The findings of the study were unveiled at the European Symposium on Research in Computer Security
The Luxembourg government has no plans to replace its e-passports, after researchers discovered a privacy flaw that can detect when someone recently passed through a passport check.
The flaw, detected by a team at the University of Luxembourg, relates to the verification systems used to read biometric passport data at border controls and other inspection system areas.
In a joint response to a parliamentary question issued on Tuesday, digitalisation minister Xavier Bettel (DP) and foreign affairs minister Jean Asselborn (LSAP) wrote that any exploitation of this weakness by a third person would “not allow them to steal personal data contained in the e-passport chip. The impact would be limited to the ability to identify the passing of an e-passport at specific controls, without being able to identify the owner of the passport.”
They further wrote:
“A replacement passport is not therefore envisaged since it goes back to a passport that meets all the security norms with a document that has the same technical characteristics.”
The findings of the study were unveiled at the European Symposium on Research in Computer Security, hosted in Luxembourg from 23-27 September.
Dr Ross Horne, one of the researchers, said in a press statement in September that with the right device, it would be possible to scan passports in close vicinity and reidentify previously checked passport holders.
The two ministers said that while this might be possible in laboratory conditions, recreating them in the secure environment around passport readers, for instance at airports, was a different matter.