US e-passports haven't been verified in over a decade

  • Published
An e-passportImage source, Getty Images
Image caption,
US border control has not been authenticating e-passports since the technology was launched in 2007

US border control agents have not been using the right software to verify e-passports for more than a decade, two US senators claim.

Oregon senator Ron Wyden and Missouri senator Claire McCaskill have asked US customs officials to start properly authenticating e-passports.

If data on smart chips cannot be checked, it is not possible to tell if it has been tampered with, they say.

Anti-forgery measures in e-passports have never been implemented.

The US was one of the first countries in the world to adopt e-passports, and travellers from countries on the visa-waiver list are now required to enter the country using e-passports, which speed up the time needed to process individuals in border control.

However, the senators say that US Customs and Border Protection (CBP) has never used the anti-forgery and anti-tamper security measures it required to be built into e-passport smart chips because it doesn't have the right software.

"CBP has been aware of this security lapse since at least 2010, when the Government Accountability Office (GAO) released a report highlighting the gap in technology," Mr Wyden and Ms McCaskill wrote in a letter to customs officials.

"Eight years after that publication, CBP still does not possess the technological capability to authenticate the machine-readable data in e-passports."

The senators want US border control to start authenticating the data in e-passports by 1 January 2019.

CBP told the BBC that while it does not currently verify the country certificate of an e-Passport, the government agency does verify the data contained within the chip and the passport photo page that is placed into the scanner.

CBP also said that it has a unit to analyse fradulent travel documents seized by its officers, who physically check the travel documents belonging to all passengers who arrive on US-bound flights, and compare the data in the chip to the details on the photo page.

ESET's IT security specialist Mark James says that not authenticating the data stored in e-passport smart chips is a big concern.

"Any information stored on a chip could be tampered with," he told the BBC.

"In its simplest form, the data in the digital passport could be easily copied and stolen without your permission, and that data could be used to forge passports."

However, he felt that this was only a big problem if US customs officials were not using a physical back-up check as well as e-passport readers.