Two senators say CBP can’t detect if passport chips are tampered with

Sens. Ron Wyden and Claire McCaskill say there are weaknesses in CBP's ability to authenticate the electronic RFID chips in U.S. passports.
passports, identity
(Bureau of Consular Affairs / Facebook)

A pair of senators wants U.S. Customs and Border Protection to do more to ensure that computer chips embedded in U.S. passports are protected from forgery and tampering.

Sens. Ron Wyden, D-Ore., and Claire McCaskill, D-Mo., say in a letter addressed to CBP acting Commissioner Kevin McAleenan that the agency doesn’t have software necessary to verify the authenticity of the information stored on a passport’s smart chip.

“Specifically, CBP cannot verify the digital signatures stored on the e-Passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged,” the letter says.

The senators say that CBP, which manages entry and exit at the U.S.’s borders and airports, has been aware of the technology gap at least since a 2010 Government Accountability Office report pointed it out.


The GAO report says that while the Department of State developed a way to produce a digital signature for each passport, the Department of Homeland Security (which houses CBP), does not have the capability to authenticate that digital signature.

According to the DHS’s website, there are “multiple layers of security in the e-Passport process that prevent duplication.” A similar page from the State Department says that the passports have a “digital signature to protect the stored data from alteration.” Regardless, the GAO report says that CBP isn’t able to detect if the information is altered anyway.

A Wyden aide told FedScoop that while the GAO report is from eight years ago, the two senators only recently became aware of the problem.

Wyden and McCaskill want CBP to work with the General Services Administration to develop and implement a plan to properly authenticate passports’ digital signatures by the end of the year.

Since 2007, U.S. passports have been embedded with radio-frequency identification (RFID) chips in their back cover. It’s the same contactless technology used in many credit cards, transit passes and security fobs, for example. The chips contain the same biographic information printed in the passport as well as a digital image that can be used for facial recognition technology, according to the State Department.


“It is past time for CBP to utilize the digital security features it required be built into e-Passports,” the senators write.

Latest Podcasts