[Reader-list] Interesting article about ID cards with chips

[madhuri mohindar]

THE ECONOMIST: Have chip, will travel

Jul 17th 2009
*Why chips in passports and ID cards are a stupid idea*



A MONTH of tramping around Europe has given your correspondent a chance to
see how effective the new e-passports are at border crossings. Between them,
his family holds American, Japanese and British passports, each recently
renewed. Unlike previous ones, the e-passports contain biometric data
embedded in a radio-frequency identification (RFID) chip, along with the
usual mugshot and optical bar-code.



Although all new passports conform, more or less, to
standards<http://org2.democracyinaction.org/dia/track.jsp?v=2&c=J5I719ZX3VyV7umx%2FdulULXSV3TwYHxh>
laid
down by the International Civil Aviation Organisation, each country
implements the requirements somewhat differently. The new American
passport<http://org2.democracyinaction.org/dia/track.jsp?v=2&c=yrU3WhZz5wDJmiUvrorT1bXSV3TwYHxh>
sets
the gold standard. It has additional features built into it that make it
especially hard to counterfeit. The Japanese passport runs a close second,
while the British version comes a poor third.



 So far, the only biometric details stored in the new chipped passports are
facial measurements, including the distance between the holder's eyes and
the positions of the nose, mouth and ears. The measurements-extracted from
passport photographs using facial-recognition software-are digitally encoded
and stored in the RFID's memory along with a digitised photograph and
personal details.



The two main justifications for adding chips to passports are that they
improve security at border crossings and speed up immigration procedures.
Your correspondent thinks this is poppycock.



Take speed. The immigration officer still has to open the e-passport, read
its contents and then swipe its bar-code through an optical reader to get
the bearer's file up on a screen ready to ask a few questions. There,
normally, the procedure would end.



Next, however, the e-passport has to be placed over an inductive reader that
provides the radio-frequency energy to power up the passive RFID so it can
spit out its data. Moments later, the chip's contents appear on the screen,
ready to be compared with those printed in the booklet. If the two sets of
information agree, the passport is accepted as authentic.



In other words, all the chip does is confirm what is printed in the
passport. What it does not do is prove the holder is the person he or she
claims to be-no more so than a traditional passport did. If the person has a
reasonable likeness to the photograph-and therefore similar biometric
details-a stolen e-passport could readily be accepted. Or if the passport is
a fake and the chip cloned, it could just as easily pass muster. As always,
it will come down to the experienced eye of the immigration official-whether
it's a chipped passport or a traditional one.



How easy is it to clone an e-passport? The RFID chip is not supposed to
divulge any data until the reading machine on the immigration official's
desk authenticates itself by presenting an encrypted digital key. This has
to match another encrypted key that is generated from a string of data
scanned into the system from the optical bar-code printed in the passport.
Only when the two keys match can the chip be unlocked.



That, at least, is the theory. Unfortunately, not all countries have
implemented the "passkey" part of the process as well as they might have
done. Even the European Union admits that the security of its e-passports
was "poorly conceived". Indeed, no sooner had European authorities
introduced the new chipped passports than a Dutch one was hacked live on
television, with the participants gaining access to the owner's digital
photograph and personal details. Days later, a handful of British
e-passports were given the same treatment.



Part of the problem is the encryption keys themselves. Because they depend
on familiar groupings-such as passport numbers, places of birth and birth
dates-they tend to be highly structured sequences that are quite easy to
guess. That makes it possible for hackers to decode such keys in minutes
rather than hours. Also, because RFIDs broadcast their encrypted contents
over the air, eavesdropping is easy.



The official range of an e-passport's RFID is supposed to be no more than
ten centimetres (four inches). But with $100 worth of hobbyist gear, Israeli
researchers managed to skim encrypted data off e-passports from several feet
away. A student at Cambridge University in Britain went further,
intercepting e-passport transmissions some 50 metres (160 feet) away.



That was enough for State Department officials in Washington, DC, to insist
that American e-passports be fitted with metal sleeves to shield them, when
closed, from prying electronic eyes. The measures seem to be reasonably
effective, though e-passports that get wedged open slightly by keys or loose
change can still be read electronically from a distance.



Slightly open passports could leave holders vulnerable to physical attack.
Each country encrypts data in a characteristic way that terrorists could use
to identify the nationality of the person carrying the chipped passport. To
demonstrate the point, a firm called
Flexilis<http://org2.democracyinaction.org/dia/track.jsp?v=2&c=VdEqy7vkLbesDr4QcuznW7XSV3TwYHxh>
used
a partially opened American e-passport tucked in the pocket of a dummy to
trigger an explosion as it passed a dustbin containing a small charge.



As vulnerable as e-passports are to electronic eavesdropping and cloning
(which their non-chipped predecessors were not), they are nowhere near as
bad as the new generation of chipped identity cards that are finding their
way into people's pockets. Since June 1st Americans re-entering the country
by land or sea from Canada, Mexico, Bermuda and the Caribbean have had to
carry at least an Enhanced Driving Licence or a PASS card-picture IDs the
size of a credit-card with the bearer's identification number stored in an
RFID chip.



Certainly, chipped ID cards speed things up at borders. All you have to do
is hold the little plastic card to the windscreen as you approach the
checkpoint, and a scanner reads your unique identification number. Your file
is immediately downloaded from a central database for the immigration
officer to see on a screen. The officer can then wave you through or hold
you momentarily for questioning.



Speedy they may be, but chipped ID cards are horrendously insecure. When
prompted, they broadcast their unique identifier in plain text, without any
form of encryption or authentication, to anyone who is listening. And
because they are designed to be interrogated from distances of ten metres or
more, they are a doddle to intercept. Making matters worse, they rely on the
same RFID tags used by retailers, and can therefore be "locked" or "killed"
remotely by wireless commands. The scope for identity theft, chaos or worse
is unlimited.



Bizarrely, you can enter America on one of these pieces of plastic. What on
earth were the authorities thinking? Embarrassed officials are now appealing
to people carrying such ID cards to keep them safely tucked away in metal
sheaths. Truth be told, shielding them merely reduces the range from which
they can be read. The current record is 65 metres.



Meanwhile, the British government is scrambling to avert a similar fiasco.
Earlier this month, the Home Office announced a change of heart, saying its
proposed national ID card scheme would not now be compulsory. It also
deferred ordering equipment for making the cards until autumn 2010-after the
next election.



Britain's opposition parties have gone further, promising to scrap the hated
ID card system altogether, along with the central database that would hold
comprehensive files on everyone in the land. With a change of government
expected next year, Britons may yet be spared the insanities Americans are
now having to put up with.