E-passports to put new face on old documents

A number of countries are about to launch trials of passports and visas that incorporate basic biometric information about the document holder alongside the traditional photo and passport number--data such as a digital image of the citizen's face that will be compared to a facial scan taken at the airport.

The first country to take the plunge will likely be Belgium, which plans to conduct an e-passport trial later this year, with possible real-world implementation by next year. The U.K. Passport Office recently announced that it is looking for volunteers to help test the recording and verification of facial recognition, iris and fingerprint biometrics. And New Zealand and Canada are also actively looking into conducting trials.

Australia and the United States, meanwhile, have issued requests for proposals for trials of their own, and the Netherlands is looking at ways for banks to adopt chip-based documents that would be used to confirm identification.

In part, the incorporation of digital data is a natural evolution that brings what have long been purely paper documents into the 21st century. In addition, with global worries about terrorism and other threats on the rise, the technology shift will help governments keep their border checks up-to-date. Banks and other institutions are likely to use the high-tech documents to provide better verification of customers and cut down on fraud and other crimes involving mistaken identity.

"When biometric identity has been confirmed, it does help to prevent the person from using another name in their dealings," said Barry Kefauver, a consultant and former U.S. deputy assistant secretary of state for passport services.

Critics of the technology, however, are worried that governments might use the data to track citizens going about their ordinary business or that miscreants who steal the high-tech passports might be better equipped to carry out identity theft.

"It is too easy to steal information out of a card," said Katherine Albrecht, the founder and director of Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN, a policy watchdog created to expose data issues with supermarket loyalty programs.

Proponents acknowledge these concerns. But they say they've included technology that will shield private information contained in e-passport memory chips and keep it from falling into the hands of unauthorized parties. Security systems are never perfect, but the internal systems on these chips will make it difficult to surreptitiously read (or alter) information the chips contain.

"You are not able to track a person except when tracking them in and out of a city," said Joerg Borchert, vice president of secure mobile solutions at Infineon Technologies. Governments already have that ability using old-fashioned passports, he added.

Infineon, the German chipmaking giant, has been active in moving the technology out of the labs and has been bidding on the various passport projects. It has begun to ship samples of two identification chips it says can improve travel security and cut down on problems such as bank fraud because they contain more than 50 mechanisms designed to foil tampering.

At the same time, the company has tried to preserve privacy by including an encryption processor that scrambles data coming out of the identity documents and reducing the range for extracting data from the chips to just a few inches. The chips are "contactless," meaning that the information contained in them is extracted wirelessly by a reading device.

One of the chips will function as a smart card and contain information such as credit card numbers and insurance information, while the other, designed for passports, will contain only ID information such as facial images or fingerprints. The chips are available in sample quantities now but will go into high-volume production by the end of the year.

Passports, please
The push for better passports began in 1997 under the guidance of the International Civil Aviation Organization, or ICAO, a UN agency. An ICAO technology working group was charged with establishing better security standards for travel documents, standards that could be applied worldwide and would be cost effective.

In 2002, ICAO came out with what is called the "New Orleans Resolution" (named after the city where it was voted on). In the resolution, ICAO endorsed facial recognition as the biometric identification technology of choice, with fingerprints and iris scans as optional, supplemental forms of biometric identification.

Fingerprints--despite providing the most accurate means of identifying a person--were ruled out because of the criminal overtones. Governments worried that their citizens would feel like they were being arrested.

"Australia, Canada and the U.S. ruled it out right away," said Kefauver, the former U.S. official, who chaired the technology working group on this issue for ICAO.

If nations begin to adopt electronic passports, the process of boarding an international flight will take on a slightly different feel. Customs agents will examine a passport and then request that a traveler stand in a particular spot, where a facial recognition device will then scan that person's face. Customs agents will then swipe the electronic passport past a reader.

A positive match would permit a traveler to proceed, while a mismatch would lead to further ID checks. In the United States and possibly other countries, the two images would also be correlated to an image in a remote database. If a nation required it, fingerprints or iris scans could also be taken.

How it differs from RFID
Technologically, the chips proposed for passports are more sophisticated than standard RFID, or radio frequency identification, tags, said Infineon's Borchert. RFID technology, a kind of high-tech bar code, is being adopted by retailers to keep tabs on their merchandise and, in more extreme cases, it's being promoted as a way to identify people.

First, the distance at which an e-passport chip can be read is far shorter. Though readers can wake up some RFID tags from as far away as 400 feet, depending on the reader and the tag, the reader in Infineon's ID system has to be as close as 10.5 centimeters, or about four inches, to obtain information.

