Feds have spent 13 years failing to verify whether passport data is legit

  News
image_pdfimage_print
Enlarge / Leonel Cordova (L) and Noris Cordova, who are not plaintiffs in this lawsuit, speak to a CBP officer at Miami International Airport on March 4, 2015 in Miami, Florida.
Joe Raedle/Getty Images

For over a decade, Customs and Border Protection has failed to properly verify e-passports (which contain biometric data) as “it lacked the software to do so,” according to a new letter sent by two top senators.

According to a 2010 report authored by the Government Accountability Office, the problem needed fixing then—and eight years later it still hasn’t been resolved.

An e-passport is essentially a passport that includes machine-readable RFID chips containing a traveler’s personal information. These more digitally secure passports, which began to be required by the United States for visitors form visa waiver countries beginning in 2007, are scanned at the border by a CBP agent’s computer. However, without a digital signature, it is impossible to validate that the data contained on the passport is actually authentic.

Matthew Green, a professor of cryptography at Johns Hopkins University, called out CBP on Thursday about the issue.

In the Thursday letter, Senators Ron Wyden (D-Oregon) and Claire McCaskill (D-Missouri) demanded that CBP resolve the problem by January 1, 2019.

Customs and Border Protection did not immediately respond to Ars’ request for comment.

https://arstechnica.com/?p=1264961