Loss of Privacy

The Daily Mail has found yet more flaws in the new British RFID Passports by cloning a passport before it ever reaches the recipient and without opening the package. The “safest ever” passport is far from its slogan, leaving the British scratching their heads and wondering just what the hell is going on.

In just four hours, the Mail hacked into a new biometric passport and stole the details a people trafficker or illegal migrant would need to set up a life in Britain.

The passports are dispatched in white envelopes which are easily recognisable from the distinctive lettering and figures on the outside.

There is no identity check on the person signing for the passport when it arrives. In multi-occupancy flats they can be handed to anyone at the address. Thousands have already gone missing.

Four hours may seem like a lot of time, however, when the four hours is spent during the “in transit” time of delivery from the passport office to your home, do you really notice that time? Hackers can take their time, do the job right the first time, and be off with your identity before you even know something is wrong.

The Mail was helped by computer security consultant Adam Laurie, who advises public bodies and private companies on combating IT fraud. He discovered glaring weaknesses in the biometric passport’s security system.

The first flaw is that a hacker can try to access the chip as many times as he likes until he cracks the MRZ code. This is different to putting a pin number into a bank machine, where the security system refuses access after three wrong combinations are entered.

The second is that there are easily identifiable recurring patterns in the MRZ key codes issued. For example, the passport holder’s date of birth always features, as does the passport’s expiry date, which is ten years after the issue date.

Mr Laurie said: “I used public information and equipment that is legal. The software took me three days to write. It is incredibly easy to thieve data from the passports. It could be put onto another chip and implanted in a blank passport.”

If this is the safest ever passport, I fear for the British citizens who have had their passports go missing or that have them cloned. The only extra information the Mail needed was the passport holder’s date of birth, which they obtained in under two hours.

ICAO, which devised the system, anticipates that keys will be compromised, and puts forward steps that should be taken to protect the system when this happens.

The problem is that the UK government still refuses to believe that this can happen. A spokesman from the Home Office claimed that “We do not believe it would be possible to successfully forge a new passport by doing this. The security around the UK passport chip prevents anyone changing or deleting any of the data or information on the chip, which is what is required to successfully forge a passport.” How easy it is to simply ignore the problem instead of looking at what was done and how to prevent it from being done again. The Home Office merely ignores the problem and sticks its head back in the sand.

While, currently, you need to look similar to the person who is the legitimate owner of the passport, this is only the beginning of the story. The encryption has been cracked. Changing the photo is only a matter of time. You can keep the passport in a special covered booklet to prevent further tampering.

Let me reiterate what has happened here. THE PASSPORTS ARE CLONED BEFORE THEY REACH THE OWNER. This leaves the innocent owner completely unaware that THEIR PASSPORT WAS COMPROMISED IN TRANSIT. It seems that the new RFID passports, no matter which type and which country issues the passport, are there to facilitate identity theft and not prevent it.

The main point of these new passports is to speed up processing time at customs. This means that a lot of passports will no longer be opened. Theoretically, a fake passport can look real by a person looking like the real owner or a new RFID chip could be inserted with a new picture and keeping all other original data intact.

If you have one of these new passports, be afraid. I know I would. I’m still fighting to repeal these things and, hopefully, when my passport expires in 2013, I can have a good old fashioned passport and not one that makes it easier for thieves to copy.

While doing some research on another story, I came across the US government’s website for the new electronic passports’ FAQ.  Although factually accurate, many of the government’s answers led me to more questions and I decided to delve deeper into how my privacy will be affected under the new electronic passport system.

The very first question in the FAQ explains what an electronic passport is, but it fails to explain the details in order for a person to fully understand it.

An Electronic Passport is the same as a traditional passport with the addition of a small integrated circuit (or “chip”) embedded in the back cover.  The chip will store the same data visually displayed on the data page of the passport, a biometric identifier in the form of a digital image of the passport photograph, which will facilitate the use of face recognition technology at ports-of-entry, the unique chip identification number and a digital signature to protect the stored data from alteration.

While the second question in the FAQ attempts to clarify the answer to the first question, it still does not explain that the integrated chip is an RFID chip, nor does explain why this information is necessary in the first place.  The chip is storing the same data that is visible.  The customs agent is still going to have to look at the picture to verify if it is really you.  This does not matter if the customs agent looks at the actual photo on the passport or scans the chip to see the photo on a computer.  Visual verification is still needed.

The new passports will use photo recognition as a biometric, though other forms, such as fingerprints and iris scans, can be added later.  These will still need to be verified at each port of entry, which will still create lines.

Also in the FAQ are questions concerning security.

