More questions over biometric ID cards and national security In the last ten days we have learnt that “persons unknown” stole the identity of British citizens and cloned modern UK passports to enter Dubai to perform an assassination. Last week, the Foreign Secretary got up in the House of Commons to say that his legal action before the Court of Appeal was to protect intelligence vital to …
The foreign secretary said on Radio 4 a few days ago that the old style passport was cloned, not the new one with the chip in it.
However, I don't trust the word of someone who last night referred to the "British" Navy. There'll be a few members of the Royal Navy up in arms at that!
I note that a large number of MPs have sworn friendship to a third country, and (presumably) in exchange they have received considerable donations, >£10 million in the case of the conservatives alone.
The Labour group is just as active, and they too have received considerable money after showing allegiance to that country.
My view is their allegiance to a foreign country is incompatible with their duties to the UK. Especially when the Serious Crime Squad is investigating matters relating to that countries abuse of UK.
So will the MPs concerned swear to their Constituents that they will put UK interests first in all matters related to that country? And if not, why not?
It's been a little while since I worked in this area, but my guess is that very few - if any - places are geared up to check the origin of the passport using the digital signature of the information on it.
This requires the passport reader to have access to the public key corresponding to the signing key - either by obtaining it remotely in real-time or by having the key already stored in the reader. There are many countries which issue passports, and of course they will change their signing keys frequently (won't they?) so once this system is adopted universally, enabling all passport readers everywhere to check all passports will be a non-trivial problem.
So if you know that the origin of the passport is not going to be checked, all you have to do is create a passport where the information on it matches that of the person who will be presenting it. Just the same as any offline check of a driving licence, ID card or whatever.
If those UK passports pre-date the issuing of biometric passports (IE no chip) then we are looking at plain passport fraud.
However if *any* of them were chipped this would imply either a failure to pick up 2 requests for a passport (the genuine and the impostors) or (the passport is a forgery) and somehow someone has faked the authentication code held in the chip for the persons photograph.
The former is a failure of the current issuing procedure (which *should* be fairly easy to fix) the latter is a serious compromise.
Note faking the authentication is AFAIK pretty easy *if* you have a copy of the 2 lines of machine readable text in the back of the passport. Which if these people have gone through Israeli passport control would be fairly easy to copy.
It seems the root cause flaw is the *assumption* of trust of even a *permitted* passport authority. Even people who have a legitimate reason to access those lines *might* misuse that information., by deriving the access code for the JPG to modify it.
I renewed my passport last year and I now have a biometric data. So if it contains details of my iris and a fingerprint, them how do they do it??? No one took my fingerprint when applying to renew my passport, nor was anything done to get any mapping or picture or any other detail of my iris.
Seems we are all being fed crap as usual
Were these passports were ever checked at an airport?
1) One of the "British" holders has a huge grin in his photograph - this would never have been processed by the IPS. Surely a semi-competant border guard would have noticed this?
2) The Irish passports did not have the correct numbers on. Obviously not looked up / scanned into any computer system - that would have failed straight away.
Although I am not sure where they got the photocopies of the passpors from.....
My passport still doesn't have an RFID tag inside -there's been no statements that these cloned passports had them either. Given the fact that passports without them are still in circulation, it's a lot easier to go for un-chipped passports with people of the right age/gender than worry about either breaking the tag security process -or exposing the fact that you know how to
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
