100% failure on passport fakes

by Tom Johansmeyer on

Getting a passport, it seems, doesn’t have to be difficult. Even with stricter requirements in this post-9/11 travel world, investigators duped passport and postal service employees four out of four times. In one case, the identity of a dead man became a new identity – likewise a five-year-old boy.

The route from identity fraud to new passport takes fewer than 10 days. In fact, the investigator who used the dead guy’s identity got his passport in four days. Another used forged documents to get a real Washington, D.C. identification card. He parlayed that into a passporton the same day!

Of course, none of this was unknown to the State Department. On February 26, 2009, the deputy assistant secretary of passport services sent a memo to Passport Services directors across the Untied States – saying that recent erroneous events had prompted the process for issuing passports to be reviewed.

Duh.

The underlying culprit – one of them, at least – may be how passport services officials are evaluated. Currently, volume is key, with a higher rate of passport issuances rewarded.

Visting the US? Remember to register with ESTA before you leave!

by Scott Carmichael on

If you live in one of the countries participating in the US Visa Waiver program, pay attention, as things just got a little more complicated for you.

As of January 12th 2009, all visitors to the US who are eligible for the visa waiver program will have to apply for travel authorization at least 72 hours prior to their trip.

There are 35 countries that participate in the Visa Waiver Program (VWP), and if you have ever come to the US on the VWP, you’ll have probably filled in one of those annoying green forms on your flight here.

Those days are now officially over, and the US Government wants to know who is coming here, before they get on the plane.

Statistics from the Department of Homeland Security claim that 99.6% of all people who apply for travel permission get it granted within seconds, which still leaves a fairly decent amount of people who do not get it, for any number of reasons.

The new authorization system is called ESTA – Electronic System for Travel Authorization. The site is available in 16 different languages. To apply for permission to fly to the US, you enter all your personal information, passport data, and flight numbers. You then get to answer the same questions you probably remember from the VWP form, which are there to determine whether you are a Nazi, drug dealer or other nasty kind of person.
If all works out, and you are not on a terrorist watch list, you’ll receive an authorization number. If the system declines your request, you’ll be required to apply for a regular visa through your local US Consulate or Embassy, which will most certainly take some time, so be sure you don’t wait too long!

Of course, as with all new systems like this, there are going to be some glitches, but the most worrying statistic is that far too many people had not heard of the new rules, and arrive at the airport unprepared. Thankfully, the US government has allowed for a short grace period.

The hardest hit are going to be people without Internet access as there is no offline application process. There will be no terminals at the airport, and people in a VWP country who arrive at the airport without an ESTA authorization number may be denied boarding.

Once you register for ESTA, the authorization is valid for 2 years, or the life of your passport (whichever is shorter). As with all international travel, you will need at least 6 months duration left on your passport if you want authorization.

The official ESTA site can be found here, just make sure you don’t fall for the tricks of paid services like Esta.us, who’ll do “all the hard work” for you, for a mere $249!

So, what exactly is in your Homeland Security travel file?

by Scott Carmichael on

Back in 2007, Jamie wrote an article outlining how to request getting your hands on your Homeland Security travel file.

Based on the Freedom Of Information Act (FOIA), anyone is allowed to request that federal agencies hand over the information they keep on file about you. There are of course a couple of exceptions, but your Homeland Security travel dossier is not one of them.

Of course, just outlining how to get this information is not that interesting, actually seeing one of these dossiers is the really good stuff.

Newsweek reporter Sean O’Neill put in his request, and received a large Homeland Security envelope with 20 photocopies containing his dossier.

So, what exactly is in the file? There is of course the usual stuff about where you went, and when you got back. The file listed all his ports of entry, as well as his passport information and various other pieces of data.

The bit that surprised me, was how much information was on file about how he paid for his tickets. Not only does the airline send the government your payment method, they even send the IP address of the computer used to make that purchase as well as any IP address assigned to a computer that was used for other things, like a seat assignment change.

