A passport is the ultimate breeder document for almost everything that requires identification. Security is obviously critical. The U.S. government, along with most countries in the world, has embarked on programs to design a new generation of passports with "smart card" technology. But it's just changed the tools of crime from color copy machines to computers. And short-sighted cost-cutting, resulting in offshore outsourcing, has been a more important priority than reducing the risk of hacker attacks.
Smart technology gives the public a false sense of security because of its high-tech mystique.
But I spent most of my career (pre-H 1B invasion) writing embedded software and designing the related hardware at Motorola Government Electronics Division in Scottsdale, Arizona. I worked on many projects that were involved with government secure communication applications. I know that the risk is very real, even though it may sound esoteric. Hacker attacks against passports could potentially dwarf credit card and identity fraud and pose a serious threat to personal privacy and national security.
This has many disturbing implications for immigration reform patriots. For example, the Beltway immigration patriot groups—NumbersUSA, FAIR, CIS—support the Real ID Act. They have bypassed the real privacy concerns because they are under the illusion that this technology will make it impossible to be in the U.S. illegally. But it won't.
Americans have no choice whether their passports have smart technology. All passports issued since 2007 are required to include it. E-passports can be identified by the international logo on the front cover.
According to the State Department over 48 million U.S. passports with e-passport smart technology have been issued. Worldwide over 100 million e-passports are in use by about 50 different countries.
A recent Scientific American article about hardware hacking provides excellent background for the problems with smart technology.
"As if software viruses weren't bad enough, the microchips that power every aspect of our digital world are vulnerable to tampering in the factory. The consequences could be dire:
Integrated circuits are increasingly complex and capable — but also increasingly vulnerable to attack.
The circuits typically include designs from many sources. A 'Trojan' attack hidden in one of these designs could surface long after the circuit has left the factory.
"This is one possible way that we might experience a large-scale hardware attack — one that is rooted in the increasingly sophisticated integrated circuits that serve as the brains of many of the devices we rely on every day. These circuits have become so complex that no single set of engineers can understand every piece of their design; instead teams of engineers on far-flung continents design parts of the chip, and it all comes together for the first time when the chip is printed onto silicon. The circuitry is so complex that exhaustive testing is impossible. Any bug placed in the chip's code will go unnoticed until it is activated by some sort of trigger, such as a specific date and time — like the Trojan horse, it initiates its attack after it is safely inside the guts of the hardware."
(The Hacker in Your Hardware: The Next Security Threat, by John Villasenor, Scientific American, August 4, 2010 Emphasis added)
Tampering with passport hardware is easy for the engineers who designed it, or the factory workers who assemble it. And detection and prevention is much more difficult when the production process takes place in diverse locations worldwide, where the U.S. government has little influence.
The U.S. Government Accounting Office (GAO) recognizes that malicious code could be slipped into the passport hardware—it gives no more than a vague "reasonable assurance" that the passports are secure:
"If properly validated, the digital signatures on State's e-passports should provide those reading the chip data, including DHS, reasonable assurance that the data stored on the chip were written by State and have not been altered."
(BORDER SECURITY: Better Usage of Electronic Passport Security Features Could Improve Fraud Detection, GAO, January 2010)
The components for the e-passport are manufactured in locations all over the globe. Brian Ross of ABC news recently did an excellent report investigating how outsourcing to foreign countries exacerbates security problems: "Operation Outsourced: Security of U.S. Passports" . He noted that critical parts of the passport are made in Thailand—a country with a significant radical Islamic population.
What ABC didn't make very clear is that Thailand is just one of dozens of countries involved in the manufacture of passports.
Let's review the entire picture. The brain of the e-passport is a smart chip that is manufactured somewhere in the world by foreign companies like NXP, Infineon, and probably contracted fabrication plants. The smart chip and associated hardware is shipped to another foreign company, Gemalto, for packaging and programming. Integration of the components is completed after they are shipped to the Dutch-owned company Smartrac for assembling the inlay in Minnesota or Thailand. The inlay is a laminate containing a Radio Frequency Identification Device (RFID) and antenna. Outer layers of sheet material, such as the passport cover stock, security paper or laser engrave-able polycarbonate protects the electronics on the front of the passport.
The final product is shipped to the U.S. Government Printing Office (GPO) to employees at secure production facilities in Washington, D.C., and at the Stennis Space Center in Mississippi. It's at those locations where somebody puts a stamp on the document that says "Made in the USA".
