This is the response I received today from the IPS to a series of questions I emailed them in May. They treated the request as under the FOI Act, although I did not specify that.
15 August 2006
FREEDOM OF INFORMATION REQUEST
Thank you for your e-mail of 27 May concerning the introduction of biometric passports. You have asked a number of questions on the design specification of the biometric passport. You also asked a number of questions in relation to the forthcoming Authentication by Interview process and the Identity and Passport Service Welsh Language policy. We are now in a position to offer a full reply to your request.
I am pleased to be able to disclose the information that you requested in the order that you have made them.
1. Could you clarify precisely which ISO standard(s) applies to the tags incorporated in UK biometric passports?
ISO 14443 using Type A chips
2. Could you definitively confirm the maximum distance at which these tags can be read by the appropriate reader, bearing in mind that the US State Department (which I believe intends to use the same type of tags) received 2,400 critical comments from security professionals, when the Department claimed that the tags could only be read at a distance of 10 cms (4inches)?
Contact-less chips conforming to ISO 14443 become activated when an inductive coil loop emitting the appropriate power comes into range. The workable range of the chip to appropriate reader is 0 cm to 10 cm.
We believe the reports referenced relate to situations when the chip is in communication with the reader as it is possible with the appropriate antenna equipment to eavesdrop the message being transmitted “in the air”. The greatest distance known to have been achieved is 35 metres, although the data collected was patchy.
To protect passport data being eavesdropped the data from the passport is encrypted and border control readers have introduced shielding to prevent such attacks.
3. Could you confirm that the tags are of the read/write type, i.e. it is possible to modify or add to the information stored using the appropriate equipment? If this is the case, what measures are incorporated to prevent the data stored being modified or added to by unauthorised persons who have access to the passport, and the relevant technical equipment and expertise? How much data are these tags capable of storing?
We are not able to confirm. Once the passport chip has been personalised with the passport holder’s data the chip is locked and no other data can be added. The data is protected by the use of Digital Signatures which means that the data cannot be modified or changed.
The current size of chips used within the Identity and Passport Service ePassports is 72KB. The actual data size varies depending on the size of the photo image stored and is on average in the 30KB range.
4. Could you confirm precisely what data is being stored on the tags currently being issued, is it only facial biometric plus a high definition scanned copy of the photograph supplied by the applicant?
The information stored within the chip is:
The same as the visible data on the data page, that is the name of the passport holder, their nationality, their date of birth, their sex, the place of passport issue, the passport expiry date plus data check digits.
A JPEG image of the passport holder is also stored.
Both the data page information and the image are protected using Digital Signatures from the IPS Public Key Infrastructure (PKI).
5. Does the data stored on the tag, although encrypted, include confirmation of the holder’s national status as a UK citizen?
Yes, please see answer 4
6. What other information, if any, does the Home Office/Passport Service plan to store on the tags, for example, fingerprint and/or iris scan data? When, or from which dates, is it intended to do this?
The UK has indicated that it is considering complying with the EU Passport Regulation to include 2 finger images within the passport from June 2009.
The additional data will however be protected bys stronger data encryption and only Border System inspection systems authorised by the UK will be able to access this additional data.
7. I understand that the data on the UK biometric passports will be encrypted, and access to the encrypted data will require access to the digital information printed on the passport itself. Can you confirm that this digital information is or is not stored elsewhere by the UK passport service on its computers? If this is the case, please explain how that information can be kept secure from unauthorised access by hackers, bearing in mind that currently the US Government is seeking extradition of a UK citizen for having successfully hacked into highly secure US Government systems, including the Pentagon’s computer system.
If the Passport Service’s system is secure from hacking, what measures exist to prevent civil service or agency staff who have access to the data, misusing it, or making it available to unauthorised persons, through blackmail, bribery or disaffection?
To prevent the passport data being “skimmed” by an unauthorised reader the encoded data is protected by a security code. As indicated by the question this code is derived from the visible data printed on the data page.
In line with the existing passport validation process to access the information on the chip the passport must be presented to the reader in an open position to allow the data page to be optically scanned. The reader will extract the required data from the data page and calculate the required security code. This code is passed to the chip and providing the correct code is received the chip will reveal to the reader the information on the chip.
