Passport control

Identity fraud costs the UK £1.3bn each year, yet the government is disregarding anti-fraud technologies that could save £10bn by plugging the gap before a national ID scheme comes into effect. Julia Pierce reports.

The government is ignoring new anti-counterfeiting technologies that could save the UK billions of pounds lost through fraud involving passports and other official documents, according to researchers working in the sector.

Labour is accused of relying instead on unproven and hard-to-implement biometrics systems – which most experts believe will take a decade or more to get fully up and running – without considering an effective interim solution, even though plenty are available.

Identity is one of the hottest political potatoes, with the government citing both financial advantages – according to the Home Office, identity fraud alone costs the country at least £1.3bn each year – and social benefits from its proposed national ID card scheme. This will eventually include a biometric identifier that will also be added to passports to satisfy US and EU requirements for such a scheme.

Meanwhile, existing documents offer a low level of protection against fraud. False passports can sell for as much as £7,000. A common scam is to apply for an identity document, claim this has never arrived, then request a replacement. The original is then doctored to include a new picture. As many as 20 million false identities may be circulating in the UK, and each can be used in crimes such as benefit fraud, illegal working, money laundering, drug and people trafficking, and abuse of the nation’s health system.

If some sort of interim technology could be applied to make documents more secure, almost £10bn could be saved in the period before a biometric scheme becomes feasible.

Reports from within the security industry already suggest that problems with introducing the US biometric scheme may mean the proposed timetable will not run as smoothly as the Home Secretary might like to believe. The US’s plans to impose a requirement for a biometrically enabled passport under the visa waiver scheme have not gone smoothly. Originally the condition was to have been imposed in October.

But the scheme has now been put back a year, after foreign nations complained that they could not introduce compliant documents that soon.

‘It now seems the pace of introduction of a biometric system in the US will be much slower,’ said Gavan Duffy, senior consultant for security and biometric technologies at The Generics Group in Cambridge. ‘From what I have heard a digitised photo and smartcard system will be introduced with a view to including a biometric as late as 2013, phased in on an incentive basis.

‘All current solutions for border control are based on global convergence to international standards whose definition is being mediated by the International Civil Aviation Organisation,’ added Duffy. ‘This is a slow process, since the whole world has to move together simultaneously and the need for this convergent basis for advance is seen as one of the primary inhibitors of adoption. The value of the biometric measures is diminished if they cannot be applied universally.’

So if the roll-out of biometrics is to be painfully slow, how will the government bridge the gap?

Following questions in the House of Commons in July, the Home Office confirmed that, as of December 2003, it would be establishing a new comprehensive database for recording lost, stolen and recovered passport data. It also plans to strengthen the counter-signatory requirement for passport applications, as well as continuing to develop use of a biometric identifier as planned.

The UK Passport Service is shortly to commence a six-month pilot study involving 10,000 volunteers at locations across the UK. This will investigate the practicality of using face, iris and fingerprint data for identification. People will have to register basic data such as their name, address and date of birth on a newly created National Identity Register. The biometric scan or fingerprint will then be taken and documents issued after their identity is confirmed as unique.

However, the crucial step is to make documents such as passports and ID cards tamper proof and hard to forge. Technologies now entering the market appear to offer an ideal solution, but the government – which has placed great store on the promised land of biometrics – seems to be showing scant interest.

‘The development of ID cards is at an early stage,’ said a Home Office spokesman. ‘We have been looking at the issues surrounding their introduction, including aspects such as forgery, but the logistics of how the system will work have not yet been confirmed.’

A number of technologies have the potential to baffle the forgers, but those developing them claimed the hype around biometrics – which has assumed the appearance of an established technology even though a system has never been implemented on a mass scale – has clouded the debate.

Inks containing quantum dots could be used to print documents, including digital photos. Different kinds of dot emit light at unique wavelengths, and these can be combined to produce an ink with a unique spectroscopic fingerprint which can be measured using a UV lamp and a reading device. Any tampering would immediately be identifiable by scanners.

Developers include German firm Nanosolutions, a spin-out company from the University of Hamburg. Its inks can be applied using a normal inkjet printer and are suitable for creating documents such as visas and passports. These can be read using a handheld device incorporating two battery-driven lamps.

Manchester University spin-out NanoCo Technologies has developed a similar technology using quantum dots within a polymer bead. This is also compatible for use in the cartridge of a normal inkjet printer.

‘Making quantum dots is not easy, meaning there is a hi-tech barrier to forgery,’ said Dr David Glover, the company’s business development director. ‘A counterfeiter can chemically analyse organic dyes to determine what they are made from, but as the properties of quantum dots are determined by their size, you would have to derive information about how they are produced to make a copy. This is a very specific feature that would be hard to replicate.’

Other systems are at present impossible to forge. A team led by Dr. Russell Cowburn of the University of Durham’s physics department has developed a cheap, forgery-proof barcode security tagging system based on nanotechnology with an error rate of a ten-thousandth of a per cent. The micro-system, made from an alloy, can be attached to the surface of a document, and is compatible with smartcards. As well as a unique number, each tag has a unique magnetic pattern that cannot be copied, even by its manufacturers.

This is caused by naturally occurring variations at atomic level, where atoms may be missing or substituted by impurities, so the pattern of each tag is like a fingerprint. By measuring the magnetic properties of its nanostructure the tag can be verified as authentic. To make a forged copy a criminal would have to build an exact replica of the barcode from the atomic level, but there is no known way to reposition atoms to create an exact set of magnetic properties.

