Britain's supposed "fake-proof" biometric e-passports have been proven anything but by the Times (of London).
Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.
In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.
The Times reports that the British Home Office, responsible for domestic security, argues that fake chips would be spotted at border checkpoints because they would not match key codes linked to an international database. The problem is that only 10 of the 45 countries that use the e-passports have signed on to the Public Key Directory (PKD); only five use it. Even Britain, although a member, will not begin using the key codes until next year.
Without across-the-board buy-in from e-passport using countries, the Times reports, the system is insecure because criminals and terrorists would concentrate on faking passports from countries that do not use the keycodes.
The security researcher, Jeroen van Beek of the University of Amsterdam, cloned the e-passports in under an hour with equipment that cost him only £60 and his own software program.
Maybe the most worrisome detail for the British government is that the technology used in the e-passports is similar to the technology underpinning the British government's £4 billion identity card program.
According to the Times, Shadow Home secretary Dominic Grieve said “It is of deep concern that the technology underpinning a key part of the UK’s security can be compromised so easily.”