U.S. Considering Wireless Passport Protection
April 26, 2005
The U.S. government is 'taking a very serious look' at improving privacy protection for the new wireless-readable passports, according to an official quoted in a great article by Kim Zetter at Wired News. [...]Depending on who you trust, you might still want to travel with your passport wrapped in aluminium foil...
The previously proposed system would transmit all of the information stored on the inside cover of the passport -- name, date and place of birth, (digitzed) photo, etc. -- to any device that is close enough to beam a signal to the passport and receive the passport's return signal.
The improved system, which is called "Basic Access Control" in the specification, would use a cryptographic protocol between the passport and a reader device. The protocol would require the reader device to prove that it knew the contents of the machine-readable text on the inside cover of the passport (the bottom two lines of textish stuff on a U.S. passport), before the passport would release any information. The released information would also be encrypted so that an eavesdropper could not capture it.
Posted by andersja