e-passports cloned…

e-passports cloned…:
This was on Wired yesterday (posted on Slashdot). I think it highlights the importance of thinking deeply about how these proposed identity systems work. The other security flaw is the ‘integrity’ of the databases that the passport system is built on.

A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year.

The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery.

“The whole passport design is totally brain damaged,” Grunwald says. “From my point of view all of these RFID passports are a huge waste of money. They’re not increasing security at all.”

it is worse than not increasing security… the blind promotion of this technology is actually lowering security. much like libraries and rfid… the use of the technology does not in the end enable the library or the passport holder as much as it enables anyone with a bit of technical savvy to make a mess of the library or passport system.