The U.S. Department of Homeland Security announced on Tuesday that the agency had completed initial testing of electronic passports, or e-passports, at San Francisco International Airport, but the latest security and privacy measures still may not satisfy critics of the technology.
The test, conducted as part of the US-VISIT program between January 15 and April 15, aimed to study the impact of e-passports on border-security operations. Australia, Singapore and New Zealand cooperated with the United States' government on the project. The three countries are among the 27 nations that are part of the U.S. Visa Waiver Program allowing expedited access to the U.S. for about 15 million travelers each year.
We are adopting biometric, electronically-based, and secure travel documents that are tamper resistant, yet provide a very convenient way to move back and forth across our borders, Michael Jackson, deputy secretary for the DHS, said in a statement. Working with Visa Waiver countries, we will begin to deploy these important security enhancements this year.
Answering privacy advocates' fears, the e-passports will have two countermeasures to make the surreptitious reading--known as skimming--of the passports more difficult. The covers of passports will have shielding material to make data leakage less likely, and use Basic Access Control (BAC) technology to authenticate the reader.
Those two methods are not foolproof, however. In a paper published last year, three researchers found that the U.S. implementation of BAC will only have about 52 bits of entropy, which is fairly easy to brute force. Moreover, once authenticated to one country's readers, the authority to access a passport cannot be revoked for the lifetime of the document, the paper's authors stated.
Posted by: Robert Lemos