[OT] NH protest against HP printers with RFID chips Nov. 5th

Tue Oct 25 14:12:00 EDT 2005

I found the reference.  It was indeed Bruce Schneier.  "Identify people in
crowds" is in the next to last paragraph.

-Bill

http://www.schneier.com/essay-060.html

_____________________________________________________________________________
Does Big Brother want to watch?

By Bruce Schneier
International Herald Tribune
October 4, 2004

Since the terrorist attacks of 2001, the Bush administration -- specifically,
the Department of Homeland Security -- has wanted the world to agree on a
standard for machine-readable passports. Countries whose citizens currently
do not have visa requirements to enter the United States will have to issue 
passports that conform to the standard or risk losing their nonvisa status.

These future passports, currently being tested, will include an embedded
computer chip. This chip will allow the passport to contain much more 
information than a simple machine-readable character font, and will allow
passport officials  to quickly and easily read that information. That is
a reasonable requirement and a good idea for bringing passport technology
into the 21st century.

But the Bush administration is advocating radio frequency identification 
(RFID) chips for both U.S. and foreign passports, and that's a very bad 
thing.

These chips are like smart cards, but they can be read from a distance. A
receiving device can "talk" to the chip remotely, without any need for
physical contact, and get whatever information is on it. Passport officials
envision being able to download the information on the chip simply by 
bringing it within a few centimeters of an electronic reader.

Unfortunately, RFID chips can be read by any reader, not just the ones at
passport control. The upshot of this is that travelers carrying around RFID
passports are broadcasting their identity.

Think about what that means for a minute. It means that passport holders
are continuously broadcasting their name, nationality, age, address and
whatever else is on the RFID chip. It means that anyone with a reader can
learn that information, without the passport holder's knowledge or consent.
It means that pickpockets, kidnappers and terrorists can easily -- and 
surreptitiously -- pick Americans or nationals of other participating
countries out of a crowd.

It is a clear threat to both privacy and personal safety, and quite simply,
that is why it is bad idea. Proponents of the system claim that the chips
can be read only from within a distance of a few centimeters, so there is
no potential for abuse. This is a spectacularly na\ufffdve claim. All
wireless protocols can work at much longer ranges than specified. In tests,
RFID chips have been read by receivers 20 meters away. Improvements in
technology are inevitable.

Security is always a trade-off. If the benefits of RFID outweighed the
risks, then maybe it would be worth it. Certainly, there isn't a 
significant benefit when people present their passport to a customs 
official. If that customs official is going to take the passport and 
bring it near a reader, why can't he go those extra few centimeters that
a contact chip -- one the reader must actually touch -- would require?

The Bush administration is deliberately choosing a less secure technology
without justification. If there were a good offsetting reason to choose
that technology over a contact chip, then the choice might make sense.

Unfortunately, there is only one possible reason: The administration
wants surreptitious access themselves. It wants to be able to identify
people in crowds. It wants to surreptitiously pick out the Americans,
and pick out the foreigners. It wants to do the very thing that it
insists, despite demonstrations to the contrary, can't be done.

Normally I am very careful before I ascribe such sinister motives to a
government agency. Incompetence is the norm, and malevolence is much rarer.
But this seems like a clear case of the Bush administration putting its 
own interests above the security and privacy of its citizens, and then
lying about it.
_________________________________________________________________________
Bruce Schneier is a security technologist and the author of "Beyond Fear:
Thinking Sensibly About Security in an Uncertain World."