Passports as a security measure

* Biometric passports

Network and security managers are always having to deal with identification and authentication. In today's column, I'm looking at a dust-up between Europe and the U.S. over how to enforce strong authentication of travelers' identity.  Although the topic is not directly related to our daily work, I think we have contributions to make to the popular and political debates about such issues based on our applicable technical expertise.

Passports in their modern form were introduced in the early 20th century. Until that time, travel documents were issued by national governments for specific voyages through specific regions. "In this way, early passports are more similar to modern visas than to modern passports, whose primary function is to prove the identity and nationality of the holder." ["Passport," from Wikipedia] Passports have space for visas but are much longer-term documents, usually valid for five years or more.

Today, passports have assumed a central role in preventing the entry of politically undesirable or dangerous people (they are not necessarily the same category) into the U.S. For example, the British activist Yusuf Islam, once widely known as the singer Cat Stevens, was refused entry into the U.S. in September 2004 on nebulous grounds that sparked ridicule and outrage worldwide, as well as among his fans in the U.S.

The most important issue to remember about passports as a security measure is that they bind a real-world identifier to a picture and a document; they tell us nothing in themselves about the bearer of the passport. All the terrorists who flew planes into the World Trade Center towers had passports that got them into the U.S.

Being made of paper and bearing simple photographs, passports have been relatively easy to counterfeit. For example, an article by Philip Shishkin in the Wall Street Journal (Oct. 8, 2001) reported that fake passports were a big business, with prices for forged U.S. passports ranging from $2,000 to $12,000.

To help make forgery more difficult and identification of fraudulent holders of passports easier, the U.S. Department of State has mandated that passports used to enter the U.S. be equipped with machine-readable biometric information. U.S. passports issued after October 2005 will also be so equipped.

"The proposed U.S. Electronic Passport is the same as a regular passport with the addition of a small contactless integrated circuit (computer chip) embedded in the back cover. The chip will securely store the same data visually displayed on the photo page of the passport, and will additionally include a digital photograph. The inclusion of the digital photograph will enable biometric comparison, through the use of facial recognition technology at international borders. The U.S. 'e-passport' will also have a new look, incorporating additional anti-fraud and security features."

According to a review by Duncan Graham-Rowe, differences in how the U.S. and the European Union intended to integrate biometric data into their passports may spell trouble for people on both sides of the ocean ["ID row bad news for transatlantic travellers," _NewScientist_ April 16, 2005,]. For example, the original design for the chip-equipped U.S. passport was supposed to allow remote reading - until critics pointed out that having the details of someone's passport readable from inside their pocket, briefcase, purse or knapsack might be dangerous in many parts of the world, especially with the recent worldwide decline in popularity of Americans due in part to the invasion of Iraq It appears that the new plans may include lining the new passports with foil to reduce the incidence of unauthorized data extraction.

Let's hope the EU and the U.S. can resolve these disagreements before international travel becomes even more unpleasant than it already is.

* * *

Author's note:  if you are interested in airport safety, see my analysis at

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2005 IDG Communications, Inc.