Electronic Passport Cloning No Threat to Border Security and Privacy, says Alliance

The new electronic passports planned for the United States rely on multiple layers of security to increase border security and protect citizen privacy, and electronic cloning does not constitute a threat, says the Smart Card Alliance, a group of industry and government organizations specializing in the secure contactless smart card technology used in the program.

"People do not need to be concerned about the security or privacy protection features of the new e-passport program," said Randy Vanderhoof, executive director of the Smart Card Alliance. "Recent reports that there is a 'major vulnerability' that criminals could use to 'enter countries illegally' are untrue and demonstrate a lack of understanding of how the multiple security layers in place at the U.S. border work in the new e-passport system."

The reports came out after a security consultant demonstrated reading and copying the electronic information in his German e-passport at a security conference last week.

"Even if someone could copy the information on your e-passport chip, it doesn't achieve anything, because all of the information is locked together in such a way that it can't be changed. It's no different than someone stealing your electronic passport and trying to use it. No one else can use it because your photo is on the chip and they're not you," said Vanderhoof.

The global electronic passport program makes passports virtually impossible to counterfeit, said the Alliance, and prevents anyone other than the passport owners from using them. The layered security features also prevent anyone from spying on e-passports as you walk by with a passport in your purse or pocket. Here's how it works:

• First, the information on the printed page, including the bearer's photograph, is stored on the chip and displayed on a screen at passport control. By comparing the digital information, the printed passport and the person, passport control can confirm everything matches. They will immediately see a discrepancy if someone is attempting to use someone else's e-passport chip information.
• Second, the information on the chip is digitally signed by the issuing country's passport authority. That information is locked together and any changes to it would be detected at passport control. It also means any attempt to create false data and a fake passport credential would be detected. Unlike paper passports, where a photo can potentially be replaced, the digital photo and other information on the e-passport chip cannot be changed.
• Third, the e-passport book design requires that it be handed over and opened before any information stored on the chip is communicated. Then, a unique code printed inside the cover must be optically scanned and presented to the e-passport chip before it will communicate the passport information. All information exchanged between the reader and the e-passport chip is encrypted.

Together these capabilities mean that no one could use a lost or stolen passport, said the Alliance in a release, or even a copy of one, to illegally enter the country. They also prevent anyone from spying on U.S. e-passports when the passport cover is closed. This makes the new e-passports far more secure than today's documents and protects people's privacy.

"People need to be cautious about some claims made by so called 'experts' when it comes to RF-enabled applications. There is too much misleading and inaccurate information being reported, simply because fear gets people's attention," Vanderhoof said.