Sovereign: Elvis Presley’s Ultra-Secure, 2008 Passport?

Elvis died in 1977.

But that didn’t prevent hackers from inserting his digital photo into a U.K. passport, and using it at a self-service passport machine at Amsterdam’s Schiphol airport to gain clearance to board a plane.

This incident occurred in September 2008. But this security vulnerability persists, as proven by the recent assassination of Mahmoud al-Mabhouh, a senior Hamas operative, in a Dubai hotel on January 20…

The alleged killers of Mr. Mabhouh included 11 people holding U.K. and other European passports. All of the killers used passports containing fake photographs and signatures.

Naturally, this wasn’t supposed to happen. When governments began issuing digitally encoded passports a few years ago, it was supposed to improve border security. For instance, Maura Harty, former U.S. assistant secretary of state for consular affairs, told a Congressional hearing in 2004:

“Embedding biometrics into U.S. passports to establish a clear link between the person issued the passport and the user is an important step forward in the international effort to strengthen border security.”

Only, the technology doesn’t work.

Indeed, the “ultra-secure” RFID chips digital passports contain can be cloned with about $100 worth of off-the-shelf electronic equipment. As a result, we have teams of assassins and who-knows-who-else roaming the world with digitally modified passports. Indeed, digital passports actually are far less secure than their predecessors.

The reason is that digital passports—and indeed digital data in general—suffers from an inherent security flaw…

If you take a non-digital passport and try to modify it physically, it’s very hard to do so without leaving some evidence of what you’ve done. There might be smudges, ink marks, or microscopic impressions of a razor blade used to cut out an old photo and insert a new one.

But with our new “ultra-secure” digital passports, if you figure out how to change the data on the RFID chip, the earlier data vanishes. There’s absolutely no trace of the tampering.

Now of course, encryption is supposed to protect us from this type of tampering. But even before governments issued the first digital passports, hackers cracked the encryption codes. Indeed, as far back as 2006, hackers demonstrated how a simple microchip reader purchased off the Internet could clone all the information in a U.K. passport’s “ultra-secure” RFID chip.

Surely, the governments that assured us that RFID passports represented a huge security advance knew the risks of relying on digital technology. The only possible conclusion was that they had a hidden agenda for introducing them—an agenda having nothing to do with security.

What was that agenda? I believe it is to create a “global travel database.” The purpose of the database is to create a “lifetime personal travel history” of anyone who holds a passport. Your photograph, your fingerprints, and details of each entry, exit or transit will be part of your dossier in a “biographic and biometric travel history database.” This data can be shared with anyone your government chooses. Potentially, it could be shared with any of the 150 countries that have introduced, or have promised to introduce, RFID-equipped passports.

The blueprint for this system comes from the International Civil Aviation Organization (ICAO), which has issued a series of “best practice” standards for biometric passports. One standard reserves memory space on the RFID chip to create a log of border crossings or other situations in which the chip is queried. Presumably, this data could be read—and potentially modified—by anyone with a passport reader and the appropriate software. The result would be a permanent log of the date, time, and place of your international departures and arrivals, the hotels you stayed in, etc.

Doesn’t that make you feel safer?