So, maybe it's just me, but I don't see why RFID is such a great thing for secure applications. Like, it's an awesome technology for a retail store to do inventory with. I mean, they can just pass a scanner near a bunch of products and figure out what they've got. Heck, each individual product can give a different ID which is even better than the simple barcodes that we use today.
However, why would one use RFID when you don't want the reading to be easy? There are plenty of technologies that require physical contact to transmit information (like mag strips or smart chips). If they want the passports to have to be inserted into a machine, they might as well use one of those technologies.
I'm all for RFID in its place. It's great for my subway pass so that I don't have to take it out of my wallet. Same for highway tolls where I don't have to stop. But neither of those are instances where I completely care about security. Sure, I don't want anyone cloning my subway pass, but it also isn't a window into my identity like my passport is and so I can choose convenience a bit over security there. Oh, a good example would be something like site passwords. Sure, I don't want anyone getting into my HN account, but it's not quite the same as someone getting into my bank account and, as such, I don't need quite as complex a password for it.
I'm not saying that I like the idea of chips in passports, but if you're going to put one in, why RFID? Why on earth didn't they choose something that requires physical contact to be read? I mean, the article focuses on the RFID problems (that it can be read without you knowing it since it doesn't require physical contact) and doesn't explain how on earth RFID became the choice. While one might not want to have a chip on their passport, at least a chip that needed physical access to read would put the holder (mostly^) in control of who got access to that information.
^I say mostly because there are always pick pockets and such that could swipe it without your knowledge, but that's a much lower risk than someone walking around with an RFID skimmer - it requires the person to physically remove it from your person, put it in a reader, and return it to you without you or anyone else noticing; not impossible, but a great deal less trivial.
RFID is not even that much of a hit in retail, either. Some say, "yet". But widespread use of RFID in retail was "just around the corner" for several years, now.
As long as the technology is not cheap enough to (profitably!) slap an RFID chip on every 25 cent cup of yoghurt, it won't be ready for retail.
(At least that's the picture in Germany. But thanks to Aldi, Lidl and a few others --- most of our groceries don't even accept credit cards, because their razor-thin margins make them unable to swallow the fee. Debit card processing --- which is mostly free for the shop --- is nearly universal however. (Except for Restaurants; most accept only cash.))
Careful with the quick judgments. Credit cards are not popular in many parts of Europe, so it's no big deal. I don't have one, for example, despite being in the top 10% income bracket in my country.
In America, our debit cards are rigged so they work just like credit cards. This gives you some extra protections, delays when they draw from your bank account, (theoretically) gives you the protections of the merchant's agreement, and for many banks you get some sort of cash-back benefit from it.
You can also pay with PIN if you want. That makes it post to your bank account quicker, which is nice if you keep track of your online banking.
debit cards have less protection than credit, not more. I'd suggest looking at your contract with the bank and seeing where you are responsible for charges to your card.
I'm not sure what you're saying or how it's relevant. I'm comparing separate ways to use an American debit card. I'm not comparing either use case with using an actual credit card (which I concede has even more protections).
Debit cards aren't half bad. You have to use your PIN to spend money, makes a thief maxing out your CC harder.
In most parts of Europe, you also don't have to pay %15-20 on top of every meal at a restaurant out of obligation. Tips really are only tips, you leave one based on the service you receive.
For the life of me, I really can't get over the fact that you have to leave a 15% tip by default in the US (unless there was something blatantly wrong with your meal, of course). I mean, I'm not a dick, I still do it, I just can't get accustomed to it.
And, contrawise, when I went to Australia (coming from Norther California) and was told that I didn't have to tip 18% on all restaurant meals, I was actually _incapable_ of not doing so. So, even though it meant out of pocket money for me, It was better than having to deal with (completely false) belief that the serving person would think I was a total dick for not tipping them.
Getting back on topic (slighty) - I've had about $200 in cash in my pocket for the last couple months - I don't recall the last time I've been somewhere that I didn't use my Credit Card. Makes tracking my expenses via Mint.com a heckuva lot more straightforward.
