Update putting the pieces together: upcoming IC Gaijin Cards, RFID hackability, next generation police walkie-talkie, and NPA access to TASPO information
Posted by Dr. ARUDOU, Debito on July 30th, 2009
Hi Blog. Last May I put out an article in the Japan Times about the (now approved) IC Chips in revamped Gaijin Cards. How they would enable the police forces to remotely track foreigners in a crowd, and how data would be less secure from hackers.
Not unsurprisingly, I was told I was exaggerating. But it’s hard in this day to exaggerate the reach and rate of development of technological advances (who would have thought we would have this very medium to communicate through a little over ten years ago?). So here are some sources showing how 1) ID Chips and RFID technology is eminently hackable and remotely trackable, 2) how police already have IC scanning ability in their walkie-talkies, and 3) how the Japanese police in particular are using ID cards beyond their originally-intended purpose to track crime. I don’t think I was exaggerating at all. Arudou Debito in Sapporo
Chips in official IDs raise privacy fears (excerpt)
By TODD LEWAN
Posted on San Jose Mercury News: 07/11/2009 09:37:12 AM PDT, courtesy TJL.
Complete article at http://www.mercurynews.com/breakingnews/ci_12816946
Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he’d bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.
It took him 20 minutes to strike hacker’s gold.
Zipping past Fisherman’s Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians’ electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he’d “skimmed” the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet.
Embedding identity documents — passports, drivers licenses, and the like — with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country.
But Paget’s February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent.
He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential toerode privacy.
Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone’s radar screen, critics say, and to redefine Orwellian government snooping for the digital age.
Mark Roberti, editor of RFID Journal, an industry newsletter, recently acknowledged that as the use of RFID in official documents grows, the potential for abuse increases.
“A government could do this, for instance, to track opponents,” he wrote in an opinion piece discussing Paget’s cloning experiment. “To date, this type of abuse has not occurred, but it could if governments fail to take privacy issues seriously.”
Imagine this: Sensors triggered by radio waves instructing cameras to zero in on people carrying RFID, unblinkingly tracking their movements.
Unbelievable? Intrusive? Outrageous?
Actually, it happens every day and makes people smile — at the Alton Towers amusement park in Britain, which videotapes visitors who agree to wear RFID bracelets as they move about the facility, then sells the footage as a keepsake.
This application shows how the technology can be used effortlessly — and benignly. But critics, noting it can also be abused, say federal authorities in the United States didn’t do enough from the start to address that risk.
The first U.S. identity document to be embedded with RFID was the “e-passport.”
In the wake of the Sept. 11 attacks — and the finding that some of the terrorists entered the United States using phony passports — the State Department proposed mandating that Americans and foreign visitors carry “enhanced” passport booklets, with microchips embedded in the covers.
The chips, it announced, would store the holder’s information from the data page, a biometric version of the bearer’s photo, and receive special coding to prevent data from being altered.
In February 2005, when the State Department asked for public comment, it got an outcry: Of the 2,335 comments received, 98.5 percent were negative, with 86 percent expressing security or privacy concerns, the department reported in an October 2005 notice in the Federal Register.
“Identity theft was of grave concern,” it stated, adding that “others expressed fears that the U.S. Government or other governments would use the chip to track and censor, intimidate or otherwise control or harm them.”
It also noted that many Americans expressed worries “that the information could be read at distances in excess of 10 feet.”
Those concerned citizens, it turns out, had cause.
According to department records obtained by researchers at the University of California, Berkeley, under a Freedom of Information Act request and reviewed by the AP, discussion about security concerns with the e-passport occurred as early as January 2003 but tests weren’t ordered until the department began receiving public criticism two years later.
When the AP asked when testing was initiated, the State Department said only that “a battery of durability and electromagnetic tests were performed” by the National Institute of Standards and Technology, along with tests “to measure the ability of data on electronic passports to be surreptitiously skimmed or for communications with the chip reader to be eavesdropped,” testing which “led to additional privacy controls being placed on U.S. electronic passports … ”
Indeed, in 2005, the department incorporated metallic fibers into the e-passport’s front cover, since metal can reduce the range at which RFID can be read. Personal information in the chips was encrypted and a cryptographic “key” added, which required inspectors to optically scan the e-passport first for the chip to communicate wirelessly.
