E-passports secure, sustainable advises security expert
E-passports secure, sustainable advises security expert
Security concerns over the AU e-passport launched recently at the 27th African Union (AU) Summit are unfounded, claims digital security expert Charles Mevaa, Vice President for Government Programs in Africa at Gemalto.
According to Mevaa, the e-passport, like all others, meets international standards and includes state-of-the-art security features.
"There are regional passports in circulation on the continent including the ECOWAS passport in West Africa and the CEMAC passport in Central Africa. The technology to run the e-passport project is available and there are no technical issues in terms of implementing an electronic passport for the whole continent. The document would need to meet international standards as defined by the International Civil Aviation Organization (ICAO). A common specification (including a list of minimum security features) would also need to be agreed on. As such, there shouldn't be any security concerns around the document itself. One would, however, also need to secure the process of delivery to citizens, ensuring that it reaches the right person. This is a general concern – not specific to the AU e-passport."
Mevaa's reassurance follows concerns over security and sustainability of the e-passport initiative, raised by Gershon Mosiane, Chairman of FIPSA (Forum of Immigration Practitioners of South Africa), among others.
Mosiane told Johannesburg-based radio station, Talk Radio 702 that "It is a vision that is good but practically it is not sustainable in my opinion because the African Union needs to have power and the necessary capabilities to manage this particular passport against the backdrop that you've got terrorism, you've got security issues globally and in Africa especially."
Mevaa has advised that the ICAO defines the specifications for travel documents and passports in particular, including that of the African Union, which allow citizens to cross borders using either a passport only or a passport with a visa inserted. "Migration to e-passports has been in progress since 2005. Unlike conventional passports, the Passport has a chip in it which stores a digital version of the person's ID photo, as well as all of the ID data found on the first page of the paper passport. Digital fingerprints can also be stored on the passport – in which case it is referred to as a 'biometric passport' or 'second generation' e-passport."
The specifics of securing e-passports
Several political leaders, including the Rwandan Minister of Foreign Affairs and Cooperation, Louise Mushikiwabo, have endorsed the AU e-passport.
"The fear for insecurity should not stop people from moving...for us in East African community we have gone ahead to work together in intelligence and security to deal with all factors that can cause insecurity," said Mushikiwabo.
Mevaa adds, "At the core of any e-passport is the security element: a smart microprocessor which contains encrypted information about the e-passport owner, such as biometric data. The secure software embedded in the e-passport must strike a perfect balance between security, interoperability and performance. This should be based on a strong set of common criteria evaluation ratings and must support a wide range of algorithms and long key lengths to ensure strong data encryption."
Mevaa says the chip's software contains a number of technical measures to ensure that modification is not only extremely difficult, but also easily detectable.
"All data is stored securely and signed by the government agency that issued the passport. Based on this, a passport reader is not only able to verify the identity of the citizen, but also the authenticity of the document. If the data has been modified, the signature will no longer correspond and the document will be noted as being tampered with."
An additional layer of security can be added through a polycarbonate data page, which displays personal data, which is impossible to delaminate and is manufactured using intense heat and pressure according to Mevaa.
"In parallel to this, there is also a need to have e-passport readers at relevant checkpoints (airports, land borders etc.) to authenticate passports and identify passport holders. These readers do already exist in several countries in Africa: either in those that currently issue electronic passports and even in those that don't yet provide electronic passports to their citizens. Nevertheless, this needs to be done in every country in the continent. In addition, relevant telecommunication network infrastructure must also be implemented to allow the verification of the identity against the information stored in existing identity databases. Relevant technologies must be deployed to ensure that identity databases are secure and the privacy of citizens is protected," he adds.