I don't travel all that much, but most of the travel I do is international. Living here in Cambodia there just aren't that many places to go, so even short trips usually wind up crossing international borders.
Perhaps this is why passports are really interesting to me. We just got new U.S. passports for our whole family, and they all have RFID tags embedded in them. They are really quite impressive looking documents, with many different types of anti-counterfeiting features, but they are the first documents I've seen that have an electronic component embedded. Actually, I should say the first documents I've noticed, since it is entirely possible that I've handled other documents that had some form of RFID tag (not counting the shoplifting protection things that bookstores used).
I must confess that I haven't paid much attention to the long process of working toward these electronic identity documents. So when I was issued one I felt a bit hesitant. It clearly is cool in the technical sense. If they hadn't increased the rigidity of the covers to protect the chip, I'm not sure I'd even know that the thing was in there. But whether I know it is in there or not, do I really want random people in the airport being able to read my passport as they walk by?
So I did what any self-respecting security-minded person would do and searched "RFID passport" on Google. I happily found that Bruce Schneier has written on this, along with essentially all other topics in the world of security. To summarize his positions, he started out worried and then as new privacy features were added, he got more comfortable with the designs. After reading his summaries, I agree.
There was a very good idea developed, and that is to use the optically-readable strip of numbers that includes the passport number as a key, and encrypt the data on the RFID chip using this key. That way, without physical possession of the passport, the chip is essentially unreadable. Good. Now I only broadcast the fact that I have one of these swanky new passports, not what is in it.
So then the question is, why have the RFID system in the first place? Currently the passport is scanned by officials, and that will continue. Just holding the passport next to a reader is cool, no doubt, but is there a good reason to have this system in place? Well, storing more data on the card (as is planned, including fingerprints and the like) is a good reason, right? That makes it more difficult to forge, assuming the small number of passport centers can sign all the data and keep control of the signing keys.
But here's where the plot really thickens. As this article points out (with quotes from Schneier again; is there anywhere the man doesn't turn up?) the technology is cool, but why isn't it contact based? Aren't smartcards cool too? Is it good to have American tourists, or even just foreigners, remotely detectable? You can normally pick out Americans based on the loud shirts and tube socks, but this is a bit more, um, automated.
I do think, however, that there are some advantages to the non-contact based RFID chips over a contact based solution. In the real world, contact points get dirty. A contact system needs, by definition, an exposed chip, or at least contact for the chip. That's going to reduce reliability and require more robust readers at points of entry. That's not a good thing. Simplicity is great, but if we're going to have biometric data in our passports, this system does seem to me to be pretty reasonable.
That being said, I haven't been back to the U.S. since I got the new passport. It will remain an open question in my mind until I actually start seeing these passports in use. I'm sure there will be some sort of attacks based on the RFID chip, but I do think that perhaps, just perhaps, the State Department has made a decent choice here. Any new system containing interesting data will of course be subject to attack, and there are some scary possible scenarios here, but for me at least, I'm going to sit solidly on the fence for a while longer.
Do any of you have experiences with the new e-Passports? Do they make things better or worse upon entry? Let me know.
Nathan Spande has implemented security in medical systems during the dotcom boom and bust, and suffered through federal government security implementations. Special to Dark Reading.