The department also announced it would test e-passports with select employees, before giving them to the public. “We wouldn’t be issuing the passports to ourselves if we didn’t think they’re secure,” said Frank Moss, deputy assistant Secretary of State for passport services, in a CNN interview.
But what of Americans’ concerns about the e-passport’s read range?
In its October 2005 Federal Register notice, the State Department reassured Americans that the e-passport’s chip — the ISO 14443 tag — would emit radio waves only within a 4-inch radius, making it tougher to hack.
Technologists in Israel and England, however, soon found otherwise. In May 2006, at the University of Tel Aviv, researchers cobbled together $110 worth of parts from hobbyists kits and directly skimmed an encrypted tag from several feet away. At the University of Cambridge, a student showed that a transmission between an e-passport and a legitimate reader could be intercepted from 160 feet.
The State Department, according to its own records obtained under FOIA, was aware of the problem months before its Federal Register notice and more than a year before the e-passport was rolled out in August 2006.
“Do not claim that these chips can only be read at a distance of 10 cm (4 inches),” Moss wrote in an April 22, 2005, e-mail to Randy Vanderhoof, executive director of the Smart Card Alliance. “That really has been proven to be wrong.”
The chips could be skimmed from a yard away, he added — all a hacker would need to read e-passport numbers, say, in an elevator or on a subway.
Other red flags went up. In February 2006, an encrypted Dutch e-passport was hacked on national television, with researchers gaining access to the document’s digital photograph, fingerprint and personal data. Then British e-passports were hacked using a $500 reader and software written in less than 48 hours.
The State Department countered by saying European e-passports weren’t as safe as their American counterparts because they lacked the cryptographic key and the anti-skimming cover.
But recent studies have shown that more powerful readers can penetrate even the metal sheathing in the U.S. e-passport’s cover.
John Brennan, a senior policy adviser at the State Department’s Bureau of Consular Affairs, concedes it may be possible for a reader to overpower the e-passport’s protective shield from a distance.
However, he adds, “you could not do this in any large-scale, concerted fashion without putting a bunch of infrastructure in place to make it happen. The practical vulnerabilities may be far less than some of the theoretical scenarios that people have put out there.”
That thinking is flawed, says Lee Tien, a senior attorney and surveillance expert with the Electronic Frontier Foundation, which opposes RFID in identity documents.
It won’t take a massive government project to build reader networks around the country, he says: They will grow organically, for commercial purposes, from convention centers to shopping malls, sports stadiums to college campuses. Federal agencies and law enforcement wouldn’t have to control those networks; they already buy information about individuals from commercial data brokers.
“And remember,” Tien adds, “technology always gets better … ”
With questions swirling around the e-passport’s security, why then did the government roll out more RFID-tagged documents — the PASS card and enhanced driver’s license, which provide less protection against hackers?
The RFIDs in enhanced driver’s licenses and PASS cards are nearly as slim as paper. Each contains a silicon computer chip attached to a wire antenna, which transmits a unique identifier via radio waves when “awakened” by an electromagnetic reader.
The technology they use is designed to track products through the supply chain. These chips, known as EPCglobal Gen 2, have no encryption, and minimal data protection features. They are intended to release their data to any inquiring Gen 2 reader within a 30-foot radius.
This might be appropriate when a supplier is tracking a shipment of toilet paper or dog food; but when personal information is at stake, privacy advocates ask: Is long-range readability truly desirable?
The departments of State and Homeland Security say remotely readable ID cards transmit only RFID numbers that correspond to records stored in government databases, which they say are secure. Even if a hacker were to copy an RFID number onto a blank tag and place it into a counterfeit ID, they say, the forger’s face still wouldn’t match the true cardholder’s photo in the database, rendering it useless.
Still, computer experts such as Schneier say government databases can be hacked. Others worry about a day when hackers might deploy readers at “chokepoints,” such as checkout lines, skim RFID numbers from people’s driver’s licenses, then pair those numbers to personal data skimmed from chipped credit cards (though credit cards are harder to skim). They imagine stalkers using skimmed RFID numbers to track their targets’ comings and goings. They fear government agents will compile chip numbers at peace rallies, mosques or gun shows, simply by strolling through a crowd with a reader.
Others worry more about the linking of chips with other identification methods, including biometric technologies, such as facial recognition.