The GPO ships the blank passports to the State Department by unsecured FedEx until they decided to use an armored car company. The easiest way to counterfeit passports is to steal blank passports at this stage of the operation because they could be implanted with fake biometric data. There was a debate on whether to contract the armored car out to a foreign-owned company, but a few diplomats raised a big enough stink to stop that from happening.
The State Department has a procedure called "personalization" when the personal information of the passport owner is implanted into the smart card. But this is merely the front end of a very large and complicated process.
At least 60 suppliers all over the world are used to manufacture components. Government agents inspect the supply chain, but there are only about 30 agents to cover the world. Typically, inspectors target about 16 companies that are considered to be the most critical. But during an audit in 2006, most of those companies didn't have documented security plans—and, adding to the concern, due to budget cuts the GPO only has one employee to oversee the formal security supply chain assessment process.
The manufacturing trail for passports is really even more complex. Thus the website for the Dutch-owned supplier NXP reveals that it has 13 manufacturing sites worldwide and 26 R&D centers located in 12 countries. NXP engineers in foreign countries designed the software to control the smart chips. So it's doubtful that our government knows who actually designed it or where.
Gemalto is a company jointly owned by the Dutch and French with locations worldwide.
Infineon , is a German company that makes passport hardware for many different countries including U.S. and—China.
Sharing common technology platforms with other countries is risky because hackers worldwide can concentrate their efforts on fewer systems. As these technologies proliferate, there will be increasing probabilities that somebody will figure out how to hack them, and their motivation to do so will increase. Thus the worldwide popularity of the Microsoft Windows operating system has notoriously facilitated the proliferation of malicious viruses.
And sharing those systems with countries that have large terrorist organizations, or with possible adversaries such as China, obviously exacerbates the risk. In 2007, Smartrac filed a complaint accusing China of stealing its patented technology for e-passport chips. If China did obtain the secrets of the technology, its engineers could certainly figure out all the vulnerabilities of e-passports.
Passports are valid for 10 years. So that's how long the Chinese and the world's best hackers have to compromise them. Just imagine how simple it would be if a hacker with today's powerful computers was tasked with hacking a ten year-old computer!
E-passports are so globalized it's fair to assume that all citizens from all countries are in danger of privacy breaches. And if personal information is pried out of passports, subsequent improvements won't help the victims, because biometric information like fingerprints, face pictures, and eye scans lasts the duration of a lifetime.
Passports are morphing into global identification cards. Robert Mocny, acting director of the Dept. of Homeland Security US-VISIT program, described the push for globalized identification in a speech at an international biometrics and ethics conference in 2006. (US-VISIT is a system that screens foreigners for criminal or terrorist connections using their biographical and biometric data.) Mocny admitted to the desire to implement a worldwide system: "We have an ethical responsibility to make the vision of a global security envelope possible sooner rather than later." [Countries obligated to share data, U.S. official says, By Chris Strohm, National Journal's Technology Daily, November 29, 2006]
Because of international agreements, the American public has almost no voice in the way these passports are to be manufactured or used. As of June, 2010, the GPO claimed that it had delivered more than 55 million blank e-passports without a single security breach. But this is an empty claim, because the e-passport system is only partially completed. Most U.S. passports are still used as a paper document because the DHS is behind on installing the necessary scanners and computers. As of January 2006 only 500 scanners have been deployed. Since then, due to lack of funding, no additional ones have been installed.
(If the CBP decides to buy more scanners they will most likely purchase ones that are made overseas, so even those devices are suspect.)
And even though most U.S. passports haven't yet been used as e-passports due to the lack of scanners, they still pose a security risk. The new passports contain RFID technology.
E-passports are supplied with a shielding envelope. But owners have to make sure that their passport is completely closed. Keeping passports closed at all times is problematic, especially in Europe where passports are used as ID for credit cards, to lease cars, or to register to vote, etc.
And these attacks would be virtually impossible to detect until the data is compromised. Two examples of successful attacks:
"A security expert has cracked one of the U.K.'s new biometric passports, embarrassing the British government which has touted as a way of cutting down cross-border crime and illegal immigration.
"The attack, which uses a common RFID reader and customized code, siphoned data off an RFID chip from a passport in a sealed envelope, said Adam Laurie, a security consultant who has worked with RFID and Bluetooth technology. The attack would be invisible to victims, he said.
