E-Passport In the Works

ExE122 writes "In an attempt to curb falsification of passports, the United States has placed an order for millions of embedded ID chips. 'The chips carry an encrypted digital photograph of the passport holder. The chip is designed to be read by a special device that will be used by U.S. government workers who check passports when travelers come through border crossings. The State Department began issuing what are being called e-passports to tourists last week and will gradually increase production. State Department spokeswoman Janelle Hironimus said existing passports will remain valid until they expire but, eventually, all U.S. passports — about 13 million will be issued in 2006 — will contain such chips.'"

10 years

[lawpoop (604919)]

Passports are valid for 10 years upon issue, IIRC. Are you telling me that secure passport tech will slowly be phased in over 10 years? Because we all know how often Americans travel overseas.

If anything, this will raise the value of existing non-RFID passports, since they are more easily modified to indentify someone else.

Americans traveling to other countries.

[krell (896769)]

"Because we all know how often Americans travel overseas."

Hey, I went to New Mexico twice in the last 6 years. That's fairly often, I think.

Re:Americans traveling to other countries.

[clickclickdrone (964164)]

I used to find the low number of Americans with passports rather scary and insular until someone pointed out you only get 2 weeks vacation a year. With the US being so big and varied, it would take you most of your life in 2 week chunks to check out home let alone foreign places.
Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday :-)

Re:Americans traveling to other countries.

[morgan_greywolf (835522)]

I, for one, welcome our new McDonald's-cramming, identity-stealing, drive-by-shooting North American overlo......

oh, never mind.

Re:Americans traveling to other countries.

[Maximilio (969075)]

Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

"Prefer?" I prefer quite a bit more time off. I would imagine most people do. The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground and causes them to change jobs on an average of every two or three years and careers on an average of every 10 or 15 years. You ask, stupidly, who pays for Europeans' 6 weeks holiday -- obviously as a cultural norm the employer shells it out. It's a quality of life issue.

But please, don't insinuate that just because you're a driven workaholic with nothing better to do that the rest of us would 'prefer' that lifestyle. I think, given 6 weeks of guilt-free holiday, most Americans would take it gladly.

Re:

[Mr. Underbridge (666784)]

So emigrate.

Re:

[phulegart (997083)]

what kind of contradictory Bullshit are you spewing? First you say...

"The problem is, U.S. corporate behavior is geared toward maximizing profits at the expense of the employees and an imaginary work ethic that drives people into the ground"

Which clearly indicates you believe that U.S. Citizens are pushed against their will to work as much as they do, because the CEOs and other corporate bigwigs want to increase the amount in their already overfull pockets. Then you say...

"But please, don't insinuate that

Re:

[Grishnakh (216268)]

Personally I've never had a job where I had 2 weeks official vacation time per year. And I'm a U.S. Citizen.

Sounds like you're either a workaholic, or you need a new job. I had 2 in my first job, 5 in my second job (state government; paid better than the private companies in the area were paying too!), and 3 in my third (current) job. And I've always been able to actually use that time. And in my current job, I get an additional 8 weeks off every 7 years. Not quite up to European standards, but much bet

Re:Americans traveling to other countries.

[PPGMD (679725)]

It can also be frustrating to those working on a tight schedule.

One of my clients is a developer company, based in Mexico City, but with offices in most of the vacation hot spots in the US (because they own high rises in all those cities). There were having issues with their ERM, because it was a fixit session it was scheduled between other trips, and I only had two days on site. Well that wouldn't have been an issue, if they didn't stop working everyday for 3 hours to have lunch and watch the World Cup.

I don't know what it is, but the way we work versus the way that work is done in Europe and Latin America, is hugely different. I like to relate, to the Super Market that was across the street from where I was staying in Amsterdam, they were open M-F 10am-5pm, for an American that is unfathomable, Europeans are used to it, and adept to it, and I did too (by adept I mean I mostly ate at restraunts that were open later in the evening) when I was there for 3 months on a project. But it's quite strange for someone who's last job involved making a 1am Taco Bell run during my 11pm - 11am shift.

Re:Americans traveling to other countries.

[badasscat (563442)]

Well, we 'take' 2 weeks (or 1 week, or whatever) a year. We do not 'get' 2 weeks a year. Americans can arrange their vacation vs. work time quite easily. As a nation, though, our cultural habits come down to preferring about 2 weeks per year.

