On Thu, 7 Oct 2004, Sunder wrote:

> So the cops and RFID h4x0rZ can know your true name from a distance.  and 
> since RFID tags, are what, $0.05 each, the terrorists and ID 
> counterfitters will be able to make fake ones too... Whee!

Given the power requirements for doing anything more than dumb sequence 
repeat, I'd worry about the potential for replay attack and licence 

Make a proof-of-concept device early after they start rolling the scheme 
out, publish on Slashdot, and see them retracting it as fast as they were 
deploying it.

A defense is a metal board in a wallet, close to the RFID chip's antenna. 
It is readable when the licence is taken out of the wallet. When inside, 
the antenna is quite effectively shielded. As a bonus, for many people 
this method can be seamlessly integrated to their mode of the document 
usage (leaving the privacy implications of the "legitimate" readers aside 
for now, talking about the unauthorized remote readers only here).

Reply via email to