"'That's the really scary thing," said Laurie, whose work was detailed in the Sunday edition of the Daily Mail newspaper. "There's no evidence of tampering. They're not going to report something has happened because they don't know.' "
UK biometric passports succumb to hack, by Jeremy Kirk, IDG News Service, 06 March 07
And recently, a group of Indian hackers were caught hacking system software:
"Seven people were arrested in Andhra Pradesh for hacking the online passport application software of the Hyderabad regional passport office, police said Friday. Police Commissioner A.K. Khan told reporters that seven people, among them five passport agents, were arrested and a search was on for two other agents involved in the racket."
Seven held in Andhra for hacking passport software, Thaindiannews, June 04, 2010
The U.S. government has recognized the security threat that outsourcing to Thailand poses. In June of 2010, Steve LeBlanc, Managing Director, Security & Intelligent Documents, GPO, announced that the assembly of the passports will move to Smartrac's Chanhassen, Minnesota facility.
But this move is no panacea. Smartrac will still produce passport inlays via the same complicated chain of foreign suppliers for the components. By the time Smartrac gets the parts to assemble the inlay, the malicious code would already be in place. Smartrac would be very unlikely to discover the sabotage in the assembly process.
Smartrac produces inlays for most of the passports in the world so they will continue to produce inlays at their Thailand location. Smartrac could shift some of the production of inlays for U.S. passports back to Thailand if they lack capacity at the U.S. location or for any other reason (like for cheap labor) they deem important. As of June 2010 20% of the inlays were still being made in Thailand.
Hiring foreign workers in the U.S. increases security risks. Allegiance to the United States isn't required, and criminal background checks of foreign nationals are often difficult. Smartrac employs about 20 people in Chanhassen, which is good for the local economy, But it's not clear how many are local, Smartrac hires foreigners with proof of legal residence in various support positions, for instance for "maintenance manager" and "research assistant" . The H-1B visa would be an excellent conduit for saboteurs to position themselves into the right places.
Considering that U.S. government security experts recognize the dangers of outsourcing, why did they decide to do it? The best explanation is straight out of the mouth of the GPO when it responded to a scathing series of articles in the Washington Times that raised the same question:
"GPO was shocked to learn no U.S. company manufactured an integrated circuit that met the ICAO [International Civil Aviation Organization] standards and/or rigorous testing. Since 2004, GPO has encouraged U.S. companies to consider producing ICAO compliant components."
GPO Responds to Second Washington Times Story, [PDF] March 27, 2008
It may seem that the GPO is making lame excuses, but the reality is that it probably couldn't find domestic suppliers. According to RAND , in 1980 the U.S. had about 60% of the world semiconductor market share. But over the last 20 years U.S. companies have outsourced most of their production capacity. Foreign countries dominate the semiconductor business. (See "U.S. Becomes A Bit Player In Global Semiconductor Industry", by Richard A. McCormack, See Manufacturing & Technology News, February 12, 2010.
The bottom line: it may no longer be possible for the components used for e-passports to be produced in the U.S. This lack of domestic suppliers simply wouldn't have happened before 1990 because the U.S. government considered it a national security priority to procure electronic semiconductors from domestic sources.
Several factors in the 1980s contributed to the decline of the government's ability to mandate that domestic suppliers be used for their contracts: growing consumer buying power, shrinking military budgets, globalization.
But there is a more obvious explanation for passport outsourcing—greed and stupidity. In a scheme that resembles a starving man who cuts off his legs to satiate his hunger, the GPO made about $100 million in profits by selling the blank passports to the State Department Probably the GPO rationalizes that using domestic suppliers for components would cut profit margins, so they use the lowest cost bidders, who always happen to be overseas suppliers.
(A video called The Myth of Biometrics' Enhanced Security by Michael (Micha) Shafir and David J. Weiss, February 17, 2009 does an excellent job of illustrating the various threats posed by e-passports, although the animated person doing the narrative is rather annoying and the video is partially an infomercial. Two good articles from the Center for Public Integrity are U.S. Lacks Basic Security for e-Passport Manufacturing, Key Tool for Border Security Made in High-Risk Locations, by John Solomon, June 14, 2010 and Undercover Feds Able to Easily Obtain Fraudulent e-Passports, by John Solomon, . July 29, 2010
Almost ten years after 9/11, the globalist, see-no evil attitudes of the bureaucrats and policy elite still leave this country exposed to crime and terror.
A longer version of this article will appear in The Social Contract.
Rob Sanchez (email him) is a Senior Writing Fellow for Californians for Population Stabilization and author of the "Job Destruction Newsletter" (sign up for it here) at www.JobDestruction.com. To make a tax-deductible donation to Rob Sanchez, click here.