Of course, none of this information is all that sensitive, but it’s obvious that the government is collecting a massive amount of information on every single traveler in the country. On the one hand, it’s a minor invasion of privacy, but on the other hand, if the government puts this information to good use, and masters the art of data mining, they may be able to halt the bad guys before they make it to the airport.

Either way, it’s a very interesting read, and it may prompt you to ask the government for access to your own file, or perhaps it’ll just remind you not to use Al Qaeda computers to pay for your next ticket.

Source: current.newsweek.com

Green card holder? Be prepared for fingerprinting at the airport!

by Scott Carmichael on

As part of the US-VISIT program, designed to protect the country from terrorism and other threats, US Permanent Residents will soon have to subject to fingerprinting when they enter the country through an immigration checkpoint. The new rules go into effect on January 18th 2009.

The scheme is already in place for non permanent residents and other visitors, but it is the first time it has been expanded to permanent residents.

Fingerprinting Green card holders is quite strange, because part of the process of becoming a permanent resident involves an FBI background check and a pretty intensive fingerprinting procedure.

Of course, the fingerprinting could also be a way of ensuring the person entering the country with a Green card actually is who they say they are. It could also simply mean that the records stored within the government systems are such a mess, that they can’t do any reliable matching against terrorist records.

The next step in US-VISIT could be a little more scary, as the Department of Homeland Security claims there are “not currently” any plans to start fingerprinting US citizens when they re-enter the country, but I suspect that is probably not very far away.

(Via: Cnet)

Two weeks of embarrassing passport news

by Scott Carmichael on

It’s been a bad couple of weeks for passport designers. Several things happened that could alter the future of the technology used in our travel documents.

The first bit of bad news came from the UK, where a van was stolen containing 3000 “virgin” passports. These passports were on their way to an RAF base, where they would be flown to consulates all around the world (previously covered here on Gadling)

The passports were made in a high security printing facility owned by 3M, but of course, no amount of security helps against stupidity. When the driver of the van stopped at a store to buy a candy bar, his colleague (who was still in the unlocked van) was ordered to keep his head down while the thieves drove off, stopped in a dark alley, and unloaded all the passports into a waiting car. The passenger of the delivery vehicle has been arrested and released on bail.

The UK passport service said “computer chips embedded in the passports to store personal and biometric data have not been activated. The service says that means the documents, which are still missing, can’t be used as passports.“.

Turns out they couldn’t have been more wrong, which brings us to the next bit of bad news.

RFID (radio frequency identification) chips in passports have been a hugely controversial issue. Ever since the first trials were conducted, security specialists have warned that they are not the holy grail they are said to be. Back in 2006, right after the first chip enabled travel documents rolled off the printing presses, researchers showed how easy it is to read, and write to the chip in these passports. In a more recent experiment, a researcher read the information off one passport, and altered it, rewriting the data to a different chip, but with a new photo; Osama Bin Laden.

When the standards were developed for the RFID chips in travel documents, a system was put in place that could verify the information stored on the passport with a remote database of “public keys”. So far, only 10 of the countries participating in RFID passports have signed up for this new public database, and only 5 are actually using it. Once this system is in place, a scanned passport will be verified against the data it is supposed to contain.

This technology should eventually make it much harder to use a fake or altered passport at an immigration counter, but only in countries that have the systems in place for using RFID. Any other county will still have to rely on the visible data stored in the passport. Since the RFID technology is only intended for immigration purposes, a fake passport can still easily be used for other purposes, like banking or real estate.

In the meantime, there are 3000 UK passports on the market (worth about $3400 each), and millions of passports being printed each month with RFID chips that don’t really protect anyone.

With each vulnerability found in these RFID passports, the designers are pushed back a little closer to their drawing boards, where they will eventually have to develop an even better method of protecting the countries they work for. Of course, in the big picture of things, nothing can stop good old human stupidity.