Secure Passports from De La Rue

SECURE PASSPORTS FROM DE LA RUE

DE LA RUE IDENTITY SYSTEMS

Complete solutions to design, produce, personalise and program passports, conforming to all the recommendations of ICAO, the European Union and the US visa waiver programme. If you would like to receive a copy of our ‘Secure Passports’ brochure then please call +44 (0)1256 605259, or send an email to [email protected]

A trusted partner in major projects worldwide ICAO MRTD REPORT • 1

ICAO MRTD Report Vol. 1, No. 1, 2006 Table of contents Editor: Mary McMunn

Content Coordinator: Mauricio Siciliano

Graphic Art Design: Sylvie Schoufs, Editor’s welcome ...... 2 FCM Communications Inc.

Published by: Message from the President of the Council, International Civil Aviation Organization (ICAO) Dr. Assad Kotaite ...... 5 999 University Street Montréal, Québec Canada H3C 5H7 Message from the Secretary Telephone: +1 (514) 954-8219 ext. 7068 General, Dr.Taïeb Chérif ...... 7 E-mail: [email protected] Web: www.icao.int/mrtd ICAO Hosts Symposium on The objective of the ICAO MRTD Report is to pro- MRTDs and Biometrics ...... 8 vide a comprehensive account of new develop- ments, trends, innovations and applications in the field of MRTDs to the Contracting States of ICAO ICAO Doctrine on Travel and the international aeronautical and security Documents ...... worlds. 12

Copyright © 2006 International Civil Aviation TAG-MRTD 16th Meeting ...... 16 Organization. Unsigned material may be reproduced in full or in part provided that it is accom- panied by reference to the ICAO MRTD Report; for Machine Readable Travel Documents rights to reproduced signed articles, please write to the editor. with biometric enhancement: the ICAO Standard ...... 22 Opinions expressed in signed articles or in advertisements appearing in the ICAO MRTD Report represent the author’s or advertiser’s opinion and First ePassports, then eVisas . . . . .27 do not necessarily reflect the views of ICAO. The mention of specific companies or products in articles or advertisements does not imply that they New Symbol Allows ePassport are endorsed or recommended by ICAO in prefer- to be Recognised Instantly ...... ence to others of a similar nature which are not 29 mentioned or advertised. ICAO Contracting States ...... 32 The publishers extend their thanks to the companies, organizations and photographers who gra- ciously supplied photographs for this issue. Country Update: Sweden Advertising Representative: Introduces ePassports ...... 33 Yves Allard FCM Communications Inc. 835 Montarville Street PKI and Public Key Directory - Longueuil, Québec an ICAO programme for Canada J4H 2M5 ePassport Security ...... 35 Telephone: +1 (450) 677-3535 Fax: +1 (450) 677-4445 ICAO assistance mission to Colombia ...... E-mail: [email protected] 38 2 • ICAO MRTD REPORT

Editor’s welcome

Dear Reader,

This new journal was developed in ICAO to serve the broad spectrum of persons in government agencies, industry and the public who are interested in our work in machine readable travel document specifications and related technology. In this publication you will find articles elaborating on ICAO standards and MRTD related technology. You will also find information about our programmes, the Technical Advisory Group on Machine Readable Travel Documents (TAG/MRTD), States’ experiences in implementing MRTDs, and information on the publications and guidance material developed by ICAO with the assistance of the TAG/MRTD.

The journal will be published at least twice a year, and an index of the articles published in every issue will be printed once a year. We encourage readers to build a collection of issues for future reference.

Thank you for reading the MRTD Report; we hope you find it interesting. Let us know if you have any comments on the content or suggestions for what you might like to see in future issues.

Mary K. McMunn

Advertising in ICAO Publications positions you worldwide.

For further advertising information, please contact us.

FCM Communications Inc. 835 Montarville St. Longueuil, Québec Canada J4H 2M5

Telephone:+1 (450) 677-3535 Facsimile: +1 (450) 677-4445 [email protected] ICAO MRTD REPORT • 5

Message from the President of the Council, Dr. Assad Kotaite

Last year, the airlines of ICAO Contracting States car- ried a record 2 billion passengers on their scheduled services. Eliminating congestion at departure and arrival control points is essential to efficient air travel and to the security of the global air transport system.

Over the years, the ICAO Council adopted measures to facilitate the inspection and clearance of persons – measures that are effective,internationally coordinated,and applied with the greatest possible consideration for passenger convenience and efficiency, while remaining mindful of privacy considerations.

A key to smoother departure processing and border control is strict adherence to standards using modern technologies. Under the leadership of ICAO, much progress has been achieved over more than two decades in the development of specifications for Machine Readable Travel Documents (MRTDs) and biometric identification.

In 2005, ICAO adopted a new standard that all Contracting States begin to issue only ICAO-standard machine readable passports (MRPs),no later than 1 April 2010.Some 110 States currently do so, and ICAO offers technical assistance to those States that need it to meet the new objective.

ICAO has always worked from the premise that global cooperation is the only solution to the many challenges faced by society. The Council and the Assembly it represents have placed a high priority on our work on MRTDs and related systems. This journal is a significant step to increase the world’s understanding of the standards we have developed for the international travel system. 6 • ICAO MRTD REPORT

MRTDs: Status of the ICAO Standards

Annex 9 to the Convention on International Civil Aviation - Twelfth Edition, July 2005. Facilitation

3.10 Contracting States shall begin issuing only Machine Readable Passports in accordance with the specifications of Doc 9303, Part 1, no later than 1 April 2010.

3.10.1 For passports issued after 24 November 2005 and which are not machine readable, Contracting States shall ensure the expiration date falls before 24 November 2015.

Doc 9303, Part 1 - Machine Readable Passports Sixth Edition (in 2 volumes) to be published 1st Vol. I - conventional MRP Quarter 2006. Vol. I and II - ePassport

Doc 9303, Part 2 - Machine Readable Visas Third Edition, 2005 eVisas are under study.

Doc 9303, Part 3 - Size 1 and Size 2 Machine Readable Official Second Edition, 2002 Travel Documents Third Edition (in 2 volumes) is under development; expected publication by end of 2006.

Note:Annex 9,Twelfth Edition and current editions of all three parts of Doc 9303 may be ordered online through the ICAO website at www.icao.int, or by e-mail at [email protected].

Essential Reference Documents

This CD-ROM was devel- • the reports of its most recent meeting opped by ICAO to serve • full-text search feature for perusing all documents. the broad spectrum of includes persons in govern- UNIT PRICE: US $ 500 plus delivery fee (US $20 for regu- ment agencies,indus- lar courrier or US $ 30 for express courrier) MRTD try and the public who are interested in Order your copy NOW. specificationsour work in Facilitation issues, including machine Call ICAO + 1-514-954-8022 readable travel document e-mail us at [email protected] specifications and related technology. order on line www.icao.int On this CD-ROM you will find : or send your order to:

• Convention on International Civil Aviation International Civil Aviation Organization • Annex 9 Attention: Document Sales Unit • Annex 17 999 University Street • Doc 9303, Parts 1, 2 and 3 Montreal, Quebec • The latest versions of the technical reports developed Canada H3C 5H7 by the Advisory Group on Machine Readable Travel Documents (TAG/MRTD) ICAO MRTD REPORT • 7

Message from the Secretary General, Dr. Taïeb Chérif

It is with great pleasure that I introduce the MRTD Report, an innovative communications vehicle by which ICAO intends to share with a broad readership its work on machine readable travel document (MRTD) standards and the knowl- edge of its expert advisors.

ICAO establishes standards and procedures for application worldwide in a pertinent and practical manner, with input from States, international organizations, and industry. Multinational consensus building is an essential element of this process and helps ensure the harmonized and consistent application of the standards by all States.

In recent years, through such cooperative effort, ICAO has produced detailed specifications for biometric identification in travel documents, known collectively as the “Blueprint”. Together with the standards for traditional machine readable passports, the “Blueprint” has become the ICAO standard for “ePassports”.

