Shostack + Friends Blog Archive


Ed Felten on Passports

Yesterday at CFP, I saw an interesting panel on the proposed radio-enabled passports. Frank Moss, a State Department employee and accomplished career diplomat, is the U.S. government’s point man on this issue

In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners — which, officially at least, is not a goal of the U.S. government’s program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn’t very convincing, since the smart-card standard could be applied to passports nearly as-is — the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.

Well, there you have it. Ed Felten asks, and the government can’t pass step 1 of Schneier’s 5 part test:

  1. What problem are you trying to solve?
  2. How well does this measure solve the problem?
  3. What other security problems does the measure cause?
  4. What does the security measure cost?
  5. Given the answers to steps two through four, is the security measure worth the costs?

All the noise about reading distance is arguing about point 3, which we should never have reached.

I’ve covered this in RFID Passport data won’t be encrypted and The Open Passport, and in small bits have pointed to articles by Ian Grigg and Ryan Singel.

4 comments on "Ed Felten on Passports"

  • Cypherpunk says:

    It is widely recognized that contactless chips would be more reliable than a contact based system. Even the critical analysis at conceded, “Our supposition is that ICAO guidelines favor RFID chips over contact chips because wireless data transmission cause less wear and tear than physical contact.”
    I have trouble even imagining how to physically design a contact based system for a passport that would protect the contacts from the environment while still allowing for quick and convenient reading. Compare that with waving a sealed, self-contained, environmentally protected RFID chip over a reader. It would be far easier, quicker and more reliable.

  • adam says:

    Wow. You mean there are smart cards that can’t be read once a day without causing problems? Someone better tell the Dutch and the French, who have contact-chip card based payment systems.
    I can easily see designs that incorporate a contact chip into the cover of a passport.

  • Jimbo says:

    Umm, who the hell crosses a border everyday?

  • adam says:

    It was a bit of an exaggeration, but there used to be folks who lived along the US/Canada border who crossed daily.

Comments are closed.