Tech

Two senators say CBP can’t detect if passport chips are tampered with

Sens. Ron Wyden and Claire McCaskill say there are weaknesses in CBP's ability to authenticate the electronic RFID chips in U.S. passports.

By Zaid Shoorbajee

February 22, 2018

(Bureau of Consular Affairs / Facebook)

A pair of senators wants U.S. Customs and Border Protection to do more to ensure that computer chips embedded in U.S. passports are protected from forgery and tampering.

Sens. Ron Wyden, D-Ore., and Claire McCaskill, D-Mo., say in a letter addressed to CBP acting Commissioner Kevin McAleenan that the agency doesn’t have software necessary to verify the authenticity of the information stored on a passport’s smart chip.

“Specifically, CBP cannot verify the digital signatures stored on the e-Passport, which means that CBP is unable to determine if the data stored on the smart chips has been tampered with or forged,” the letter says.

The senators say that CBP, which manages entry and exit at the U.S.’s borders and airports, has been aware of the technology gap at least since a 2010 Government Accountability Office report pointed it out.

The GAO report says that while the Department of State developed a way to produce a digital signature for each passport, the Department of Homeland Security (which houses CBP), does not have the capability to authenticate that digital signature.

According to the DHS’s website, there are “multiple layers of security in the e-Passport process that prevent duplication.” A similar page from the State Department says that the passports have a “digital signature to protect the stored data from alteration.” Regardless, the GAO report says that CBP isn’t able to detect if the information is altered anyway.

A Wyden aide told FedScoop that while the GAO report is from eight years ago, the two senators only recently became aware of the problem.

Wyden and McCaskill want CBP to work with the General Services Administration to develop and implement a plan to properly authenticate passports’ digital signatures by the end of the year.

Since 2007, U.S. passports have been embedded with radio-frequency identification (RFID) chips in their back cover. It’s the same contactless technology used in many credit cards, transit passes and security fobs, for example. The chips contain the same biographic information printed in the passport as well as a digital image that can be used for facial recognition technology, according to the State Department.

“It is past time for CBP to utilize the digital security features it required be built into e-Passports,” the senators write.

Two senators say CBP can’t detect if passport chips are tampered with

More Like This

ICE pursuing privacy approvals related to controversial phone location data

House Modernization panel advances bill to improve CRS’s data access in first-ever markup

State Department encouraging workers to use ChatGPT

Top Stories

Federal CIO calls on Congress to fund Technology Modernization Fund

GSA administrator: Generative AI tools will be ‘a giant help’ for government services

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

More Scoops

U.S. will use facial recognition at airports

Latest Podcasts

Two senators say CBP can’t detect if passport chips are tampered with

AI Week 2024 has Come and Gone

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

Tech

Defense

Cyber

Acquisition