By employing this approach it is not possible for the unauthorised readers to extract any information from the chip.
With regard to the Passport Service’s database systems these are regarded as highly secure and appropriate security measure are in place to prevent unauthorised intrusion.
8. What measures exist to prevent ‘eavesdropping’ of data when the tag is being interrogated by a reader?
The data during transmission is encrypted.
9. Do the new UK biometric passports contain measures other than encryption, and access to the digital information printed on the passport, to prevent unauthorised access to the data stored on the tag? For example, is the tag or chip shielded in any way to protect it from being read whilst the passport is closed?
The UK passport is not shielded. The access protocol employed is called Basic Access Control. This requires the passport to be open at the data page and the printed information optically scanned before any data can be read from the chip.
It is not possible to read the UK passport when the passport is closed.
10. Do the ‘electronic passports’ which the US State Department intend to start issuing shortly, from this autumn, use the same ISO tags as those being issued in the UK to its citizens? Are these standards mandated by the ICAO?
For information about the US passport please contact the US State Department.
ICAO have mandated the use of ISO 14443 chips and have listed as Recommended Practice the use of Basic Access Control.
11. I understand that the US electronic passports will contain shielding to protect unauthorised access or ‘skimming’ of the data stored on the tags. If this is so, and that such shielding is not being incorporated into UK biometric passports, please explain the reasoning behind the decision not to incorporate shielding in UK passports.
The prime objective for UK issued passports is to allow UK citizens to securely travel and that, with the introduction of chip technology, to ensure our citizens can benefit from enhanced security that assist the Border Control inspection systems to be able to validate that the passport is genuine and that the encoded data has not been modified or changed.
Our investigations indicate that the addition of shielding is not necessary when the access protocol, Basic Access Control is applied.
12. Are there plans to incorporate shielding into UK biometric passports, and th if so, from when is it intended to do so, and what will happen to biometric passports already issued before that date?
We have no plans to introduce shielding.
13. If there are no plans to incorporate shielding into UK passports, please explain how and why UK passports will be as secure as US passports? Can you confirm therefore, that UK passport holders will be at no greater risk that US passport holders from having their nationality exposed when bearing the passport and therefore not becoming more of a terrorist target? (I make special reference to the US and the UK, as there is evidence that the July 7, 2005 bombers were motivated by the UK's involvement in the Iraq War, thus providing strong evidence that UK and US citizens will be at greater risk of being targeted than those of other countries. The US has seen fit to further protect its passport holders by shielding the tags which their passports will contain).
Our investigations indicate that the addition of shielding is not necessary when the access protocol, Basic Access Control is applied. A passport holder’s nationality is necessarily revealed by the fact that, by international agreement, the name of the issuing state is shown on the front cover and the holder’s nationality is printed on the personal details page.
14. Very recently Dr Reid has stated that the Home Office and its agencies have failed the British public in many ways. How can we therefore have confidence in this new biometric passport system, and its security, when it has been devised, and is being operated, by an agency of the Home Office?
Dr Reid did not criticise the Identity and Passport Service. The new passports have been developed to meet international standards agreed through the International Civil Aviation Organisation and have passed international acceptance tests.
The UK is following the worldwide approach of improving the security of its citizens when travelling by endeavouring to provide the most suitable levels of security. The introduction of the ePassport is regarded as a success and is regarded as one of the most secure passports in the world.
15. New passport applicants from this autumn, I read in the press, will be required to attend for an interview at a local centre, such as the one being set up at *******. What procedures will be followed at these interviews, and precisely what information, both documentary and oral will applicants have to provide? What questions, exactly, will they be asked? I understand that fingerprints/irises will be scanned. Will this include the scanning of all ten digits, and both eyes? Will the data obtained only be used for passport purposes before the National Identity Register is set up? Will the police and/or security services have access to the fingerprint or iris scan data for any purposes? Are there any assurances in the relevant legislation regarding the use of the data for purposes other than passports and nationality? Is it possible that the data may be incorporated into the NIR subsequently, whatever the stated intention is at present?
