Last month I wrote about the U.S. government’s efforts to keep the pending electronic passport from being too secure. I still don’t know for sure why the government tried so hard to do this, but it’s beginning to look like we should apply the old adage “Never ascribe to malice what can be adequately explained by stupidity.”
Deputy Assistant Secretary of State Frank Moss spoke on a panel about electronic passports at the Conference on Computers, Freedom & Privacy in mid-April. Security guru Bruce Schneier and Barry Steinhardt, director of the ACLU’s Freedom and Technology Program, joined him on the panel.The idea that you can walk down a hallway in a hotel and pick out the Americans, is quite honestly, poppycock.Frank Moss>Text Moss said the government had received more than 2,400 comments on the electronic passport proposal. He said the passports, which are scheduled to be given to U.S. diplomats in August, would not be implemented unless the government was sure they would be safe.
He said the government was looking at a number of options, including building a Faraday cage into the passport to block scanning, but then he reiterated the passports could only be read by a scanner from a distance of 10 cm. He went on to say: “The idea that you can walk down a hallway in a hotel and pick out the Americans, is quite honestly, poppycock. The same thing goes for the bar in Beirut. These things can only be read at very short distances.” I expect Moss is right about the hotel hallway, but expect he is incorrect about the bar.
Third up on the panel was Steinhardt, who proceeded to give a live demonstration of scanning a passport, which was outfitted with an RFID chip of the type specified in the standard, at a distance of three feet. Moss finally seemed to have paid attention when this was demonstrated in front of him because a few days later, he told Wired News that the government was suddenly “taking a very serious look” at the scanning issue.
Disclaimer: Lasting lessons are what places like Harvard are all about but we prefer to not use public embarrassment to get a student’s attention.
–Bradner is a consultant with Harvard University’s University Information Systems. He can be reached at [email protected]
RFID and privacy: Debate heating up in Washington
RSA introduces RFID blocker technology