New Biometric Indonesian passports Most of the countries in the world are currently implementing or planning to adopt biometric passports generally for security purposes, including Indonesia. As the world’s fourth most populous nation with more than 200 million people, Indonesia has decided to venture into the world of Biometric. Since February 2006, the country has started to issue what the government called the “new biometric passport”. According to the news titled “Justice ministry clarifies biometric passport prices” published by The Jakarta Post on 21 July 2006, the government says the biometric system, which scans fingerprints and photo-graphic data into a bar code, has helped it detect 1,800 attempted passport frauds since its introduction in February 2006. In addition, Germany’s Digital Identification Solutions AG – the sole contractor of the Biometric Indonesian Passport project – issued a press release on 12 July 2006 in Stuttgart claiming that the new biometric passport system on average processes 10,000 online passport applications daily and issues the passports in full colour and with numerous security features right on the spot where the citizens apply for it. However, while the other developed countries are implementing and planning biometric passports with RFID chips embedded or inserted into their biometric passports, the biometric Indonesian
passports resort to the bar code technology, which defeats the purpose of anti-counterfeit in the first place. Basically, it is easier to clone bar codes than the encrypted identification stored in an RFID chip. Beside the security issue, it is also essential to guarantee that certain information in the biometric passports are kept from unauthorised parties and specific privileges granted or assigned to the right persons, which though is almost impossible with the application of the bar code technology on the biometric Indonesian passports. The biometric Indonesian passport system designer apparently forgets that secure authentication is the fundamental assumption for privacy protection and authorisation. Moreover, the use of bar code technology also means that there is no unique identification system due to the limitation of bar code numbering system. The bar code technology was originally designed only to identify a class of generic products, not a unique item, compared to the RFID technology, which could support a unique identification system despite of the numbering system being used.
Biometric (+RFID) passports and ID cards Biometric (+RFID) passports and ID cards are definitely better off without the basic security issues posed by the bar code technology. Nevertheless, the
In 2006, Biometrics adoption to increase IT services vendor Unisys has predicted that in 2006 there would be an increase in the commercial usage of biometrics owing to technological improvements brought about through e-Passports. Terry Hartmann, Unisys’ Director and Global Solution Lead for Secure Identification and Biometrics, said in a company release that traveller security is driving the adoption of biometrics much faster than commercial pressures would have. The Unisys statement said that Asia would lead the world in using biometrics for national identity and security. Currently, for purposes of national identity verification countries such as Cambodia, China, Hong Kong, Japan, Malaysia and Thailand are evaluating, planning, piloting or deploying smart cards with biometric features. It may be noted that in October 2005 Australia introduced biometric e-Passports becoming the first country in the world to do so. The U.S. Department of Homeland Security also conducted e-Passport tests at the San Francisco International Airport, Singapore’s Changi Airport and Sydney Airport in Australia. | December 2006
recent demonstration of Biometric +RFID passport data cloning performed by a security consultant at the Black Hat security conference in Las Vegas could indicate that the security risk in the implementation of Biometric (+RFID) passports and ID cards still exists. The consultant could not change the information stored in the chip due to cryptographic protection though. In reality, there is no 100% security guarantee in this networked world. When you become part of a “network” voluntarily or involuntarily, there is always a chance that your security is compromised. A sensible action lies in assessing security status continuously, taking several appropriate security measures and preparing for some recovery plans that may arise from any security breach.
Beyond technological issues During the Government Forum on National ID and e-Passport for Indonesia held last June in Jakarta, the Director for International Cooperation at Indonesia’s Directorate General of Immigration unveiled the plan to decentralise the issuing process of Biometric Indonesian Passports throughout the Indonesian Embassies located outside Indonesia. Until now, there has been no country in the world planning or implementing the decentralisation plan as the Indonesian Government has done. It is certainly not about technological barriers. It is simply based on the common sense and assumptions that the security risk of having such decentralisation system will outweigh the benefits of efficiency produced by such system. There is simply no country in the world that is willing to put its nationals and citizens on the front line of security risks and threats.
About the author Adi Tedjasaputra is the Founder of RFID Asia [http://www. rfidAsia.org], and resides in Indonesia. adi.tedjasaputra@rfidAsia.org
35