Passports have been contentious and highly sought-after items over the years. Initially designed to provide freedom of movement, they are now used as a measure to control movement during international travel, are viewed as one of the most robust forms of identification and therefore have become a traded commodity on the black market fetching up to US $300,000 (£230,000). Charles Hellawell takes a look at the measures being used to defeat the counterfeiters and make our passports more secure.
In the medieval times, ‘letters of safe conduct’ allowed the free movement of people from one region to another, providing an assurance that the bearer was worthy to travel those lands. Both friend and foe used these letters to provide safe passage through one another’s territories. This principle of free travel was described in the Magna Carta, which called for unhindered travel by bearers of a “free travel letter” – later called a laissez-passer, literally a “let pass” letter. The passports of today, containing a myriad of security features to prevent counterfeiting, bear little resemblance to the ‘letters of safe conduct’, though these safe passage hallmarks continue, with most passports inviting the host to allow the bearer to pass freely without let or hindrance and to afford him or her every assistance and protection, which he or she may stand to need.
“…the art of watermarking started back in 1282 in Italy; images were embossed into wet paper as a method of claiming ownership over a document, making it difficult to forge or copy…”
It was not until the early 1900s that passports became more commonplace and, in the decade around World War I, many countries began formalising the issuance of passports to its citizens to help monitor movement and control immigration. Around this time, passports started carrying photographs of the bearer but it was not until the League of Nations was established in 1919 that there was agreement on a basic passport standard, which was implemented the following year. Then, in 1947, the International Civil Aviation Organisation (ICAO) became responsible for setting international passport standards, which led to the eventual introduction of the machine-readable zone, then the e-passport, and soon a shift to digital travel credentials (DTC).
Today, passports – and the nationalities attached to them – are a commodity, with some countries selling citizenship and passports for an investment in the country’s future. Additionally, each year, Arton Capital publishes its ‘Global Passport Index’, which ranks passports based on the number of countries the holder may visit visa-free or by purchasing a visa on arrival.
Over the years, as a commodity providing freedom of travel and a source of one’s identity, passports have become the target of counterfeiters and the dark web black markets. Today, a genuine physical passport that has been separated from its owner sells for close to US $15,000 (£12,000) while a counterfeit version averages US $1,500 (£1,200). These passports are then modified with the user’s photo to enable travel or use as a fake identity document. However, a genuine blank passport can sell for up US $300,000 (£230,000).
To limit opportunities for passport fraud, governments have been challenged to keep up with the capabilities and intent of fraudsters as their access to advanced printers and laminators have become more readily available. In the battle to prevent the alteration of data on stolen passports, the combination of pages from various passports to create a single document or attempts to counterfeit an entire passport, governments have struggled to stay one step ahead.
Machine Readable Zone (MRZ)
Over the years, various security features have been introduced to try and prevent people from copying passports. For example, the machine-readable zone (MRZ) of the biodata page of a passport includes specially formulated ‘check digits’ amongst the information to quickly identify when biodata has been altered. Unfortunately, today there are countless tools on the internet, which help calculate the check digits, making changing the biodata information easier.
As counterfeiters have turned to using advanced alternative printing technologies, original papers or carefully manufactured substitute materials to produce passports almost indistinguishable to the original document, governments have turned to new technologies to counter this threat, making it almost impossible to produce passports that are identical to the genuine article.
Generally, the majority of effort has been geared towards developing techniques to protect the biodata page of the passport, though the other pages do contain additional security features too. Some of the measures that have been introduced include tactile and optical features, which, when combined with the use of controlled materials such as special papers and ink, make it difficult to reproduce a passport.
Levels & Layers
Similar to the production of bank notes, many passports are produced using an intaglio printing process, whereby the design is etched into a metal plate and the ink is applied to the plate before being stamped onto the paper. This produces a unique, textured feel that is difficult to replicate. In particular, the use of four-colour offset intaglio printing creates a specific texture and layers of colour, which cannot be achieved with digital or inkjet printing.
This tactile print, known as a ‘Level 1 – Overt’ security feature, can be easily checked without special aids. However, it may be combined with ‘Level 2 – Covert’ measures; for example, the use of ultraviolet 365 ink that glows under UV light, or specialised infrared reactive inks, which are invisible to the human eye without special lighting. Microscopic print can also be added requiring the use of magnifiers and examination tools. These additional features make the passport more secure and copying even more difficult.
The art of watermarking started back in 1282 in Italy; images were embossed into wet paper as a method of claiming ownership over a document, making it difficult to forge or copy. This method has evolved over the years; now lasers are used to create watermarks in almost any material. These laser watermarks are clearly visible when backlit but are not obvious when viewed in normal conditions.
