Original URL: http://www.theregister.co.uk/2004/05/20/us_passports/
US lubes passports with RFID snake oil
Mark of the Beast
Opinion As we reported recently, the US State Department will conduct a trial of biometric passports this Fall, with any eye toward moving to full production in 2005.
This scheme is supposed to help officials catch evildoers who are too thick to get biometric passports issued to themselves under false identities. It will, of course, be a great obstacle to knuckleheaded exploding-sneakers types like Richard Reid and loose talkers like Jose Padilla, although even moderately slick terrorists will not be affected.
Mug me, I'm rich
One of the more dubious aspects of the new regime is the so-called "smart chip," a spectacularly dumb RFID (Radio Frequency Identification) gizmo that might very well broadcast data indiscriminately to any device designed to receive it. There are several ways to design such a chip, and the preferred design, from a security point of view, would require the document and reader to be in physical contact. A passive chip can be read at a distance by a powered reader, but it doesn't have to be. However, it is likely, given the tech industry's lust for adding 'features' whether they're needed or not, that the chips will be readable from a distance. This would make it easier to move large herds of travelers through customs gates quickly, and it is likely to be pitched successfully on this basis.
Unfortunately, this would also make it easy for street criminals to scan crowds in search of naive foreigners likely to be in possession of decent quantities of cash, like Americans and Europeans, say. The RFID lobby has consistently neglected to address issues of personal safety when sensitive, identifying information is being broadcast secretly and indiscriminately by their nifty gizmos. Such electronic documents are a boon to street thugs looking for probably-rich tourists, and, more ominously, to sophisticated criminals and kidnappers.
Arrest me, I'm naughty
It's a minor blow to one's privacy when a packet of razor blades is chipped so that anyone with a reader can learn what brand you happen to like. But chipping personal documents such as ID cards and passports is tantamount to chipping people. A document that reveals your name, age, address, and more, that can be read from a distance without your knowledge by anyone for any reason, is a clear threat to personal safety, and, obviously, any semblance of privacy.
There is nothing, beyond a few laws that get weaker every year, to prevent overzealous Feds and similar government busybodies from setting up surreptitious readers, and performing silent, automated ID stops that one knows nothing about.
In a nightmare world quite conceivable after a few more terrorist atrocities, ID readers could be integrated with subway turnstiles, metal detectors, and scores of other daily nuisances and choke points. Data scanned could be sent to a database that is searched automatically for certain triggers. It might be some time before such intrusions become routine, but it is beyond doubt that the bureaucrats currently pushing the technology know perfectly well that this potential exists, and are secretly pleased by it.
Unlike the RFID aspect of the new passport scheme, which will actually bring harm to people, the biometric obsession is basically a harmless, if rather expensive, folly. Superstitious faith in biometrics is touching, but the technology is no worse than what we've got at the moment. Of course, it's also no better.
Bogus credentials are easy to come by, so if biometrics are intended as a security measure, implementation is going to trip up only the thickest and laziest of attackers.
It is quite easy to forge a birth certificate (or obtain one belonging to someone who died in infancy, approximately one's own age), and use it to establish a series of foundation documents such as a Social Security card, a driver's license, and a passport, which, in turn, can be used to register for college, get a job, establish credit, obtain licenses, housing, services and utilities, and so on. These secondary documents will be founded on a lie, all right; but they will be perfectly authentic and can be used with ease to scam the system. This is because authenticity, rather than accuracy, is the standard on which documents are accepted.
Such documents tell other people where you live, where you went to school, whether you're qualified to drive, and so on. But they don't establish who you are. Nevertheless, they are used as if they did, and adding a biometric feature only reinforces the popular illusion that they actually identify people. In fact, biometrics merely establish ownership of the document in question, regardless of whether it tells the truth or not.
For example, my picture-ID driver's license tells you that someone claiming to be named Thomas Greene is qualified to drive an automobile, and that I (whoever I might actually be) am the rightful owner of the document that proves it. Assuming that the document is authentic, when I present it to you, you can safely assume that I'm a properly licensed driver, but no more.
Mark of the Beast
At present, it's impossible for any bureau to know that one is who they claim to be. The only near-foolproof way to establish identity would be through universal DNA profiling at birth. After a few generations, virtually everyone could be identified with certainty, so long as DNA identification and verification is required, cradle to grave, for all transactions such as obtaining a birth, marriage, or death certificate, establishing credit, opening a bank account, buying, selling or leasing real property, registering to vote, obtaining a driver's license or a passport, enrolling in school, registering for military service, employment, and so on.
To be effective, the data would have to be collected without fail from everyone issued a birth certificate, and be made widely and easily available to anyone who wishes to verify it. And it would have to be verified routinely, to minimize the chance that one could obtain any useful documents without DNA identification. But since this scheme is so repulsive, and so closely resembles the mark of the Beast prophesied in Revelation, it is doubtful that it could be implemented without tremendous, and possibly violent, opposition from the public. Unless terrorists should accommodate the change by nuking a major city or something equally hideous.
But until something truly Biblical happens to break down people's resistance to being branded by their governments, we're going to have to accept the fact that motivated people can and will alter their identities, and that biometrics can do nothing to prevent it. We may accept digitized fingerprints and face scans as the new standards, but they're no more effective at identification than the analog photos and signatures we use today. The flaws in the system will remain the same.
The problem is not biometrics, which represent only a waste of money that could be better spent. The chief problem is the RFID element, which invites myriad abuses of personal data by the evil-twin forces of criminal exploitation and government paternalism. ®
Thomas C Greene is the author of Computer Security for the Home and Small Office, a complete guide to system hardening, online anonymity, encryption, and data hygiene for Windows and Linux.
US, Belgian biometric passports give lie to UK ID scheme
How to fool ID card system - give a false ID, say UK gov
DHS and UK ID card biometric vendor in false ID lawsuit
Everything you never wanted to know about the UK ID card
Biometric recognition gets right in your face
Airport security failures justify snoop system
Biometrics vendors face 'more lean years'
Campaigners fight biometric passports
NEC demos Big Brother biometric phonebooth