You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
New E-Passport vs Regular Passport-Vote Please
- Thread starter Sony2006
- Start date
The problem is that ePassports are readable "from afar". The government folks say inches, the security guys say maybe feet.
They are more secure. Your biometrics (picture, and I think fingerprints) and personal data are both printed on the passport and strongly encrypted within a chip inside it. When you hand the passport over to a border inspector, he can see your face, see the picture on the first page and see the picture of you that the chip stores.
I'm told that it is fairly easy to read and duplicate the data -- however it cannot be changed without detection. So, someone can duplicate your passport, but unless he looks a lot like you, it's not going to work to well.
The problem is with the RF/remote capabilities. Someone could dup your passport by standing close to you (it should make for some good movie plots -- grab someone's passport info by standing next to him and then having plastic surgery, ...).
That's not what folks are upset about -- the problem is that you can identify someone's nationality by remote sensing their passport. You visit a crowded market in a slightly unstable country, and a "bad guy" walks through the crowd looking for Americans by their passport signatures. Bad things then ensue.
It's not obvious why they didn't use contact readable technology (like a smart card) rather than RF/remote readable technology. I don't expect that the border folks will ever look at your passport info without physically holding it. They already machine read every passport they handle.
Bruce Schnier (the well respected author of "Applied Cryptography") has discussed this quite a bit http://www.schneier.com/cgi-bin/search/search.pl?Terms=passport+rfid&Realm=blog
(Not only am I not a lawyer, I'm not a security expert either)
They are more secure. Your biometrics (picture, and I think fingerprints) and personal data are both printed on the passport and strongly encrypted within a chip inside it. When you hand the passport over to a border inspector, he can see your face, see the picture on the first page and see the picture of you that the chip stores.
I'm told that it is fairly easy to read and duplicate the data -- however it cannot be changed without detection. So, someone can duplicate your passport, but unless he looks a lot like you, it's not going to work to well.
The problem is with the RF/remote capabilities. Someone could dup your passport by standing close to you (it should make for some good movie plots -- grab someone's passport info by standing next to him and then having plastic surgery, ...).
That's not what folks are upset about -- the problem is that you can identify someone's nationality by remote sensing their passport. You visit a crowded market in a slightly unstable country, and a "bad guy" walks through the crowd looking for Americans by their passport signatures. Bad things then ensue.
It's not obvious why they didn't use contact readable technology (like a smart card) rather than RF/remote readable technology. I don't expect that the border folks will ever look at your passport info without physically holding it. They already machine read every passport they handle.
Bruce Schnier (the well respected author of "Applied Cryptography") has discussed this quite a bit http://www.schneier.com/cgi-bin/search/search.pl?Terms=passport+rfid&Realm=blog
(Not only am I not a lawyer, I'm not a security expert either)
I like your thoughts and opinion!Flydog said:The problem is that ePassports are readable "from afar". The government folks say inches, the security guys say maybe feet.
They are more secure. Your biometrics (picture, and I think fingerprints) and personal data are both printed on the passport and strongly encrypted within a chip inside it. When you hand the passport over to a border inspector, he can see your face, see the picture on the first page and see the picture of you that the chip stores.
I'm told that it is fairly easy to read and duplicate the data -- however it cannot be changed without detection. So, someone can duplicate your passport, but unless he looks a lot like you, it's not going to work to well.
(Not only am I not a lawyer, I'm not a security expert either)
I would like to mention that even IF someone could read the passport's Infor off the chip, the info would not be useful to that person. As that info represent just a raw code doesn't have any meaning unless it was referenced and matched with the Department Of State Computer systems; which means that the "hacker" should also have access to the DOS computers, which is extremely difficult. And even in case that "hacker" could hack into the DOS systems, then it doesn't matter whether it is a conventional passport or Epassport!
Just a thought!
Sony2006 said:I like your thoughts and opinion!
I would like to mention that even IF someone could read the passport's Infor off the chip, the info would not be useful to that person. As that info represent just a raw code doesn't have any meaning unless it was referenced and matched with the Department Of State Computer systems; which means that the "hacker" should also have access to the DOS computers, which is extremely difficult. And even in case that "hacker" could hack into the DOS systems, then it doesn't matter whether it is a conventional passport or Epassport!
Just a thought!
Sony,
With all due respect I would suggest you to read the interesting Bruce Schnier link that Flydog provided. Just think that the original plan was to store all your information in the passport unencrypted and without any sort of protection against skimming (i.e. not any radio signal barrier). After an experts and public opinion backlash they introduced the access control. I don't know all the technical details (for this is better to read the articles). For one, I am not sure whether the access control is only to enable the chip to transmit, and whether the data goes encrypted or unencripted from chip to reader. Anyway, an authorized reader (as far as I know in any country) should be able to read your chip data. No need to connect to DOS, or anything like that. If you travel to whoknowswhichistan their immigration people should be able to collect easily all the data in your passport and picture and store it in a database for their viewing pleasure. This passport just makes it easier to collect your personal information.