The “Blueprint” was highlighted at the MRTD Symposium hosted by ICAO in the Fall of 2005. This very successful meeting brought together experts from civil aviation administrations, operators and manufacturers in a productive exchange of experiences and lessons learned. The first issues of the MRTD Report will elaborate on some of the themes of this symposium.

The Secretariat of ICAO, along with its Technical Advisory Group, looks forward to working with all partners in achieving a new level of travel document security and global interoperability, to the great benefit of the civil aviation system and the nations of the world that depend on it. 8 • ICAO MRTD REPORT

ICAO Hosts Symposium on MRTDs and Biometrics by ICAO Secretariat To showcase the work of ICAO and member States to improve the quality and integrity of passports and other travel documents worldwide, ICAO con- vened a comprehensive Symposium on ICAO-Standard Machine Readable Travel Documents (MRTDs) and Biometric Enhancement at ICAO Headquarters in Montreal on 28-29 September 2005.

ince all of ICAO’s 189 Contracting States would be an understatement to say that facilita- must issue only ICAO-standard Machine tion and security challenges faced by civil avia- SReadable Passports (MRPs) by 1 April 2010, tion today are greater than ever. He added that a key objective of the Symposium was to provide security remains a top priority, with the universal participants with an overview of the main ele- implementation of MRTDs one of the objectives ments and benefits of globally interoperable of the Aviation Security Plan of Action of ICAO. ICAO-Standard MRTDs and the new biometrically-enhanced ePassports. About 110 States cur- Dr. Kotaite encouraged all States to issue MRPs, rently issue ICAO-Standard MRPs,with more than eventually with biometric identity confirmation, 40 planning to upgrade to the biometrically- and operate reading systems at their border con- enhanced version by the end of 2006. trol points. He said ICAO would provide assistance in the form of project planning, technical and policy guidance, arrangements for financing and project management, if requested by an individual State.

Attended by some 300 participants from 58 ICAO member States,eight international organizations and more than 50 companies and institutions, the Symposium featured presentations by experts from ICAO member States, ISO and Interpol. An accompanying exhibition highlighted MRTD-related products and services from prominent companies in this field.

ICAO MRTD Programme Considering that some two billion passengers a year now fly on scheduled air services alone, the Mary McMunn,Chief of the Facilitation Section at comment made by Dr.Assad Kotaite,President of ICAO,moderated the opening session and gave a the ICAO Council in his opening remarks to the comprehensive overview of The ICAO MRTD Symposium is even more pertinent - that it Doctrine and Progress in Document Security. This ICAO MRTD REPORT • 9

included the legal basis for ICAO’s work in travel zone, the MRP data page is vital to MRP integrity. document security; the framework of standards So is the design. Materials, security features and and recommended practices for border control data storage devices must be selected carefully formalities; the work of the Technical Advisory and brought together in a controlled way so as Group on MRTDs and ISO to develop specifica- to create a compatible, complimentary and tions for travel documents in ICAO Doc 9303 and multi-layered defence against any potential Technical Reports; and the guidance material fraud or counterfeiting. and educational events to help member States implement MRTDs and biometrics.

The legal framework includes the 1944 Chicago Convention which created ICAO, its Annex 9 – Facilitation, which addresses customs, immigration and other border control issues and Resolutions of the ICAO Assembly. The sixth edition of Doc 9303, Part 1 on MRPs, which includes specifications on biometric ePassports, is in the final stages of preparation.The specifications can be downloaded from the ICAO website.

Joel Shaw, President and CEO of BioDentity Systems Corp. and an ISO Convenor, outlined the Gary McDonald, Director General, Policy and ICAO/ISO Partnership in the Development and Planning, Passport Canada, detailed the develop- Publication of MRTD Standards. He said the part- ment of the ICAO Blueprint for Biometrically nership, which helps facilitate endorsement of Enhanced Passports and why face was chosen as the ICAO MRTD specifications as ISO standards, the globally interoperable biometric for MRTDs, derives its effectiveness from the authority and with iris and fingerprint as optional second bio- leadership of ICAO and the standard-setting metrics. He also reviewed the three other ele- competency of ISO.He noted that the two organ- ments: IC Chips for data storage, logical data izations have, since the mid-1990s, worked structure (LDS) for programming the chip, and a steadily towards an international Standard for a security system to ensure data can be confirmed more secure, next generation, biometrically- as authentic and unaltered, for which a public enhanced MRTD. key infrastructure is specified.

Addressing Basic Principles of MRTDs and He emphasized that the focus of the Blueprint Intended Benefits, Malcolm Cuthbertson, of was on requirements, which technology solu- DeLaRue Identity Systems and ISO, said MRPs tions were designed to address. Objectives must conform to the specifications in ICAO Doc achieved include the use of biometrics to create 9303. Developed to enable global interoperabili- a strong link between document and bearer, ty and enhance passenger facilitation and securi- compatibility of biometrics and technology with ty, MRPs must be of standard size, shape and lay- the issuance and inspection of travel documents, out, and contain standard information on the and global interoperability. holder and issuing State. Security of MRTDs and use in Border Control Doc 9303 standards enhance border processing by accommodating both manual and machine- The second session, moderated by Joel Shaw, assisted inspection. Containing a visual zone opened with a joint presentation by Dr. Uwe with eye-readable data and a machine-readable Seidel,Senior Scientist,Forensic Science Institute, 10 • ICAO MRTD REPORT

Bundeskriminalamt, Germany, and Tom Concluding the first day’s sessions, Joel Shaw Kinneging, of Sdu-Identification and ISO. Titled gave a summary presentation on MRTD Establishing Trust in eMRTDs – Physical and Programme Features/Benefits to States of Electronic Security Features and Privacy, the pre- Implementation Now. He referred to the ICAO sentations showed that physical and digital secu- MRTD programme as more than a set of stan- rity measures complement each other to form a dardized documents. By specifying technology modern, machine verifiable document that can and recommended procedures to facilitate and be trusted by travellers and control authorities make more secure the issuance process, as well alike. Features to protect blank documents from as the inspection of persons, and their travel and counterfeiting and forgery must be included, identity documents, the programme offers and special attention must be given to protect numerous and significant benefits to States and biographical data. society.

David Philp,Passports Manager,Identity Services, This, he said, is particularly the case with at the New Zealand Department of Internal eMRTDS, as they provide an enhanced ability to Affairs, emphasized that the Issuance of MRTDs is confirm identity for passport and visa issuance, about more than producing a secure book. It border controls and airline check-in. He added entails an integrated workflow system of phased that impostor detection and interception is verification processes, including verification of another benefit. Stolen blank eMRTDs have no identity, technology, internal controls and securi- value and are of no use. ty management. He outlined a thorough step- by-step approach to secure the process of He encouraged States to implement either the issuance. basic ICAO MRTD or the biometric-enhanced eMRTD now, as both offer much greater levels of Bernard Herdan, Chief Executive, UK Passport security to deal with the threats of identity theft, Service, stressed the need for a holistic approach illegal migration, trafficking/smuggling and ter- in Securing the Integrity of MRTDs through Identity rorism. Authentication. Noting that a comprehensive approach to document security, application, Face Biometric, Lost and Stolen Passports, enrolment and issuance is essential, he placed ICAO PKD equal importance on establishing the identity of the person applying for the MRTD and verifying Moderated by Sjef Broekhaar, R&D Manager in the document presented. the Ministry of Interior and Kingdom Relations, Netherlands, the second day’s sessions started A presentation by Charlie Stevens, Head of the with a presentation by Terry Hartmann, Director, National Fraud Unit, UK Immigration Service Secure Identification & Biometrics at UNISYS, and titled Border Control Inspection Enhanced through ISO, on Face Biometric Capture & Processing MRTDs demonstrated the importance of ICAO- Systems. He explained face recognition, how it Standard MRTDs for the border crossing process. works, and how it can be effectively used to sup- Calling identifiable and highly secure travel doc- port document issuance, border control inspec- uments vital to processing large numbers of pas- tion, access control and lookout checks. Because sengers in conditions of high security,he said the human verification against the photograph is new ICAO biometrics standards will be a valuable also possible,quality capture of the face is impor- tool in improving the security of the border con- tant and quality photographs have to be incor- trol process. He said they offer real, high-value porated in the enrolment process for documents benefits to all citizens in passing through border and databases. He added that face recognition is controls, obtaining visas, making travel arrange- being enhanced through such processes as mor- ments and dealing with airlines. phing and 3D facial technology. ICAO MRTD REPORT • 11

A presentation on Integrated Solutions to Access The chain comprises four main processes: new Interpol Stolen Travel Documents Database was travel documents, application and issuance, given by Ivanka Spadina, STD Project Manager at management of status of travel documents in Interpol. She outlined the Interpol worldwide circulation, and use of the documents. He said communications system and its application to its the security of the chain would be greatly Stolen Travel Document Database in serving the enhanced when all States issue only ICAO- needs of its member States on an online, 24-hour Standard MRPs. basis and playing an important part in document issuance security and border control. John Mercer, retired from the US State Department, served as the moderator for the last session of the Symposium.

