Senators demand US start 'authenticating ePassports right'


Oregon senator Ron Wyden and Missouri senator Claire McCaskill have said US customs officials have not been properly authenticating ePassports for over a decade.

In a letter sent last week to Kevin McAleenan, the acting commissioner of U.S. Customs and Border Patrol,the senators claimed that the law enforcement agency lacks "the software necessary to authenticate the information stored on" newer passports, which have been outfitted with smart chips.

While CBP agents at airports and border crossings can in fact download the data off of the smart chips, Wyden and McCaskill write that the agency's software actually "cannot verify the digital signatures stored on the e-Passport chips." Without signature verification, CBP is "unable to determine" whether an individual's passport may have been "tampered with or forged," the senators claim.

Wyden and McCaskill say that CBP has had this e-Passport verification problem since 2007 because of the software deficit. Moreover, the senators claim that the agency has known this security gap exists since 2010, when the government released a report on the matter. Roughly 60 countries issue e-Passports to their citizens, including Iran, the Philippines, Russia, Turkey, Sweden, and the U.S.

"It is past time for CBP to utilize the digital security features it required be built into e-Passports," the duo writes, calling for the agency to "develop and implement a plan to properly authenticate e-Passports by Jan. 1, 2019."

The US was one of the first countries in the world to adopt ePassports, and travellers from countries on the visa-waiver list are now required to enter the country using e-passports, which speed up the time needed to process individuals in border control.

ESET's IT security specialist Mark James told the BBC that not authenticating the data stored in e-passport smart chips is a big concern.

"Any information stored on a chip could be tampered with," he said.

"In its simplest form, the data in the digital passport could be easily copied and stolen without your permission, and that data could be used to forge passports."

However, he felt that this was only a big problem if US customs officials were not using a physical back-up check as well as e-passport readers.


Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn

Latest Features & Interviews

White paper: Gemalto - The paper elements of a passport

An expert’s guide to using the paper elements of a passport.

INTERVIEW: Gemalto‘s Xavier Larduinat on the future of borders and digital identities

Xavier Larduinat, Marketing & Communication manager for Innovation at Gemalto, explores the future of digital identity, the Thales acquisition and other trends in an exclusive interview with Security Document World.

Interview: Sean Farrell, Head of Portfolio Management, Government Solutions, SITA

Planet Biometrics discussed the future of biometric travel technology with Sean Farrell, head of Portfolio Management, Government Solutions, SITA.

More articles >>
Share |

Sponsored Links

SDW Conference and Exhibition
SDW is a world-leading conference and exhibition providing a global showcase for next-generation secure credentialing solutions.