David A. Wheeler's Blog

Wed, 23 Mar 2005

E-Password comment deadline (April 4) looms - COMMENT NOW

As noted in a Wired article, the U.S. Department of State plans to issue U.S. passports that can be read wirelessly (remotely), and it won’t even encrypt this extremely personal data. This plan is absurd; it appears to give terrorists and organized crime a way to remotely identify U.S. citizens (for murder or kidnapping) and to provide enough detailed personal information to significantly aid identity theft.

The Department of State claims that the new passports can only be read from 10 centimeters and that fibers will prevent any reading while closed. However, most security experts scoff at these claims, noting that people have to open their passports eventually, and doubting that the fiber’s protection will be perfect anyway in real life. Lee Tien, an attorney at the Electronic Frontier Foundation, reports the reading distance as more like 10-30 feet. Bruce Schneier, who just renewed his passport to make sure he will not have an unencrypted passport for another 10 years, says he has yet to hear a good argument as to why the government is requiring remotely readable chips instead of a contact chip — which could hold the same information but would not be skimmable. “A contact chip would be so much safer.”

I think this Department of State plan is going to kill people. There are people in this world who want to hurt or kill Americans, or citizens of some other countries — now we’re giving them an easy tool to help them find Americans (or citizens of some other countries) in foreign countries so that they can be murdered, tortured, raped, or kidnapped for ransom. The ransom stuff alone would fund huge efforts to use this technology in foreign countries to target victims, because it’d be insanely profitable for the immoral.

In my mind, the real problem is the use of wireless technology. This is an area where the convenience of wireless is far outweighed by the disadvantages of getting murdered. Frankly, for data storage, a 2D barcode (which is MUCH cheaper) would have all the advantages of permitting quick storage of a lot of data. If the purpose of the chip is to make forgery harder, then requiring contact would be sufficient.

Is the lack of encryption a problem? Not necessarily, as long as contact is required. After all, if there’s no encryption, then it’s easier to see exactly what data is on the passport (e.g., to verify that it’s correct for you), and the data is supposed to be the same as what’s already on the passport. But it’s a disaster if it’s wireless, because then people who have no business getting the data will be able to retrieve it. Indeed, it’s a disaster that this is wireless at all.

Those who wish to protest this plan have until April 4, 2005, to send their comments to PassportRules@state.gov. I urge you to send in emails asking State to abandon this wireless approach, and that they instead use a system that requires contact. Do it, before someone dies.

path: /security | Current Weblog | permanent link to this entry