Technology Review - Published By MIT
Advertisement

Borderline Security

Continued from page 1

By Erica Naone

Friday, October 31, 2008

smaller text tool iconmedium text tool iconlarger text tool icon

Gigi Zenk, a spokesperson for the Washington State Department of Licensing, says that she doubts the severity of the findings because the researchers "made a lot of assumptions about how customs and border control work." While she says that no system is ever completely invulnerable, she stresses that the cards contain no personal information, and that the state of Washington has made it a felony to attempt to skim information from them. "We believe we took considerable steps to mitigate risk," Zenk says, "and I get concerned about this causing unnecessary fear."

Juels agrees that "if border agents do all that they're supposed to do"--including, for example, comparing the photographs stored in the database with those printed on the ID--"they should be able to detect counterfeits." But he adds that the agents may be tempted to rely on the technology and relax their vigilance.

Even if border agents prove vigilant, the researchers maintain, the cards could still pose risks. "These cards can still reveal information about our lives," says Tadayoshi Kohno, an assistant professor of computer science at the University of Washington, who worked on the research. "If you think about the social-security number, at some point there could have been an argument that it's just a number, not personal information. But numbers evolve over time, and uses evolve over time, and eventually these things can reveal more information than we initially expect."

Jonathan Westhues, an independent security researcher who has studied RFID, notes that much depends on how the tag is actually used. If any official assumes that the tag itself is sufficient proof of identity, then the threat of cloning is serious. He notes, "It's hard to say what exactly they plan to do with the tag, so it's hard to say whether the overall system will be secure." As far as privacy goes, he adds that many people already carry smart cards or cell phones that could be used to track them.

The researchers say that they hope to see passport technology improve as a result of the questions they've raised. "The whole RFID infrastructure is not a bad idea," Juels says. "It just needs to be done well."

Comments

  • Excuses
    It angers me to see Gigi Zenk, the spokesperson for the Washington State Department of Licensing make one excuse after another for Washington states complete ignorance and dereliction of duty to both the people of Washington state's personal information, and our nations security from terrorist, or illegal border crossing of fugitives, and illegal aliens.

    To hostly believe the statement "Washington has made it a felony to attempt to skim information from them" will protect us is laughable. Has that stopped ID(identity) thieves. The risk of complacency of border patrol agents should not be ignored.

    Washing state is a kinda leader in that they are the among the first to implement enhanced drivers license as i believe more states will do the same. But Washington state is failing to lead in protection through failure to see reasonable security measures as needed. Does Washing state believe that the concept of enhanced drivers license wont spread to other states with personal information tied to them just like social security numbers use and function has changed over time. People can decide to or not to carry cell phones and smart cards but they don't have much choice with enhanced drivers license. Owners probably will not use protective sleeves in their wallets or purses either.

    Even few simple measures would help dealing with the security issues described like introducing a unique serial number at the factory to thwart cloning, turning off the kill feature to prevent personal attacks or mayhem at border crossings, lessoning the distance at which they can be read, and adding encryption.
     
    Why would Washing state build week holes into the system of security, defend it, and not issue a statement that those issues will be addressed. When security holes are found they should be dealt with in a timely manner, not make excuses glossing over the security issues.
    Rate this comment: 12345

    shomas
    11/02/2008
    Posts:42
    Avg Rating:
    4/5
  • Borderline Security
    I don't really see what huge benifits this new technology provides. I think that this new system provides more of an opportunity for fraud and other malicious behavior. If border patrol personel are supposed to also look at a hard copy of your profile, what is the point of even having the electronic version? I think before lawmakers put this into affect, they should reconsider the pros and cons of this new technology.
    Rate this comment: 12345

    jcarroll09
    11/02/2008
    Posts:4
    Avg Rating:
    2/5
  • Counterfeit threat to passports
    Hello everyone. This is something that not only Washington has thought well way ahead of in advance. But, the group called the Bilderbergs, which actually HAVE and control all the money in the world.(Basically the President of the Globe) In time, the RFID chip will be phased out. And, every single person on this planet will be made to receive a little pin prick that injects a tiny RFID chip in your body. So, that way nobody can actually steal your identity. This is a way of keeping everyone accountable. Since we cannot quite find the terriorists that cause so much havoc. Then, that will be the only way you may buy sell or even exist.  There's the cold hard truth that FOX and CNN won't EVER tell you. At least for now.  Enjoy!
    Rate this comment: 12345

    endoftimes20...
    11/11/2008
    Posts:1
    Avg Rating:
    1/5

Log In

Forgot your password?     Register »
Advertisement

Videos

Laser-Triggered Chemical Reactions
Featured Content
Sponsored by:
White Papers

Twelve ways to reduce costs with SQL Server 2008
Find out how to reduce costs and get more efficient

Download

Total Economic Impact of SQL Server 2008 Upgrade
Forrester reports on increasing productivity and management capabilities

Download 

Achieving Cost and Resource Savings with UC
How Office Communications Server R2 and Exchange Server can make your business smarter and more efficient

Download 

The Compelling Case for Conferencing
Read how you can improve workload support and find IT efficiencies

Download

How Windows Server 2008 R2 Helps Optimize IT and Save you Money
Read how you can improve workload support and find IT efficiencies

Download

Windows Server 2008 R2 Hyper-V Live Migration
See how Windows Server 2008 R2 and Hyper-V enable virtualization and Live Migration

Download
Advertisement
Subscribe to Technology Review's daily e-mail update. Enter your e-mail address

TECHNOLOGY RESOURCES
Advertisement
MIT Massachusetts Institute of Technology © 2009 Technology Review. All Rights Reserved.