Biometric passports have recently been touted as some technologically cutting-edge passports that could prevent travel document counterfeit using a secure authentication process. These passports carry some digital data about human physical characteristics of their respective holders, such as face shape and fingerprints. These physical characteristics and their combination are the parameters or the determining factors in an authentication process known as biometric authentication.
Before a biometric authentication process can be performed, a recording process that transforms the human physical characteristics into some digital biometric data or biometric signature is required to set an authentication reference. These digital data are usually encrypted and stored in a Radio Frequency Identification (RFID) chip embedded or inserted into each biometric passport.
During a biometric passport authentication process, a passport reading machine will usually try to read the biometric data stored in the RFID chip. After a successful contactless access, the data retrieved from the chip will then be authenticated against the initial, presumably genuine, biometric data stored in the authority database. In addition, a physical authentication process could also be integrated to increase the trustworthy level of the authentication process.
Biometric passports are now being touted as technologically cutting-edge passports designed to prevent travel document counterfeit using a secure authentication process
New Biometric Indonesian passports
Most of the countries in the world are currently implementing or planning to adopt biometric passports generally for security purposes, including Indonesia. As the world’s fourth most populous nation with more than 200 million people, Indonesia has decided to venture into the world of Biometric. Since February 2006, the country has started to issue what the government called the “new biometric passport”. According to the news titled “Justice ministry clarifies biometric passport prices” published by The Jakarta Post on 21 July 2006, the government says the biometric system, which scans fingerprints and photo-graphic data into a bar code, has helped it detect 1,800 attempted passport frauds since its introduction in February 2006.
In addition, Germany’s Digital Identification Solutions AG– the sole contractor of the Biometric Indonesian Passport project – issued a press release on 12 July 2006 in Stuttgart claiming that the new biometric passport system on average processes 10,000 online passport applications daily and issues the passports in full colour and with numerous security features right on the spot where the citizens apply for it.
However, while the other developed countries are implementing and planning biometric passports with RFID chips embedded or inserted into their biometric passports, the biometric Indonesian passports resort to the bar code technology, which defeats the purpose of anti-counterfeit in the first place. Basically, it is easier to clone bar codes than the encrypted identification stored in an RFID chip.
In 2006, Biometrics adoption to increase
IT services vendor Unisys has predicted that in 2006 there would be an increase in the commercial usage of biometrics owing to technological improvements brought about through e-Passports. Terry Hartmann, Unisys’ Director and Global Solution Lead for Secure Identification and Biometrics, said in a company release that traveller security is driving the adoption of biometrics much faster than commercial pressures would have.
The Unisys statement said that Asia would lead the world in using biometrics for national identity and security. Currently, for purposes of national identity verification countries such as Cambodia, China, Hong Kong, Japan, Malaysia and Thailand are evaluating, planning, piloting or deploying smart cards with biometric features. It may be noted that in October 2005 Australia introduced biometric e-Passports becoming the first country in the world to do so. The U.S. Department of Homeland Security also conducted e-Passport tests at the San Francisco International Airport, Singapore’s Changi Airport and Sydney Airport in Australia.
Beside the security issue, it is also essential to guarantee that certain information in the biometric passports are kept from unauthorised parties and specific privileges granted or assigned to the right persons, which though is almost impossible with the application of the bar code technology on the biometric Indonesian passports. The biometric Indonesian passport system designer apparently forgets that secure authentication is the fundamental assumption for privacy protection and authorisation.
Moreover, the use of bar code technology also means that there is no unique identification system due to the limitation of bar code numbering system. The bar code technology was originally designed only to identify a class of generic products, not a unique item, compared to the RFID technology, which could support a unique identification system despite of the numbering system being used.
Biometric (+RFID) passports and ID cards
Biometric (+RFID) passports and ID cards are definitely better off without the basic security issues posed by the bar code technology. Nevertheless, the recent demonstration of Biometric +RFID passport data cloning performed by a security consultant at the Black Hat security conference in Las Vegas could indicate that the security risk in the implementation of Biometric (+RFID) passports and ID cards still exists. The consultant could not change the information stored in the chip due to cryptographic protection though.
In reality, there is no 100% security guarantee in this networked world. When you become part of a “network” voluntarily or involuntarily, there is always a chance that your security is compromised. A sensible action lies in assessing security status continuously, taking several appropriate security measures and preparing for some recovery plans that may arise from any security breach.
Beyond technological issues
During the Government Forum on National ID and e-Passport for Indonesia held last June in Jakarta, the Director for International Cooperation at Indonesia’s Directorate General of Immigration unveiled the plan to decentralise the issuing process of Biometric Indonesian Passports throughout the Indonesian Embassies located outside Indonesia.
Until now, there has been no country in the world planning or implementing the decentralisation plan as the Indonesian Government has done. It is certainly not about technological barriers. It is simply based on the common sense and assumptions that the security risk of having such decentralisation systemwill outweigh the benefits of efficiency produced by such system. There is simply no country in the world that is willing to put its nationals and citizens on the front line of security risks and threats.