Passport security on new system

Keith Vella Licari

Aug 8th 2008, 15:46

Stefan,

I could not find any evidence suggesting that the passports used were from the stolen batch, can you please quote your sources? Whether the researcher made use of passports from the stolen batch or otherwise seems besides the point and I will make an attempt at explaining why this is the case.

If it is indeed possible to create an entirely new, valid and verifiable electronic identity by taking and subsequently altering data from an existing document, then we may have something to worry about. I suspect, however, that the real flaw which is being exposed here is not necessarily a weakness in technology.

The researcher seems to have had to modify an electronic signature the validity of which should be checked at country borders. This signature should be verified by making use of what is known as the country signing certificate. If there is a failure to exchange such certificates between countries or to reject documents signed by unknown keys, then the root of the problem is procedural or lies in the implementation of the system.

Ramon Casha

Aug 8th 2008, 15:28

@Stefan:

The point of these e-Passports is that they were supposed to be foolproof, impossible to forge etc. If it's so easy to plant someone else's photo on top of your name, address and details, in a passport which is then used by someone to commit a crime, that's a major cause for concern, especially if everyone has been lulled into feeling safe with this technology.

Will our e-Passports or e-ID-cards be safer?

Stefan Engelbert

Aug 8th 2008, 12:41

Hi,

the report was not 100% correct. The person managed to get new/empty and unpersonalised passports from a batch which was stolen before. Empty smartcards can be personalised as you want. So there wasnt anything suprising with that. The media made the story bigger than it really is.

Kind Regards
Stefan Engelbert