After a security consultant in Germany demonstrated that he was able to read-and-copy the information on his new ePassport, some in the media have called into question the security of the contactless documents. In response, the Smart Card Alliance issued a well-thought explanation of the security summed up in the following statement by the group’s Exec Randy Vanderhoof: “Even if someone could copy the information on your e-passport chip, it doesn’t achieve anything, because all of the information is locked together in such a way that it can’t be changed. It’s no different than someone stealing your electronic passport and trying to use it. No one else can use it because your photo is on the chip and they’re not you.”
Electronic Passport Cloning Claim Does Not Constitute Threat to Border Security and Citizen Privacy
Princeton Junction, NJ, August 8, 2006 - The new electronic passports planned for the United States rely on multiple layers of security to increase border security and protect citizen privacy, and electronic cloning does not constitute a threat, says the Smart Card Alliance, a group of industry and government organizations specializing in the secure contactless smart card technology used in the program.
“People do not need to be concerned about the security or privacy protection features of the new e-passport program,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “Recent reports that there is a ‘major vulnerability’ that criminals could use to ‘enter countries illegally’ are untrue and demonstrate a lack of understanding of how the multiple security layers in place at the U.S. border work in the new e-passport system.”
The reports came out after a security consultant demonstrated reading and copying the electronic information in his German e-passport at a security conference last week.
“Even if someone could copy the information on your e-passport chip, it doesn’t achieve anything, because all of the information is locked together in such a way that it can’t be changed. It’s no different than someone stealing your electronic passport and trying to use it. No one else can use it because your photo is on the chip and they’re not you,” said Vanderhoof.
NOT A RISK
The global electronic passport program makes passports virtually impossible to counterfeit and prevents anyone other than the passport owners from using them. The layered security features also prevent anyone from spying on e-passports as you walk by with a passport in your purse or pocket. Here’s how it works:
First, the information on the printed page, including the bearer’s photograph, is stored on the chip and displayed on a screen at passport control. By comparing the digital information, the printed passport and the person, passport control can confirm everything matches. They will immediately see a discrepancy if someone is attempting to use someone else’s e-passport chip information.
Second, the information on the chip is digitally signed by the issuing country’s passport authority. That information is locked together and any changes to it would be detected at passport control. It also means any attempt to create false data and a fake passport credential would be detected. Unlike paper passports, where a photo can potentially be replaced, the digital photo and other information on the e-passport chip cannot be changed.
Third, the e-passport book design requires that it be handed over and opened before any information stored on the chip is communicated. Then, a unique code printed inside the cover must be optically scanned and presented to the e-passport chip before it will communicate the passport information. All information exchanged between the reader and the e-passport chip is encrypted.
Together these capabilities mean that no one could use a lost or stolen passport, or even a copy of one, to illegally enter the country. They also prevent anyone from spying on U.S. e-passports when the passport cover is closed. This makes the new e-passports far more secure than today’s documents and protects people’s privacy.
“People need to be cautious about some claims made by so called ‘experts’ when it comes to RF-enabled applications. There is too much misleading and inaccurate information being reported, simply because fear gets people’s attention,” Vanderhoof said.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology. Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. www.smartcardalliance.org ![[end]](/resources/bullet/archive-4.gif)
