Thanks, Edward, any guess what we will have to pay for (the privilege of
being globally tracked by these) new passports?
CC
==========================================================
On Sun, 30 Oct 2005 17:14:53 -0000, Edward Hasbrouck wrote:
> [Originally posted elsewhere, but I thought it
> would also be of interest to this group.
> Feedback welcomed here or in my blog. FWIW,
> Norway this month began issuing _unencrypted_
> RFID passports, so it isn't _just_ the USA.]
>
> This column with links:
> http://hasbrouck.org/blog/archives/000869.html
>
> ===============================================
>
> Just when the families on the reality-TV show about
> travel around the world, "The Amazing Race 8", finally
> left the USA in tonight's episode, the USA Department
> of State today took the latest in its recent series of
> regulatory actions to make it more difficult for other
> families like them to take that first step across the
> borders of the USA, and less likely that they ever
> will.
>
> Under a final rule published today (70 Federal
> Register 61553-61555) and effective immediately,
> secretly and remotely readable RFID chips will be
> embedded in all USA passports:
>
> [T]he first issuance to the American traveling
> public [is] slated for early 2006. By October
> 2006, all U.S. passports, with the exception
> of a small number of emergency passports
> issued
> by U.S. embassies or consulates, will be
> electronic passports.
>
> The Passport Office's attempt to sell its critics on
> the "e-passport" scheme was an unsuccessful fiasco ,
> and public comments on the proposal were
> overwhelmingly negative:
>
> We received a total of 2,335 comments on the
> introduction of the electronic passport....
> Specifically, concerns focused as follows:
> 2019
> comments listed security and/or privacy; 171
> listed general objections to use of the data
> chip and/or the use of RFID; 85 listed general
> objections to use of the electronic passport;
> 52 listed general technology concerns; and 8
> listed religious concerns. Overall,
> approximately 1% of the comments were
> positive,
> 98.5% were negative, and .5% were neither
> negative nor positive.
>
> As had been rumored (leaked?) over the summer, the
> State Department has made some changed to its original
> plan. Most of the data on the RFID chip in the
> passport (except, crucially, a fixed globally unique
> serial number) will be encrypted to reduce the risk of
> identity theft or passport cloning, and "anti-skimming
> material" (presumably a layer of metal foil or mesh)
> will be laminated into the passport cover to reduce
> the risk of surreptitious reading (except, crucially,
> whenever the passport is opened for even the briefest
> and most cursory visual inspection).
>
> Those changes might be sufficient to assuage those
> people whose primary concerns were about the ways RFID
> passports would facilitate identity theft, fraud,
> terrorism, passport forgery, smuggling, and other
> crimes.
>
> But as I've previously reported, those changes fail to
> address the use of RFID passports for commercial and
> government surveillance: transaction and position
> logging, data aggregation, and data mining.
>
> Each RFID chip has to broadcast a unique
> identification number, in the clear (unencrypted), in
> response to a query from any reader. (Readers are
> cheap and widely available, and will get cheaper.)
> This number is used to initiate communications with
> the reader, and to manage "collisions" if multiple
> chips are within range of, and replying to, the same
> (or another) reader.
>
> The single change to the RFID passport plan that would
> make the most difference -- dramatically reducing the
> usability of RFID passports for commercial or
> government surveillance , while having no effect at
> all on their use for security purposes -- would be to
> have the chips to generate and use a different random
> collision avoidance and session initiation ID in
> response to each reader query, instead of a serial
> number fixed for the life of the chip and the
> passport.
>
> (Under another part of the RFID passport regulations
> finalized last month, you'll have to get your passport
> replaced if the RFID chip fails -- at your expense, if
> you have deliberately disabled the chip.)
>
> As I understand it, there is no technical obstacle to
> using a dynamic, random (or at past pseudo-random)
> session ID. The only reason to use a static serial
> number, as the USA has deliberately chosen to do, is
> to facilitate the use of RFID passports as part of the
> travel panopticon of surveillance.
