on the RFID chip would be encrypted
2) The data on the RFID chip could only be encrypted using a key which was encoded optically on the passport cover.
Now...think about that for just a second...the only way to read the RFID data is to scan a portion of the physical passport. This, then, completely removes any security argument for having the information readable at a distance. You could ditch the RFID chip entirely and have the key to your actual biometrics database stored in the ssme optically-readable format.
So again, its clear that the introduction of RFID in passports isn't about security. The same level of security can be obtained, with the same level of convenience, omitting the use of RFID entirely.
So why use RFID? Because you can track the chip at a distance, even if you can't decode the data. And once the thing is scanned once, you have the ability to map the encoded data to a person, so you know who is who! Of course...you can only do that to the people who don't realise this and haven't (for example) wrapped their passport in some form of shielding...which of course anyone who doesn't want to be trackable will do....
So Joe Q Public loses anonymity and privacy, while anyone who wants to (including criminals) can trivially get around the implications of carrying an RFID-chipped passport.
The lack of additional security only supports the argument that RFID is being pushed for reasons other then security. The public are being conned into thinking that it makes them safer when it doesn't. Whatever security they get could be implemented without the loss of privacy inherent in RFID implementations. So in effect, people are trading privacy against, well, nothing.
You want a conspiracy? Well, thats one right there. We must either believe that no-one in government can understand the fundamentals of security, or that they are knowingly putting forward systems to erode privacy for no additional security.
Last edited by bonkey; 07-02-2008 at 11:55.