Regional sites: Select Corporate Brasil 中国 Deutschland Suomi France 日本 América Latina Sverige    Specialized sites: Select Buy On-line Developers Tech Support Enterprise Partners Investors   

• Home
• About Gemalto
  • Our Company
  • Corporate Governance
  • Sustainability
  • Investors
  • Partners
  • Office Locations
• Products & Solutions
  • Telecommunications
  • Financial Services & Retail
  • Enterprise
  • Government
  • Transport
  • Training
  • Buy On-Line
• Contact Us
  • Office Locations
  • Jobs/Careers
  • Tech Support
  • Sales/Other
• Media Center
  • Media Contacts
  • Feature articles

Focus

39 Myths about ePassports

Myth #01| The e-passport replaces border officials

 

E-passports were not introduced to supersede the judgement of border officials. We have always trusted humans to intervene and determine whether an individual should be permitted to enter a given country, and the e-passport merely serves to assist them. The e-passport is a traditional passport with an electronic chip. It still has traditional security features - watermarks, special inks, etc. - features that need to be checked by a border official. The same official is trained to observe the person who presents the document (for signs of unease, for example). Moreover, any automated border control system will be supervised by a border official. In the absence of a perfect biometric match, or in the event of doubts about the document’s authenticity, the holder will automatically be referred to a border official.
 

Myth #02| The e-passport was introduced for reasons of facilitation and results in lax border control

The reasoning behind this myth may be summarised as follows: e-passports allow governments to introduce automated border control systems, facilitating the passage of travellers at their borders. This gives rise to cost savings but also a lowering of standards (criminals would somehow trick the biometric system with plastic surgery, contact lenses or rubber finger tips).
As noted in the introduction, the e-passport was primarily introduced to combat forgery. A direct consequence of the more secure passport, with its definitive link to its owner, is that automated border control is made possible. All systems currently being introduced focus on security which is of paramount importance. The systems are supervised - e-passports do not supersede the judgement of border officials.
 

Myth #03| The e-passport was introduced in response to 9/11; or the US Government designed it for the visa waiver program

ICAO started work on the e-passport in 1998, well before 9/11 and the changes this event gave rise to, including the requirement of the e-passport for the US visa waiver program. The e-passport is able to accommodate the growing need for security that resulted from 9/11.

Myth #04| The e-passport was introduced as the smartcard/RFIDindustry were desperate for sales

The NTWG spent several years analysing the best way to incorporate biometrics in e-passports. The first step was to decide on the biometric. The facial image was an obvious candidate as photos were already included in passports and because this practice was widely accepted. For e-passports to be introduced, they must be accepted by all countries, covering a wide range of cultures.

As well there was the redundancy aspect - if automatic facial recognition failed then the normal inspection process could take place, which would not be the case with fingerprints or iris. Some countries consider the use of fingerprints an excessive breach of privacy and would never incorporate them in their passports. Mandatory face, with optional fingerprints and iris, were selected after an exhaustive study.

The NTWG subsequently reviewed how to incorporate the biometric in the passport (complicated by the need for considerable storage space - up to 10K bytes or more). These requirements placed some technologies, such as magnetic stripe, offside. Although the two dimensional bar code was an early favourite, it offered insufficient data storage capacity. The contact chip used in credit and telephone cards was also considered, but rejected because it proved too difficult to attach the contacts to the paper document. In the end, the short-range proximity radio-frequency chip was selected. It stores enough information (typically 75K) and can easily be integrated into the passport (either in the booklet, the covers or the inside pages). The NTWG wisely specified the ISO/IEC 14443 standard for the contactless chip. The smartcard industry became involved once that decision had been taken.
 

Myth #05| The e-passport was introduced as a plot by the UN (or ICAO, or the US Government, etc) to regiment the world by gathering biometrics

Conspiracy theories are often difficult to debunk as they seldom involve evidence. However, passports are issued by a country to its citizens to enable international travel. Most e-passports only contain a facial image, just like the traditional passport. E-passports that contain fingerprints or iris patterns are provided with greater privacy protection, severely restricting who can access the data. Countries have always collected photographs of the face, which have been stored in a database to catch out people who apply for passports in a different name. A country does not have to introduce an e-passport to collect biometrics from either its citizens or visitors - such biometrics can simply be obtained at the border.

These days, most countries have privacy laws that restrict the dissemination of biometrics to other organizations. The international exchange of biometric data is neither regular nor organised.
 

