view counter

EU biometric passports not that safe, experts say

Published 20 July 2010

The EU’s e-passports were supposed to be fool-proof, even impossible to counterfeit; Europol has warned, though, that despite the biometric changes to passports, counterfeiting still remains a major problem for criminals or others “who are determined to do so,” with the provision of documents for irregular immigrants being the main driver of the activity

The biometric passport, or e-passport, was supposed to offer a previously unrivalled level of security and protection against forgery. It was “fool-proof,” some said, even “impossible” to counterfeit.

In the years that followed the attacks on New York and Washington, the European Union, as with many international powers, was eager to embrace the technology. In 2004 the European Commission proposed technical specifications for a harmonized e-passport system, first requiring digital facial image as a mandatory biometric identifier for passports and later requiring fingerprint data.

Leigh Phillips writes that in the wake of the Dubai targeted killing of a Hamas commander, in which a team of some twenty-seven assassins used fake EU and Australian passports in the course of their cloak and dagger escapade, the security of the passport has been placed under the microscope.

Beyond the Dubai murder, Europol has warned that despite the biometric changes to passports, counterfeiting still remains a major problem for criminals or others “who are determined to do so,” with the provision of documents for irregular immigrants being the main driver of the activity.

In 2008, the latest year for which data is available, some 16.7 million passports were on an Interpol database of stolen or disappeared passports.

Magnus Svenningson, the CEO of Speed Identity, the company that provides the biometric data capture platform to the Swedish, Luxembourg, and Lithuanian governments, in an interview with EUobserver reveals how passports can be forged.

The EU passport is a very, very secure document. EU countries have invested a lot in the document. It’s extremely expensive and difficult to forge, although not impossible,” he said. What makes it so hard is one would have to clone the certified chip of the issuing government: “This requires machine-supported verification of the documents.”

Famously, in August 2008, after 3,000 blank UK passports were stolen and British authorities said that without the chip, the documents would have been useless, the Times newspaper hired a computer researcher successfully to clone the chips on two British passports. Passport reader software used by the UN authority that establishes biometric passport standards believed the chips to be genuine.

This is designed to be countered by checking the chip at a border crossing against an international database of key codes, the Public Key Infrastructure, but only a minority of countries have signed up. So a would-be counterfeiter should choose a state that does not share these codes.

The level of counterfeiting difficulty varies from country to