The front page of The Times has as its story, with a HUGE headline:
August 6, 2008
Fakeproof e-passport is cloned in minutes
New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.
Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged
And Martyn Thomas chimes in, echoing some strange Tory logic:
Martyn Thomas CBE FREng
The tests also raise serious questions about the Government’s £4 billion identity card scheme, which relies on the same biometric technology. ID cards are expected to contain similar microchips that will store up to 50 pieces of personal and biometric information about their holders. Last night Dominic Grieve, the Shadow Home Secretary, called on ministers to take urgent action to remedy the security flaws discovered by The Times. “It is of deep concern that the technology underpinning a key part of the UK’s security can be compromised so easily,” he said.
The ability to clone chips leaves travellers vulnerable to identity theft when they surrender their passports at hotels or car rental companies. Criminals in the back office could read the chips and clone them. The original passport holder’s name and date of birth could be left on the fake chip, with the picture, fingerprints and other biometric data of a criminal client added. The criminal could then travel the world using the stolen identity and the original passport holder would be none the wiser.
Furthermore, the thief could selectively replace the fingerprints and photo to make the most convincing fake ever. This is something that no one seems to understand; you can replace entries either in the database or the ‘cloned’ documents so that someone can most convincingly ‘become you’.
The fact of the matter is, no matter what anyone says, a database can never be ‘secured’ and no ‘urgent action to remedy the security flaws’ can ever protect these systems.
The only way to fix this problem is to actually make the passports secure. That means:
- Remove the RFID chips from all passports
- Dismantle the NIR
- Take the central passport administration computer offline, so that it is only accessible from inside a single site.
- Issue passports in line with our system, ISLAND.
Securing the passport by removing bad technology does not mean that you cannot use cryptography and modern technology to verify the authenticity of passports; on the contrary, you can have the best of both worlds (the privacy of a paper document and digital authentication) in a single system. We wrote about how to do this previously:
If any document is issued correctly, and is not tampered with, it must be assumed that the holder is the person named on the document, whether it has biometric information in it or not.
If the document has been tampered with, then the holder might not be the person named in the passport. This is the only type of check that needs to be made in passports.
Biometrics are not needed to ensure that the holder of a passport is the named person in the passport. Certainly, there is no need for a central database of all biometrics (photograph, fingerprint, iris scan) to check the identity of each person every time a passport is used. A simple test to see if the passport has been tampered with is all that is required.
This is how you do it.
- Each passport or ID document contains a cryptographically signed digital portrait of the holder, signed by the passport issuing authority.
- When your passport is swiped, your picture comes up on the screen, loaded from the passport, and NOT a central database
- The digital signature of the passport photo is also downloaded.
- A PGP-like signature check is done against the public key of the national passport issuing authority, which is stored on the keyring of the swiping device.
If the signature is good, the document is genuine. If the signature is bad, the document is a forgery.
This system does several things.
- It decentralizes the management of photo authentication.
- It stops the inevitable abuses of centralized databases.
- Each passport photo is digitally unique. This means that every time that you get your photo taken for your passport, it is a different cryptographically signed number that ends up in your passport. You will never have a unique identifier tied to your identity, even though its your face in every photograph.
- Big brother gets a kick in the balls.
- Passport/ID fraud is basically eliminated, except for the fake ones made to order at the request of MI6 and the like.
There is no need for the centralized passport biometrics database that they are planning; the means exist right now, with military grade crypto and digitally signed photographs that will create a rock solid, absolutely authenticatable, user friendly, non big brother solution to passport fraud, that protects documents and does not further erase our rights as free people.
The crypto to do this is in the public domain, and so zero-cost license wise. My solution is cheaper than the centrally held database solution.
Now of course, there is nothing to stop people from collecting these signature numbers, but if that is the only part of the passport that is readable, and this readable part does not contain your name or any other personally identifiable information, it will be harder for people to create a database connected to your biometric ID. If you are the nervous type you could change your id every month; in any case, I devised this ID scheme to demonstrate that there is no reason to create a centralized database from the outset. There are other, better ways to manage document authenticity. All someone has to do is simply THINK about the problem. Unfortunately, the people who are behind the deployment of this disaster are the companies that sell the systems that will be used to fleece the population for decades to come. Money is the true root cause for centralization, that and the lust for absolute control that slobbering pigs like David Blindkid and John Asscroft dreamed about.
It is only a matter of time now, before both RFID passports and ID Cards are scrapped.
They are not only perfect examples of the misapplication of technology, but they are immoral, illiberal, ineffective, not cost effective and socially corrosive.