Myth #06| All countries must issue e-passports by 2015

ICAO forms part of the UN and has been charged with the development of international standards for passports (under the Chicago Convention of 1944). Most countries issue machine readable passports that comply with minimum recommended security standards. ICAO requires all countries that have signed up to the Chicago Convention (nearly all the countries of the world) to issue machine readable passports (MRPs) by 1 April 2010, and that all traditional non-MRP passports must be withdrawn from circulation by 2015. There is no requirement for countries to issue e-passports. However, most countries recognise the benefits of e-passports and it is expected that over 100 countries will issue them by 2010.
 

Myth #07| The e-passport was introduced by "a bunch of bureaucrats making decisions about technologies they don’t understand"

Nearly all NTWG members are either involved in passport production or border control. Between them they have many years of practical experience. Some are PKI experts. The NTWG is supported by technical experts from ISO. Under the ISO/IEC rules, members of the ISO technical committees share their professional expertise; they do not represent the commercial interests of their companies.

The ISO representatives that attend NTWG meetings include chemists, engineers, physicists, IT experts, and lawyers. They work for a diversity of companies - security printers, reader manufacturers, software development companies. The NTWG includes a number of observers from Interpol, International Air Transport Association (IATA) and the Airports Council International (ACI). It would be hard to describe theNTWG as ‘a bunch of bureaucrats’. The technologies are well understood, especially as they apply to travel documents.
 

Myth #08| E-passport chip data should be secret

Some of the more sensational newspaper articles to emerge in recent years have reported how security researchers have retrieved data from the chip. They typically obtain a copy of the ICAO standard, implement the reading process, and seem surprised when it works. This is exactly how e-passports are meant to work. If they didn’t, border officials in other countries would not be able to read them.

To prevent unauthorized reading, ICAO has specified the Basic Access Control (BAC), which most countries have implemented even though it is optional. Unauthorized reading involves either a hidden reader, which captures data at up to 10cm (this distance can be increased to about 75cm if the power and antenna size are increased) or a device that intercepts data in transit between the chip and a legitimate reader (a process known as eavesdropping). BAC uses a combination of printed data to generate a key that allows access to the chip data. In other words, any person who has access to the printed data is entitled to access the chip data. Journalists also seem surprised that the BAC procedure is in the public domain - but how else could international border control officials access the chip data?

Some countries also equip their e-passports with metal foil pages. The metal foil decouples the chip’s antenna whenever the booklet is closed, effectively disabling it. As soon as the e-passport is opened, the chip can be powered up again if it is close to the reading machine.

Although the chip data may be accessed by authorised parties, this does not mean that the data is insecure. Using passive authentication reveals whether data has been tampered with (photo substitution, for example). The issuing authority calculates the digital signatures using its private key and writes these to the chip; the border official authenticates the same digital signatures using the public key. This public key is contained in a certificate, which is often stored on the chip. The certificate can in turn be authenticated by reference to ICAO’s Public Key Infrastructure (PKI) directory, or by means of bilateral exchange.

It is recognised that some biometric data - including fingerprints and iris data - is more sensitive and therefore warrants greater security. To accommodate this requirement, use is made of Extended Access Control (EAC), which requires an inspection system to authenticate itself before the data is released.
 

Myth #09| Contact cards are more secure

This argument is often voiced by those who object to radio frequency technology, and the ability to intercept radio signals in particular (eavesdropping). Of course, contact cards have also been intercepted - criminals intent on capturing credit card details at ATMs have been very inventive. The NTWG has investigated eavesdropping and found that data can also be intercepted elsewhere in the computer system (the radio waves from a USB link, the modulation of the power supply, etc.). Eavesdropping is a pan-system problem and must be tackled as such. It does not affect radio frequency technology alone. The incorporation of shields in e-passports and the introduction of BAC and EAC have effectively resolved the problem of eavesdropping and unauthorized access. It has also been argued that bar codes are more secure. Again, system security would be no different. However, the problem with bar codes is that they do not offer enough capacity to store biometric data.
 

Myth #10| The e-passport chip transmits personal information continuously

The e-passport chip is powered by the electromagnetic field of the reader; it has no battery or other power source of its own. Until the chip is close to a reader and powered up, it cannot transmit data. When powered, the chip only responds to commands sent from the reader. Moreover, the data is at all times protected by BAC encryption.

E-passport chips are power hungry and draw power from the electromagnetic field. They work at a distance of up to 10 cm from the reader. While it is perfectly possible to build non-standard readers that supply more power and use large antennas, the law of diminishing returns applies. In our analysis, the practical range is limited toabout 75 cm (30”).

 

<< Back to Overview

>> Next Myths about ePassports