Second, unlike many RFID tags, e-passport chips come with a built-in encryption engine. Even if hackers could obtain one reading, they would have to take repeated readings before they could translate the data coming out of the chip from encrypted gobbledygook into actual information. Even then, at least in the passport chips, the thieves would only be able to get a digital image of someone's face.

Electronic passports also contain several layers of tamper-proofing to prevent criminals or others from removing the chip or altering data stored in its embedded memory, which is a nonstandard form of nonvolatile memory. Changes in temperature or light will shut the chip down. Borchert would not disclose other antitampering techniques embodied in the chips.

"Getting into these chips is going to take more than your average bear. There will be MIT students who do it, but it probably won't be widespread," said Jim Handy, an analyst at Semico Research. "You will have to know how the chip is encrypted and how it is programmed."

Borchert acknowledged that the system isn't perfect and inevitably would be vulnerable to attacks, but he said it improves on existing security policies.

More work to be done
It is a technology still in its infancy. The United States, for instance, recently extended the deadline for 21 nations in a visa waiver program to begin to incorporate biometrics into passports. The cutoff was originally set for October; it's been pushed back a year.

And still to be worked out is how to reconcile the rapid progress of the chip industry with the slower pace of government agencies--in the United States, for example, passports get renewed every 10 years. Looming questions, Handy said, include whether older chips will become easy to crack and whether older passports would be compatible with new systems.

The chips also need to be thin enough to fit inside a passport cover and be outfitted with antennae.

Then there's the way passports get handled. Over their lifespan, the documents get bent, sweat on and pounded with border-crossing stamps.

"Durability is perhaps the single biggest unknown," Kefauver said.

In addition, facial recognition is considered less accurate than other forms of biometric authentication, according to security experts. And global interoperability of equipment needs to be put in place, as does a coordination of national practices. Some nations may adopt algorithms that compare the geometry of the nose bridge between the live person and the stored ID image, while others may compare the larger, facial triangle.

Electronic passports also don't solve one of the key problems with passport issuance: birth certificates. In the United States alone, there are thousands of legitimate forms of birth documents, and they are not linked through a uniform methodology, Kefauver said.

But the biggest hurdle, despite the assurances of security experts, could be public perception.

"Unless public acceptance of biometric (authentication) occurs, forget the rest," Kefauver said.

A number of countries are about to launch trials of passports and visas that incorporate basic biometric information about the document holder alongside the traditional photo and passport number--data such as a digital image of the citizen's face that will be compared to a facial scan taken at the airport.

The first country to take the plunge will likely be Belgium, which plans to conduct an e-passport trial later this year, with possible real-world implementation by next year. The U.K. Passport Office recently announced that it is looking for volunteers to help test the recording and verification of facial recognition, iris and fingerprint biometrics. And New Zealand and Canada are also actively looking into conducting trials.

Australia and the United States, meanwhile, have issued requests for proposals for trials of their own, and the Netherlands is looking at ways for banks to adopt chip-based documents that would be used to confirm identification.

In part, the incorporation of digital data is a natural evolution that brings what have long been purely paper documents into the 21st century. In addition, with global worries about terrorism and other threats on the rise, the technology shift will help governments keep their border checks up-to-date. Banks and other institutions are likely to use the high-tech documents to provide better verification of customers and cut down on fraud and other crimes involving mistaken identity.

"When biometric identity has been confirmed, it does help to prevent the person from using another name in their dealings," said Barry Kefauver, a consultant and former U.S. deputy assistant secretary of state for passport services.

Critics of the technology, however, are worried that governments might use the data to track citizens going about their ordinary business or that miscreants who steal the high-tech passports might be better equipped to carry out identity theft.

"It is too easy to steal information out of a card," said Katherine Albrecht, the founder and director of Consumers Against Supermarket Privacy Invasion and Numbering, or CASPIAN, a policy watchdog created to expose data issues with supermarket loyalty programs.

Proponents acknowledge these concerns. But they say they've included technology that will shield private information contained in e-passport memory chips and keep it from falling into the hands of unauthorized parties. Security systems are never perfect, but the internal systems on these chips will make it difficult to surreptitiously read (or alter) information the chips contain.

"You are not able to track a person except when tracking them in and out of a city," said Joerg Borchert, vice president of secure mobile solutions at Infineon Technologies. Governments already have that ability using old-fashioned passports, he added.

Infineon, the German chipmaking giant, has been active in moving the technology out of the labs and has been bidding on the various passport projects. It has begun to ship samples of two identification chips it says can improve travel security and cut down on problems such as bank fraud because they contain more than 50 mechanisms designed to foil tampering.

