Tool to backup, modify and clone ePassport released

[Ian Batten]

On 03 Oct 08, at 1023, Charles Lindsey wrote:

> On Thu, 02 Oct 2008 22:13:14 +0100, Ian Batten <igb@batten.eu.org>  
> wrote:
>
>>>
>>> Lots of people know my passport number. It's a standard item  
>>> requested by airlines when booking, conferences [1] when  
>>> registering, hotels when checking in.
>>
>> But we run around in circles.  If someone knows your passport  
>> number, what additional information of value could they extract  
>> from your passport? ...
>
> It enables that someone to decode all the stuff on the chip, if he  
> manages to catch you within 2m (thereabouts) of himself.
>
> Maybe that is no big deal, but people are jumping up and down at the  
> thought it might be possible, so what are they worrying about? Is it  
> just the start of the slippery slope that starts with "if you have  
> nothing to hide, why should you worry ...?".

If I could trivially extract all the data from my passport and decode  
it, that would increase faith in the transparency of the documents.   
It wouldn't be ``those with nothing to hide'', it would be ``this is  
nothing to hide''.

Using magic numbers like passport number, SSN, NHS number as ``only  
you can know this'' identifiers clearly doesn't work: no-one seriously  
suggests that the they are, or indeed can be, simultaneously kept  
confidential and used as general purpose identifiers.

If the data on the passport were all public, and the security of the  
device rested in its physical and cryptographic resistance to forgery  
and alteration, what would the problem be with it being globally  
readable?

The question isn't rhetorical: I may be missing a problem.

ian