>
> If the regulations published today are put into effect
> without further change (as they likely will be unless
> they are successfully challenged in court), the serial
> number of the RFID chip in your passport will become
> the international analogue of your Social Security
> account number: the globally unique personal
> identification number through which every transaction
> or event with which it is linked can be positively
> correlated and compiled into a personal travel history
> maintained by government(s), or added to the
> multi-purpose dossier and profile maintained by data
> aggregators like Choicepoint and Acxiom (and available
> to anyone willing to pay for it, or to the USA
> government under the USA Patriot Act provisions for
> secret demands for commercial records).
>
> The government's plans were set back a year by massive
> public protest, but this time I think the proposed
> schedule for beginning to issue at least some RFID
> passports is real. Barring a successful lawsuit, after
> the start of 2006, you won't be able to tell when you
> apply for a new passport whether it will be one of the
> first ones with an RFID chip.
>
> All you can do to protect yourself is to get a new
> passport now that will remain valid for the next 10
> years. (There's no plan to invalidate existing
> non-RFID passports until they expire.) You can apply
> for a new or replacement passport at any time, for any
> reason, even if your current passport still has
> several years of validity.
>
> Given that the use as a session initiation and
> collision avoidance key of a serial number fixed for
> the life of the chip does not even arguably serve any
> security purpose, the only reason for the government's
> choice is to facilitate surveillance. And border
> guards will be able (regardless of which type of
> session ID is used) to capture and decrypt the
> entirety of the personal data on the passport and the
> chip, including a digital photo. So the only possible
> reason not to use a different ID number for each
> "reading" of the chip is to facilitate use of the
> fixed ID number by entities other than governments, at
> places other than borders. In other words, this part
> of the scheme is being forced on us by the USA
> government solely to make it possible for data
> aggregators and data miners to track our movements and
> activities, for their profit. And we'll be required to
> bear the cost through increased passport fees.
>
> Why would the State Department go out of its way to
> give businesses a tool for tracking and compiling
> dossiers about us? Presumably, the government hoped
> that doing this would get the "buy-in" of the travel
> industry (and perhaps) others) for the RFID passport
> plan. It will probably work: the travel industry is
> eager for "location-based" marketing data and customer
> profiling as well as business process automation, and
> this will enable commercial users of RFID passport
> data to blame the government, instead of having to
> justify their data demands to their customers.
>
> Already, casinos use RFID frequent gambler "loyalty"
> cards not just to log the time, place, and amount of
> each bet, but to analyze the patterns of movement of
> gamblers on the casino floor and throughout their
> casino/hotel/restaurant/entertainment/resort
> complexes, recording in individual logs and profiles
> such things as when and how often gamblers leave the
> betting (spending) areas, and where they go: to their
> hotel room (perhaps to sleep, i.e. rest up to be ready
> for more gambling), to a restaurant to eat (refuel for
> more gambling), etc. Theme parks -- where all visitors
> can be required to carry admission tickets or badges
> with RFID chips -- are beginning to do the same.
> Unique fixed ID numbers in RFID chips in passports
> will make this possible for all businesses on a global
> scale.
>
> The problem with Social Security account numbers has
> little to do with how they are used by the Social
> Security Administration, and everything to do with how
> they are used for data aggregation by other, mainly
> commercial entities. The same is largely true of RFID
> passports, although the potential for direct abuse by
> governments remains higher for RFID passports than for
> Social Security account numbers.
>
> The State Department has failed to conduct the Privacy
> Impact Assessment which, as EFF and others have noted,
> is required before the proposed rules can take
> effect. And its limited analysis and response to the
> comments on the proposal is based on the fundamentally
> false claims that:
>
> It will not permit "tracking" of individuals.
> It will only permit governmental authorities
> to know that an individual has arrived at a
> port of entry.
