Quoting Tyler Durden <[EMAIL PROTECTED]>: > And since one's passport essentially boils down to a chip, why not implant > it under the skin?
You say that as though it hasn't been considered. > As for the encryption issue, can someone explain to me why it even matters? It doesn't, actually. There is no clear and compelling reason to make a passport remotely readable, considering that a Customs agent still has to visually review the document. And if the agent has to look at it, s/he can certainly run it through a contact-based reader in much the same way the current design's submerged magnetic strip is read. > It would seem to me that any "on-demand" access to one's chip-stored info is > only as secure as the encryption codes, which would have to be stored and > which will eventually become "public", no matter how much the government > says, "Trust us...the access codes are secure." http://wired-vig.wired.com/news/privacy/0,1848,67333,00.html?tw=wn_story_related This story says the data will be encrypted, but the key will be printed on the passport itself in a machine-readable format. Once again, this requires manual handling of the passport, so there's *still* no advantage to RFID in the official use case. > (ie, they want to be able to read your RFID wihtout you having to perform > any additional actions to release the information.) Yup. Bruce Schneier nailed the real motivation almost a year ago: http://www.schneier.com/blog/archives/2004/10/rfid_passports.html Interestingly, even the on-document keying scheme doesn't address the fundamental problem. Nowhere is it said that the whole of the remotely readable data will be encrypted. If a GUID is left in the clear, the passport is readily usable as a taggant by anyone privy to the GUID->meatspace map. Without access to the map, the tag still identifies its carrier as a U.S passport holder. Integrating this aspect into munitions is left as an exercise for the reader. > The only way I see it making a difference is perhaps in the physical > layer...encryption + shielding is probably a lot more secure than encryption > without shielding, given an ID "phisher" wandering around an airport with a > special purpose briefcase. This isn't about phishing. That's just a bonus. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not "It's just this little chromium switch, here." - TFT SpamAssassin->procmail->/dev/null->bliss http://www.rant-central.com