That microchipped e-passport you've got? US border cops still can't verify the data in it

Despite demanding world+dog gets one, Uncle Sam lacks tools to check crypto-signatures


Two Democratic US senators have formally asked Uncle Sam's Customs and Border Protection (CBP) agency to get its act together on electronic passports.

In 2005, America began issuing passports with implanted machine-readable RFID chips that contain the traveler's personal information. This data is cryptographically signed so that if the information is later altered, these changes can be detected and stern questions asked. Also, counterfeit passports should be obvious because they won't have a valid digital signature.

Two years later, the US government ordered countries in its visa waiver program to also embed this chip technology in their own passports.

Just one little problem, though: the CBP couldn't, and still can't, actually process the digital signatures in the passport chips, and thus verify if the information hasn't been tampered with or completely made up.

To be clear: America's border cops can wirelessly read a traveler's personal data from the implanted chip. The officials just don't have the tools to check if the records are, you know, legit, and therefore check whether a person queuing to enter the Land of the Free is who they say they are, when using this embedded tech.

And this has been the case for at least the past decade.

"CBP does not have the software necessary to authenticate the information stored on the e-passport chips," Senators Ron Wyden (D-OR) and Claire McCaskill (D-MO) wrote in a letter sent to CBP's top brass today.

"Specifically, CBP cannot verify the digital signatures stored on the e-passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged."

Back in 2010, the US Government Accountability Office noted that CBP still hadn't bought the software to verify the e-passport chips contained the correct information, and nothing has changed since. When the usually grim-faced CBP officer scans your passport today, there's no way to verify the integrity of the chip's data.

“It is past time for CBP to utilize the digital security features it required be built into e-Passports,” Wyden and McCaskill thundered.

The senators asked the CBP to work with the government's General Services Administration to build a budget for introducing the software needed to make the e-passport system work as intended – and they want to see a concrete plan for its introduction by January 1 next year.

CBP had no comment at time of publication. ®


Other stories you might like

  • Cerebras sets record for 'largest AI model' on a single chip
    Plus: Yandex releases 100-billion-parameter language model for free, and more

    In brief US hardware startup Cerebras claims to have trained the largest AI model on a single device powered by the world's largest Wafer Scale Engine 2 chip the size of a plate.

    "Using the Cerebras Software Platform (CSoft), our customers can easily train state-of-the-art GPT language models (such as GPT-3 and GPT-J) with up to 20 billion parameters on a single CS-2 system," the company claimed this week. "Running on a single CS-2, these models take minutes to set up and users can quickly move between models with just a few keystrokes."

    The CS-2 packs a whopping 850,000 cores, and has 40GB of on-chip memory capable of reaching 20 PB/sec memory bandwidth. The specs on other types of AI accelerators and GPUs pale in comparison, meaning machine learning engineers have to train huge AI models with billions of parameters across more servers.

    Continue reading
  • Zendesk sold to private investors two weeks after saying it would stay public
    Private offer 34 percent above share price is just the thing to change minds

    Customer service as-a-service vendor Zendesk has announced it will allow itself to be acquired for $10.2 billion by a group of investors led by private equity firm Hellman & Friedman, investment company Permira, and a wholly-owned subsidiary of the Abu Dhabi Investment Authority.

    The decision is a little odd, in light of the company's recent strategic review, announced on June, which saw the board unanimously conclude "that continuing to execute on the Company's strategic plan as an independent, public company is in the best interest of the Company and its stockholders at this time."

    That process saw Zendesk chat to 16 potential strategic partners and ten financial sponsors, including a group of investors who had previously expressed conditional interest in acquiring the company. Zendesk even extended its discussions with some parties but eventually walked away after "no actionable proposals were submitted, with the final bidders citing adverse market conditions and financing difficulties at the end of the process."

    Continue reading
  • Singapore promises 'brutal and unrelentingly hard' action on dodgy crypto players
    But welcomes fast cross-border payments in central bank digital currencies

    In the same week that it welcomed the launch of a local center of excellence focused on crypto-inspired central bank digital currencies, Singapore's Monetary Authority (MAS) has warned crypto cowboys they face a rough ride in the island nation.

    The center of excellence (COE) was established by the Mojaloop Foundation – an open source effort to create payment platforms to make digital financial services accessible to those without access to banks. The COE aims to "accelerate financial inclusion in emerging markets" through hackathons, workshops and pilot projects while examining expanded CBDCs payment capabilities."

    Singapore's sovereign wealth fund has invested in Mojaloop, and MAS chief fintech officer Sopnendu Mohanty serves as a board advisor and the authority provides representatives to the Foundation's working group, alongside folks from the Bill & Melinda Gates Foundation, Google, and more.

    Continue reading

Biting the hand that feeds IT © 1998–2022