You don't _have_ to leave a tip. People don't appreciate it, and if you get not-bad service you should tip adequately, but the tip is a mechanism designed to encourage servers to meet your needs as well as possible, and not neglect their patrons. I think they work well, generally. In most places, a tip is not mandatory (I have heard of some establishments banning frequent non-tippers), though you generally leave one anyway to gauge the server's performance. i.e., bad performance gets 5-10%, normal 10-20%, awesome 20%+.
You say that you don't have to tip and then advocate tipping 5-10% for bad performance in the same paragraph? Of course there is no legal obligation to tip, since if there was it couldn't be called a tip-- it would just be itemized billing. But the fact that in the US wait staff can be legally paid less than the minimum wage (before tips) provides an ethical argument for tipping, if not a legal one.
Good to know that in the U.S. at least, if the passport is closed, the RFID is shielded. Anyone know of a successful attack against a closed US Passport?
According to the article - as far as I remember - closed only means, that you need to closer to the passport.
> The official range of an e-passport’s RFID is supposed to be no more than ten centimetres (four inches). But with $100 worth of hobbyist gear, Israeli researchers managed to skim encrypted data off e-passports from several feet away. A student at Cambridge University in Britain went further, intercepting e-passport transmissions some 50 metres (160 feet) away.
> That was enough for State Department officials in Washington, DC, to insist that American e-passports be fitted with metal sleeves to shield them, when closed, from prying electronic eyes. The measures seem to be reasonably effective, though e-passports that get wedged open slightly by keys or loose change can still be read electronically from a distance.
> Slightly open passports could leave holders vulnerable to physical attack. Each country encrypts data in a characteristic way that terrorists could use to identify the nationality of the person carrying the chipped passport. To demonstrate the point, a firm called Flexilis used a partially opened American e-passport tucked in the pocket of a dummy to trigger an explosion as it passed a dustbin containing a small charge.
I don't really understand why governments are so obsessive about associating a photograph and a name. I can change my name whenever I want, for no reason at all. I can show up at the DMV with trivially-forged documents and get an ID card saying I am whoever I want to be. I can show up in a random country and easily overstay my visa. I can be a nice person one day, and the next day kill 3,000 people.
So I don't really see what all this scrutiny about identity documents is about. Identity is something that constantly changes, and doesn't really mean anything.
Too expensive. Remember, the chips don't do anything useful, they are there so the government can look like it is somehow stopping terrorism with amazing high-tech gadgets.
1.) Sometimes new technology does not improve your situation but the opposite. e.g. RFID Passports open new attack vectors. There is no technology which is totally secure.
2.) RFID is not the problem, you can easily put a mesh inside the cover of the passport to prevent reading of the chip.
However, why would one use RFID when you don't want the reading to be easy? There are plenty of technologies that require physical contact to transmit information (like mag strips or smart chips). If they want the passports to have to be inserted into a machine, they might as well use one of those technologies.
I'm all for RFID in its place. It's great for my subway pass so that I don't have to take it out of my wallet. Same for highway tolls where I don't have to stop. But neither of those are instances where I completely care about security. Sure, I don't want anyone cloning my subway pass, but it also isn't a window into my identity like my passport is and so I can choose convenience a bit over security there. Oh, a good example would be something like site passwords. Sure, I don't want anyone getting into my HN account, but it's not quite the same as someone getting into my bank account and, as such, I don't need quite as complex a password for it.
I'm not saying that I like the idea of chips in passports, but if you're going to put one in, why RFID? Why on earth didn't they choose something that requires physical contact to be read? I mean, the article focuses on the RFID problems (that it can be read without you knowing it since it doesn't require physical contact) and doesn't explain how on earth RFID became the choice. While one might not want to have a chip on their passport, at least a chip that needed physical access to read would put the holder (mostly^) in control of who got access to that information.
^I say mostly because there are always pick pockets and such that could swipe it without your knowledge, but that's a much lower risk than someone walking around with an RFID skimmer - it requires the person to physically remove it from your person, put it in a reader, and return it to you without you or anyone else noticing; not impossible, but a great deal less trivial.