Are you kidding me? "As a nation", we take what we can get. And all we can get is 2 weeks per year or less.

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

Of course, us backwards wierdo liberal faggy Europeans get 6 weeks holiday.

Wow, who pays for that?

If the entire society accepts that this is normal, then no one pays for it.

Let's face it - the world works the way it does because we accept that the world works that way. If it worked differently, we'd accept that too. I mean, who's "paying" for the fact that you're sleeping 8 hours a day rather than working? You, and the rest of American society (at least to this point) has drawn the line at having at least enough time off every day to sleep. Nobody "pays" for that; that's just the way society has chosen to work. Could companies make more money if all of their employees worked 24 hours a day, 7 days a week? Sure. But you don't "pay" for something that never existed in the first place. That downtime is just downtime, not a debt that needs to be paid.

We Americans are overworked. We work more hours, on average, than any other nation in the world (yes, including places like Japan, which lets its employees have an average of 25 non-weekend days off per year). But it's not by and large because we want to, it's because we're demanded to and because employers have decided for us that this is the cultural norm. Someday, maybe we'll get in step with the rest of the world and realize that there are more important things in life than work.

Re:

[Kadin2048 (468275)]

I don't think there's a man, woman or child alive that wouldn't want more than 2 weeks vacation. This is not a "cultural habit", this is just the dynamic of our employer/employee relationship. Employers want to ride their employees as hard as they can and employees are just doing all they can not to get fired.

I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

Actually, very few people in my line of w

Re:

[TClevenger (252206)]

I disagree. I know a lot of people who don't even take their available 14 days/year of vacation, even though they're not at any risk of being fired if they did.

Out of the people who I've encountered who don't take their full 10 days (14 days? What country do you live in?), nearly all are concerned that either their work will pile up and overwhelm them on their return, or will get piggybacked onto their already overworked coworkers (and in return, they'll be picking up the slack for the coworkers.) Thus,

Re:

[Rosonowski (250492)]

I don't think there's anything about a minimum of vacation time, at least not for hourly wage earners. I don't get ANY vacation time, so any time I want to take off, I have to figure out how to make up the money.

Re:Americans traveling to other countries.

[Grishnakh (216268)]

Is your employer one of these places that works everyone 35 hours a week to get out of paying benefits?

You say this like it's a bad thing. Employees need to stop worrying about their little personal lives and worry more about providing shareholder value. Not taking any vacation, working unpaid overtime, etc. are all great ways to achieve this. How about some volunteer work? Volunteer to work weekends, for no pay. Or volunteer with your spare time to do chores, like yardwork, for your boss so that he can concentrate on providing more shareholder value.

Won't somebody please think about the shareholders??!!

Re:

[HungWeiLo (250320)]

here [arstechnica.com]

This, of course, runs contrary to the common view that American workers are lazy and unproductive. However, there is an interesting catch. Because workers in the US tend to put in more hours than their European counterparts, the rankings change when you look at productivity per hour worked.

Norwegians lead the world with an output of $38 per hour worked last year. French workers were in second place, averaging $35 an hour, the report said. Belgians were third at $34, followed by Americans at $

WHY?

[rkhalloran (136467)]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

Re:WHY?

[gEvil (beta) (945888)]

It's all about appearances. Nothing more, nothing less. If the general population thinks that high-tech passports are more secure, then high-tech passports are what they general population will get.

Re:

[muellerr1 (868578)]

Either that, or some chip manufacturer is in bed with the government.

Re:WHY?

[Red Flayer (890720)]

A 'chipped' passport would be susceptible to drive-by scanning, adds nothing a mag-stripe couldn't, and will likely be more expensive to implement. What's the point?

The same reason we can't take bottled water on an airplane -- pandering to gullible voters.

Re:WHY?

[eno2001 (527078)]

Because... some stupid fucking PHB somewhere heard that RFID is the "next big thing (TM)" and just had to have it before those damn Canadians do. I honestly think that's all it comes down to. Someone thinks RFID sounds cooler than 70s mag stripe technology. If you ask me it's fucking stupid. Of course what do I know, I hate the direction the United states has taken the past six years. I'm fucking trapped here though because I can't just afford to pick up and leave. Have to make the best of in these hard times.

Re:

[supabeast! (84658)]

"What's the point?"