Again, from past experience with other technologies I think it is just a matter of time (not much) that the security of the passports will be broken. Again, think about it, the government didn't want to put any security in the first place, so do you think they'll care much if their protection scheme gets broken? I kind of doubt it.
My 2 cents.
Flydog said:The problem is that ePassports are readable "from afar". The government folks say inches, the security guys say maybe feet.
They are more secure. Your biometrics (picture, and I think fingerprints) and personal data are both printed on the passport and strongly encrypted within a chip inside it. When you hand the passport over to a border inspector, he can see your face, see the picture on the first page and see the picture of you that the chip stores.
I'm told that it is fairly easy to read and duplicate the data -- however it cannot be changed without detection. So, someone can duplicate your passport, but unless he looks a lot like you, it's not going to work to well.
The problem is with the RF/remote capabilities. Someone could dup your passport by standing close to you (it should make for some good movie plots -- grab someone's passport info by standing next to him and then having plastic surgery, ...).
That's not what folks are upset about -- the problem is that you can identify someone's nationality by remote sensing their passport. You visit a crowded market in a slightly unstable country, and a "bad guy" walks through the crowd looking for Americans by their passport signatures. Bad things then ensue.
It's not obvious why they didn't use contact readable technology (like a smart card) rather than RF/remote readable technology. I don't expect that the border folks will ever look at your passport info without physically holding it. They already machine read every passport they handle.
Bruce Schnier (the well respected author of "Applied Cryptography") has discussed this quite a bit http://www.schneier.com/cgi-bin/search/search.pl?Terms=passport+rfid&Realm=blog
(Not only am I not a lawyer, I'm not a security expert either)
Bruce is practically the only one constantly writing against the e-passport. OK, somebody has to be against, just like in anything in the world. Everytime something new happens, somebody will be against it. I know of several guys who constantly for instance prophet a catastrophy on the stock market (even amidst the greatest bull times), or impending apocalypse. It is normal that there will always be people with an opposing opinion. If he turns out right, than he will become a celebrity. If not, nothing happens.
In the 1990s, he objected to Clinton administration attempts to stifle the spread of encryption, the science of obscuring data to keep it secret. Schneier stressed then that computer cryptography was of huge economic value because of the security it gave companies and people against intruders. He soon admitted he was wrong.
However, what Burce has failed, is to show how unsecure the passport is. Especially with the BAC. So, it is only words that we have so far. All he has to do is to demonstrate how can you read the passport from the crowd. But, he has not done that. Now, it is not true that you can stand in the crowd and somebody will read your data. Even if you stick your passport wide open (without the protective shield) , it first has to be swiped in order to be read. Even Bruce recognizes that:
http://www.schneier.com/blog/archives/2005/08/rfid_passport_s_1.html
Even he claims that if this is the way it is, he is not against the epassport.
Thank you for your opinion. I am not offended by your thoughts; it is more exciting like that.Huracan said:Sony,
With all due respect I would suggest you to read the interesting Bruce Schnier link that Flydog provided. Just think that the original plan was to store all your information in the passport unencrypted and without any sort of protection against skimming (i.e. not any radio signal barrier). After an experts and public opinion backlash they introduced the access control. I don't know all the technical details (for this is better to read the articles). For one, I am not sure whether the access control is only to enable the chip to transmit, and whether the data goes encrypted or unencripted from chip to reader. Anyway, an authorized reader (as far as I know in any country) should be able to read your chip data. No need to connect to DOS, or anything like that. If you travel to whoknowswhichistan their immigration people should be able to collect easily all the data in your passport and picture and store it in a database for their viewing pleasure. This passport just makes it easier to collect your personal information.
Again, from past experience with other technologies I think it is just a matter of time (not much) that the security of the passports will be broken. Again, think about it, the government didn't want to put any security in the first place, so do you think they'll care much if their protection scheme gets broken? I kind of doubt it.
My 2 cents.
oh by the way, one post will do!
Thanks,
Sony2006
You are bowing the seed (by paying the addtional fee) unfortunately you will not be/are not able to get the benefits and I am sure someone else will -later.
bashar82 said:What I don't like is that I paid the security/biometric fee for the new epassport, yet I was issued the regular MRP which is valid till 2016.
Same here!bashar82 said:What I don't like is that I paid the security/biometric fee for the new epassport, yet I was issued the regular MRP which is valid till 2016.