Sunday, March 1, 2009

RFID Documents

New passports are already being issued with RFID chips onboard that can be read from a parked car with the right equipment as you drive by. Now it is proposed that this chip will go on your drivers license and in some cases, double as a passport, say between the US and Canada.

"Enhanced driver's licenses give confidence that the person holding the card is the person who is supposed to be holding the card, and it's less elaborate than REAL ID," Napolitano said in a Washington Times report.
The only way I can see this working is if the PIN number on the chip in the drivers license matches the PIN number in the chip embedded in the person carrying it. One hopes that Homeland Security will verify that the persons chip is in fact embedded in the person, and not being carried in a blood-stained zip-lock bag by the person with the license.

An item I can see becoming popular is a flat, metal, (Faraday cage) container, similar to the old cigarette boxes of the days of yore, that will hold your passport or wallet. Imagine the fun as you get pulled over when you drive past a police car because your license didn't register on the policemans reader. Even better, imagine the police thinking that your passenger, who, having nothing to hide, isn't masking his license, gets the ticket, because it was the only license readable as you drove by.

What could go wrong?

6 comments:

Anonymous said...

Coincidentally, I just came across these wallet hacks, via Dark Roasted Blend, and one of them is an RFID-shielded wallet. To block RFID, don't you just need to line one compartment with aluminum foil?

No point in asking the gub'mint what could go wrong -- they don't care.

BTW, did I give you a business card at the bash? Would'a' bugged you today, since I went on a bike ride past your neck of the woods, but I don't have any contact info.

Billll said...

Foil wrapping the document in question would certainly do the trick. I was thinking ahead to when more of them are chipped and individual wrapping becomes impractical.

I don't seem to have one of your cards, but I would have enjoyed even a relatively short ride.

I'll PM you with my contact info.

Anonymous said...

I'll PM you with my contact info

Don't think that's gonna work. And it highlights a technical problem. I'll just go ahead and ASSume that you're as reluctant as I to post a valid e-mail address, much less a phone number, in a blog comment. And you'd think that some whiz-bang code warrior would've come up with some secure way to exchange info without a lot of monkeying around. Some sort of 1-time token generator that unlocks a data item, but the token can't be used by anyone other than the intended recipient -- and we're off in the weeds re-inventing Diffie-Hellman.

Oh, I wasn't thinking about foil-wrapping individual items, just lining a pocket. But yeah, I can see the day when might need something the size of a cigarette case to shield all your various chipped cards. Or, what could happen (govt. wet-dream time) is everyone just gets a "secure" id token assigned at birth, and it works for all things, once it's registered with the provider, whether that be the SSA, your employer's physical access controls, passport, etc. No idea where you'd keep the thing -- speaking of blood-stained ziplocks.

cma said...

RFID Blocking Wallet:

http://www.thinkgeek.com/gadgets/security/8cdd/

Doug Sundseth said...

For contact, one of you folks should set up a throw-away yahoo email address. It's not like they'll run out.

8-)

Billll said...

Since the big threat is web-roaming spiders collecting e-mail addys, if anyone wants to get in touch, make propositions, send underwear, or issue fatwas, you may contact me at bllew at rmi dot net.