צי'פ "מאובטח" שאינו מתעדכן - כמו תוכנת אנטי וירוס שאינה מתעדכנת

15.9.06 ברוס שנייר ב-Washington Post - דרכון משמש אותנו 10 שנים. שיטות ההצפנה והאבטחה המשוכללות ביותר שיותקנו בצ'יפ שבדרכון, מתיישנות מהר. כמה זמן הייתם מוכנים, למשל, להשתמש במחשב שלכם עם תוכנות אנט-וירוס וביטחון בלי לעדכן אותן?

"The other security mechanisms are also vulnerable, and several security researchers have already discovered flaws. One found that he could identify individual chips via unique characteristics of the radio transmissions. Another successfully cloned a chip. The State Department called this a "meaningless stunt," pointing out that the researcher could not read or change the data. But the researcher spent only two weeks trying; the security of your passport has to be strong enough to last 10 years.

This is perhaps the greatest risk. The security mechanisms on your passport chip have to last the lifetime of your passport. It is as ridiculous to think that passport security will remain secure for that long as it would be to think that you won't see another security update for Microsoft Windows in that time. Improvements in antenna technology will certainly increase the distance at which they can be read and might even allow unauthorized readers to penetrate the shielding..."

ארה"ב - דו"ח ממשלתי על עלויות והשלכות פרוייקט Real ID

1.9.06 דו"ח רשמי בארה"ב יכול ללמד על הכשלים והעלויות העצומות של פרויקט ת"ז ביומטרית. הסוכנויות שהוציאו את הדו"ח מציעות הצעות שונות כדי לבצע בצורה רציונאלית את הפרויקט. אבל מבקרים טוענים, שהבעיה היא בהנחת היסוד, לפיה חייבים להוציא אל הפועל את הפרוייקט.
.
The Real ID Act: National Impact Analysis. National Governors Association, National Conference of State Legislatures, American Association of Motor Vehicle Administrators (sep. 2006):
.
"ONCLUSION. As evidenced by this analysis, the Real ID Act presents significant operational and fiscal challenges to states and the federal government. Officials at all levels of government must also recognize the personal impact Real ID will have on individual citizens. The four major categories described in this report represent the most critical challenges facing states and consumers as the act’s implementation deadline approaches. Even with full funding and aggressive state implementation plans, however, the difficulties of complying with yet unpublished regulations by the statutory deadline of May 2008 are insurmountable.
.
Our organizations strongly believe the recommendations presented here offer reasonable and workable alternatives to help states meet the objectives of Real ID. It is our intention to work towards implementation of the act in a cost-effective and reasonable manner. Governors, state legislators and motor vehicle administrators encourage DHS to adopt regulations and Congress to pass legislation that incorporates the recommendations of this report. We also urge Congress to appropriate sufficient funds to allow states to implement the act. The objectives of Real ID are laudable, but only by working together will state and federal governments succeed in meeting the challenges presented by Real ID."
.
ראו למשל מה כותב על הדו"ח ברוס שנייר:
.
"The report suggests a variety of measures designed to ease the financial burden on the states: extend compliance deadlines, allow manual verification systems, and so on. But what it doesn’t suggest is the simple change that would do the most good: scrap the Real ID program altogether. For the price, we’re not getting anywhere near the security we should..."
.

No REAL ID