Chains of trust, questionable origins

If I wanted to print US Dollars at home, I’d need the printing equipment, the paper stock on which to do it, and the magical ink.  To thwart me, the government controls access to the printing plates, blank paper stock, and ink.  This, of course, hasn’t stopped people from trying to print money, but their produced fake money can be detected as fake because they do not have access to the real plates, stock, and ink.  Because the government tightly controls access to the original materials and the flow raw materials into the printing process, our money can be trusted.  (Financial crisis and the government’s predilection to just print heaps of dollars not withstanding.)

The government has not implemented the same model in the case of identification systems: passports and REAL ID driver’s licenses.

Consider this article from the Washington Times.  The raw materials to make a new RFID passport, namely, the blank covers with RFID chips in them, originate in Thailand.  They are then shipped here for printing and binding.  The control over access to this supply-line seems to be very weak.

The new RFID passports are part of a chain of trust.  Border Control allows me to re-enter the country if the passport is trustworthy and valid.  Cloning passports has been demonstrated to be a trivial process.  So one trustworthy passport can become an infinite number of trustworthy passports.  The chain of trust extends from me and the INS at the airport, back to the passport issuance office, to the State Department, to Thailand, and back to Europe where the RFID chips are made.  If any link along the chain cannot be trusted, then the entire chain of trust breaks.  And this seems to be the case.

This is similar to REAL ID.  In this case, municipal Departments of Motor Vehicles are responsible for protecting access to blank REAL ID stock.  That, in and of itself, isn’t any different than what happens today.  By transforming the driver’s license from a piece of plastic that says I am allowed to drive, into a proof of citizenship, REAL ID extends the chain of trust in new ways.  DMVs have been and are relatively weak targets.  This breaks this newly extended chain of trust.

The government, if it wants to establish and extend chains of trust, it must control the flow of raw materials into the process and must ensure that each step is trustworthy.

And if you think I am picking on the government, here’s a third example that doesn’t involve the US government.  It appears that credit card readers we altered during their construction.  These altered readers were indistinguishable from their unaltered peers.  These altered readers sent account data to unknown people in Pakistan.  Swipe a card to pay for groceries and off your data goes.  In this case, the last stop in the payment card chain of trust was effected.  If I cannot trust the card reader not to send my account information to someone I do not know, do not have a relationship with, and inherently do not trust,  then I will stop swiping my cards and just order things online or pay cash.

A system designed to broker trust must consider the extent of its chain of trust.  Each link in the chains must be fully vetted and strengthened.  Until I see evidence of that, I am still going to keep hold of my non-RFID passport.

Leave a Reply