Feb 27 2006
Citizens Against Government Waste: porkerofthemonth
Citizens Against Government Waste: porkerofthemonth
Looks like RFIDs are going into passports after all. Nifty — now people don’t need to steal your passports in order to steal your identity. And your passports are going to quintuple (that’s 5x) in price.
Popularity: 2% [?]
Well, according to the link the cost to produce them will only quadruple, not quintuple. That aside, I’m not sure this is a smart plan. The thought that they’re not going to get cracked is rediculous. Everything gets cracked eventually. The best you can do is make it take a really long time. Although, I’m not entirely sure the high-power scanners are entirely accurate either. Sure, you can up the sensitivity to read one from across the room, but how well is that gonna work when there’s not one but 10-20 passports over there. All that noise is gonna make those weak signals hard to detect no matter what. But I think the mag stripes or barcodes are probably better solutions. That is going to severally limit the amount of information encoded, probably down to sum unique id key which will have to be bounced against some database somewhere. An implementation with its own problems, but probably a securer way of digitalizing them.
Those signals aren’t all that weak — keep in mind that they’re designed to be read. And it’s generally not a problem getting fairly sophisticated machinery within 10~20 feet of a person (or even many people in rapid succession): just put it in a computer case and walk around in a suit.
The biggest problem is that practically nobody wants them, there’s real concerns about their security and practicality, they are going to make things much more expensive, and yet we’re going full-steam ahead on spending the taxpayers money (without any real accountability) because it’s Kewl Tek.
Simply being able to mechanically identify me as an American has it’s problems. Imagine a bomb set to go off when someone with a US passport comes within 10 feet.
That an identity theft is a lot easier. But the thing that really worries me is that the main reason for this is to allow security to become more lax. Currently, when your passport is checked, you have to physically hand it over to a human being, who inspects it. Which means I need to be good enough at forging a passport to fool someone who has seen thousands of legitimate passports (the vast majority of passports are legal) who is holding my fake in his hand. Difficult- not impossible, but difficult. Now, all I need is something that looks vaguely like a passport on the outside and has the correct RFID response. An RFID response I can probably pick up just walking down the street. Much, much easier.
Yes, they’re designed to be read, from adistance of no more then 4 inches. Sure, with a stronger reader they can read it from farther away, but if you get 10-20 in a line, say of people at ain airport waiting to go through customs, all those signals broadcasting on the same frequency is going to make it difficult to pick any one out from much farther then a couple feet. I’m not saying this is in any way a perfect or even good idea, but to read the tags, someone is going to have to get pretty close to you. To merely identify someone as American maybe easier, because the mere eistence of the RFID signal may be enough for that. All of this making me prefer the scannable barcode plan even more.
By the way, this really isn’t “pork” in the classic sense. The bridge to nowhere, Alaska, was classic pork. Pork is the goverment spending money it doesn’t have to for no good reason- this is the goverment spending money for a bad reason. There’s a bigger problem here than just wasting money. This is up there with the goverment spending money to invade Iraq, or set up our own gulag system.
I wouldn’t say its for a bad reason exactly. I think there are probably some merits in wanting to modernize/digitize the passports. But I dont’t think this is a good way to do it. So I would say that they’re spending money for a good reason, badly.
Why do we have to “modernize”/”digitize” passports again?
I never said we had to, I said there probably were some merits to it. Having a digital database backing the passport could help prevent forgery. Print a scannable barcode or magnetic strip on the passports which the agents could scan and would display a digital copy of the passport information. That way they can check the physical copy against the digital for any alterations. If you don’t mind irritating the privacy people, it allows for effective monitoring of people leaving and entering the U.S. I’ll admit thats likely to be a touchy area and the uses of any such information can certainly be carefully discussed, but having the technollogy for it isn’t that bad. Along the same lines as the first, it enables the quick, effective dissemination of information such as warrants or other legal rulings which would interfere with a citizen’s right to cross the border. Not dealing in any way with law enforcement or immigration thats all I can come up with of the top of my head, but there may be others. Of course each of these or other reasons must be weighed against the cost and effectiveness of any implementation.
You’re assuming then, that the database would be kept accurate enough to credibly discount someone’s entry (or re-entry) into the United States? And that it would be more secure than the anti-forgery capabilities of the US Passport? And the expensive database system still wouldn’t protect against bribed customs officials, which (AFAIK) is the easiest way to circumvent the border security.
Yes, a good messaging system communicating which passports are bad, and the ability to have them uniquely identified, is a good thing. We have that already, though, in email. PGP encrypt it and now it’s a secure(r) system.
The problem which I have with both your statement and this whole movement of RFID is the assumption that somehow an expensive, complicated application of technology is the solution to these national security problems. We have the technology — the major holes in the system are much simpler.
First off, you’re two first complaints are both valid and irrelevant. Of course we need to make sure the system is implemented in such a way as to make it both secure and accurate. Any system which is badly implemented is bad, regardless. If a system can’t be done well, it shouldn’t be done at all.
That being said, I never said this was the solution, or even a solution. All I said was it might have some merit. I realize that there are a number of problems with the implementation and there are certainly a number of other security holes which need to be addressed as well. But that doesn’t mean the entire thing is bad, only that if it is to go forward, it must be done carefully and with the direct input of people in the relevant fields who know what they are talking about. And even if it is to go forward, that certainly doesn’t mean we should not take steps to address the other security holes.