Four States gave presentations on their experience with issuing MRPs and e-MRPs. The four— Pakistan (Brig. Saleem Ahmed Moeen, Chairman, National Database and Registration Authority), Antigua and Barbuda (Amb. Colin Murdoch, Ministry of Foreign Affairs), New Zealand (David Philp) and Sweden (Staffan Tilling, Chief Superintendent, Swedish Police)—all emphasized the importance to their States and their citizens of issuing ICAO-Standard MRPs in accordance with Doc 9303 for increased security,glob- David Clark, a Consultant to ICAO, described the al interoperability and acceptance. ICAO Public Key Directory (PKD). All public keys and key revocations from issuing States will be The United States presented its experience with available worldwide through the ICAO PKD, with the use of MRTDs and biometric identification at States and airlines able to access the pool of pub- airports and other ports of entry. Bradford Wing, lic key certificates and certificate revocations by Biometrics Systems and Standards Coordinator regular download. The ICAO PKD Operations at the US Department of Homeland Security, Office at ICAO Headquarters in Montreal will highlighted some of the ergonomic factors that ensure that the PKD is properly updated. ICAO will impact on the usability of ePassport readers will also manage the policies, procedures, regula- and ePassports, which have been the subject of tions and fee collection necessary for the PKD. intense testing. The PKD itself will be maintained securely by the contractor, Netrust Pte Ltd., in Singapore and In his closing statement to participants, Thailand. Mohamed Elamiri, Director of the ICAO Air Transport Bureau concluded that the Sjef Broekhaar concluded the session with a Symposium had been very successful and met its wide-ranging presentation titled How Does it objectives. Given the deadline of 2010 for all Come Together in Real Life? He explained how the member States to begin issuing only ICAO- MRTD system uses an interlocking, chain-like Standard MRPs and the need for increased secu- series of elements to meet government needs for rity, he said ICAO would aggressively encourage increased security and to bring together all par- that both these requirements be met. He added ties involved – issuing authorities, immigration that following the success of this Symposium, services, police agencies, airport operators, inter- ICAO is planning to hold a second event in national organizations, and the document indus- September 2006. ◆ try. 12 • ICAO MRTD REPORT

ICAO Doctrine on Travel Documents by ICAO Secretariat

CAO’s primary purpose is to set standards b) the requirement for States to facilitate border that enable and maintain a seamless and effi- clearance formalities and prevent unneces- Icient international civil aviation system world- sary delays (Article 22) while establishing wide. Security and facilitation of air travel across customs and immigration procedures that are international borders are two key areas of focus. harmonious with civil aviation (Article 23);and

In 1968, it was anticipated that the advent of c) the requirement for States to develop and wide-bodied aircraft would lead to a significant adopt internationally acceptable standards and consistent increase in the number of airline for immigration and customs clearance passengers worldwide.This would require proce- (Article 37 (j)). dures to process passengers more quickly and more efficiently through customs and immigra- Annex 9 to the Chicago Convention tion. Accordingly, ICAO initiated the development of a standardised passport document that A fundamental precept in the development of could be read and verified by machine. The first standards under Annex 9 to the Chicago specification was published in 1980. Convention (Facilitation) is that, if public authorities are to comply with the requirements, they The ICAO Doctrine on travel documents is based must have confidence in the reliability of travel on the Convention on International Civil Aviation documents and in the effectiveness of inspec- of 1944, often referred to as the Chicago tion procedures. The production of standardized Convention, Annex 9 to the Convention, ICAO specifications for travel documents aims at Assembly Resolution 33-18, ICAO Doc 9303 and ensuring that confidence. Hence Annex 9 covers the ICAO Blueprint for the implementation of such issues as: biometric identification. Following is a brief description of each document. • Travel documents, including formats, issuance and control procedures; The Chicago Convention • Immigration and customs procedures and systems; ICAO’s mandate to develop standards and speci- • The prevention and handling of document fications stems from the Chicago Convention, fraud cases and other security problems. which created ICAO and which covers the full range of requirements for the efficient and In particular, the new edition of Annex 9 (July orderly operation of international civil aviation 2005) includes new issues affecting travel docu- worldwide, including provisions for clearance of ments, such as: persons through border controls, i.e.: • Standards on travel documents and security a) the requirement for persons travelling by air (3.7 and 3.8) ; and aircraft crews to comply with immigra- • A Standard by which all States shall issue only tion, customs and passport regulations Machine Readable Passports (MRPs) by 1 April (Article 13); 2010 (3.10) – see sidebar; ICAO MRTD REPORT • 13

• A Standard whereby all non-MRPs will expire • the passport is the basic official document by 2015 (3.10.1); which denotes a person’s identity and citizen- • A Recommended Practice that encourages ship and provides an assurance for the State States to incorporate biometric data in their of transit or destination that the bearer can machine readable document, using one or return to the State of issuance; more optional data storage technologies to • international confidence in the integrity of supplement the machine readable zone (3.9). the passport is the very essence of the func- tioning of the international travel system; Assembly Resolution 33-18 • the United Nations General Assembly has requested that ICAO consider ways and Another legal instrument for establishing stan- means to enhance international cooperation dards, specifications and cooperation among to combat the smuggling of aliens, without States is the Assembly Resolution. Within the undercutting the protection provided by framework of the Chicago Convention, the ICAO international law to refugees; Assembly – consisting of all 189 Contracting • the United Nations General Assembly and the States – meets every three years to provide direc- Economic and Social Council have requested tion to the Organization’s work by way of that member States establish or improve pro- Resolutions. In 1998, the Assembly passed cedures to permit the ready discovery of false Resolution 32-18, which clearly establishes the travel documents, to cooperate bilaterally and wishes of all member States for global coopera- on a multilateral basis to prevent the use of tion in protecting the security and integrity of fraudulent documents, to take measures to passports. The Assembly updated this resolution provide penalties for the production and dis- in 2001 and maintained it in 2004. tribution of false travel documents and the misuse of international commercial aviation; Resolution 32-18 reflects the high importance of also, passport security in our global society, citing premises that: © Imaging Automation - Viisage 14 • ICAO MRTD REPORT

• a high level of cooperation among States is sisting of two volumes: Volume I will include required in order to strengthen resistance to specifications for the issuance of MRPs and passport fraud; including the forgery or coun- Volume II will contain the specifications for the terfeiting of passports, the use of forged or enhancement of MRP with biometric data counterfeit passports, the use of valid pass- encoded in an integrated circuit chip, thereby ports by imposters, the misuse of authentic making it an ePassport. passports by rightful holders, the use of expired or revoked passports, and the use of ICAO Blueprint for the implementation of fraudulently obtained passports. biometric identification