It has TECHNOLOGY! The technology will solve all out problems! Next we can add encryption to the technology so that it will be even more technological! And because Americans can't even wrap their heads around evolution, there's no way this nation of idiots will figure out what a load of BS this is and demand that politicians stop wasting resources on pork like this and actually get something done!

Re:WHY?

[amliebsch (724858)]

If the chip only carries an encrypted photo of myself, then thieves can't steal any information that they couldn't get by looking in my general direction. But it does make the passport much more difficult to forge, and more difficult to use fraudulently. That seems pretty reasonable to me.

Re:

[Lord Ender (156273)]

The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

Re:

[Andrewkov (140579)]

This technology will just encourage unlawful face transplanting. Haven't you seen that John Travolta movie?

BECAUSE!

[TiggertheMad (556308)]

The point is to give everyone a digitally-signed copy of their OWN PHOTO. If a thief gets his hand on that, it won't help him unless he looks just like me. That's the point.

Ah, but what if the 'Thief' doesn't want to so much steal your identity, as pick an American tourist out of a crowd of hundreds of other tourists? This isn't giving you a secure digital picture. It's painting a huge bulls-eye on your forehead...

Anti-skimming/eavesdropping measures

[SgtPepperKSU (905229)]

More info form department of state [sfgate.com]:

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients). Metallic anti-skimming material incorporated into the front cover and spine of the e-passport book prevents the chip from being skimmed, or read, when the book is fully closed; Basic Access Control (BAC) technology, which requires that the data page be read electronically to generate a key that unlocks the chip, will prevent skimming and eavesdropping; and a randomized unique identification (RUID) feature will mitigate the risk that an e-passport holder could be tracked. To prevent alteration or modification of the data on the chip, and to allow authorities to validate and authenticate the data, the information on the chip will include an electronic signature (PKI).

Re:

[dhasenan (758719)]

2d barcodes can't hold that much data; or rather, their data density sucks. You've got an analog portrait and you're trying to convert that to a binary 2d barcode in perhaps four times the area, with pixels that measure millimeters across.

If the power goes down, they won't authenticate passports. Perhaps at the Mexican border, they'll stop anyone who looks Hispanic until the power returns. Perhaps at LAX, they'll stop anyone who speaks with a non-American accent (those who have American accents have either

Already customs lines at SFO for this

[Skyshadow (508)]

Came back through SFO from Edinburgh yesterday and saw signs for a couple of dedicated test lanes for this (they were closed, but they were all set). I was wondering what the heck it was about.

American Made

[neonprimetime (528653)]

A German semiconductor company with offices in San Jose said Monday that it has received an order from the U.S. government for millions of identification chips that will be embedded in passports to help prevent fraud at border crossings.

Why do we always have to get everything from the Germans? (beer & cars for example) Why can't the government contract this out to good ol' American workers? Especially since it deals with National Security?

encrypted?

[Lord Ender (156273)]

When they say "encrypted," do they actually mean digitally signed? Being able to provide a digitally signed (by a government key) passport photo in a machine-readable form would be good for security.

But simply encrypting the message with a symmetric key (as seems indicated by the blurb) would be bad for security, because many people would have the key, and so it would provide a false sense of security.

Scene at the customs office

[krell (896769)]

"Mr.... let's see 5AVE On Va1iumViagraCialis? Yes, everything checks out. Welcome to America!"

I blame it on the lack of logic today

[MikeRT (947531)]

One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak:

1) All computer security systems have been defeated.
2) This is kinda like one of them thar computer security systems that has been defeated.
3) I'm carrying this thing around the world, and any schmo who can defeat it, can identify me faster than the police can.
4) There are a lot of terrorists and terrorism sympathizers who'd just love to off me because I'm American.

If you aren't careful, you'll be broadcasting enough info out there that you'll be easily victimized.

Re:I blame it on the lack of logic today

[pilgrim23 (716938)]

Entebe Incident; The Hijackers went around the plane asking for Israeli Passports. Now it is so much easier. Welcome to the new world of "Wand and Shoot".

Re:

[kevin_conaway (585204)]

One of the things that is a lot more common today than it has been in American history, yes, even back in the "bumpkin days" of America pre-industrialization, is that people just don't critically think anymore. "Special device?" Anyone with a modicum of critical thinking skills would look at a few simple things and freak: 1) All computer security systems have been defeated. 2) This is kinda like one of them thar computer security systems that has been defeated. 3) I'm carrying this thing around the world,

More Lack of Logic

[dereference (875531)]

Well, according to the TFA: The chips carry an encrypted digital photograph of the passport holder..