“…the highest level of security features are normally closely guarded secrets. One of these measures is the use of ‘taggants’, which are unique materials or chemicals that can be added to inks, papers, images, watermarks, and polycarbonates which are virtually impossible to duplicate…”
The first, true, non-visual security feature used in passports, which requires forensic-level examination by qualified document experts – normally in a laboratory setting or with advanced imaging equipment at an airport – is digital watermarking. This modern version of steganography is the next level in passport security and is the process of embedding a value, such as the document number, into the passport holder’s photo or another feature of the passport before it is printed or used in the passport. The document can be verified as genuine or unaltered by scanning the passport and using a special programme to convert the analogue image into a digital value before using an algorithm to extract the number and confirm the document’s authenticity.
While many security features of a passport are shared between governments and with specialist identification verification companies, the highest level of security features are normally closely guarded secrets. One of these measures is the use of ‘taggants’, which are unique materials or chemicals that can be added to inks, papers, images, watermarks, polycarbonates – pretty much any feature of the passport – and which are virtually impossible to duplicate. Taggant ‘fingerprints’ are unique, easily identifiable by the governments that use them and almost impossible to detect or duplicate.
“…any attempt to alter or substitute information will lead to the security features, like the laser ablation of the bearer’s image into the polycarbonate or three-dimensional holographic images, being destroyed…”
All of these security features are then combined with the use of specialised, bonded, high-security papers, which contain both visible and invisible fibres to create additional hurdles in producing a counterfeit passport. The pages and cover are then bound together with multi-coloured string to form a booklet, which cannot be reassembled by hand without tell-tale signs that are visible to identity document experts.
Aside from the security features built into the passport to stop it being copied, the biodata page, which contains the individual’s identity information and photograph, have additional security features designed to stop photograph substitution or alterations of biodata. Typically, passports contain either a special tamper-evident laminate, which is applied to the biodata page after printing, or the biodata page is bonded with a strong polycarbonate, sealing all of the information and security features into the page. In either case, any attempt to alter or substitute information will lead to the security features, like the laser ablation of the bearer’s image into the polycarbonate or three-dimensional (3D) holographic images, being destroyed. The commercial availability of special diffractive optically variable image devices (DOVIDs) used to create some of these dynamic effects in printing – like 3D image print effects ¬– is limited, adding yet another almost impossible-to-replicate security measure to passports.
Even with all of these security features, the majority of countries now issue ePassports or electronic machine-readable travel documents (eMRTD) as an added measure of security. ePassports contain an RFID chip, which stores biometric details of the bearer and which can be interrogated by an RFID reader at a border control point. While the chips can be read and possibly cloned by someone with a reader, the chips are encrypted by a key managed by the issuing country. Any altering of the data would corrupt the digital signature and be easily identifiable by the system – effectively making the chip unusable or unreadable.
For digital signatures to be effective in ePassports, countries need to share their signing certificates to enable border control systems to verify an ePassport’s authenticity. In an effort to harmonise the global effort to address passport fraud, identity theft and as a means to verify the true identity of travellers to more easily facilitate their travel, ICAO introduced the Public Key Directory (PKD), a centralised directory that offers an independent, organised and secure storage point where countries upload their certificates and certificate revocations. The use of the PKD system enables countries to deal with one source for data, rather than having bilateral agreements between one another.
This system enables countries to verify a passport and its bearer at a border crossing, making the entire system more robust. As technology has improved, two new features and levels of security are being examined: the writeable ePassport and the electronic passport.
Current ePassports are only readable and cannot be updated by anyone other than the host country. Under a new initiative, there has been a proposal to create an ePassport that carries a chip structure, which will enable it to be updated with information, such as visas issued by embassies and travel stamps at border crossings. This new read-write function would enable the storage of additional biometrics, visa information and entry/exit stamps, amongst other things, providing yet another layer of protection against counterfeiting, while also preventing visa fraud.
The electronic passport, or digital travel credential (DTC), is currently under development with the first standard for the DTC to be released shortly. The concept behind the DTC will see the introduction of ‘virtual’ credentials stored on a bearer’s mobile device or potentially in the cloud, enabling a biometric system to retrieve the data to verify the traveller, effectively enabling document-free travel.
“…DTC will see the introduction of ‘virtual’ credentials stored on a bearer’s mobile device or potentially in the cloud, enabling a biometric system to retrieve the data to verify the traveller, effectively enabling document-free travel…”
Given that we have yet to see worldwide adoption of the ePassport, which was first released in 2005, it is unlikely that we will see a significant change to the use of a DTC in the immediate future given the requirement for a country to be able to utilise, authenticate and accept the DTC as a travel document when a passenger attempts to cross their border. As such, it is likely that technological developments and measures to produce physical passports that are robust, secure and unlikely to be counterfeited will continue for years to come.
Charles Hellawell is the managing director of AVSEC GROUP, a small, Australian-owned company providing specialised consulting in aviation security and critical infrastructure risk management. He is an AVSEC PM and certified risk manager and works with his clients to help them gain an independent and objective perspective of risks and gaps in their operations. He can be contacted at firstname.lastname@example.org