October 31, 2025
Your passport keeps receipts
The cryptography behind electronic passports
Your passport is a tiny computer—and the internet is torn between magic and menace
TLDR: E-passports are tiny computers that use cryptography to stop snooping and forgery, but older features can leak proofs you showed your ID. Commenters split between awe, alarm over past vulnerabilities, and a bold idea to use passports to verify citizens for unofficial elections—thrilling and terrifying all at once.
Plot twist: that little "chip inside" logo means your passport is a contactless computer storing your photo, data, and security codes, all guarded by serious crypto. The article breaks down how it blocks snoops and fakes, even teasing future perks like digital stamps and selfie-based photo updates. But the comments? Pure fireworks. Some readers were awestruck by the engineering, while others got philosophical about borders, with one lamenting the endless human “heartache” spent proving where we were born.
Then came the privacy drama: a sharp-eyed commenter called out how an older passport check called Active Authentication can create a kind of “receipt” proving you showed your passport to someone—yikes. A newer method, Chip Authentication, avoids that, sparking a debate over who still uses the risky old way. Security veterans piled on with war stories about early “Enhanced IDs” and even talk of remote cloning—legacy tech strikes again. And the most explosive take? An activist wondered if e-passports could verify citizens for unofficial, government-free online elections—half the thread cheered the idea, the other half warned it’s a surveillance nightmare. Between the “wow” and the “whoa,” memes about “firmware updates for my passport” basically wrote themselves. Learn more about the standards behind it all here
Key Points
- •Modern passports include a contactless chip with a filesystem, access controls, and cryptographic protocols.
- •ICAO Doc 9303 defines eMRTD standards; Part 10 covers LDS and Part 11 covers security mechanisms.
- •The eMRTD application organizes personal and security data into data groups; DG1 and DG2 are mandatory.
- •The MRZ mirrors DG1 data with check digits for machine verification; DG2 stores the photo.
- •Threat model restricts unauthorized reading, eavesdropping, tracking, forgery, cloning, and access to biometrics; legacy protocols may introduce risks.