Ed Felten on Passports
Yesterday at CFP, I saw an interesting panel on the proposed radio-enabled passports. Frank Moss, a State Department employee and accomplished career diplomat, is the U.S. government’s point man on this issue
In the Q&A session, I asked Mr. Moss directly why the decision was made to use a remotely readable chip rather than one that can only be read by physical contact. Technically, this decision is nearly indefensible, unless one wants to be able to read passports without notifying their owners — which, officially at least, is not a goal of the U.S. government’s program. Mr. Moss gave a pretty weak answer, which amounted to an assertion that it would have been too difficult to agree on a standard for contact-based reading of passports. This wasn’t very convincing, since the smart-card standard could be applied to passports nearly as-is — the only change necessary would be to specify exactly where on the passport the smart-card contacts would be. The standardization and security problems associated with contactless cards seem to be much more serious.
Well, there you have it. Ed Felten asks, and the government can’t pass step 1 of Schneier’s 5 part test:
- What problem are you trying to solve?
- How well does this measure solve the problem?
- What other security problems does the measure cause?
- What does the security measure cost?
- Given the answers to steps two through four, is the security measure worth the costs?
All the noise about reading distance is arguing about point 3, which we should never have reached.
I’ve covered this in RFID Passport data won’t be encrypted and The Open Passport, and in small bits have pointed to articles by Ian Grigg and Ryan Singel.