CBP's Trusted Traveler Systems Using RFID Technology Require Enhanced Security (Redacted) [open pdf - 1MB]
"CBP has implemented effective physical security controls over the RFID tags, readers, computer equipment, and databases supporting the RFID systems at the POEs visited. No personal information is stored on the tags used for CBP. Traveler's personal information is maintained in and can be obtained only with access to the system's database. [...] However, CBP has not developed adequate policies and procedures to ensure that security controls are implemented consistently by all POEs to protect its trusted traveler systems. In addition, CBP has not implemented the necessary controls on the system's back end to ensure that the data captured and stored for the trusted traveler programs are properly protected. In addition, we determined that CBP did not ensure that its trusted traveler systems fully comply with all Federal Information Security Management Act (FISMA) requirements."
Department of Homeland Security, Office of Inspector General, Report No. OIG-06-36
United States Department of Homeland Security: http://www.dhs.gov