I told you RFID didn't belong in passports!


A recent RISKS issue contains this item contributed by the editor, Peter G. Neumann:

Using inexpensive off-the-shelf components (a Motorola RFID reader and antenna, and a PC) ... Chris Paget ... built a mobile platform in his spare time that can clone large numbers of the unique RFID tag electronic identifiers used in U.S. passport cards and next generation drivers licenses. While driving around San Francisco for 20 minutes, he was able to harvest two passport tags without knowledge of their owners from up to 30 feet away.

Read the rest of the RISKS item over at the archive, or a complete article over at SecurityFocus.

Given the huge security risks that ought to be self-evident here, what justifies the use of a technology like RFID that can be read at a distance without the awareness of the document holder?

The only sensible approach in the first place was to use an optical technology such as a 2-D barcode symbology if it really was necessary to put more information into the electronic record than just the passport number itself. Printed inside the cover (or on the back of a card) it would be immensely more difficult to read at a distance, and since the cover would normally not be left open, it would rarely be possible to get the content without the holder knowing. Even better, because the symbol is visible the owner would be more likely to know that the threat exists, and avoid leaving it laying out open to the symbol in plain view.

In contrast, the RFID tag is invisible to the owner and can be read without opening the document (or without even removing it from a pocket or wallet).

Until the world comes to its senses, wrapping your passport in copper foil may well be the only sensible action. Of course, you will then have to explain yourself to the nice TSA agent at the security checkpoint...



Coraline, now in theaters in 3D

We saw Coraline[IMDB][wiki] the other day. It was shown in one of the new digitally projected 3D systems at our local multiplex.


I was very taken with the book by Neil Gaiman, who is one of my favorite authors. It is a simple story about a young girl who feels neglected by her workaholic parents. They move to an old house that has been divided into flats, taking the large flat for their own. While exploring the house, Coraline (not Caroline!) finds a locked door in the parlor that appears at first to open onto a brick wall. Later, she finds it opens into another world where her "other" mother and father dote on her. They seem a little creepy, an effect enhanced by having large black buttons sewn in place of their eyes. She can stay, but only if she consents to have the buttons herself.... Read the book and you'll never look at buttons the same way again.

The movie actually extends the story beyond the book in several ways, and it does it without breaking it. In fact, the film's version of the story is better at least as handled on screen. The writers added an entire new character and improved the depth of the back story of the villainess. They even managed to fit a musical number in that was written (but not performed) by They Might be Giants.

Given that it was directed by Henry Selick (who directed Tim Burton's Nightmare Before Christmas, James and the Giant Peach, and Monkey Bone) the stop-motion animation is as striking as could be expected. More striking is the delicate use of 3D projection. The 3D was used to give extra depth to the scenery without abusing the audience. It was not used as a gimmick. There is a hint of the effort expended on the animation in a short segment after the credit roll that shows a sequence shot from a wider angle and without any of the clamps or wires removed. There was some CGI used, but mostly for cleanups and wire removal.

In short, see this movie.