This week’s launching of e-passports has been reported with a degree of misinformation in the local media, including in this daily. As a consultant with the Information Systems Directorate at the Indonesian Directorate General of Immigration, I would like to correct some of these mistakes.
First, it has been reported that the International Civil Aviation Organization has mandated the use of e-passports by 2015. The ICAO has made no such stipulations. What members of ICAO (of which Indonesia is one) have committed to is that by April 2015, all countries must be issuing Machine Readable Passports. This means the data page in all passports must contain a machine-readable zone that can be scanned electronically. Those countries that, for example, do not have passport scanners by this date, may continue to manually process passports. It is possible, however, that member states that process passports electronically may not accept non-machine-readable passports.
The ability to electronically scan the biometric data contained on an e-passport’s electronic chip — as well as record visible biodata — is expected to provide additional levels of security to travel documents. The three biometric indicators are face (mandatory) and fingerprints or iris as set out by the ICAO. Countries may include additional biometrics if they so choose. Apart from the face, all biometric data is encrypted, and only those countries that have access to the relevant keys or certificates will be able to read this data.
Yes, e-passports will be much more difficult to forge, but not impossible. If blank e-passports are not tightly secured and subsequently fall into the wrong hands, then given the right equipment, it would be possible for a third party to create what passes for a genuine passport. If the e-passport issuance system is not tightly controlled at every stage, then it would be possible for identifying data to be substituted. If the e-passport database does not have the highest levels of physical and logical security over access, then malevolent persons could tamper with the data. It would be pointless having a document which claims to be secure if any of the processes for the handling and issuance of the e-passport are not also very highly secure.
I disagree with IT security expert, Yono Reksoprodjo, who in this daily suggested it is possible for an individual to obtain another passport with a different set of personal data (I’m assuming he meant genuinely issued passports). That is not even the case with existing passports. When citizens apply for a passport their photograph and fingerprints are captured. Before the passport can be issued, the facial image and the fingerprints are checked using the database’s Biometric Matching System and if a match is found for someone who has a current passport, the new application will be rejected. The Directorate General of Immigration also issues a unique identifier known as Nomor Induk Keimigrasian (Nikim) for all passport holders, which is linked to their biometric data. The Nikim is printed in the passport and can also be checked against the national passport database. These are excellent safeguards against an individual having more than one current passport.
It should also be noted that the data contained in an e-passport’s electronic chip is protected by a rigorous system, including using certificates that should be impossible to forge. Systems need to have access to the keys that open the chip and any encrypted data on the e-passport can be verified against the issuance system. Thus forged or fraudulent passports will immediately be identified. This is the primary attraction of the electronic passport.
The claim that a person can obtain another passport by going to a different immigration office is also incorrect. The Indonesian passport system is centrally controlled and all biometric matching takes place at the Directorate General of Immigration’s headquarters in Kuningan. It is correct, however, that the directorate has been party to discussions on the National Single Identity Number and has proposed that this identifier be included on passports in the future. This will provide a further level of security.
One final point. It is difficult to ensure the ICAO recommendation of “one person, one passport” in a process that relies on “breeder” documents such as national identity cards (KTP), family cards (KK) and birth certificates, which may be fraudulent but are accepted by the immigration authorities as genuine. There are currently very few easy means of checking the authenticity of such documents. The proposed National Single Identity Number will go some way to alleviating this provided that National Identity Card itself does not rely on documents that cannot be verified.
Peter Beilby is an independent consultant working with the Information Systems Directorate at the Directorate General of Immigration.