Biometric ePassport is Cloneable – How it happened, who will benefit, and how hard will it be to counterfeit these things.Mar 17th, 2010 | By Innovya follow-up | Category: News
The EU’s own working group FIDIS (the “Future of Identity in the Information Society” research network) said safeguards on the biometric ePassports with embedded Chip were too weak.
By: Michael Scott Moore | March 17, 2010 | 05:00 AM (PDT)
One detail from the assassination last month of a Hamas leader in Dubai should, at first glance, ease the minds of privacy experts. None of the hit team — widely suspected to be Israeli Mossad agents traveling under stolen identities — used newfangled biometric passports. The 11 members of the team traveling with falsified European identities, used old-fashioned, unchipped passports, according to Interpol.
Biometric passports were one of the most powerful and unobtrusive changes to international travel that the United States insisted on after Sept. 11, 2001. As a direct result of U.S. pressure, all EU governments introduced more-expensive passports after 2006 that included RFID microchips to broadcast basic personal information, including name and passport number, your photograph, your fingerprints, and (if it’s been collected) a retina scan of your eye.
Washington demanded these passports from friendly countries that maintained visa-free travel agreements with the United States. To stay in the visa-waiver program, Washington said after 2001, friendly nations would have to upgrade their passports to high-tech, microchipped “ePassports” with machine-readable data.
The new documents belonged to what Homeland Security Chief Michael Chertoff once envisioned as “a worldwide system of tripwires,” set off by personal data, “that make it easy for the vast amount of travelers to move along unimpeded but that make it dangerous and difficult for terrorists to do the same thing.”
But they upset privacy experts who argued that RFID chips radiated unsecured personal details to the world, making it easy for criminals with a simple machine to read them. The EU’s own working group FIDIS (the “Future of Identity in the Information Society” research network) said safeguards on the first biometric passports were too weak.
“By failing to implement an appropriate security architecture,” the group wrote in 2006, “European governments have effectively forced their citizens to adopt new international Machine Readable Travel Documents (MRTDs), which dramatically decrease security and privacy, and increase the risk of identity theft.”
After 2006, both America and the EU gave “second-generation” e-passports a measure ofsecurity” though whether they’re really a safe way to carry your data around will be a topic for a future column. The “Crypto Group” at Belgium’s University Catholique de Louvain, says no, and Europol argues that the supposedly secure passports are still vulnerable to counterfeiting by “determined” criminals.
But it’s significant that the team of assassins in Dubai who killed the Hamas commander, Mahmoud al-Mabhouh, used old-fashioned passports. Any group willing to send an international hit team after a man would have to qualify as “determined,” and Mossad, according to Victor Ostrovsky, a former Mossad officer interviewed recently on Australian radio, has a passport “factory” dedicated to making counterfeits. “They create various types of papers, every kind of ink,” he said. “It’s a very, very expensive research department.”
So the new ePassports are possibly too much of a headache ”for now” for such a sophisticated operation. But tests carried out by The Times of London in 2008 suggested that falsifying an ePassport wasn’t complicated at all, so there could be another reason why Mossad might have avoided using biometric documents. Namely: The databases themselves might be vulnerable.
Jerusalem hasn’t started to issue ePassports yet, and one argument used by their opponents in Israel is that an entire national database of personal details could be hacked and revealed wholesale to a government unfriendly to Israel â€” say, the United Arab Emirates. Then the border guards in that country would have a way of double-checking the identity of, say, a Mossad agent trying to enter. Then “every Israeli agent who gives his fingerprint at a biometric border control station is liable to be in danger of exposure,” according to the Israeli paper Ha’aretz.
“The fear … is not unfounded,” the paper continues. “A similar database, containing the identity details of Israeli citizens, was leaked a few years ago from the Interior Ministry and can be download today, for free.”
But Rafi Eitan, an Israeli politician and former Mossad officer, believes the agency’s intelligence talents will catch up. “By 2015 most countries will have moved over to biometric identification methods,” he told Ha’aretz. But “… this will not affect the various intelligence activities in the future, because I assess that the organizations engaging in this will find suitable ways to overcome the difficulties ”should there be any.”
There may come a time, in other words, when you’ll need the trappings of a government to do something as tricky as counterfeit a passport.