Thursday, March 31, 2005

RFID Passports and stupid gov't use of tech for tech's sake.

Slashdot posted to Passport Chip Could Attract High-Tech Muggers as Re:Why include the info on the chip at all? :

They don't have to share all the data. They can set it up on a virtual network connected to the US computers. They send the information for only the specific passport requested.

Thus no foreign place would have more information than the current procedure.

This does open up the possibility of fishing -- remote customs database clients sending info requests for the passport info on people who are not actually present.
There's an easy fix for that risk -- embed a smartchip in the passport with public key crypto support, so when I go to a foreign border, their reader can query my passport, and get back a crytographic key (challenge, etc). They then sign this with their public key and forward to US Customs. When decrypted the passport datablock says "I am Nonesuch's passport, tell the nice people at the Canadian Border what you are willing to share about Mr. Nonesuch".