Counterfeiting the 'E' in E-Passports: The Top Reason Why a Heist of 3,000 UK E-Passports Matters

By Janice Kephart on August 8, 2008

Last week I wrote about the top ten reasons why a heist of 3,000 blank UK e-passports matters. In that piece, I laid out the many reasons why this heist is a concern to the US, mostly stemming from how these e-passports – even assuming the blank chips that hold biographical and biometric data are not susceptible to counterfeit – still present multiple opportunities for undercover terrorist travel and identity theft. Subsequent analysis in the UK bears out the concerns I listed, but as it turns out, the UK government's assurances that the e-passport chips are hardened against counterfeit is dead wrong.

According to a series of articles in The Times of London, over-the-counter software can break the encryption on the chips embedded in the UK e-passports. A researcher in Amsterdam did so just the other day, after news of the heist broke, using the biographical information of a child and embedding Osama bin Laden's photo onto the blank chip. He then used the "gold standard" in readers recommended by the entity that sets standards for travel documents, the International Civil Aviation Organization (ICAO), and the reader authenticated the chip with bin Laden under an assumed name. Just to prove his point, he did it again with a passport already in circulation, this time switching out biometrics to commit identity theft. The article describes the counterfeiting of the microchips such as the UK uses in its passport as follows:

Building on research from the UK, Germany and New Zealand, Mr van Beek has developed a method of reading, cloning and altering microchips so that they are accepted as genuine by Golden Reader, the standard software used by the International Civil Aviation Organisation to test them. It is also the software recommended for use at airports.

Using his own software, a publicly available programming code, a £40 card reader and two £10 RFID chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.

A baby boy's passport chip was altered to contain an image of Osama bin Laden, and the passport of a 36-year-old woman was changed to feature a picture of Hiba Darghmeh, a Palestinian suicide bomber who killed three people in 2003. The unlikely identities were chosen so that there could be no suggestion that either Mr van Beek or The Times was faking viable travel documents.

Now, just because a scientist can do this doesn't mean that every terrorist camp or ad hoc terrorist cell will be able to access the software or manipulate it, but it certainly lends credence to Scotland Yard's estimate of a black market value of $3,000 apiece for these passports. We also know that terrorists go out of their way to cover their travel and, if need be, their identity by training themselves in travel techniques and by hiring trusted travel facilitators and alien smugglers. If the smugglers can do it, the terrorists have access to these perfect forgeries.

So what does this mean for the United States? We are one of 45 countries with e-passports. Since 2006, countries that want to remain as Visa Waiver Program partners with the United States, like the UK, must provide e-passports to their citizenry. However, if the chips on the e-passports can be counterfeited, where does that leave us? With only the control numbers printed on the blank passports that are supposed to be entered into the Public Key Directory code system available for checks at border ports of entry. But here's the catch: only 10 of the 45 countries producing e-passports have signed onto the directory, and only five are using it. The UK won't have access to it until next year. And even when it does, e-passports won’t be secure – and I agree with The Times article here – until every e-passport country has joined and, I'd add, the rest of the world joins in.

So is there another means of catching such stolen passports? Just two: (1) bilateral agreements whereby the United States exchanges data on lost and stolen passports, including their control number; and (2) INTERPOL's lost and stolen passport database, which is much more thorough, with about twice as much relevant data. Of course, any database is only as good as the reporting that goes into it, but INTERPOL spent five years getting this database up and running in a manner that governments around the world could live with and the results in nabbing bad passports with just control numbers around the world has met with some important success. In addition, nearly every country belongs to this database, making it robust even if the data itself is stripped of certain types of data that the US considers important for other intelligence uses, thus making the bilateral arrangements of importance as well.

So consider this blog a slight revision of last week's. My new top reason why a heist of 3,000 blank UK e-passports matters to the US is: the ability to counterfeit the "e" in e-passports.


1. Consider adding to the Visa Waiver Program Security Enhancement legislation that currently exists a requirement that countries must be part of the Public Key Database for e-passports.

2. Continue use and expansion of e-passports – they are still much more secure than pure paper passports – with recognition that the chips and readers will need a reasonable schedule for upgrades to keep ahead of counterfeiters.

3. International policy and standards discussion to assure the integrity – or in this case to reinstate integrity – into the e-passports at international bodies such as ICAO.

4. Use of INTERPOL's lost and stolen passport database in all places where passports are checked as a primary (borders) ID document, and as a breeder document, such as for driver license or state-issued ID applications.

-- Janice Kephart