The market for stolen or forged passports is, unfortunately, at an all-time
high. Factors such as the European refugee crisis, along with international
terrorism and other criminal activities, including human trafficking, have
created a steep increase in the demand for false passports, resulting in what
American and European security officials are calling an
“epidemic” of counterfeit documents.
The international policy agency, Interpol, says that, since 2002, more than 40
million passports have been reported lost or stolen, and the agency is aware
of at least 250,000 lost or stolen passports from Syria and Iraq, including
blank documents. Any number of these missing documents may have already found
their way into the hands of new, illegitimate owners.
Counterfeit passports are a particular problem where terrorism is concerned,
since falsified documents have been linked to a number of prominent attacks,
dating back to 9/11 and before. Most recently, two of the Paris attackers from
last November and at least one of the men arrested in connection with the
recent bombing in Brussels, used fraudulent documents to enter Europe.
The price for a fake passport can vary, depending on the quality and type of
document. For example, North American and European passports are more
desirable and often more expensive, since they’re typically subject to
fewer checks at borders. Regardless of the price they’ll have to pay,
though, people looking for false documents have a number of ways of getting
them. A simple Google search yields dozens, if not hundreds, of websites that
offer to generate “high-quality” fake passports online, and
sophisticated forgery rings, producing remarkably convincing copies of
legitimate documents, have been uncovered in several European and Middle
Eastern countries.
What can be done? Most security experts agree this is a long-term battle,
involving multi-national teams and collaboration at the highest levels. One of
the things that can stem the tide of false documents, though, is the use of
secure semiconductor technology, in what’s known as an ePassport.
What is an ePassport?
In circulation since 2007, ePassports (also called biometric passports) are
the same as a regular paper passport, but with the addition of a small,
embedded integrated circuit (IC) or chip that’s usually hidden
somewhere inside the passport booklet. The chip is a secure smart card IC,
similar to those already used and trusted, throughout the banking and payment
industries, to protect identities and financial transactions.
The government body issuing the document loads information about the passport
holder onto the IC in a secure environment, so as to ensure authenticity. The
stored data can be read by machinery at a border crossing, to confirm the
passport’s authenticity, but is protected from being changed or copied.
The IC is specifically designed to resist attempts to steal, modify, or misuse
the data and ceases to work properly if tampered with. These various
protections make it extremely difficult, if not impossible, to fake a
legitimate document or re-use a stolen one.
The International Civil Aviation Organization (ICAO), the United Nations
agency that oversees international air travel, has issued standards for
ePassports and all the countries implementing ePassports follow the ICAO
guidelines. For example, the ICAO guidelines specify that the secure
smart card IC in an ePassport will be used to store information that’s
unique to the passport holder. Most commonly, this is a digital image of the
passport holder’s face, but some systems use a fingerprint or an iris
scan as a biometric indicator instead. The biometric data is encrypted, and
stored in a secure, protected area of the IC. The IC also stores a unique chip
ID number, a digital signature to detect data alteration and verify the
signing authority and any additional information, as defined by the specific
issuing government.
Gaps in ePassport coverage
The use of ePassports has spread quickly, but the transition is not yet
complete. According to studies conducted by the ICAO, more than half of all
United Nations member states now use biometric ePassports, representing nearly
two-thirds of all passports. It takes time to transition all the passports in
a given country to the ePassport format – the process can take from
five to ten years, on average – and there are still many countries, in
problematic areas, including the Middle East, that still haven’t
adopted the format. That leaves hundreds of millions of documents, still in
circulation, that don’t offer the necessary levels of protection
against theft and fraud. Based on these facts, the U.S. recently announced
that travelers from a VISA waiver program country are only allowed to enter
the U.S with a passport which contains a microprocessing chip with biometric
data.
An added challenge: trustworthy breeder documents
Something else to consider is the need to prevent the issue of genuine
ePassports based on false identity papers. The documents used to authorize the
generation of a passport, known as “breeder” documents, can be
forged relatively easily. What’s happening is that people are obtaining
legitimate ePassports – that is, they’re using official channels
to receive a government-issued ePassport – but they’re using
forged breeder documents, such as fake birth certificates or national IDs, as
the foundation for their passport.
This highlights the concern that other documents, not just passports, need to
be made secure, too. Some countries are already doing this, protecting birth
certificates, national IDs, health cards, driver’s licenses, and other
government-issued documents with holograms, special marks or UV printing.
These approaches work to a point, but don’t offer the same level of
protection as secure smart card ICs.
New formats of smart card technology, either in development or already
available, can store the data used in breeder documents for extended periods
of time, which means we’re getting close to the point where just about
any official document can be made a highly secure, “eGov”
document that resists counterfeiting.
Where NXP fits in
At NXP, we’ve been a leading proponent of ePassports since the
beginning. We were the first semiconductor company, more than 10 years ago,
with a contactless chip compliant with the ICAO specifications for Basic
Access Control (BAC), and today, 95 out of 120 countries that introduced
ePassports solutions qualified NXP.
We recognize that forged government documents pose a significant risk to
everyone’s safety, and support the international agencies working to
reduce the threat. Our SmartMX2 family with
IntegralSecurity architecture represents a true benchmark advanced technology
for secure smartcards available today, and we continue to support and advise
the ICAO on future ePassport standards. We’re also working to expand
the use of secure smart card technology, to support breeder documents and other
forms factors of identification.
Join the conversation
Do you have an ePassport? What has been your experience using it at
international airports and other border crossings? Would you like to see more
types of documents equipped with semiconductor technology? If so, which ones?
Related links
NXP SmartMX2-P60 product family
Four Things You Should Know About NXP and Secure eGov Applications
Smart City