Therefore, the Resolution urges Contracting Finally, the Air Transport Committee of the ICAO States to intensify efforts to safeguard the securi- Council in May 2003 adopted a four-part ty and integrity of their passports, to protect “Blueprint” for incorporating biometrics in travel them against passport fraud, and to assist one documents. The Blueprint includes: specifica- another in these matters. tions for the face as the primary biometric, mandatory for global interoperability; the con- ICAO Doc 9303 tactless integrated circuit chip as the electronic data storage medium; a logical data structure for While Annex 9 calls for the standardization of programming the chip; and the public key infra- travel documents, ICAO also develops specifica- structure to secure the data against unautho- tions for Machine Readable Travel Documents rized alteration.These specifications will be elab- (MRTDs) to be issued by States. These specifica- orated in Volume I of the sixth edition of Doc tions are contained in ICAO Doc 9303. To help 9303,Part 1.For more on this subject,please refer with the development of Doc 9303, ICAO in 1987 to the Article on ePassports. created the Technical Advisory Group on Machine Readable Travel Documents To sum up, ICAO’s role in travel documents is to (TAG/MRTD), consisting of government repre- set standards and establish specifications for sentatives as well as observers from the Airports implementation by Contracting States in such a Council International (ACI), the International Air way as to foster optimum reliability of travel doc- Transport Association (IATA), the International uments and effectiveness of inspection proce- Criminal Police Organization (INTERPOL) and the dures, in support of a seamless, efficient and International Organization for Standardization secure global infrastructure for processing per- (ISO). sons crossing international borders. ◆ MM & MS

With the expert assistance of the TAG/MRTD, Annex 9, twefth edition - 2005 ICAO structured Doc 9303 for MRTDs in three Standard 3.10 distinct sections: Passports (Part 1), Visas (Part 2), and Official Travel Documents (Part 3). Official Contracting States shall begin issuing only Travel Documents are official documents of iden- Machine Readable Passports in accordance tity issued by a State or international organiza- with the specifications of Doc 9303, Part 1, tion that may be accepted in lieu of a passport or no later than 1 April 2010. visa for international travel. These may include national ID cards (e.g. as issued in Europe), air Note. - This provision does not intend to pre- crew member certificates and certificates of clude the issuance of non-machine readable identity. passports or temporary travel documents of limited validity in cases of emergency. In the first quarter of 2006, ICAO plans to issue a new version of Doc 9303, Part 1 (Passports) con- ADVERTISEMENT 16 • ICAO MRTD REPORT

TAG-MRTD 16th Meeting

by ICAO Secretariat

ICAO’s Technical Advisory Group on Machine Readable Travel Documents (TAG-MRTD) held its 16th meeting at ICAO Headquarters in Montreal, Canada, on 26-28 September 2005.

he TAG-MRTD is comprised of government While the TAG decided that specifications related specialists in the issuance of passports and to bar codes would not be included in the new Tother travel documents, from 13 ICAO edition, it did not exclude the use of one-and member States. It meets approximately every 18 two-dimensional bar codes for additional data months to review progress of its working groups, storage. But because they are not globally inter- and to discuss and vote on proposals from work- operable, the group emphasized that these tech- ing group and member States. nologies are for the issuing State only or under bilateral agreements; they cannot be considered This year’s meeting saw 26 working papers sub- for global use in the border inspection process. mitted for consideration. High on the agenda was the development of specifications for the Based on the successful results of updating Doc Sixth Edition of Doc 9303, Part 1, in its new two- 9303, Part 1, the TAG continues its work updating volume format. Part 3 of the document on official travel documents (cards), to reflect the same changes Volume 1 of the revised edition will contain the included in Part 1. Expected to be ready for pub- specifications for the basic Machine Readable lication by the end of 2006, Part 3 will also be Passport (MRP), to which all MRPs, be they elec- issued in two volumes. tronically enabled or not, would have to conform. Volume 2 will contain the additional speci- Regarding the interoperability of steganography fications extracted and edited from the technical and digital watermarking, it was confirmed that reports for enhancing the MRP with biometric digital watermarks do add to the security of the identification using a contactless integrated cir- document in avoiding manipulation of the visual cuit (IC), better known as the ePassport. data contained in the visual data page and in the chip. But that said, a specification for an interop- Thus Section III covers security matters with erable technique is not presently viable since all appendices on document security, machine- decoding software packages are proprietary sys- assisted document verification and security of tems. It was reported that two major market document issuance. All specifications relating to leaders have recently announced a co-operative a basic MRP now appear in Section IV, and effort to produce and make available a single include upgraded portrait specifications to allow reading platform that can read watermarks from for the establishment of a portraits database to both companies. This platform can then be be used for face recognition as well as machine- expanded to include other digital watermark assisted identity confirmation using the portrait variations from other companies. Provided inter- displayed on the document. operability can be technically guaranteed, the ICAO MRTD REPORT • 17

TAG intends to continue studying the market The NTWG is also responsible for effective sup- and work towards a recommendation to be port and oversight of the development, imple- included in Doc 9303. mentation and management of the ICAO Public Key Directory (PKD). As the group responsible for the research, analy- sis and reporting on new technologies available Long-term goals include developing guidance today or in the future for use in MRTDs, the New material and standards to potentially enable Technologies Working Group (NTWG) has set the States to leverage the storage capacity of RF following objectives over the short term: Chips. While current technical reports relating to ePassports support the implementation of a • Create a plan to ensure effective means of dis- “write once read many” deployment, over time, seminating appropriate information to both issuing authorities may wish to broaden the Member States and vendors on new develop- functionality to enable additional information to ments; be written to this chip post issue. This may be as • Provide expertise in the development of an simple as updating the holder’s portrait or as eMRTD testing facility; complex as allowing third parties to write data. • Finalize technical report on eVisas; • Complete research on a machine readable Additional activities either envisioned or current- zone identifier for ePassports; ly underway include developing guidance mate- • Finalize technical report on hybrid travel doc- rial and standards in relation to real time data uments; sharing between States through the positive • Research the development of RF writer/reader validation of travel documents at check-in or technology, emphasizing ergonomics and the border control, the receipt and processing of mitigation of risks such as eavesdropping; and Internet-based travel document applications; the • Provide guidance material on data sharing use of biometrics in the travel document between States to support international ini- issuance process; and automated border clear- tiatives related to lost and stolen travel docu- ance of travellers presenting ePassports. ments. The TAG also approved the ongoing study of possibilities for electronic visas. A presentation summarizing the types of eVisas under consideration concluded that the collision of signals from two or more chips may not be as significant as originally thought. It suggested that as an alter- native to placing a chip under a visa label, some authorities might be interested in placing visa information on the passport chip.

Regarding the NTWG’s work on developing a technical report on hybrid card/book options for biomentric-enabled passports, it was reported that member States have expressed great interest in making this technology work. Airports Council International said the development of this technology is of particular interest to airport operators since some of its members are running programmes that may be compatible with it.The 18 • ICAO MRTD REPORT

update frequency, response time to action requests,limitations of liability regarding the various entities involved with the PKD, and the fees and participation payment requirements.

Together with the PKD MoU to be signed between ICAO and the participating States, the adoption of the draft is of fundamental importance to the implementation and operation of the PKD.

Participation in the PKD is considered to be essential for the distribution of the public keys of a State that issues ePassports to all entities that need to use them to validate ePassports. Hence the TAG decided to form a PKD Advisory Group, comprised of a member from each participating State for the purpose of governance.

Finally, the TAG-MRTD heard several country report will be available and open for comment reports, including a presentation on the Belgian through the ICAO website (www.icao.int/mrtd). ePassport project. Belgium has been issuing ePassports since 15 November 2004. Other As for the universal implementation of MRTDs, reports came from Canada, updating the the Education and Promotion Working Group Canadian passport project; India, on the status of (EPWG), which helps the ICAO Secretariat devel- the Indian machine readable passport project, op means of presenting information to govern- machine readable visa, and ICAO compliant ID ments not currently issuing MRTDs or ICAO-com- card; Thailand, on the Thai ePassport project. pliant passports, has been involved in various Thailand has been issuing ePassports since 1 workshops, reviews and seminars around the August 2005; the United Kingdom, updating the world. Some of these were in collaboration with UK passport and national ID cards projects; and the International Organization for Migration Singapore, updating the Singapore ePassport (IOM). project.