Once installed, the tag would verify that the document itself was authentic. A biometric, added later, would then add an extra layer of security. Though tags could easily be fitted to new and existing documents, raising interest from those who commission such schemes is hard. ‘Our technology would be ideal for use in a scheme such as passports or ID cards,’ said Cowburn. ‘However, it is a difficult market to access and convincing the government to adopt it is hard. Governments like to deal with established technologies and ours is relatively new.’

The Generics Group said it had encountered the same difficulties. The company’s low-cost Secure ID system enables the issuer of a passport or ID card to scan a photograph of the applicant and encode this and ID details with a digital signature using public key cryptography. The code creates a digital binding between the data and photograph. This signature code is then held in a barcode carried on the identity document. If the data or photograph is changed this would show during scanning. The signature could also be embedded in a smartcard, allowing biometric data to be added later.

‘The government looks to programmes based on fixed technologies,’ said Duffy. ‘It is hard to get your voice heard and say there may be better ways of doing things. With our system a person would apply to an embassy and have a barcode issued once his identity was verified. It would allow a country such as the US to concentrate its efforts on monitoring incoming traffic rather than trying to persuade its own citizens to agree to a biometric.’

With international delays, and issues of cost, reliability and the sheer scale of implementing an infrastructure hanging over a national biometric scheme, the goal of introducing the system in 2007 looks hopelessly optimistic.

Until then the cost of passport and identity fraud will continue to mount. Plans to introduce a national ID card will do little to help prevent this, unless its security is upgraded. Yet technology providers offering ideal solutions are being overlooked and the Home Office is giving little away about its plans to plug this gap. It seems that unless other possibilities are investigated and action is taken, the UK will continue to haemorrhage cash at a rate it can ill afford.

Sidebar:The road to a national id card is paved with pitfalls

The national ID card proposed by the Home Office is to include at least one form of biometric ID to improve security and help combat forgery, but doubts remain about the cost and effectiveness of the technology. The government announced last month that the scheme, which is to be phased in over a number of years, will include a biometric – a facial recognition, iris scan or fingerprint system.

For most people the card will take the form of a biometric passport. The UK Passport Office is to incorporate a chip with biometric information into passports in 2005, and expects to introduce a passport card incorporating the data in 2006.

The US has announced that all 27 countries with US visa waiver status, many of which are within the EU, must have a programme in place to issue biometric passports by October next year, or risk losing their status. The EU is also considering proposals from the European Commission that all member states issuing visas should include an electronically stored fingerprint by 2006.

But biometric systems are not as secure as their supporters would have us believe. Researchers in Japan last year developed gelatine ‘fingers’ that were able to fool biometric scanners into believing they were real digits 80 per cent of the time.

Oddities in human characteristics, such as the fact that one in 70,000 people does not have an iris, while other people have only part of one, could also hamper the technology. Biometric systems are also believed to become less accurate as the size of the database holding the information increases, again raising question marks over the technology’s suitability for use in a national ID card.

The National Physical Laboratory believes a combination of two biometric systems will have to be used to improve their effectiveness, but this will undoubtedly increase the system’s cost and complexity, and the necessary memory capacity of the machine-readable chips needed to store the information. Experts have estimated around 200 bytes will be needed to store one fingerprint, while a face would require around 3,500 bytes.

Such chips would also need to be sufficiently robust to cope with the battering they are likely to take while being used repeatedly over long periods – 10 years in the case of passports.

Selecting an encryption system to protect the biometric data stored on the national database from tampering is also likely to be complex.

As a result, the cost of introducing a national ID card with biometric technology has been estimated at more than £3bn – that’s before the expense of installing the machines to read the information held on them is even taken into account.

Sidebar:no substitute for good old intelligence work

Technology should not be used as a substitute for old-fashioned police intelligence work, according to a leading expert on surveillance techniques.

Professor Elia Zureik, a sociology researcher and expert in the use of technology, particularly biometrics, for surveillance purposes at Queen’s University in Canada, said technology should not be considered an answer to all of the UK’s security and immigration problems.

‘More emphasis should be placed on old-fashioned intelligence rather than thinking that technology will save us all. I was listening to a guy from the Home Office at a recent conference, and he was so sure identity cards will solve the UK’s problems, but I’m not sure it will.’

In response to the increasing problem of digital counterfeiting in the US, which has risen from around one to two per cent of forgeries in 1995 to around 40 per cent now, the Federal Bureau of Engraving and Printing recently introduced a new $20 note designed to be more difficult to fake.

The note features subtle green, peach and blue colours in the background, designed to add complexity and be harder to replicate. The existing colour-shifting ink already used on banknotes, which changes from copper to green when the note is tilted, has also been improved on the new note, with the colour shift more dramatic and easier to see.

The $20 bill was launched in a blitz of publicity in the US, with the note featuring on TV programmes Who Wants to be a Millionaire and Wheel of Fortune. But despite this fanfare, within a few weeks of its launch in October extremely crude forgeries including photocopied notes were already turning up in bars and restaurants and, even more worryingly, being accepted.

So even with sophisticated anti-counterfeiting measures, if the people behind the bars and shop counters, or even within airports, do not study the notes or documents properly, fakes will still get through.

‘The national ID card scheme hinges on biometric technology. It may be more difficult here (to fudge it) because the image will have already been converted into an algorithm,’ said Zureik. ‘But it would not be all that difficult to mess up (the system) if you used a stolen identity, such as changing the name or features.’

So whatever technology is used in ID cards and passports in the future identifying criminals and potential terrorists is likely to remain a matter of intelligence and pure legwork on the part of police and customs officers for some time to come.