Decius wrote: The Department will also implement Basic Access Control (BAC) to mitigate further any potential threat of skimming or eavesdropping. BAC recently has been adopted as a best practice by the ICAO New Technologies Working Group and will soon be formally added to the ICAO specifications. BAC utilizes a form of Personal Identification Number (PIN) that must be physically read in order to unlock the data on the chip. In this case, the PIN will be derived from the printed characters from the second line of data on the Machine-Readable Zone that is visibly printed on the passport data page. The BAC also results in the communication between the chip and the reader being encrypted, providing further protection.
Most of the folks commenting on the new RFID rule didn't mention this. This will satisfy most of the security concerns.
But see Schneier's piece on Wired about it. I agree with Schneir, particularly with what he says about the State Department not having given compelling reason to make passports wirelessly readable. RE: Anti-skimming covers are not the only feature in new passports. |