The International Civil Aviation Organization, the U.N. agency that sets global standards for passports, now calls for facial recognition in all scannable e-passports.
Should biometric technologies be coupled with RFID, “governments will have, for the first time in history, the means to identify, monitor and track citizens anywhere in the world in real time,” says Mark Lerner, spokesman for the Constitutional Alliance, a network of nonprofit groups, lawmakers and citizens opposed to remotely readable identity and travel documents.
For now, perhaps. Radio tags in EDLs and passport cards can’t be scanned miles away.
But scientists are working on technologies that might enable a satellite or a cell tower to scan a chip’s contents. Critics also note advances in the sharpness of closed-circuit cameras, and point out they’re increasingly ubiquitous. And more fingerprints, iris scans and digitized facial images are being stored in government databases. The FBI has announced plans to assemble the world’s largest biometric database, nicknamed “Next Generation Identification.”
“RFID’s role is to make the collection and transmission of people’s biometric data quick, easy and nonintrusive,” says Lerner. “Think of it as the thread that ties together the surveillance package.”
THE NEXT GENERATION OF POLICE WALKIE TALKIES
Courtesy of Ben
Police Service Terminal JT6810-C series (excerpt)
1 PDA palmtop computer
2 Number pad
3 EDGE 2.75G wireless communication
4 Global Position System(GPS)
5 Geographic Information System(GIS)
6 800 M digital mobile radio line
7 IC card reader
8 Digital vidicon
9 Digital sound recorder
IC card reader
* Read the information of IC card in display screen
* Rewrite data
Radio Frequency Identification(RFID)
* No need to touch against the device
Tobacco maker group hands over taspo user data to prosecutors
Japan Today, Monday 27th July, 05:09 AM JST, Courtesy of DR
The Tobacco Institute of Japan, the industry body of tobacco manufacturers, has turned over vending machine use logs on cigarette pack purchases by certain individual smokers to public prosecutors when they requested such information for investigative purposes, informed sources said Sunday. Such logs of ‘‘taspo’’ smart cards included records on when and at which vending machines the smokers bought cigarette packs, as well as their dates of birth, addresses and phone numbers, the sources said.
There has been a case in which the provided logs helped investigators find a person who had evaded some fines, the sources said.
The institute issues to smokers in Japan the taspo cards which entitle its holders to buy cigarette packs at vending machines. Taspo cards are issued only to adults aged 20 and over to block smoking by underage people.
This appears to be the first time that the use of taspo logs by criminal investigative authorities has become public knowledge. The use by such authorities of credit card-related information and mobile phone logs has been known.
The institute handed over taspo logs on a voluntary basis in response to prosecutors’ inquiries based on the Code of Criminal Procedure, but users of taspo cards normally do not assume that there is a possibility their taspo logs may be used in criminal investigations.
Some critics question the appropriateness of handing over such records to criminal investigators from the standpoint of the need to protect personal information, arguing that the institute should inform taspo holders beforehand that it may turn over their logs to third parties.
An institute official told Kyodo News, ‘‘We have kept track of purchases-related logs to check if taspo cards that were stolen or for which reports of loss have been filed may have been used illicitly, and we basically would not provide them to third parties.’’
‘‘But we cannot help turning over such logs as well as the addresses, names, dates of birth and contacts of cardholders to investigative authorities as necessary if the authorities request the logs in writing in line with the Code of Criminal Procedure,’’ the official said.
‘‘Since Article 23 of the rules for taspo cardholders stipulates that cardholders consent to the use of their information by the institute if the institute takes necessary measures to protect the information, we assume that the article also covers logs on their purchases,’’ the official added.
The institute has handed over to investigators such information as the dates of birth, addresses, phone numbers and dates of issuance of taspo cards of certain persons, as well as a list of when and where the cards were used, the sources said.
There have been cases where the institute turned over copies of applications filed by taspo applicants, alongside the copies of their identification cards such as drivers’ licenses which the applicants had attached to the applications.
Taspo logs could help their reviewers figure out what areas cardholders live in and what behavioral patterns they have.
Through the provision of the logs, the Saitama Public Prosecutors Office was able to identify a company where a taspo cardholder who has evaded a fine worked as the cardholder used a vending machine on the company’s premises repeatedly, the sources said.