The group further reported that the profile of Present for the meeting were the 11 members Doc 9303 has been raised in the G-8 Lyon-Roma and two alternate members of the TAG, their group, which developed a best practice identity advisors, and observers from 26 Contracting authentication paper, to be forwarded shortly to States and six international organizations. ICAO. Guidelines for secure issuance process and Countries currently comprising the TAG-MRTD prevention of external fraud have also been are Australia, Canada, Czech Republic, France, developed by this group. Germany, India, Japan, New Zealand, Netherlands, Russian Federation, Sweden, United PKD Implementation Kingdom and the United States. ◆

The ICAO Secretariat presented a set of draft regulations for the operation of the PKD, which Note:Interested readers may download the clearly define what the PKD is intended to do. complete report of TAG-MRTD/16 from the This includes how it will operate in terms of ICAO website (www.icao.int/mrtd). ADVERTISEMENT

22 • ICAO MRTD REPORT

Machine Readable Travel Documents with biometric enhancement: the ICAO Standard by Mary K. McMunn

This article is adapted from a briefing by ing to the immigration and customs inspection the author to the World Customs and clearance of persons in airports. In this con- Organization Biometrics 2005 Conference text ICAO, since 1980, has been publishing speci- and Exhibition, Brussels, 8-9 December fications for standard formats for machine read- 2005. able passports, visas and official travel documents. Document 9303, Machine Readable Travel News headline: ICAO to publish its Standard Documents, is now a suite with three parts. Part for ePassports 1, Machine Readable Passports, is about to be published in its sixth edition. I begin with the current news – that early in 2006 ICAO plans a formal publication Most readers and administra- of its Standard – a standard tions are by now very famil- that is already in use by iar with the basic machine the many member States readable passport, which that are developing the is now being issued by at new-generation, electron- least 110 States and terri- ically enabled machine tories, a number that is readable passport, or steadily increasing. The “ePassport”. This article standardized format is reviews briefly the work comprised of two parts – ICAO has been doing over a visual inspection zone the past nine years to specify or VIZ, containing manda- how to make use of biomet- tory and optional data ric technology to enhance elements in a prescribed the security of travel docu- layout;and a machine read- ments and to facilitate inspec- able zone or MRZ, containing © Imaging tion of international travellers at bor- Automation - mandatory data elements in a form Viisage der control points. and position that are absolutely mandatory.

As is outlined in another article in this issue, the The two machine readable lines of OCR-B type- Convention on International Civil Aviation and face, with their standard format, data elements, Annex 9 (Facilitation) together provide a frame- field lengths, and check digits, comprise the first work of obligations of member States and security measure that ICAO invented for a pass- Standards and Recommended Practices pertain- port. ICAO MRTD REPORT • 23

Another security measure inherent in the docu- systematic study of biometrics and their poten- ment and in the inspection procedure is the use tial to enhance identity confirmation with pass- of a mandatory photo image to link the holder of ports and other travel documents. the document to the document itself, in order to confirm identity. In recent editions of Doc 9303 In search of the “right biometric” for travel docu- ICAO has been tightening up the specifications ments, the chosen approach was to first identify for the photo, to insist on high-quality images of requirements instead of just reviewing industry- adequate size, preferably digital images printed based technology studies. This set ICAO apart directly onto the data page, in order both to pre- from mainstream thinking at the time, and inci- vent photo substitution and to offer more confi- dentally invited criticism from purveyors and dence to the inspector or airline agent making a users. But we felt that to choose the “best-per- visual comparison between the photo and the forming”biometric based on laboratory tests and person presenting the passport. then try to adjust our requirements to it would not be the right approach. Instead we chose to But over the years – and well before 9/11 – mem- evaluate the different biometrics against the ber States identified the need to confirm identity unique requirements of travel document of travellers more effectively, due to the myriad issuance and inspection. cross-border social, political and criminal problems that emanate from identity theft. So in And what are these requirements? Briefly, they 1997 the ICAO TAG/MRTD asked its New are: compatibility with travel document issuance Technologies Working Group (NTWG) to begin a and renewal; compatibility with machine-

ICAO MRTD REPORT • 25

assisted identity verification requirements in the lookout identification, as prior enrolment and issuance and inspection processes; redundancy; cooperation of the subject are not required for global public perception of the successful image capture, and facial images are biometric and its capture proce- available on virtually every person in the world. dure; storage requirements; and Face also permits 100% identity confirmation in performance. Considering all of the inspection process, as the travel document these factors and using a quanti- photo of quality specified by ICAO could be used tative scoring methodology, the for machine assisted checks in the absence of an group found that face came out electronically stored on top with an 85% compatibility image. Moreover, with rating while finger and iris were tied in second the photo, facial recogni- place with a 60-65% compatibility rating. tion can be done visually, Therefore face was recommended as the primary even when the equip- biometric, mandatory for global interoperability, ment malfunctions! and finger and iris were recommended as sec- ondary biometrics to be used at the discretion of After deciding that the the passport-issuing State. face would be the primary biometric the The face as primary biometric addresses numer- NTWG looked for an appropriate storage medi- ous identity-related requirements. It supports um. The medium chosen would have to offer 26 • ICAO MRTD REPORT

the reader of the chip assurance that the data had been placed there by the authorized issuer and that it had not been altered in any way since then. Thus an expert group within the NTWG developed specifications for a specialized PKI for application to travel document issuance and inspection. (For more information on PKI, see the article by David Clark, in this issue.)

Finally, during the testing of chips and readers there arose issues of skimming and eavesdropping. The physical possibility of skimming – the surreptitious reading of the data in the passport chip by means of a concealed device and unno- ticed by the holder – is considered to be © Imaging Automation - Viisage extremely remote, but nevertheless it is a concern. Eavesdropping – illegally listening in on a enough data storage space for images of the face communication between the chip and the read- and possibly other biometrics, as the concept of er – though unlikely, is feasible. To address these using templates had been abandoned due to the concerns a fact that templates and their readers are not scheme for internationally standard. The technology had to “basic access be non-proprietary, available in the public control” domain worldwide, in the interests of global (BAC) was interoperability. And of course the technology developed had to be compatible with book-style (paper and and recom- cloth) documents. Ease of use, without a require- mended for ment to position or fit the document into a read- use by issuing device, was also a factor. The technology that ing States. met all of these Under BAC the requirements was the inspection system contactless integrated uses a “key”derived from numer- circuit, and the NTWG ic data elements in the MRZ to “unlock” the chip decided that of the so that the system can read it. Thus the passport two ISO-standard must be open in order for the chip to be read, options, the “proximi- and the holder is assured that his data can be ty” type (ISO/IEC read only when he hands over his passport. 14443) should be specified. So there you have it – what ICAO calls its biometric blueprint, consisting of four parts – the facial Next, a standardized image, the contactless proximity chip, the logical “logical data structure” data structure, and the ICAO PKI. These “four pil- for programming the lars” are each essential to the ePassport, and are chip was specified to ensure that chips pro- inseparable from one another. Technical details grammed in any country could be read in any about the blueprint and the ePassport standard other country. And because data written to a and other aspects of ICAO work in MRTDs can be chip can be written over, a public key infrastruc- found on our dedicated web site – ture (PKI) scheme was required, in order to give www.icao.int/mrtd. ◆ ICAO MRTD REPORT • 27

First ePassports, by John W. Mercer then eVisas

This article,adapted from “eVisa vs ePassport – The Way Forward”by the same author,published in 2005 in the Keesing Journal of Documents & Identity, addresses the prospect of an ICAO standard for eVisas as a companion to its work on ePassports recounted elsewhere in this journal.

