Can U.S. border tech detect fake passports?
The Paris terror attacks prompted debate in the United States on a number of policy issues, including passport security.
A number of policy issues, including passport security, are being evaluated after the Paris attacks last month.
The Paris terror attacks prompted debate in the United States on a number of policy issues, including passport security.
An apparently fake Syrian passport found near the body of one of the Paris attackers was reportedly used to travel through Europe. And all the Paris attackers who have been identified were citizens of Belgium and France -- countries that are among the 38 that are part of a U.S. visa-waiver program now receiving fresh scrutiny from lawmakers.
In a Nov. 19 Senate Homeland Security Committee hearing, Sen. Claire McCaskill (D-Mo.) argued that lawmakers should use the aftermath of the Paris attacks "as a moment of leverage with our visa waiver partners to insist on the same kind of biometric protections that we have in our passports for those passports."
A bipartisan group of senators did just that on Dec. 1 in introducing a bill that would tighten the biometric process used in the visa-waiver program.
The visa-waiver countries have passports with built-in chips carrying biometric data, but according to a summary of the new bill released by one of its sponsors, Sen. Dianne Feinstein (D-Calif.), some countries are allowed to phase in this requirement, since older passports that lack the chip remain valid. The legislation's remedy for this apparent inconsistency is to require all visa-waiver program travelers to have electronic passports within 90 days of the law's enactment. (Department of Homeland Security Secretary Jeh Johnson announced in August that DHS and the State Department would "begin introducing a number of additional or revised security criteria for all participants in the Visa Waiver Program," including required use of e-passports, but no timeline was publicly declared.)
Efforts to bolster passport security can be broken into two categories: making greater use of biometrics for identity verification, and boosting reporting on lost or stolen passports via organizations such as Interpol.
Facial imagery is the primary biometric used by the International Civil Aviation Organization, a UN agency that works with member countries to set aviation security standards, while fingerprints and iris scans can be supplemental biometrics, according to Michael Holly. He is a senior adviser for international affairs at the State Department's Passport Services Directorate.
The more biometric markers involved in the identification verification process, generally the more accurate it is. And moving beyond that baseline facial biometric is apparently a work in progress for some nations.
"The European Union is still struggling to use the fingerprints that they store on their passports," Holly said in an interview.
Asked if U.S. officials consulted with their European counterparts on how the reportedly fake Syrian passport made its way through Europe, Holly said he was "sure that has occurred," though he was not privy to those discussions. Spokespeople for the Department of Homeland Security and the FBI declined to comment when asked if the agencies had consulted with their European counterparts on passport security after the Paris attacks.
Interpol, which is headquartered in France, runs a database for member countries to report lost or stolen passports.
"The gap is not so much with countries reporting lost and stolen passports," Holly said, but rather "with countries actually checking" the Interpol database..
Not fool-proof
All those applying for visas to travel to the United States must submit full digital fingerprints at consulates abroad. Foreigners traveling to the European Union, however, generally aren't held to that standard.
Roger Mason, former senior adviser to the director of national intelligence and a biometrics expert, called that "a huge difference" in the data that EU and U.S. authorities are working with for identity verification purposes.
Having travelers submit biometrics at ports of entry to the U.S., which are then checked against law enforcement databases, is "not fool-proof, but it's one more barrier of complexity that would-be fraudulent passport holders would have to encounter," Mason told FCW.
European passport inspectors, or those anywhere else, could make more use of biometrics such as iris scans, according to Mason, but implementing that would involve tradeoffs in terms of cost and throughput. "You're moving a lot of people across all these different borders and ports of entry, so that's typically the tradeoff," he said.
As with many IT advances, enhanced biometrics collection can prompt privacy concerns. A German citizen named Michael Schwarz, for example, refused to submit his fingerprints and was denied a passport. He tried to have that denial overturned on privacy grounds, but the European Court of Justice ruled in 2013 that requiring fingerprints for a passport is legal.
Nonetheless, biometrics are no panacea for secure travel. Nor are they universally collected by U.S. authorities. If someone steals a passport from a country in the U.S. visa-waiver program, and the holder of that passport has never traveled to the United States, authorities may not have biometrics to check against upon entry. With no biometric trail to work with, "you're very dependent on the skills of the inspector," Holly said.
NEXT STORY: Naval Research Lab hit by zero-day exploit