At the same time, the company has tried to preserve privacy by including an encryption processor that scrambles data coming out of the identity documents and reducing the range for extracting data from the chips to just a few inches. The chips are "contactless," meaning that the information contained in them is extracted wirelessly by a reading device.

One of the chips will function as a smart card and contain information such as credit card numbers and insurance information, while the other, designed for passports, will contain only ID information such as facial images or fingerprints. The chips are available in sample quantities now but will go into high-volume production by the end of the year.

Passports, please
The push for better passports began in 1997 under the guidance of the International Civil Aviation Organization, or ICAO, a UN agency. An ICAO technology working group was charged with establishing better security standards for travel documents, standards that could be applied worldwide and would be cost effective.

In 2002, ICAO came out with what is called the "New Orleans Resolution" (named after the city where it was voted on). In the resolution, ICAO endorsed facial recognition as the biometric identification technology of choice, with fingerprints and iris scans as optional, supplemental forms of biometric identification.

Fingerprints--despite providing the most accurate means of identifying a person--were ruled out because of the criminal overtones. Governments worried that their citizens would feel like they were being arrested.

"Australia, Canada and the U.S. ruled it out right away," said Kefauver, the former U.S. official, who chaired the technology working group on this issue for ICAO.

If nations begin to adopt electronic passports, the process of boarding an international flight will take on a slightly different feel. Customs agents will examine a passport and then request that a traveler stand in a particular spot, where a facial recognition device will then scan that person's face. Customs agents will then swipe the electronic passport past a reader.

A positive match would permit a traveler to proceed, while a mismatch would lead to further ID checks. In the United States and possibly other countries, the two images would also be correlated to an image in a remote database. If a nation required it, fingerprints or iris scans could also be taken.

How it differs from RFID
Technologically, the chips proposed for passports are more sophisticated than standard RFID, or radio frequency identification, tags, said Infineon's Borchert. RFID technology, a kind of high-tech bar code, is being adopted by retailers to keep tabs on their merchandise and, in more extreme cases, it's being promoted as a way to identify people.

First, the distance at which an e-passport chip can be read is far shorter. Though readers can wake up some RFID tags from as far away as 400 feet, depending on the reader and the tag, the reader in Infineon's ID system has to be as close as 10.5 centimeters, or about four inches, to obtain information.

Second, unlike many RFID tags, e-passport chips come with a built-in encryption engine. Even if hackers could obtain one reading, they would have to take repeated readings before they could translate the data coming out of the chip from encrypted gobbledygook into actual information. Even then, at least in the passport chips, the thieves would only be able to get a digital image of someone's face.

Electronic passports also contain several layers of tamper-proofing to prevent criminals or others from removing the chip or altering data stored in its embedded memory, which is a nonstandard form of nonvolatile memory. Changes in temperature or light will shut the chip down. Borchert would not disclose other antitampering techniques embodied in the chips.

"Getting into these chips is going to take more than your average bear. There will be MIT students who do it, but it probably won't be widespread," said Jim Handy, an analyst at Semico Research. "You will have to know how the chip is encrypted and how it is programmed."

Borchert acknowledged that the system isn't perfect and inevitably would be vulnerable to attacks, but he said it improves on existing security policies.

More work to be done
It is a technology still in its infancy. The United States, for instance, recently extended the deadline for 21 nations in a visa waiver program to begin to incorporate biometrics into passports. The cutoff was originally set for October; it's been pushed back a year.

And still to be worked out is how to reconcile the rapid progress of the chip industry with the slower pace of government agencies--in the United States, for example, passports get renewed every 10 years. Looming questions, Handy said, include whether older chips will become easy to crack and whether older passports would be compatible with new systems.

The chips also need to be thin enough to fit inside a passport cover and be outfitted with antennae.

Then there's the way passports get handled. Over their lifespan, the documents get bent, sweat on and pounded with border-crossing stamps.

"Durability is perhaps the single biggest unknown," Kefauver said.

In addition, facial recognition is considered less accurate than other forms of biometric authentication, according to security experts. And global interoperability of equipment needs to be put in place, as does a coordination of national practices. Some nations may adopt algorithms that compare the geometry of the nose bridge between the live person and the stored ID image, while others may compare the larger, facial triangle.

Electronic passports also don't solve one of the key problems with passport issuance: birth certificates. In the United States alone, there are thousands of legitimate forms of birth documents, and they are not linked through a uniform methodology, Kefauver said.

But the biggest hurdle, despite the assurances of security experts, could be public perception.

"Unless public acceptance of biometric (authentication) occurs, forget the rest," Kefauver said.