o what to do about the visa? Before One method of providing a biometric identifier is machine readability standards, a visa was to capture the biometrics of the visa applicant Susually a stamped notation with manual upon application,and then store those biometric in-filling of data pertaining to the holder, and images in the electronic data file of the visa sometimes the holder was not even named, applicant, not on the visa. Through Advance resulting in the “bearer” visa. The non-uniform Passenger Information (API) the receiving coun- optical characteristics of various passport visa try, who issued the visa, will know in advance the pages, and interference from the background passengers listed on the airline passenger mani- printing made it not possible to print the visa fest. Biometrics associated with the passengers data onto the visa page, thus requiring that the known to have visas can be called up to a local ICAO machine readable visa be a label. (and transient) file which can be quickly accessed and opened when the traveler arrives at the bor- The ICAO-compliant visa is a label of two der, by reading the machine readable data from sizes, ID-2 and Format A, which is almost the visa. This works well, keeping the person’s ID-3. The smaller, ID-2 size biometric data in the system, only accessing it allows the perforated num- when they and their visa document are present bers commonly in passports for comparison. But other nations and airlines to be read on the visa page, may not be privy to the biometric file, and thus while the larger Format A the positive identification benefits of the bio- visa has more room for print- metric are limited. ing of data. Current specifications (Doc 9303, Part 2, 3rd The ICAO New Technologies Working Group is Edition, 2005) allow only developing a technical report on eVisas, the cur- one person to be named rent version of which was presented to the last on each visa and require a TAG-MRTD meeting, 27-28 September 2005. This space for a portrait. paper suggests that ICAO can play a positive role in establishing an interoperable standard com- There is no one visa issuance procedure, but patible with the existing specifications for many, answering to a multiplicity of commercial machine readable visas. At the same time it is and national requirements. Even so, a solid and important to “ensure that eVisa techniques workable,standardized methodology for making employed by different States do not interfere machine readable visas has developed, and the with the global interoperation of ePassports and trick now is to add biometric identifiers to the e-travel cards.” visa issuance process. 28 • ICAO MRTD REPORT

Two intriguing possibilities are suggested. One is that eventually minutia may be able to be stored and used as the basis for global data inter- change. Present technologies and standards do not allow this, but should it occur, the need for chips of great memory capacity will be reduced, and faster reading times will result. The second possibility points to the future when eVisas are compatible with ePassports, and traveler “verification using a single suite of document and biometric reader technology” would not only con- tribute to security, but facilitate travel as well.

The report concludes with a series of policy questions: How can you notify the country of issuance that a chip visa has been added to their passport? What can provide visual indication of The report outlines three options for the chip in the presence of the eVisa in a passport (analo- visa applications: by writing to the chip con- gous to the e-pass logo on the cover of ICAO tained in the ePassport, by use of a chip under a compliant ePassports)? How can an eVisa be visa sticker, and a separate chip visa card. An cancelled? Are there privacy considerations unstated fourth option, of the chip incorporated inherent in the eVisa? into the visa sticker before security printing, is a non-starter, because any chip/antenna combina- In sum, there are significant areas of overlap tion passing through the pressures of intaglio where the work that has led to the progress and printing nip would likely be broken and thus implementation of the ePassport can be used in unusable. However, there are significant imple- the development of the eVisa. But there are mentation challenges associated with each areas of significant difference where the future is option. Moreover, the amount of available data unknown and technical and policy challenges storage data storage is an issue, as only a few exist that have not yet been resolved. One thing compressed face (15-20Kb) or fingerprint images is clear. It is not a simple transition from the (10Kb) can fit in a chip of 64Kb memory capaci- ePassport to the eVisa! ◆ ty.

present e-Digiprotek® tamper-evident rfid inlays for e-Passports and e-Visas

Inlays, directly bonded into the document, cannot be fraudulently removed without disabling the chip. e-Digiprotek®, ICAO compliant, is available in many formats and can be easily integrated in existing documents and issuing processes.

FASVER - 286, rue Charles Gide, ZAE La Biste, BP 48, 34671 Baillargues cedex, France www.fasver.com contact : [email protected] IER - 3, rue Salomon de Rothschild, BP 320, 92156 Suresnes cedex, France www.ier.fr contact : [email protected] ICAO MRTD REPORT • 29

New Symbol Allows ePassport to be Recognised Instantly by Sjef Broekhaar

CAO’s New Technologies Working Group Selection of Storage Medium (NTWG) has spent the last few years assessing Ithe most suitable biometric for travel docu- While evaluating the various biometric tech- ments, drafting technical reports and finding niques, the NTWG also faced the challenge of solutions to secure and protect the electronic selecting a suitable data carrier.Although several data carrier. Following extensive research and alternatives were evaluated, the group eventual- careful evaluation, the group put forward the ly opted for the contactless IC chip. It did so for contactless integrated circuit (IC) chip as the the following reasons: most suitable storage medium for passport applications. However, • Interoperability: in addition to because the inclusion of being laid down in ISO/IEC14443 contactless chips in travel and ISO/IEC 15693, the radio fre- documents was not – at quency (RF) used by contactless IC that time – governed by chips is used around the world. ISO standards, the group • Durability: more than 100 mil- immediately faced another lion IC chips are currently in use challenge.Apart from high- across hundreds of applications. lighting the most suitable • Flexible embedding: unlike positions to embed a con- contact IC chips, which must be embedded in tactless chip in a passport, this article discusses a fixed position, contactless IC chip/antenna the introduction of a new symbol that makes it assemblies may be embedded in any position. much easier to recognise ePassports. Invisible Eight years ago the NTWG initiated a four-year study into the inclusion of biometrics in travel Embedding the IC chip/antenna assembly in a documents, that resulted in a short list of three passport proved less straightforward that it suitable biometric techniques (as most readers would seem. The following alternatives were/are are undoubtedly aware, these are facial, finger- available: print and iris recognition).The decision to advise the Technical Advisory Group (TAG) to recom- • The biographical data page; mend the facial image as the ‘globally interoper- • Between the end paper and the cover (both at able biometric’ for MRTDs was taken in 2002, in the front and the back); Berlin. This proposal was subsequently adopted • Between the centre pages of the document by ICAO and announced to the world on 28 May (where the binding is visible); or 2003. • Within a separate page. 30 • ICAO MRTD REPORT

Size A, 5.25 x 9 mm (actual size)

Size B, 4.2 x 7.2 mm (actual size)

Dimensions of the ChipInside symbol, size A (scaled 10:1)

As the above solutions hide the IC chip from In view of the above, the designer opted for a sight, inspectors would find it difficult to estab- neutral symbol that can be included in a variety lish whether a given passport contained a chip at of design concepts. At the same time, the symbol all. In recognition of this potential problem the is easily recognised and easily associated with NTWG reviewed a number of options, including ePassports. In short, it is a neutral symbol based the use of (i) an MRZ-based identifier or (ii) a vis- on an uncomplicated design. ible symbol (possibly in combination with text). In the end, the group decided in favour of a sym- As shown above, the ePassport symbol consists bol on the face of the passport, allowing the doc- of a small circle enclosed by two horizontal rec- ument to be recognised at a glance. After all, a tangles, representing the chip sandwiched symbol has strong communicative properties. between two layers of material.The level of detail is such that the symbol can be produced in the The Selection Process desired size and by means of gold foil blocking, using silk screen printing techniques. The ePassport symbol was jointly developed by the Document Content and Format Working Van Roon has transferred all design rights to Group (DCFWG) and the NTWG. A short list of ICAO, which has included a technical description nine was prepared, and from these the of the symbol in Doc 9303, Part 1, sixth edition, TAG/MRTD, at its 15th meeting in May 2004, 2006,Volume 2. picked the design of Dutchman Joost van Roon. Other Applications The ePassport Symbol Explained In addition to being used on ePassports, The symbol chosen had to recognise that a coun- eIdentity cards and other eDocuments, the new try’s design preferences (and concepts) should symbol can be used at airports and seaports or be respected. The symbol and the guidelines for rail stations around the world.The symbol can,for its positioning should allow as much space as is example, be used to guide visitors to special required for all the different characteristics on ePassport desks. Indeed, some passport reading existing passport covers. machines already display the new symbol. ICAO MRTD REPORT • 31

Conclusion

The inclusion of a symbol on ePassports and other electronic travel documents facilitates unambiguous communication (as of the moment the documents are issued). On seeing the symbol, an inspector knows that the document contains a chip, that it should be inspected using electronic equipment, and that it should be treated with due care. Issuing authorities can also use the symbol – in combination with supporting text, if necessary - to point to the location of the chip. In turn, inspectors can bear this information in mind when stamping the passport with entry/exit stamps. At the end of the day, it is in everyone’s interests that ePassports function as they are supposed to, allowing for quick and efficient inspection. Only then will it be possible to process large numbers of people Area and position of the size A symbol on passport covers quickly. ◆ 32 • ICAO MRTD REPORT