The special features of an Electronic Passport are:

• Securely stored biographical information and digital image that are identical to the information that is visually displayed in the passport; and
• Contactless chip technology that allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.
• Uses digital signature technology to verify the authenticity of the data stored on the chip.  This technology is commonly used in credit cards and other secure documents using integrated circuits or chips.

As mentioned before, securely stored information on the passport does not ensure that others cannot access your passport.  It is merely a digital copy of what’s printed inside the passport.  The chip itself, can, and has, been read from distances, leaving your passport open to cloning.  A digital signature is included for verification of authenticity, however, if your passport is cloned, the digital signature does little to prevent identity theft.

The FAQ continues to proclaim the ease of travel by asserting that the electronic passport will facilitate travel by “Automated identity verification; Faster immigration inspections; and Greater border protection and security.”

As I have outlined above, faster immigration inspections do not seem likely since there still has to be visual confirmation that the passport being checked belongs to the person carrying it.  If you want faster immigration inspections, you need to simply swipe and move on.  That is less secure and, is also the most likely road we are headed down.  The new electronic passports will automatically identify the passport but, if the customs agent does not actually look at the photo to see the person, then there is no way that it will provide greater protection and security.

The FAQ claims that the new passports are a good security measure by stating that the reason electronic passports have been issued is because Congress passed a law forcing countries who participate in the Visa Waiver Program to have these types of passports.  Most of these countries did not want this type of technology in their passports and, when forced by the United States, they reciprocated by telling the United States that it has to do the same.  No one, except the United States, wanted this type of passport.

While discussing the Electronic Passport logo, it is unclear whether there will be two separate lines for those entering the United States.  Will those who do not have the new passports be forced into one line, while those with the chip be put in another?  One must also consider the fact that the first US passports issued with the new chips was in August 2006, making it highly likely that there will be a disparity among Americans until 2016 when the last of the old passports finally expire.

A new caveat of the electronic passports is that they cannot be amended.  If you change your name, which often happens when women get married, you must obtain a new passport.  Under the old passport system, you mailed official proof of your name change with your passport and the passport agency would amend it and mail the documents back to you, free of charge.  The new system will require you to return your passport as well and it is only free within the first year of issuance.

One of the most important aspects of the electronic passport is left until near the end of the FAQ, and covers the privacy issues of stealing the data off your passport without your knowledge.  It explains how skimming and eavesdropping occurs and how it is extremely difficult to do successfully.  There have been many stories over the past year of just how easy it is to obtain your data.  The US government attempts to assure you that your data cannot be read while the passport is closed and not in use.  The British government also assured their citizens of the same thing, yet it can be read before you even receive it in the mail.  Australia has a similar problem with cloning of their new electronic passports.

The last item on the FAQ covers what might be the most commonly asked question.  What happens if all this new technology fails.  Rest assured, you can still use your passport because you are allowed to use the passport until its expiration date.  You will just proceed as if you never had a chip in the first place.  For me, this is a positive response to a major problem of my privacy.  Sledge hammer meet my passport.

So, if all this technology fails, you revert to the system that is now considered antiquated but was, in essence, more secure because your information was only available to thieves if you lost your passport or it was stolen.  You will no longer know if your information was stolen or cloned until it is far too late.  Do yourself a favor and purchase a special wallet that will prevent surreptitious sniffing of your personal information and remember to keep fighting to repeal the law or actually make it secure.

According to Cnet, implanting people with RFID chips isn’t as lucrative, or popular, as we are led to believe.  Ever since VeriChip went public with their idea to implant humans, their stock has been struggling.  The chip, to be used for medical purposes, has attracted a mere 222 humans willing to be chipped.

Three years ago, VeriChip began its ad campaign about how wonderful and useful it would be to be chipped.  Everyone from civil libertarians to my grandma balked at the idea, claiming that there were severe privacy issues at stake in such an endeavor.
Cnet also points out that

Virtually all the company’s revenues come from two Canadian companies it acquired in 2005. These companies, EXI Wireless and Instantel, specialize in infant tracking and “wander” detection systems in rest homes. In these systems, RFID tags alert nurses and medical professionals if an infant or other patient is passing through the exits or into unauthorized areas. In these systems, however, the RFID chip is contained in a wristband.

VeriChip, however, has stated that they intend to continue to market their RFID chips because it’s a good idea for medical patients to always have their records with them.  While these chips are a good idea for tracking things such as a lost pet or merchandise, it’s not a good idea to tag every single human just because it’s a convenience.  In theory, tagging grandpa in the old folks’ home to keep track of where he’s wandered off to, again, is a good idea.  However, you already pay thousands of dollars to have actual, live humans do this job.  And they’ve been doing this job for decades.  Has there suddenly been a huge increase of old folks running off the reservation?

