20 February 2005

The whole play minus the plot equals the whole play [Click opera]
8:49:30 PM    comment()

Computer generated art that works in browser [del.icio.us/tag/design]
1:00:36 PM    comment()

Pictures of Walls [via Harry's Place
12:34:04 PM    comment()

New-look passports [The Economist via Semizdata]
(I suspect that the article may not remain open access for long. I'm not sure what the Economist's policy is).

I knew that the technology being proposed in the new passports was problematic, but I had no idea how risky the design of the system actually is.

One flaw is the decision to make the data stored on the chip in the passport 1) unencrypted and 2) readable remotely via a technology similer to RFID tags.

The idea was obviously to allow wireless identity checks (or at least wireless tracking of passports, if not their owners) at arbitrary locations - typically airports and ports, but also presumably at or near anywhere considered interesting by the security services (meeting venues, hotels, offices, foreign embassies, protests etc).

So long as you subscribe to the naive "if you've got nothing to hide you've got nothing to fear" view this may seem like a good idea. The problem is that criminals and terrorist organisations (or anyone else, come to think of it) could also set up hidden passport readers and collect your personal data, including your nationality and biometric data, without your knowledge. Set one of these up on Oxford Street or a mainline station, and you could get thousands of captures a day, all completely without the knowledge of those being scanned.

To prevent the obvious security and privacy issues, a couple of fixes are being looked at, including a Faraday cage being built into the passport, so it would only be readable when the passport is pysically opened. Of course, this is easily circumvented by setting up a clandestine scanner at locations where people are expected to open their passports. Hotel lobbies, bureaux de change and even passport control spring to mind.

Another proposed fix is to only allow the chip to transmit the information in response to the passport being swiped through an activating device. This still leaves the data at risk from clandestine scanners placed in the area when the chip is unlocked.

The obvious question is, why do the authorities want to keep the highly insecure RFID technology when you could just get the data off the passport with a swipe device, which you will be using anyway to unlock the chip?

I would suspect that a backdoor will be left in the protection, allowing the security services to scan at any time, whist hopefully excluding criminals or terrorists. For a while anyway.

Update: Wired reiterates some of the above points.
11:44:44 AM    comment()


© Copyright 2002 - 2004 Julius Welby .
Last update: 01/03/2005; 00:49:02 .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Outwardly Normal 2" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.