Archive for October, 2006
Digital Rights Ireland director, Antoin O’Lachtnain, in an interview with Mark Tighe of the Sunday Times today, gave an insight into the possibilities of Ireland’s new electronic passport being targetted by criminals.
The lack of security measures, protecting the passport from being “skimmed”, are a real risk, exposing these passports to the possibility of being read and the contents copied by terrorists.
Recent press coverage has exposed the security risks associated with electronic passports.
‘Terror risk’ for electronic passport
Mark Tighe
THE new Irish e-passport is lacking a basic security feature contained in the American version, leaving Irish passport holders open to targeting by terrorists, according to a leading lobby group.
Digital Rights Ireland (DRI) claims the lack of any shielding in the passports means “skimmers” will be able to detect the passports from picking up their frequencies, and even identify nationality, without the holder knowing.
The new passports were launched last week by the Department of Foreign Affairs, ahead of a US deadline requiring countries on its visa-waiver programme to start issuing passports with a radio transmitter chip (RFID) from Tuesday. The department expects to issue 750,000 by the end of 2007.
While the chip is meant to be read from only a few centimetres, prototype testing showed they could be detected up to 9m (30ft) away. This led the US State Department to introduce a metal mesh in the passport cover to “make unauthorised reading of the passport very difficult from any appreciable distance as long as the passport is closed”.
An encryption system prevents skimmers from accessing the biometric data on the chip but security firms have demonstrated that a hand-held scanner is able to identify the presence of unshielded passports. Researchers are examining whether it will be possible to identify the passport nationality.
Antoin O’Lachtnain, a director of DRI, said it was unbelievable Ireland did not follow America’s lead in providing shielding. “The only reason we are implementing the e-passport is because the Americans told us we had to,” he said. “I really think e-passport holders should use a shield, such as a piece of tinfoil, to prevent the RFID chip being read without their knowledge.”
Some companies are already offering special wallets with shields to protect passports against skimmers.
O’Lachtnain said skimming technology would advance over the planned 10-year lifespan of the passports. “Terrorists could use a scanner to identify a group of, say, British or American nationals by the passport they are carrying and then kidnap them or kill them in a suicide bombing,” said O’Lachtnain.
The Department of Foreign Affairs said shielding was not necessary as the passports must be open at very close proximity to the reader. A source at the International Civil Aviation Organisation said: “I think it will not be long before other countries move to implement similar shielding.”
October 22nd, 2006
Despite the recent press attention to the launch of ‘biometric’ passports, not many reporters have focused on the fact that these new passports seem to include Radio Frequency ID (RFID) chips. From the Department of Foreign Affairs website (link)
“The chip technology allows the information stored in an Electronic Passport to be read by special chip readers at a close distance.”
The technology the Department of Foreign Affairs chose to protect the information in the chip from being read remotely (eavesdropped) by anyone within 5 metres (15 feet) is called Basic Access Control (BAC).
Basic Access Control is used by other countries, such as the Netherlands to protect their RFID Passports from eavesdroppers. However, a Dutch security testing lab called Riscure has examined the reliability of BAC and found that it is quite possible for a determined eavesdropper to break the control with a handheld reader, and an ordinary PC from within 5 metres. (Slides outlining this attack method)
The Department of Foreign Affairs has confirmed to DRI that the new RFID passports are not issued with sequential numbers, which increases the security of the chip. However the US, which also uses BAC, has gone further by placing shielding equipment in the covers of the passports (essentially a metal foil layer).
“To further protect against skimming, the U.S. e-passport will include a shielding material in the passport cover that will make unauthorized reading of the passport very difficult from any appreciable distance as long as the passport is closed.” http://travel.state.gov/passport/eppt/eppt_2788.html
We will be enquiring as to whether the Department of Foreign Affairs intends to do likewise and attempt to keep our members informed. If any or our members or readers would like to contact us on this topic, or offer their help or expertise in addressing it contact Bernard Tyers at the contacts given here.
October 20th, 2006
As before DRI support copyright holders’ efforts to protect and assert their rights. However the way in which IRMA has done so still leaves a number of questions unanswered.
Continue Reading October 20th, 2006
The WIPO broadcast treaty (or Treaty on the protection of broadcasters, as is its official title) seems to have gone into retreat for the time being. The WIPO General Assemblies did not rubber stamp the recommendation to convene a diplomatic conference (to finalise the treaty). Instead, two meetings of the copyright committee (SCCR) will be held in January and June 2007 to revise the current treaty draft.
A diplomatic conference will be convened in November/December 2007 only if agreement is reached on amending the present draft to reflect a signal-based approach, the objectives, scope and object of protection of the proposed treaty. This means that the GA 2007 will have the opportunity to discuss it again and leaves open the possibility that the Diplomatic Conference may not be convened if there is no agreement.
October 20th, 2006
Earlier today, a group of likeminded organisations and authors launched DRM.info, a collaborative platform to share information about the impact, use and potential dangers of DRM. DRM is commonly discussed as “Digital Rights Management” (DRM) or “Technological Protection Measures” (TPM). However, as the experience to date of consumers and other users of digital content has been largely negative resulting in restrictions placed on traditional usages, opponents of DRM prefer to use the term .
Initiated by the Free Software Foundation Europe (FSFE), the aim of DRM.info is to make more people aware of Digital Restrictions Management (DRM) and to enable the buying public to make informed choices when purchasing technical devices and media.
“Your devices don’t trust you! is the basic message of DRM”, says Joachim Jakobs, FSFE’s media coordinator. “In fact they have so little trust that they will not even tell you that you are under surveillance”. “The Sony rootkit case showed that software was secretly installed without the user’s consent, reported back to Sony and even damaged the Windows installation when being removed.”
Given the political and social implications of enabling vendors of computers, media players, mobile phones and other devices to control the behaviour of the device owners, it is no wonder that most want to keep DRM secret. An executive from Disney told the ‘Economist’ one year ago: “If consumers even know there’s a DRM, what it is, and how it works, we’ve already failed.”
In contrast, DRM.info is based on the idea that the public should be informed and involved in decisions that will affect them on a personal level.
“DRM technologies are based on the principle that a third party has more influence over your devices than you have, and that their interests will override yours when they come into conflict. That is true even where your interest is perfectly legitimate and legal, and possibly also for your own data,”explained Georg Greve, FSFE’s president.
Other sectors also have concerns about the impact of DRM. Libraries are concerned about their ability to preserve our cultural heritage, to provide future access to public domain material and to exercise user priviledges under copyright law. “Libraries see DRM as a threat to our activities because it can undermine or even prevent legitimate access to and use of digital content”, said Teresa Hackett, eIFL.net. “We welcome DRM.info as a platform for public debate on these important issues for society”.
“DRM.info will put an end to the silence on DRM. You can help us with that task: download a DRM.info web button today and link to it”, concluded Greve.
October 3rd, 2006