All errors should be reported to DonSurber@gmail.com

Saturday, February 24, 2018

The Swamp doesn't verify e-Passports

After 9/11 the Swamp, which failed to warn us about 9/11, got Congress to a pass a laundry list of measures in the name of security. Among them was the federalization of state driver's licenses. You had to dig out a birth certificate (and for most wives, a marriage certificate) to renew your driver's license in West Virginia.

And we installed a Stalinist security system at the airports called TSA.

Now more than 16 years later, we learn once again that the Swamp is great at giving orders, but lousy at carrying them out.




"U.S. Border Patrol hasn’t validated e-Passport data for years," Lily Hay Newman of Wired reported.

But they told us they they were secure.

"Passports, like any physical ID, can be altered and forged. That's partly why for the last 11 years the united states has put RFID chips in the back panel of its passports, creating so-called e-Passports. The chip stores your passport information—like name, date of birth, passport number, your photo, and even a biometric identifier—for quick, machine-readable border checks. And while e-passports also store a cryptographic signature to prevent tampering or forgeries, it turns out that despite having over a decade to do so, us customs and border protection hasn't deployed the software needed to actually verify it," she wrote.

Hmm. Who would want to do something like that?

Matthew Green, a cryptographer at Johns Hopkins University, told Newman, "The idea of these things is that they’re supposed to provide some additional electronic security over a standard passport, which can be forged using traditional techniques. The digital signature would provide that guarantee. But if it’s not checked it doesn’t."

So we came up with this convoluted and expensive system to make passports more secure, but no one bothered to verify the data.

Democratic senators Ron Wyden of Oregon and Claire McCaskill of Missouri are stirring the pot on this, which is a good thing. They wrote (and publicized) a letter to Border Patrol, aka CBP.

"CBP does not have the software necessary to authenticate the information stored on the e-Passport chips. Specifically, CBP cannot verify the digital signatures stored on the e-Passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged," they wrote.

So basically, an e-Passport is just like a passport, except it has an e in front of its name.

By the way, the Swamp's failure spreads beyond our borders. Many countries bought our e-Passports without bothering to see how it could be compromised.

@@@



From Leslie Eastman's review at Legal Insurrection:
Surber, a recovering journalist with over 30 years of experience, has been cataloging the #FakeNews that has been regularly offered as serious analysis of President Donald Trump’s actions, policies, and opinions. He has brought his enormous collection together in the longest, most serious book he has yet written: Fake News Follies of 2017.
Fake News Follies of 2017 is available on Kindle and in paperback.

Autographed copies are available. Email me at DonSurber@GMail.com for details. I am including a "director's cut." I will give you the original Chapter 1 that I cut because while the chapter was amusing, it really had nothing to do with the Fake News Follies of 2017.

8 comments:

  1. As I understand it some states' drivers licenses still do not comply with the Federal law. TSA keeps threatening to not honor such licenses but they continue to move the compliance date back. Those states that spent the time and money to comply must feel like real suckers.

    Bucky

    ReplyDelete
  2. "So basically, an e-Passport is just like a passport, except it has an e in front of its name."

    My understanding is that the "e-passport" is simply a part of existing passports: it's the RFID chip, which can be read by electronic means.

    The ironic part is that this data can be stolen by someone with an RFID reader, who can get your passport's information from your unprotected passport without you knowing it happened. Back in the old days before RFID, someone who wanted your ID would have to actually steal your passport; now it's much easier for the crooks!

    This was supposed to expedite people going through passport control, as well as make people's ID more secure. Fail on both points!

    Why am I not surprised to find that it isn't used for its stated purpose, but is used by nefarious crooks? Because it's a gov't program, silly!

    ReplyDelete
  3. The failures of government implementation and execution run as deep as the swamp. As deep as the Marianas Trench.

    ReplyDelete
  4. Ron Swanson: “I’ve been quite open about this around the office: I don’t want this parks department to build any parks, because I don’t believe in government."

    ReplyDelete
  5. My dog has a chip to verify who she is.. [in case she gets lost or stolen]... and, it even tells her temperature too. It's almost 10 years old. The 'e' thing ain't a technical issue, it's a 'we gotta keep letting cross border activity' thing. Go figure.

    ReplyDelete
  6. And the solution to government's incompetence is always more government. - GOC

    ReplyDelete
  7. Discriminates against females. Where is NOW?

    ReplyDelete