Slashdot Mirror
US Border Officials Haven't Properly Verified Visitor Passports For More Than a Decade Due To Improper Software (zdnet.com)
An anonymous reader quotes a report from ZDNet: U.S. border officials have failed to cryptographically verify the passports of visitors to the U.S. for more than a decade -- because the government didn't have the proper software. The revelation comes from a letter by Sens. Ron Wyden (D-OR) and Claire McCaskill (D-MO), who wrote to U.S. Customs and Border Protection (CPB) acting commissioner Kevin K. McAleenan to demand answers. E-passports have an electronic chip containing cryptographic information and machine-readable text, making it easy to verify a passport's authenticity and integrity. That cryptographic information makes it almost impossible to forge a passport, and it helps to protect against identity theft. Introduced in 2007, all newly issued passports are now e-passports. Citizens of the 38 countries on the visa waiver list must have an e-passport in order to be admitted to the U.S. But according to the senators' letter, sent Thursday, border staff "lacks the technical capabilities to verify e-passport chips." Although border staff have deployed e-passport readers at most ports of entry, "CBP does not have the software necessary to authenticate the information stored on the e-passport chips." "Specifically, CBP cannot verify the digital signatures stored on the e-passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged," the letter stated. Wyden and McCaskill said in the letter that Customs and Border Protection has "been aware of this security lapse since at least 2010."
There was an interesting e-passport replication technology reported at the "Black Hat" security conference in 2006 So far as I know, this replication approach has never been disabled
https://www.theregister.co.uk/...
RFID chips are, by their nature, kept very inexpensive and easy to read. Unless the USA and other nations are prepared to invest in more powerful and secure standards for what is supposed to be a very easily scanned and robust technology, I'm afraid that I don't see how they can be made more secure.
I recall (living in the DC area at the time of 9/11 and working next to Dulles, so it wasn't exactly a distant concern at the time) that Bush and the Republicans in Congress wanted enhanced private security, but the Democrats would only join them in voting for it if it used government workers, so to get it at all (which I wouldn't have voted for, but that's another discussion) they caved to the Democrats on the issue.
So while Bush was the President at the time, it's not like he was a dictator. To say it was Bush's idea to use government employees for security isn't accurate. At most, he went along with the Democrats on it.
The party of stupid and the party of evil get together and do something both stupid and evil, then call it bipartisan.
And in that time, the number of terrorist attacks by foreigners sneaking into the country is...zero.
Maybe that "foreign terrorist" threat isn't nearly as bad as we were told? Maybe we have more to worry about from other Americans than we do foreign terrorists?
It isn't zero... "Six Iranians, six Sudanese, two Somalis, two Iraqis, and one Yemeni have been convicted of attempting or executing terrorist attacks on U.S. soil during that time period"
According to this article arguing against the travel ban: https://www.theatlantic.com/international/archive/2017/01/trump-immigration-ban-terrorism/514361/
Also, this issue isn't just about terrorism, but also more likely criminals coming to the US. The numbers of criminals coming to the US is well above 0.