Remember everyone, just by going out in public you are letting the world know what you look like! Time to start investing in brown paper bags

You seem to be missing the whole point here. According to logic, it doesn't really matter what contents are being stored on this chip. It could be an encrypted random number for all anyone cares, since (as the GP correctly noted) the very existence of any such

anti-pirate passports!

[invader_allan (583758)]

We all know that paper is so easy to modify, so we need to go to chips. Chips are more secure, while harder to duplicate. Like game chips, which don't get coppied freely like paper products such as books. Books can also be "emulated" in pdf or e-text formats. Chips can't be emulated or falsely burned with someone elses data!

Heh heh

[rice_burners_suck (243660)]

I bet there won't be a device in existance that can actually read the chip that will be embedded in these passports. I say that because my Permanent Resident card (greencard) is supposedly the most advanced ID card ever made, with all kinds of weird embedded information and whatnot, making it impossible to counterfeit. Or at least that's the theory, because although they spend ridiculous amounts of money to make these cards contain all that personal information, there is reportedly not a machine in existance that can read the information off the card. Typical government nonsense. It's like trying to invent the modem with enough funds to build just one.

And if we're already on the subject of the government, why are they spending all this money to make sure passports can't be faked, greencards can't be faked, etc., if there is absolutely positively nothing being done to stop the flood of immigrants, criminals, drugs, and terrorists that are crossing our totally unprotected borders into this country every day? Every time this issue comes up, idiots say it's racism. Sorry, it's not racism to stop people and things that shouldn't be here illegally from coming here illegally.

bomb makers can now target americans

[RichMan (8097)]

So now the bomb makers can design bombs to explode when a certain number of american passports are within range.

They don't need to correctly talk to the passports only determine that they are american passports.

Re:

[moosesocks (264553)]

Not sure why this was modded as funny.

This could potentially become a huge problem for Americans traveling overseas, especially considering that the Government advises Americans abroad to not advertise the fact, while at the same time, they're equipping us with radio beacons that scream "HEY! OVER HERE! THAT'S RIGHT! HERE! LOOK! AMERICAN! AMERICAN!"

US Department of State announcement

[SgtPepperKSU (905229)]

I actually ran into this a few days ago while looking into getting a passport. They announced [state.gov] this on the 14th.

The Department of State has employed a multi-layered approach to protect the privacy of the information and to mitigate the chances of the electronic data being skimmed (unauthorized reading) or eavesdropped (intercepting communication of the transmission of data between the chip and the reader by unintended recipients).

It seems the passports will come with their foil hats pre-installed ;-)

Been thinking about this one.

[NiteHaqr (29663)]

What with the UK government wanting to force an ID card on us - seems applicable to Passports/Driving Licenses too.

Take a standard Credit Card sized plastic card.

Put a chip on it like credit cards use - not an RFID tag, just a simple chip that can store ONE piece of info.

That piece of data will be unique to that person, and is their ID in the system.

On the card we print a photograph, their name and date of birth.

When the card is presented at an appropriate terminal, a database lookup is done for the ID. The card reader then displays a "virtual" version of the card.

Visual inspection will allow the person doing the Identity Check to confirm the persons ID.

ID cards to be updated every 5 years, replacements for lost/stolen/damaged to be charged at cost, and be available within 2 working days, with designated places (like police stations) being able to print out temporary ID papers until replacement card arrives.

As long as downloads to terminals are encrypted, and the credentials of the operatives inputting data onto the system are checked, we have a secure system with no privacy concerns that SHOULD be cheap to implement.

Other systems, Passport Control etc could be tied to the database with your ID reference number becoming your Passport number - Give each person a pin number (or if you really insist use biometric information) and you have a bank/credit card that should also help prevent fraud.

Anyone see any holes in my plan?

Re:

[morgan_greywolf (835522)]

Anyone see any holes in my plan?

Yep. Reliance on a very large central database. What if the database goes down? What if the database gets hacked? With the very large number of people you would have to have entering data into the system, chances are one or more those people will allow unauthorized access into the system, either intentionally or unintentionally.