Information about the new requirement for adult first time passport applicants to be interviewed is available from the Corporate Publications part of our website in the document “Passport interviews – proposed network of offices”. For ease of reference the passage about the application is copied below. From this you will see that the information and documents to be provided by applicants will remain unchanged. The purpose of the interview is not to acquire information but to protect individuals against identity theft by checking that the applicant is the true owner of the identity claimed. We will not publish details of the questions to be asked as this would assist those seeking to obtain passports in false or stolen identities. All records of the interview will be destroyed shortly after the passport is issued. We expect to start recording fingerscans to meet new passport requirements by 2009 but this is not part of the current interview proposals. We expect to scan all 10 digits. Iris scans are permitted for passport purposes under ICAO and EU regulations but we have no plans at present to record them. All the information obtained on passport applicants as part of the processing of applications is personal information and is protected from unauthorised disclosure by the provisions of the Data Protection Act 1998. This will include fingerscans when they are collected. Personal information about passport holders is disclosed to the police or other law enforcement agencies (including the security services) only where this is necessary for safeguarding national security or for the prevention or investigation of crime or the apprehension or prosecution of offenders. The Data Protection Act also includes a requirement that data is used only for the purposes for which it was collected. In due course adult passport applicants will be required to apply for enrolment on the NIR, normally at the same time as making their passport application.
Extract from publication
The new application process
The requirement for interview will apply only to those adults who have never previously held a British passport in their own name. (Therefore it will not apply to people who held their own passport as a child but it will apply to those whose names were included in a parent’s passport). This is estimated to affect approximately 609,000 in the first year of operation.
Applications will be made on the same forms as now and will be sent, as now, to regional passport offices. It will be possible to send applications directly by post or by using the Check & Send service available at selected branches of the Post Office and Worldchoice travel agents. Regional Offices will establish that the identity exists and the person is entitled to a British passport. These enquiries will include checks against independent sources such as the electoral roll and address histories. This verifies a “biographical footprint” of identity and provides a source of questions to be used in interview. At the end of this process, the applicant will be invited to telephone the Identity and Passport Service 24 hour Adviceline to make an appointment for interview at one of the new offices. Applicants will have a free choice of office in which to be interviewed, subject to availability of appointments. The interview will last between 10 and 20 minutes. It will be conducted in a friendly and non-threatening manner and will consist mainly of asking the applicant to confirm facts about themselves (which someone attempting to
steal their identity may not know).
16. I understand that the new biometric passports being issued will contain some information in the Welsh language. Will this apply only to passports issued in Wales? Will the Welsh language information on the passport have equal status to English in every respect, and if not, why not? What information will only be in English? I understand that no Welsh language information will appear on the passport cover. How can this be justified? I have been told that there will be as much information in Gaelic on the new passports, as there will be Welsh. Please explain the reason(s) for this?
All biometric passports issued throughout the UK include Welsh on pages 1 (the titles), 2 (heading of notes page) and 29-30 (translations of headings on the personal details page). This was agreed following discussions between Home Office Ministers and the Minister for Culture Welsh Language and Sport of the National Assembly for Wales. We have undertaken to consider including Welsh on the personal details page when the passport issuing system is re-designed to incorporate fingerscans and to consult the Welsh Assembly Minister for Culture on future design changes. The main reasons for not including Welsh on the personal details page in the current biometric passport were system based, although space on the page is also an issue. The front cover, the statement by Her Brittanic Majesty’s Secretary of State and the notes themselves are in English only, as the passport remains a United Kingdom national passport and the main language of the United Kingdom is English. The Scottish Parliament has passed the Gaelic Language (Scotland) Act 2005 and although we are not bound by it, we decided to take the opportunity afforded by the introduction of the new design for biometric passports to respond positively. There are no current plans to emulate our Welsh Language Scheme by introducing Scottish Gaelic application forms or website.
Gyda golwg ar eich sylw ar y posibilrwydd o geisio’r wybodaeth yn Gymraeg, ein polisi yw ymateb yn Gymraeg i geisiadau sy’n cael eu derbyn yn Gymraeg.
[With a view to your remarks regarding the possibility of seeking this information in Welsh, our policy is to respond in Welsh to applications received in Welsh] – my translation
Identity and Passport Service
[Followed by remarks about the FOI Act]