What Is a Biometric Passport?
A biometric passport is a traditional paper passport embedded with a microprocessor chip and antenna that contains biometric information used to identify the holder. The microprocessor chip and antenna combination is usually a radio-frequency identification chip (RFID) and uses radio waves to trade information with a reader. The RFID chip in a biometric passport typically contains all the information printed on the physical document as well as a digital facial image. This type of passport is believed to prevent forgery and make it faster and more secure for travelers to move between countries, but some argue that the use of RFID chips infringes on civil liberties.
The development and implementation of biometric passports began in approximately 2003. In that year, the International Civil Aviation Organization adopted a plan to roll out machine-readable passports with RFID chips. All 188 member nations, including the United States, were bound by the plan. The first American biometric passport was issued in 2005.
It is difficult and expensive as of 2011 to forge the chip embedded in a biometric passport because Public Key Infrastructure is the data authentication system in use. In addition to a digital facial image, RFID chips may also contain fingerprint and iris information. These images stored on the chip are compared to the features of the person claiming to be the holder during identification procedures at borders or in customs.
Due to concerns about forgery, all the information a biometric passport’s RFID chip contains is not public. Generally, the chip includes an identification number printed on its surface and a digital signature. These two numbers are stored in a database and associated with the passport holder’s personal information. The information stored in the RFID chip cannot be changed; if the holder’s data changes, he or she will need a new passport and may have to pay a processing fee.
The chip in a biometric passport is equipped with certain protections to deter forgery. Some chips are given random chip identifiers to prevent tracing. Basic Access Control requires the reader to provide a key before chip data can be accessed, while Passive Authentication prevents the data from being modified. Cloning of the chip is deterred with Active Authentication. If the chip includes fingerprint and iris data, Extended Access Control (EAC) will be used for its strong encryption; EAC became mandatory in the European Union in June 2009.
Despite these protections, there have been several demonstrated vulnerabilities in biometric passport chips. Marc Witteman revealed in 2005 that some passport document numbers are predictable, making it simpler to guess the chip’s encryption key. EAC, Passive Authentication, and Active Authentication have also been the targets of successful attacks in Britain and other nations.
Some organizations contend that the chips can be read wirelessly from a distance by anyone with the proper equipment. Such vulnerabilities have led privacy activists to argue that contact cards should be issued instead of biometric passports. A contact card is read by swiping it through a reader like a credit card, thus eliminating the possibility of someone reading chip information from far away. Other nations have adopted contactless smart card technology rather than the RFID chip.
A biometric passport issued in the European Union has digital imaging and fingerprint scan information on the chip as of 2011, with some exceptions for individual member states. Many other nations now issue biometric passports, including Canada, Switzerland, and Singapore. Nations without the required technological capability and infrastructure will necessarily delay implementation.
@Markerrag -- Some people take issue at the databases that are necessary for biometric passports to work. That database contains fingerprints, photos and other information. So, who has access to that data and for what other purposes can it be used?
Here is the concern. Let's say that someone has figured out how to forge biometric chips and some criminal is running around with a passport that supposedly belongs to you. That person uses the passport to fly off somewhere and commit a lot of terrorist acts. A criminal investigation tracks back the passport to you. So, you have an instance where the data stored in some database was used for something other than fraud protection and identity fraud and you wind up charged with a crime. That is a major concern for a lot of groups.
Are those groups right? Only time will tell.
How on earth can it be argued that these infringe on civil liberties? I honestly don't understand. And aren't any infringements offset by the security and convenience that these biometric passports are supposed to offer?
Post your comments