Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

more on Fatal Flaw Weakens RFID Passports

From: David Farber <dave () farber net>
Date: Thu, 3 Nov 2005 17:53:43 -0500


Begin forwarded message:

From: Ross Stapleton-Gray <ross () stapleton-gray com>
Date: November 3, 2005 4:14:49 PM EST
To: dave () farber net
Subject: Re: [IP] Fatal Flaw Weakens RFID Passports

At 12:47 PM 11/3/2005, Bruce Schneier wrote:
The State Department has done a great job addressing specific security and privacy concerns, but its lack of technical skills is hurting it. The collision-avoidance ID is just one example of where, apparently, the State Department didn't have enough of the expertise it needed to do this right.
Of course it can fix the problem, but the real issue is how many other problems like this are lurking in the details of its design? We don't know, and I doubt the State Department knows either. The only way to vet its design, and to convince us that RFID is necessary, would be to open it up to public scrutiny.
I think there's a lot of whistling in the dark as regards what happens when both RFID and tags become much more pervasive; it's not hard to imagine that there will be tipping points when the RF environment becomes sufficiently "chatty" to support making inferences on what's observable by third parties.
We've just published a white paper, "RFID: Airport Greeters and Amber Alerts," on several scenarios for RFID-based monitoring, on the theme of 3rd-party collection: http://www.stapleton-gray.com/papers/ scenarios.pdf
I'd suggest that some of the things we're seeing with cell phones, e.g., the deployment of traffic intuiting systems in Missouri previously documented on the IP list (gauging auto traffic by monitoring cell handoffs), or the work done at the MIT Media Lab in their Reality Mining project (http://reality.media.mit.edu/), will be all the more possible with RFID, due to the "rampant promiscuity" of the technology. 

Ross



----
Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com
http://www.sortingdoor.com




-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: