RFID implants linked to animal tumors

AP: "When the U.S. Food and Drug Administration approved implanting microchips in humans, the manufacturer said it would save lives, letting doctors scan the tiny transponders to access patients' medical records almost instantly. The FDA found 'reasonable assurance' the device was safe, and a sub-agency even called it one of 2005's top 'innovative technologies.'

But neither the company nor the regulators publicly mentioned this: A series of veterinary and toxicology studies, dating to the mid-1990s, stated that chip implants had 'induced' malignant tumors in some lab mice and rats. 'The transponders were the cause of the tumors,' said Keith Johnson, a retired toxicologic pathologist, explaining in a phone interview the findings of a 1996 study he led at the Dow Chemical Co. in Midland, Mich."


Um. Whoops. More on the back-story, including hints of political corruption and coverup of the risks at 27bStroke6... Un-chip your pets.

Canadian currency bugged with RFID

CBC News: "Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defense."

Canada apparently took the idea of following the money trail a bit far... RFID in money.. interesting. Might be more efficient than the foil strip the US uses, but wouldn't range be an issue? Not clear that Canadians have RFID readers every 60-70 feet... Not sure what this is aboot.

RFID passports less useful to machines too...

EPIC: "A document obtained by EPIC from the State Department reveals that 2004 government tests found passports with radio frequency identification (RFID) chips that are read 27% to 43% less successfully than the previous Machine Readable Zone technology (two lines of text printed at the bottom of the first page of a passport)."

"Recent reports by the Department of Homeland Security Data Privacy and Integrity Advisory Committee and European experts also recommend against the use of RFID tags in identity documents."


Not particularly surprising on the face of it. What is surprising is that in spite of the above reports (even within DHA), we're all marching headlong into requirements for a fundamentally flawed and insecure system in the name of theater. Blech.


(link via Schneier)

Well, the Germans were always good at numbering people...

SecurityFocus: "The U.S. government is going forward with the public deployment of its electronic passport, ordering millions of the wireless chips from semiconductor firm Infineon to place in the back cover of the nation's travel document, the German company announced on Monday."

"at the latest Black Hat Briefings security conference, a German researchers showed how someone could read the data out from a passport and clone the functions of the digital document using a smart-card chip. The Smart Card Alliance, an industry group, dismissed the significance of the finding."


Note: The cloneable insecure identity-laden spychips can easily be negated with a few seconds in a microwave before traveling...

California DMV preps for National ID card rush...

SF Chronicle: "Starting in 2008, all 22 million licensed California drivers will be required to go in person to a DMV office and prove their identity and address with three different documents before getting a new, federally approved state license."

"The Real ID Act requires every state to issue driver's licenses that comply with a national standard. The goal is to prevent fraud and make sure people applying for licenses are who they say they are and do not pose security risks.

The perpetrators of the Sept. 11 attacks had valid licenses, which allowed them to board airplanes."


So since the terrorists had real and valid licenses, we should require a different license? dumb. Keeping in mind that knowing someone's name does exactly zero to indicate intent.. It's appropriate that these madates are referred to as 'Acts' given the 'security theater' going on.. Won't stop a terrorist. Won't do squat.

Criteria: have to bring someone's birth certificate and two bills with the same name on them. No verification. Nice. Lovely thing is that anyone can print a birth certificate, and all that's required to set up ultilities (if you don't just steal bills from a mailbox first) is a driver's license. Old ones work just fine. You can buy those on the street (timetable for street vendors to sell federal IDs? 2008.) Whatever. The terrorists had valid licenses. Intent is the issue. Not a name you can bootstrap your way into through other insecure documents.