Using the VeriChip for other medical reasons might also seem reasonable if you have severe allergies or you have some sort of special needs.  However, it is not reasonable to use my tax dollars to force hospitals across the USA to redo their emergency rooms solely because you can’t be bothered to get a bracelet and an ID card listing your medical condition.  It is your responsibility to take care of your health matters and not place the burden on someone else.

One Problem not addressed in implantable RFID chips are what to do when you need an MRI.  It is known that the skin around the tag will burn when subjected to devices like an MRI.  You could solve this by implanting the RFID tag in a finger, but that just makes it easier for a thief to take that finger with them when they rob you.  If you want to prevent identity theft, then you have to introduce two factor identification, which negates the benefits of having a chip at all because third parties would be introduced, making the entire system less secure than advertised.

Larger problems deal with the end of life issues of a chip.  Technologies change and, in ten years, the chip will not work with the latest technologies.  This would force a person to get a new chip.  If standards are not imposed, you will need different chips for different things.  It makes much more sense to create human RFID tags to be placed in something the person wears every day, such as a wedding ring or a bracelet.  Upgrades will create nightmares, literally, for people once the chip becomes obsolete and a person must return to have the chip removed and replaced.

It’s also no surprise that no one wants this from VeriChip.  We are already uniquely identifiable by a dozen or so different processes.  We have retina scans, fingerprints, DNA and voice recognition.  Then, there are the “minor” unique characteristics such as race, hair color, eye color, height, weight, and shoe size.  The only thing an RFID chip can do is put this into one place, making it easier than ever to track every single thing you do in life.

The slippery slope in this argument is that we’ve already tracked cargo, then pets and cattle.  Next, we will track immigrants.  Who do you think is the last stop?  That’s right.  It’s you.  The government is going to shove a leash up your ass and you’ll like it.  Within a short period of time, you’ll not even notice it’s there.

These chips can and will be abused to determine what you are doing.  You think it’s bad now, with Presidents getting FBI files on their political enemies?  Hitachi now has a chip so small that you can literally dust an area with them and connect the dots later.  Imagine what can be done when there are no longer any paper trails to expose illegal activity.  RFID will be used to see exactly who you voted for, what dissident group you belong to, and who you co-mingle with that also does not like the current governmental regime.

There is no way to justify implanting legal, foreign nationals who have chosen to live here.   In order to do it, you would have to chip every American citizen as well.  Then, you would be faced with the prospect of what you are going to do with the illegal citizens who have no chips?  They will stick out in a field of chipped Americans and the government will no longer be able to turn a blind eye to illegal immigration.  Worse yet, would be the tit-for-tat retaliation that other countries will enforce against the United States.

I am a, mostly, law abiding citizen.  I do not take kindly to people telling me what I can and cannot do.  I do not like people tracking my whereabouts.  When I leave my home, no one knows where I am except “out” and I’d like to keep it that way.  There is not a soul on this planet that needs to know where I am every moment of every day.  I wear a medic alert bracelet should something terrible happen to me while I’m out.  If wearing a bracelet versus being implanted means that those two seconds are the difference between life and death for me, then I chose death.  I will not be tracked and I will not allow others to decide that I need to be tracked.  Keep your RFID tags and chips and use them to track Fluffy or your cargo.  Do not come near me with them.

Our privacy is slowly disappearing.  Some care.  Most do not.  I suspect that, by the time I am an old lady, rocking in my chair on the front porch each afternoon, that I, and a few like me, will remember a time when privacy mattered.  I will witness the erosion of privacy and individual rights as the generations behind me freely give up what the generations before me fought so hard to preserve.

In the latest RFID news, IBM has announced that they are planning on inserting RFID chips into Italian scooters and diapers in order to track their movements.  IBM will implement this, most likely, via their new WebSphere RFID Information Center , a new software that allows multiple companies to log and share data from RFID tags.

Honda Italia Industriale, which sold 12.7 million scooters last year, plans to use RFID chips and IBM software to track motorcycle parts and tools circulating within its manufacturing plant in Atessa, Italy.

This, Honda believes, will lead to a more efficient plant because they can easily be tracked throughout the warehouse.

Pliant, based in Schaumburg, Ill., will sell a new RFID-embedded plastic wrap to consumer-goods companies that want to detect any tampering of their products in transit from manufacturer to distributor. Pliant is using IBM’s software to keep track of RFID-marked cargo–everything from cereal boxes to diapers–in the warehouse.

Though Pliant wants to keep track of tampering [] , there is no word on whether the RFID tags will be disabled before the unsuspecting public purchases items embedded with the tags.

These two companies add themselves to the new, and evolving, technology that IBM hopes will be a boon for businesses.  Boeing already tracks their parts via RFID but many retail outlets are still hesitant to use the new technology due to its cost and the lingering questions of consumer’s privacy, such as those that were asked about the Nike iPod.