ICAO Contracting States

NORTH AMERICA Croatia Qatar Swaziland Canada Cyprus Saudi Arabia Tanzania, United United States Czech Republic Syrian Arab Republic Republic of Denmark United Arab Emirates Togo CENTRAL AMERICA Estonia Yemen Tunisia Belize Finland Uganda Costa Rica France AFRICA Zambia El Salvador Georgia Algeria Zimbabwe Guatemala Germany Angola Honduras Greece Benin ASIA/PACIFIC Mexico Hungary Botswana Afghanistan Nicaragua Iceland Burkina Faso Australia Panama Ireland Burundi Bangladesh Italy Cameroon Bhutan CARIBBEAN Kazakhstan Cape Verde Brunei Darussalam Antigua and Barbuda Kyrgyzstan Central African Republic Cambodia Bahamas Latvia Chad China Barbados Lithuania Congo Comoros Cuba Luxembourg Côte d’Ivoire Cook Islands Dominican Republic Malta Democratic Republic of Fiji Grenada Monaco the Congo India Haïti Netherlands Djibouti Indonesia Jamaica Norway Egypt Japan St. Kitts and Nevis Poland Equatorial Guinea Kiribati St. Lucia Portugal Eritrea Korea, Democratic St.Vincent and Republic of Moldova Ethiopia People’s Republic the Grenadines Romania Gabon Lao People’s Trinidad and Tobago Russian Federation Gambia Democratic Republic San Marino Ghana Malaysia SOUTH AMERICA Serbia and Montenegro Guinea Maldives Argentina Slovakia Guinea-Bissau Marshall Islands Bolivia Slovenia Kenya Micronesia, Fed. Brazil Spain Lesotho States of Chile Sweden Liberia Mongolia Colombia Switzerland Libyan Arab Jamahiriya Myanmar Ecuador Tajikistan Madagascar Nauru Guyana The former Yugoslav Malawi Nepal Paraguay Republic of Macedonia Mali New Zealand Peru Turkey Mauritania Pakistan Suriname Turkmenistan Mauritius Palau Uruguay Ukraine Morocco Papua New Guinea Venezuela United Kingdom Mozambique Philippines Uzbekistan Namibia Samoa EUROPE Niger Singapore Albania MIDDLE EAST Nigeria Solomon Island Andorra Bahrain Rwanda Sri Lanka Armenia Iran, Islamic Republic of Sao Tome and Principe Thailand Austria Iraq Senegal Timor-Leste Azerbaijan Israel Seychelles Tonga Belarus Jordan Sierra Leone Vanuatu Belgium Kuwait Somalia Viet Nam Bosnia and Herzegovina Lebanon South Africa Bulgaria Oman Sudan ICAO MRTD REPORT • 33

Country Update: Sweden Introduces ePassports by ICAO Secretariat

weden has become the second European mended by Annex 9 to the Convention on country, following Belgium, to start issuing International Civil Aviation, ICAO’s charter, the Sbiometrically-enhanced passports compli- passport is valid for five years. ant with ICAO standards for biometrics in machine readable travel documents. Dark red in colour, as compared to the previous blue, the new passport is further distinguished The new Swedish ePassport, introduced 1 by the easily recognizable ePassport logo—a October 2005, has a Radio Frequency small circle enclosed by two horizontal rectan- Identification microchip embedded in its data gles—jointly developed by ICAO’s Document Content and Format Working Group and New Technologies Working Group.

Together with state-of- the-art technology, new photo regulations have also been introduced.Again according to ICAO standards, passport photos must now be taken from straight-ahead, as opposed to the previ- ously required half profile. The facial expres- sion must be neutral, no smiling, with black and white photos pre- ferred. page.The chip contains a digital photo and pass- And whereas Swedish citizens applying for passport information of the holder. To authenticate ports could in the past get their picture taken at passport holders and reduce the risk of theft or photo shops,they must now be photographed at fraud, the digital photo can be measured against one of the country’s police offices. According to the facial features of the traveler using the pass- the Swedish Police, this guarantees better pic- port, using an electronic document reader and a ture quality and nullifies the risk of photos camera located at the control point. As recom- changing hands. 34 • ICAO MRTD REPORT

Currently Sweden has 246 police offices scat- Programme (VWP).The 27 States participating in tered across the country, but rather than intro- the VWP, such as Sweden, are required to issue duce new technology into all existing offices, the machine readable passports with digitized pho- number of police offices handling passport tos by 26 October 2005 and present a plan to applications has been reduced to 100. Since the begin issuing passports with integrated circuit new passports are valid five years, compared to chips within one year. According to ICAO, some the previous ten, these 100 offices will have to 40 countries are currently planning to upgrade deal with number of applications expected by to biometrically enhanced ePassports by the end the Swedish government to reach 1.4 million per of 2006. About 25 of these are EU States. year. Besides being ICAO-compliant, the new Swedish In addition, the price of the passport has ePassport also abides with the European Union increased from SEK 270 to 400 (approximately Regulation on standards for security features and EUR 29-43, USD 34-50). For added security, appli- biometrics in passports and travel documents, as cants are required to pick up their passport in adopted on 13 December 2004. person. Citizens holding a Swedish passport issued before 1 October 2005 do not have to Using the same biometrics technology as in the renew their passport until the expiration date. passport, Sweden has also introduced a new national ID card.While not a required document, The rapid Swedish switch to ePassports is due to the ID card is valid for five years and can be used several factors. The expiry last year of the previ- in place of passports in the following countries: ous contract for the supply of Swedish passports Austria, Belgium, Denmark, Finland, France, helped enable a shift to the new biometric tech- Germany, Greece, Iceland, Italy, Luxembourg, nology sooner rather than later. Another incen- Netherlands, Norway, Portugal, Spain, and tive was the Swedish government’s desire to Switzerland. ◆ comply with the United States Visa Waiver

States planning to upgrade to ePassports

The States that have indicated their intention to upgrade to ePassports en the next two years are: Andorra, Australia, Austria, Belgium, Brunei, Canada, Czech Republic, Denmark, Finland, France, Germany, Hong Kong Special Administrative Region of China, Hungary, Iceland, Indonesia, Ireland, Italy, Japan, Republic of Korea, Liechtenstein, Lithuania, Luxembourg, Malaysia, Malta, Monaco, the Netherlands, New Zealand, Nigeria, Norway, Pakistan, Portugal, San Marino, Serbia and Montenegro, Singapore, Slovenia, South Africa, Spain, Sweden, Switzerland, the United Kingdom, United States. ICAO MRTD REPORT • 35

PKI and Public Key Directory – an ICAO programme for ePassport Security by David Clark, P.Eng.

s a major measure to improve the securi- Two actions are essential to ensure that the elec- ty of machine readable passports, a num- tronic data is valid, namely; Aber of ICAO member States are planning to issue an electronically enabled passport, or • Verifying that the data has been recorded in “ePassport”. This new-generation document con- the ePassport by the proper issuing country; tains an integrated circuit chip (ICC), embedded and either in the cover or within an inner page and containing electronically all of the machine read- • Verifying that the electronic data has not able passport data as well as a biometric meas- been altered in any way. urement (face image and possibly others) that can be verified with computer algorithms. The PKI specification that ICAO has developed to carry this out features the use of “asymmetric Computerized biometric checks are intended to cryptographic keys”, consisting of a pair of keys augment the normal visual inspection process for each set of data to be encrypted.This key pair by a human government official or airline agent, is mathematically unique in that: and provide additional confidence in the document’s validity. EPassports also present increased 1. One key of the pair is used to encrypt the challenges to a counterfeiter. Nonetheless it is data, but cannot be used to decrypt the data. possible to create a completely counterfeit pass- This key is called a private key, and is kept port with fraudulent electronic as well as printed secret by the issuing country. data 2. Only the other key of the pair can decrypt the The ICAO Public Key Infrastructure (PKI) has been data.This is called the public key. designed to prevent such counterfeiting oppor- tunities, by effectively guaranteeing the authen- 3. The public key does not provide any informa- ticity of the electronic data. The ICAO Public Key tion regarding the companion (private) key. Directory, or PKD, is an essential component of As a result the public key can be made avail- that PKI. able publicly to verify the source and validity of the data encrypted, without revealing the Data Protection private key that was originally used to encrypt the data. Data stored on an ePassport chip can be forged, rendering the ePassport untrustworthy. In fact, This is very powerful technology. Anyone read- electronic ePassport data must be authenticated ing encrypted data and decrypting it with the each time it is read, using the protective features of valid public key knows with certainty that a) the the ICAO PKI, if the data is to be trusted at all. data was created and encrypted by the proper 36 • ICAO MRTD REPORT

sender (using the corresponding private key), checked. Therefore, forging of electronic data and b) that the data has not been changed in any without being detected is effectively impossible, way. assuming the digital signature is checked in each instance. Digital Signatures This process is shown in figure 2 below. The ICAO PKI uses this technology on ePassport data by encrypting a hash calculation on the data ePassport data DS rather than encrypting the data itself. This hash digest is an arbitrary mathematical process anal- Public Key ogous to a sophisticated check-digit calculation. The mathematical process produces a very Compute Decrypt Hash DS unique result that is then encrypted by the country and stored as a digital signature on the ePassport. This process is shown in Figure 1 N below. Same? ALERT!

