Shostack + Friends Blog Archive


RFID passport data won’t be encrypted

Ed Hasbrouck, who in a more perfect world would be paid to be the TSA’s chief privacy officer, writes RFID passport data won’t be encrypted:

So an identity thief, using only the data secretly and remotely obtainable from your passport, will be able — without ever having actually seen you or your passport — to create a perfectly valid-seeming passport, with a valid encrypted and properly signed digital hash, with your photograph but a signature in their handwriting.

I haven’t read all his source documents, but what he writes, and what Schneier wrote show that the revision of passports is to make them dramatically more effective as mass-surveillance devices.

In my crotchety old man mode, I’ll mention that Hugh Daniels made buttons for CFP ’96 asking “Is Your Jew Bit Set?” showing how to encode information secretly in such schemes, and governments are just catching up.

(Via The Practical Nomad.)