Senators demand US start 'authenticating ePassports right'

28/02/18

Oregon senator Ron Wyden and Missouri senator Claire McCaskill have said US customs officials have not been properly authenticating ePassports for over a decade.

In a letter sent last week to Kevin McAleenan, the acting commissioner of U.S. Customs and Border Patrol,the senators claimed that the law enforcement agency lacks "the software necessary to authenticate the information stored on" newer passports, which have been outfitted with smart chips.

While CBP agents at airports and border crossings can in fact download the data off of the smart chips, Wyden and McCaskill write that the agency's software actually "cannot verify the digital signatures stored on the e-Passport chips." Without signature verification, CBP is "unable to determine" whether an individual's passport may have been "tampered with or forged," the senators claim.

Wyden and McCaskill say that CBP has had this e-Passport verification problem since 2007 because of the software deficit. Moreover, the senators claim that the agency has known this security gap exists since 2010, when the government released a report on the matter. Roughly 60 countries issue e-Passports to their citizens, including Iran, the Philippines, Russia, Turkey, Sweden, and the U.S.

"It is past time for CBP to utilize the digital security features it required be built into e-Passports," the duo writes, calling for the agency to "develop and implement a plan to properly authenticate e-Passports by Jan. 1, 2019."

The US was one of the first countries in the world to adopt ePassports, and travellers from countries on the visa-waiver list are now required to enter the country using e-passports, which speed up the time needed to process individuals in border control.

ESET's IT security specialist Mark James told the BBC that not authenticating the data stored in e-passport smart chips is a big concern.

"Any information stored on a chip could be tampered with," he said.

"In its simplest form, the data in the digital passport could be easily copied and stolen without your permission, and that data could be used to forge passports."

However, he felt that this was only a big problem if US customs officials were not using a physical back-up check as well as e-passport readers.

 

Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn

Latest Features & Interviews

SDW 2018 Interview: secunet on EES

In this interview, Frank Steffens, Principal in the Homeland Security division of Germany’s secunet tells us about their approach to the biometric Entry/Exit System (EES) planned in Europe.

SDW 2018 Interview: Ixla

Company spotlights have been created to give firms operating in the secure documents and identity industry an opportunity to discuss trends, product innovations and achievements.

White paper: Gemalto - The paper elements of a passport

An expert’s guide to using the paper elements of a passport.

More articles >>
Share |

Sponsored Links

SDW Conference and Exhibition
SDW is a world-leading conference and exhibition providing a global showcase for next-generation secure credentialing solutions.