>
> Both of these last two sentences are lies, and the
> State Department knows it. The root of the problem is
> the continued refusal of the State Department to admit
> -- even when I directly confronted the head of the
> Passport Office, Frank Moss, with this question at CFP
> -- that passports are ever inspected by anyone other
> than government authorities, or anywhere other than at
> government border-crossing checkpoints ("ports of
> entry").
>
> In fact, most passport checks are made by commercial
> entities, for commercial purposes, at commercial
> facilities, and are required as a condition of
> commercial transactions. Passports have to be opened
> for inspection by airlines, airport security
> (sometimes they work for and are regulated by the
> government, sometimes not), banks, currency-exchange
> offices, hotels, duty-free stores, and other
> businesses.
>
> Unless you want to travel without ever changing money,
> staying in a hotel, or using mass transportation
> (passports -- or national ID credentials of the
> country, which foreign travellers don't have -- are
> routinely required for travel by bus, train, and
> ferry, increasingly in the USA as they have been for
> years in many other countries), it's impossible to
> travel around the world without leaving a trail of
> times, places, and purposes for which your passport
> has been displayed.
>
> With an RFID passport that responds to any query from
> any reader with an unencrypted static ID number,
> you'll have to assume that whenever you open your
> passport, even momentarily, your position, the date
> and time, the nature of the facility or reason for the
> passport check, and the details of any associated
> transaction will be entered in your permanent file.
>
> Of course that could be done manually with a non-RFID
> passport, but it would be slow and costly for the
> business, and you'd probably know it was happening.
> With an RFID passport, what seems to be a cursory
> glance at a passport by a bored and inattentive person
> at a doorway could in really also include the
> invisible capture of the chip ID number and logging of
> the event in a central file (to which, in the USA, you
> yourself have no right of access) of information about
> you available for sale to all comers, and available to
> the government for the asking.
>
> "Social network analysis" of that file, in conjunction
> with others, will enable commercial or government data
> miners to identify those with whom you associate and
> the nature of your relationships:
>
> Hmmm. These two people showed their passports
> to enter this duty-free shop at Heathrow
> Airport 30 seconds apart in 2007, and to get
> on the same sailing of a ferry from Hong Kong
> to Guangzhou three years later. That's
> probably not a coincidence. If one of them is
> a
> suspect, the other one probably should be too.
> If one of them showed their passport at a
> money-changers in Maputo in May to convert
> Mozambican Metacias to South African Rand,
> there's a good chance the other one of
> them was nearby. Let's investigate them
> further.
>
> Similar concerns have also been raised in Australia,
> where the first Australian passport with an RFID chip
> was issued today to the Foreign Affairs Minister,
> Alexander Downer.
>
> It's especially problematic that this is happening at
> the same time that the USA is beginning to require
> passports, both for USA citizens and visitors, for
> everyone crossing the borders of the USA including
> travellers to and from Canada, Mexico, and some
> Caribbean and Central American countries where
> passports haven't previously been required.
>
> Along with the abolition of all provisions for transit
> of the USA without a visa (citizens of all Latin
> American countries need to pay US$100 and go through
> an elaborate visa application process just to change
> planes in the USA en route to or from Europe or Asia),
> the new rules will further discourage visitation to
> the USA from Mexico, Canada, and other countries, as
> well as travel to those countries by USA citizens who
> don't yet have passports. The USA is seeking comments
> through next Monday, 31 October 2005 on how much this
> will cost, but the total value of the lost spending by
> border crossers will be at least in the billions of
> U.S. dollars a year, possibly tens of billions.
>
> Welcome to America. "Your papers, please."
>
> ----------------
> Edward Hasbrouck
>
>
>
> "The Practical Nomad: How to Travel Around the World"
> (3rd edition, 2004)
> "The Practical Nomad Guide to the Online Travel Marketplace"
>
|
115500. Re: RFID passports
|
|
