What Are E-Passports? Border Patrol Hasn't Checked Electronic Data In 8 Years
Officials working for the United States Customs and Border Protection (CBP) agency have failed to cryptographically verify passports of visitors coming into the country for more than a decade because they haven’t had the proper software do to do.
The revelation of the lack of proper authentication was brought to light in a letter sent Thursday to Kevin K. McAleenan, the acting commissioner of CBP, from Senators Ron Wyden, D-OR, and Claire McCaskill, D-MO.
At issue is the approval of e-passports. First issued in 2007, e-passports are similar to standard passports but contain a cryptographic chip that can be read by special software in order to quickly, electronically verify the authenticity of a passport.
According to the U.S. Department of Homeland Security, the chip in e-passports contain the passport holder's name, date of birth and other biographic information, as well as a biometric identifier such as a photo. The e-passport is considered to be more secure and more difficult to alter.
Citizen of the 38 countries that are part of the U.S. Visa Waiver Program (VWP) are required to have an e-passport in order to be admitted into the U.S. However, according to the letter sent to the acting commissioner of CBP, the agency currently “lacks the technical capabilities to verify e-passport chips.”
While most CBP booths at points of entry into the country are equipped with e-passport readers, the agency reportedly “does not have the software necessary to authenticate the information stored on the e-passport chips"—which would effectively defeat the purpose of the electronic verification system.
"Specifically, CBP cannot verify the digital signatures stored on the e-passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged," the letter read.
According to Senators Wyden and McCaskill, not only does the agency in charge of border protection not have the software needed to check e-passports right now—it has been aware of the security lapse “since at least 2010.”
The issue was first highlighted by the Government Accountability Office (GAO), which pointed out the lack of implementation of necessary software to check e-passports.
According to the report, DHS had “"not implemented the capabilities needed to completely validate the digital signatures generated by State before relying on the data." The GAO report concluded that until the technology was implemented, CBP would “continue to lack reasonable assurance that data found on e-passport computer chips have not been fraudulently altered or counterfeited."
The senators called for the GAO to determine the true cost developing or acquiring the necessary software to read e-passport data and called for the technology to be implemented by Jan. 1, 2019.
© Copyright IBTimes 2024. All rights reserved.