What if the person checking ID loses connectivity to the database?

Example: I want to steal $25,000 out of your account. I forge your passport, c

I don't see the problem here...

[Androclese (627848)]

It's an arms race against those that would forge a US Passport; they are using technology to make the Passport better. We know they are being faked right now under the current technology, so now they have added this chip with a digital picture of you to make it harder for them to duplicate.

Will it eventually be hacked/copied? Yes. Does that mean we throw up our hands in the air and stop trying? Taking a defeatist attitude gets us nowhere. When this one gets hacked, we'll add more forgery deterrents. Take at look at the US currency; its the same thing.

It is just one more tool we can use to keep pace/ahead with those that want to forge them.

Re:I don't see the problem here...

[lawpoop (604919)]

I agree that we need to continue to constantly increase our security measures, but I believe there is a danger in supposed security measures which actually *don't* increase security. It causes the users of such measure to relax their guard, assuming that they are safe when they actually may not be.

As far as anti-counterfeiting measures, the 9/11 terrorists had valid passports and IDs, so how exactly would this prevent terrorism? If an immigration official lets his guard down because a person has an RFID passport, he may be ignoring other tip-offs that would alert him to suspicious activity. This would probably only really effect illegal immigration.

Again, no one is saying that we shouldn't increase security measures. But let's not claim that this is a panacea, or going to do something that is actually can't. Americans seem to have the belief that some simple technology will solve any problem we encounter. The reality is that we have to hire and train competent personnel in immigration and security. Mass surveillance, face recognition, gait recognition, etc. will not keep us safe from terrorism; motivated terrorists will always outsmart the machine or system. What we need is human intelligence, building contacts and infiltrating groups. These sorts of technological fixes are just to pacify jittery Americans into thinking that something is being done.

Re:

[Sycraft-fu (314770)]

Yep, it's just like any of the other security advances. The passport revision just prior to this one, the one I have, already has a hidden pciture on it. It's on the opposite side of the main picture and shows up only under UV light. Agian something that is possible to duplicate (I mean of course it's possible to duplicate, it was possible to make it in the first place) but it's another layer.

The idea is that the easiest method of passport forgery is just to alter the picture. You nab my passport, stick you

The Main Reason is it's Faster

[mpapet (761907)]

Forget about the so-called security. It's "secure" to the vast majority of voters.

The objective is to be able to process more people through customs faster and with more data captured as they get off ever-bigger airplanes.

This doesn't address a control point failure (customs) which is inevitable, but it looks good on paper and sounds really good.

FYI: Yes it's possible to store a picture and a fingerprint template on the contactless modules in question, but more likely it's storing a hash that looks the data up in a DB. Sending a picture file or a fingerprint template across the reader would be pretty slow.

And the obvious problem is...

[Moraelin (679338)]

So I went to the shop yesterday to buy a couple of PSP games. So I pull out my plastic debit card to pay with it. They have these numeric pads with a slot for the card and a small LCD display around here in a lot of shops. (The super-markets and such just ask you for a signature, but almost everyone else has a PIN pad.)

"Oh," says the clerk, "the connection's been down the whole afternoon."

It's not even the first time something like that happens. It's not often, but it does happen.

So for purchasing games or groceries, ok, I can just pull some banknotes out of the wallet. But it kinda scares me that I'd have to depend on something like that at an airport.

How it works in Germany

[ai3 (916858)]

In Germany we have RFID passports since last year. This despite much criticism (the old passports were considered one of the most secure documents ever). The new passport costs 59 euros, the old one was just 26 euros, so I got myself an old one just before the deadline.

In my opinion, the e-passport was largely introduced to secretly subsidize the biometrics sector: The interior minister responsible for the e-passport, Otto Schily, joined two biometrics companies this month :)

Source (german only, sorry): http://www.silicon.de/enid/cio/21505 [silicon.de]

Yes, also

[gerf (532474)]

You can throw your new one in a microwave just in case :D

Re:

[Dun Malg (230075)]

Oh, and the thing is described as "biometric" which can't be right, as they've never taken any biometrics from me.

From www.passport.gov.uk
"How will facial biometrics work? Facial recognition will map various features on the face, for example, the distances between eyes, nose, mouth and ears. The measurements will be digitally coded and held on an electronic chip secured in the passport page."

Your passport required a picture, right? Congradulations! You have been biometricized!