Passports have been and still are the main way to check a person's identity when travelling, or while a security check. It is ?a document, issued by a national government, which certifies, for the purpose of international travel, the identity and nationality.? The ePassport is exactly the same, except that it contains an computer chip implemented within it. The ePassport stocks the same data than the normal passport. But it also has a digital photograph so that it can be compared biometrically. It is useful in order to recognize anyone facially the quickest way possible.
ePassports use have advantages and they are quite convincing as they assist the fight against frauds, they make identity checks quicker and they meet the International standards that the International Civil Aviation Organisation (ICAO) has set. The main problem is that they have been created too quickly, they can be cloned easily and so the security can be breached easily as well. On the other hand, it isn?t new, normal passports could already be photocopied, and so this new ePassport, like any technological advances has flaws. Is the cloned passport chip usable and would it really cause an important problem within identity security.
To determine whether it is a real threat, we must first understand how the chip works. ePassport use RFID (Radio Frequency identification).The objects on which such chips are implemented send information to a RFID receiver; in other words, it is a substitute to bar coding. The data capacity is greater, its capability to write/read data is enhanced and it does not require any line-of-sight. Lukas Grunwald and Christian Bottger created a software which unables anyone to download ePassport data to a PC, which can then be transferred to a blank chip and so cloning the original chip, they called this software RFDump. This process doesn?t not take longer than a couple of minutes and so it gives us an insight on the lack of security and reliability of these ePassports. Acknowledging that these electronic passports are suppose to protect our identity against any kind of fraud, it is difficult to understand how it can be so easy for two developers to create such a software.
The ePassports has three layers of security. They are as followed: a digital signature to display the encoded data?s authenticity and in which countries the passport has been used. It also has a protection against any unauthorized readings through BAC (Basic Access Control) which is a secure access protocol. Furthermore the data is locked down by PKI (Public Key Infrastructure), it preserves encoded data from being modified. They have been created in order to increase the security of our identity and make it easier for everyone to travel quickly and securely, to help with the battle against fraud. The intention within the creation of these new passports is that all passports would contain a micro chip with information. The point being that the chips implemented within the passports are quite similar to our payment cards such as MasterCard or any other payment cards. It naturally means that the creation of such passports on an international range would take time but comparing it the increase of the level of security given by the use of these passports, it compensates this loss of time.
Moreover, the use of these passports would help immigration. It would confirm if person is really the person they are saying they are because of the integrated data in the passports (fingerprint, photo, personal information).The speed of the process is increased as these passports are machine-readable. Yet, the urge of a lot countries to receive these new kinds of passports, being created rapidly, brings up many new flaws. The following problems can arise: the passport?s radio frequency can be easily read from a couple meters a way by a electronic reader and so the anyone?s information can be stolen. Not only but also the mentioned cracking software RFDump can take the information of an RFID chip and clone it within minutes. It makes it even easier for terrorists to act as these passports could be used as remote detonation for a bomb. The bomb blowing up as a certain nationality passes the checkpoint for example.
The Future of Identity in the Information Society (FIDIS) is a project sponsored by the EU which aims on different features of digital ID and privacy. The people who work on this project are working on things in any way related to digital identity, these people are mostly people who work within universities and companies. They bring up ideas of new technologies for profiling and identification. FIDIS can be proved useful because they are able to block the signal emmited by the RFID chips and so making it beyond the bounds of possibility to steal anything from the ePassports. In short, solutions can easily be found for the mentioned problems. Other identification processes could be used like eye retina identifier or fingerprint. Normal ID cards could still be used by immigrants because knowing that certain citizens of certain countries like Bangladesh require the citizens to have a visa to travel although European and American citizen do not require a visa to travel. The old ?stamping? method could still be used within immigration as a way to successfully check someone travel history. Finally, magnetic stripes used in certain hotel could be an alternative as it would certify that the data cannot be stolen unless it is stolen on the reader itself.