IPS explains plan to make copied biometric passports useful
Not deliberately or as such, of course...
The Home Office has repeatedly disputed claims that the new biometric passport has been 'cracked', and spokespeople have argued that in any event, none of the exploits so far reported has compromised security. Last week, however, Identity & Passport Service executive director Bernard Herdan inadvertently revealed that the UK was planning to implement a border control system that could make entry on a copied biometric passport easier.
This is most certainly not what Herdan thought he was saying to last Thursday's session of the Commons Public Administration Committee, and not what the Committee will have thought it heard, but bear with us and we'll explain. So far it's been demonstrated that the data on the passport chip can be surreptitiously read and the security cracked, allowing a copy of the chip to be made. It has not as yet been shown that the security protecting the integrity of this data can be cracked, so you can currently produce a copy of an individual's passport data, but you can't change the data in order to cover a new individual. So because the chip data remains tied to a particular individual, IPS argues that the exploit has no value. In addition, in order to create a duplicate biometric passport you would obviously need to copy the passport book as well as the chip.
There is however a potential value to a copied chip, just a copied chip, if the authorities are prepared to cooperate a little. Lukas Grunwald outlined circumstances where this might be the case when he demonstrated chip-cloning at Black Hat, and page two of our report explains how it could work. An individual could carry a passport book that would be likely to pass a human checker, but that mightn't clear automated systems, or might even be certain to set them off. But if that individual was also carrying a copied chip, then they would be able to pass automated barriers where no humans were around to observe the chip being palmed, or to match chip data with passport book data and the individual's appearance.
Cue Bernard Hardan, then. Herdan was supposed to be talking to the Committee about something else entirely ("Responsive Public Services") but was engaged by one of the MPs on the subject of diabolically long immigration queues at Heathrow Terminal 4. This is of course a job for the Immigration & Nationality Directorate and not IPS, but rather than point this out Herdan jumped into the hole and started digging. "The solution is not to stop looking at passports," said Herdan, allowing the next hundred or so to pass through uninspected. This "used to happen in the past," he confirmed, but didn't happen any more. Seasoned travellers will be aware that this happened regularly in the past, but it's nice to have someone from the machinery confirming it, and effectively explaining that the system just isn't capable of dealing with all incoming passports without vast snarl-ups being created.
Herdan then added that "more data is being checked behind each person", by which one presumes he means the checks are more stringent and detailed, and that "the new type of passport" has added to the checking delays - because, one again presumes, the chip data is being matched against the individual and the book data by the immigration officer.
Obviously the bottom line at the moment is that more stringent checking, the use of the new passport technology and a commitment to 100 per cent inspection mean that there aren't anywhere near enough staff on border control duty. So hire more staff? Don't be silly.
The delays can be tackled, Herdan told the Committee, via "automated clearance, so that people with the right documents would be able to go through a channel which reads the document automatically and matches them to it."
The size of the security hole this opens up depends to some extent on how determined the Government is not to relax current checks, and how desperate it will become to deal with the length of the queues. Actually matching the individual to the document will with the current generation of passport require more efficient facial recognition software than currently exists, and although the matching problem may become a little easier when passports carry fingerprints, that won't be for some years, will apply mainly to EU passport holders, and unattended readers may well be vulnerable to spoofing.
In The Register's considered opinion, the Government doesn't have time to wait until an effective automated matching system exists and can be deployed, and will implement automated channels in advance of this happening. The intended effect will be to route the kinds of documentation that are less likely to be a problem but more likely to be carried by regular, outrage-prone travellers (including MPs) through the automated channel, while leaving border control to concentrate its efforts on the tired, poor and huddled masses yearning to breathe free. But as the automated channel will simply be checking the existence of a chip, not matching at all, the well-informed huddled mass will be able to furnish itself with a cloned EU chip and trot through the blue lane, as it were. ®
Sponsored: Benefits from the lessons learned in HPC