Other companies already using RFID in their products include US Passports and discs that aim to prevent piracy.  Ritek, the world’s largest DVD and CD maker, introduced these discs through their subsidiary, U-Tech in September 2006 in conjunction with IPICO, who makes the RFID chips for the discs.  This affects all discs, stamped and recordable.

The technology, which can also be used for Blu-Ray and HD-DVD discs, will allow movie studios to remotely track individual discs as they travel from factories to retail shelves to consumers’ homes.

Home DVD players will eventually be able to check on the chip embedded in a disc, and refuse to play discs which are copied or played in the ‘wrong’ geographical region, the companies behind the technology expect.

“This technology holds the potential to protect the intellectual property of music companies, film studios, gaming and software developers worldwide,” said Gordon Yeh, chief executive of Ritek Corporation.

RFID readers will then be built-in to home DVD players to extend the anti-copying technology into homes as part of a digital rights management system.

Again, while it is important to note that having the ability to track your product from warehouse to stores is a good idea, once a person purchases CDs and DVDs, they should actually own the product.  What this does is create a system whereby you are only leasing the product, to be used in your own home, in a manner, that someone else dictates.

It also locks you into one specific system that you are able to use to watch your purchased product.  Your DVD player will perform security tests to locate the RFID chip.  This will be done at the hardware level instead of the current system of software and drivers.  If it does not locate the chip, you will not be able to use the disc.

Ritek believes that this will eliminate piracy altogether.  It may, but I will believe it when I see it.  There will always be a way to copy or record something.  It might take a bit of time, but we have seen protection scheme after protection scheme broken.  Firmware has been modified for years and, if this new technology requires firmware, it will be cracked.  The most recent story is that the HD-DVD restrictions have been cracked and pirated copies of Serenity are available via bittorent.

GM and Toyota have also used RFID tags in the past and still had problems with theft.  Nissan is also implementing RFID.  Even if the data is encrypted, if all you need is a copy, then that is easy to do.  You can be on your way in your new car with a working copy of a key or ID.

Though tracking shipments is a good use of RFID tags, placing them on individual packages presents dangers.  Not all tags are passive and, in many warehouses, tags can be read from several meters away using standard issue readers.  Several meters away is still far enough away that you won’t notice someone reading your tags when you leave the supermarket.   Once you reach home and use the products, all a person needs to do is pass by your garbage cans with a reader and, over time, can account for the types of items you like to buy.  There is no need to for them to dig through your trash and get dirty because a brisk walk will gather all the information that they will need for whatever nefarious purpose they can think of.

IPICO claims that its RFID tags can be read from at least six metres away, and at a rate of thousands of tags per minute. The passive chips require no battery, as they are powered by the energy in radio waves from the RFID reader.

With this reality, it will not be hard to read the RFID tags for whatever possibility a person can imagine.  By continuing to label consumers as the bad guys, much of the RFID technology will be used to prevent normal people from doing normal things with items they purchased and legally own.  These protections aren’t even used to combat piracy, as Hollywood has finally admitted.  What will happen is the elimination of fair use for media, tracking of individual’s personal habits, and abuses of the system.  The question is, are those in Hollywood and Washington going to accept this as they watch their sales dwindle further because Joe Citizen is no longer purchasing their products or will Joe Citizen blindly accept yet another control telling them how to live?

I suggest you do what I have done; purchase several cheap DVD players, get a lot of blank media, keep your mouth shut, and don’t ever upgrade to this crap idea that those that sell you products should tell you how to use them.

Tokyo is about to go Minority Report. Starting next month, the Tokyo Ubiquitous Network Project will launch its services in Tokyo’s Ginza district, sending shoppers ads via its RFID networks.

Shoppers can either rent a prototype reader or get messages on their cell phones. The tags and transmitters identify a reader or phone’s location and match it to information provided by shops.

Along with this nifty way of shoving more ads down people’s throats, there are, yet again, calls of concerns about privacy.

Researchers, for instance, have suggested that a sensor designed by Nike Inc. and Apple Computer Inc. to keep track of running distances could also be used to track runners’ whereabouts — such as by installing readers along running paths.

Others worry that tags embedded in clothing could give a retailer valuable details on how long a consumer spends trying on sweaters.

While RFID has good uses, such as tracking pallets of merchandise in warehouses, modern day uses seem to go too far. Children are being tracked at schools, teaching them that it is okay to have their every move logged into a database somewhere. They no longer think it’s a big deal that their every move is being kept somewhere to be analyzed later. Many regular people balked at the idea of RFID tags, forcing companies to target the wealthy first, then children and, now, the public at large. When being tracked is ubiquitous to breathing, those that argued against RFID will be the minority and no longer count.