Process ePassport data and biometric ePassport data DS

Digital Figure 2 - Verifying the Digital Signature on an ePassport Private Key Signature

Compute Encrypt Valid Country Keys Hash Hash

An integral part of the above process is: knowing Figure 1 - Creating the Digital Signature for an ePassport that the purported public key for each ePassport is valid. It would be quite easy to record false data, including a biometric matching the counterfeiter Security is achieved because of the uniqueness and a digital signature using a false key. It would of the hash value.Other entities reading the non- also be easy for an imposter to use the counter- encrypted electronic data re-compute the hash feit passport for travel and get away with it, if the value from the data, decrypt the encrypted hash key itself were not validated. digital signature using the valid country public key, and compare the two. If they are the same, Countries will address this by publishing their the reader then knows with certainty that a) the public signing keys in the form of key certificates ePassport electronic data was inserted in the ICC that are in turn digitally signed by a master key of by the issuing country, and b) that the data has the country, called the country CA (Certificate not since been altered in any way. Authority) key.The corresponding CA public keys will be distributed through diplomatic means In this way the forger is stymied. The ePassport amongst all ePassport issuing countries, and will data cannot realistically be changed or forged, be used by these countries to validate signing since the resulting new hash value cannot be keys by checking the CA digital signatures. properly signed; the private signing key of the country is not known by the counterfeiter. The However, airlines, non-ePassport issuers or bor- forgery will therefore be detected when the der inspection agencies of any country will not ePassport is read and the digital signature have access to the secret country CA public keys ICAO MRTD REPORT • 37

and will not be on the distribution list for public public keys from each issuer, so that it can vali- signing keys. date every public signing key certificate sent to it for publication. As a result, every certificate on If such inspecting entities do not know or cannot the PKD will have been validated. verify that a public key is valid, the electronic data in an ePassport cannot be relied upon. Even if a Inspectors of ePassports throughout the world public key certificate were provided on the can therefore access the PKD and use the public ePassport, it must still be validated with the signing keys to validate ePassports in confi- country CA public key; otherwise it too could be dence.They can therefore take full advantage, as false. It is paramount that all entities understand intended, of the security provided by the new that validating the key is as important as validating ePassport and biometrics technologies being the data; checking the digital signature is other- adopted for international travel. wise a meaningless exercise. Validating ePassports with trusted public keys Role of the PKD prevents people from wrongfully crossing a border and it also prevents people from wrongfully The ICAO PKD has a central role in this regard as boarding an airplane. If you are a passenger on the main global distribution point for all signing that flight, the latter concern is of paramount key certificates from all issuers of ePassports. importance. The PKD is fundamental to achiev- Significantly, ICAO will also have the master CA ing this objective. ◆ 38 • ICAO MRTD REPORT

ICAO assistance mission to Colombia

n 2005 ICAO adopted a new standard, that all Contracting States issue only ICAO-standard machine readable passports (MRPs), by no later than 1 April 2010. The 79 or so countries that do not yet do so recog- Inize the high value of ICAO-standardized documents for travel and tourism, and are seeking assistance to upgrade their passport issuance systems.

ICAO stands ready to provide such assistance, in the form of project planning, technical and policy guidance, education,arrangements for financing,and project management,as may be requested by an individual State. In addition,States can request objective evaluations of their prototype documents to assure compliance with ICAO specifications.

In November 2005, ICAO organized an assistance mission to Colombia, and in December to Brazil. The testi- monial on the opposite page attests to the value of this initiative.

Mr. José Sandoval

From left to Right: Coronel Germán Paez Huertas,Secretario de Seguridad Aérea UAE de aerocivil Maria del Pilar Yepes Moncada, Jefe Oficina Centro de Estudios de Ciencias Aeronáu- ticas UAE de aerocivil Rocio Mantilla,Secretaria General Ministerio de Relaciones Exteriores Dr. Fernando Sanclemente Alzate, Director General U.A.E de Aeronáutica Civil Mr. Mauricio Siciliano Jair Orlando Fajardo Fajardo, Jefe Oficina Asesora de Planeación (OAP) UAE de aerocivil Alvaro Andrés Motta Navas, Secretario de Sistemas Operacionales UAE de aerocivil Julio Enrique Ortiz Cuenca, Representante Permanente de Colombia ante el Consejo de la OACI. ICAO MRTD REPORT • 39

DELEGACIÓN DE COLOMBIA ORGANIZACIÓN DE AVIACIÓN CIVIL INTERNATIONAL

Montreal, January 19th of 2006

06-011 E AT-Dir/ICAO

Mr. Mohamed Elamiri Director Air Transport Bureau International Civil Aviation Organization Suite 11.20

Dear Mr. Elamiri,

The Permanent Representative of Colombia on the Council of the International Civil Aviation Organization would like to thank ICAO for organizing and participating in the Mission to Colombia under the Universal Implementation of Machine Readable Travel Documents (UIMRTD) programme, to assist the government in the implementation of the ICAO - compliant machine readable passport.

In this context the Facilitation Section, with the support of Colombia’s Ministry of Foreign Affairs and the Colombia Civil Aviation Authorities, organized and participated in the seminar on Machine Readable Travel Documents, held in Bogota the 2nd and 3rd of November 2005. Presentations were made by Mr. Mauricio Siciliano, with the cooperation of the Government of Ecuador in the person of Mr.José Sandoval, former Director General of Travel Documents and former project manager of the new machine readable passport project, who assisted our government in streamlining the tender documents and process of the coming Colombia MRP.

Colombia received comprehensive technical information about the new international travel documents standards, to facilitate their implementation within the time frame established by ICAO in Annex 9, Standard 3.10.

We would like to highlight and reiterate the importance that this event had for Colombia and the sur- rounding States who are in the process of implementing the Machine Readable Travel Documents, the Andean Passport, and the new generation of electronic passports, which will place us on the same level as the most developed States of the world. Therefore,we would like to keep counting on the valuable support ICAO provides in this field.

Please accept, Sir, the assurance of our highest consideration.

JULIO ENRIQUE ORTIZ CUENCA Permanent Representative of Colombia on the Council of the International Civil Aviation Organization DO YOU KNOW WHO’S TRAVELING?

iA-thenticate® Smartchip

A full page document authentication

scanner with RFID contactless chip

reader for ePassports and government

issued identification cards. It includes

Basic Access Control (BAC) and 1 pass

read with automatic authentication.

Massachusetts 978.932.2200 Washington D.C. 703.414.5800 EMEA +49 234.9787.0 www.viisage.com email: [email protected]

3M Identification and Authentication Applying ingenious technologies to protect your security.

More than 100 years of developing practical and ingenious products has made 3M one of the most trusted and respected companies in the world. Our technology expertise is broad and deep, which has allowed us to develop some of the most secure products in the industry. Products such as 3M™ Confirm™ Laminates, 3M™ ePassport Readers, 3M™ Identity Document Issuance Systems and 3M™ Border Management Systems. Find out more at www.3M.com/security.

Local Service. Global Support.