So I was talking with Stuart in Second Life the other night (another person I’ve managed to get hooked) and the discussion of travel came up. I mentioned that the likelihood of me getting to the UK were pretty slim now days and almost impossible for me to get to the US.

Why? e-Passports.

Before I’d read the article I’m about to mention, I already had reservations about any form of identification that contains an RFID chip/tag inside it. Simply put, it doesnt matter what sort of encryption you use, its digital, thus it can be cloned. Regardless of everything else, digital = bad for personal security.

Simply put, even if it means never leaving New Zealand again, I refuse to allow my personal information to be stored in an RFID tag on any of my own documentation. The closest I will ever permit would be a 3D barcode (similar to barcodes on your car registration but with more info.) RFID is bad. Its passive and its easily read from a distance.

Before I get in to the rambling, here is todays article that reminded me of this conversation I was having with Stuart.

A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy.

“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”

Hackers Clone E-Passports – Wired

All someone needs to do to read (or clone) the unsecured chip is to walk past you with a reader. Remember, requiring the printed code in the passport before the chip will give any useful info is optional. A country does not have to use that. A 12 volt reader can read up to 1000 RFID tags from a metre away. I know this because of all the fuss that was made around the time of WalMart requiring their suppliers to use RFID.

RFID readers are cheap. Especially to people that are intending to use them for something like this.

Essentially, this is why I won’t ever get an E-Passport, and thus why the chances of me ever visiting the US anytime in the future while this idiotic law is in effect are pretty much nil.

I value my identity. It may not mean much to anyone else, but my personal information and my personal identity define who I am. My IRD number, my drivers license number, my passport and so on. These are bits of information that no one else should ever have access to unless it is for truly legitimate purposes (such as tax purposes, or identification.)

The E-Passport that the US and others are forcing down our throats is a threat to the validity of my identification. Even with the metal mesh in the US version of the passport, the passport only needs be open even half an inch for someone to be able to read the chip. I don’t mind you tagging products in WalMart or any other store with RFID because that speeds things up. But this is a serious risk and makes identity theft even easier than it was previously.

Oh, but it really gets better later in the article on the second page. The emphasis below is my own. I’m pretty sure you can understand why I emphasised it.

Frank Moss, deputy assistant secretary of state for passport services at the State Department, says that designers of the e-passport have long known that the chips can be cloned and that other security safeguards in the passport design — such as a digital photograph of the passport holder embedded in the data page — would still prevent someone from using a forged or modified passport to gain entry into the United States and other countries.

“What this person has done is neither unexpected nor really all that remarkable,” Moss says. “(T)he chip is not in and of itself a silver bullet…. It’s an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government.”

Moss also said that the United States has no plans to use fully automated inspection systems; therefore, a physical inspection of the passport against the data stored on the RFID chip would catch any discrepancies between the two.

There are other countries, however, that are considering taking human inspectors out of the loop. Australia, for one, has talked about using automated passport inspection for selected groups of travelers, Moss says. [Emphasis added by Steve]

Hackers Clone E-Passports – Wired

Suddenly I’m even slightly afraid to go near the Australian borders. And thats the nearest neighbour to NZ.

I am guilty as anyone of it myself, but I honestly believe that the worst damage the terrorist acts against the US has done is forcing those with no clue to suddenly turn to Technology to attempt to solve their problems. Its one thing to drop a smart bomb on mountains in remote Afghanistan, or to blow up the home of an Iraqi terrorist, but this is entirely a different thing altogether.

Somethings should NEVER be automated. Driving a car is one of those things. Security is another. Hell, we don’t leave our receptions in our buildings unattended. Back entrances to buildings are very often watched by cameras. Many buildings have the highest secure areas of them buried deep within the heart of them and the entrance visible to a lot of people to ensure that anyone not permitted to enter them cannot.

We’ve come to the point where we live in a world more invasive than the world portrayed by Orwell’s 1984, without the communism involved.

Okay, maybe its not quite Tinfoil hat stage yet, but I’m definitely considering building a Faraday Cage ;-)

And I’m only half joking :-P