UK biometric passports project set back by simple cloning possibilities

By EDRi · November 22, 2006

(Dieser Artikel ist auch in deutscher Sprache verfügbar)

UK Government faces now a big problem related to the introduction of the new
biometric passports as recently it has been proven these passports can be
easily and very cheaply copied by means of a microchip reader that can be
legally bought on the Internet.

As a big embarrassment to the Home Office, a project having led to the
increase of the travel documents by 60 per cent since March 2006, and that
brought about 90 million euro costs for the passport production lines, may
be entirely dropped as the new passports are more a risk for their owners
rather than an improvement to the old documents.

“Three million people now have passports that expose them to a greater risk
of identity fraud than before.” said Nick Clegg, the Liberal Democrat home
affairs spokesman.

UK government decided to introduce the micro-chipped biometric passports in
order to make theft more difficult, but an investigation led by the Guardian
has shown the respective passports can be easily read and copied. The data
obtained from three passports were transferred to a PC after gaining access
to the chips by means of a simple microchip reader, purchased from the
Internet for less than 150 euro, and then cloned with photograph included.

Computer expert Adam Laurie, who needed only 48 hours to write a software
capable to copy the information from the passports said: “The Home Office is
using strong cryptography to prevent conversations between the passport and
the reader being eavesdropped, but they are breaking one of the fundamental
principles of encryption by using non-secret information published in the
passport to create a ‘secret key’. That is the equivalent of installing a
solid steel front door to your house and putting the key under the mat.”

The Home Office commented on that considering the fact as not important:
“The information itself cannot be altered; the photo would still be the same
so the copy would be of no use to an impersonator trying to use it
fraudulently. Other than the photograph, which could be obtained easily by
other means, they would gain no information that they did not already have –
so the whole exercise would be utterly pointless.” stated a spokesman.

As Phil Booth of NO2ID said: “The government is clearly derelict in its duty
to protect the privacy and security of British citizens”.

Recall demand after cloning of new biometric passports (17.11.2006),,1950199,00.html

New biometric passports can be cloned using £100 equipment sold over
internet (17.11.2006)

Now, clone UK’s new biometric passports with a 100 pound download from the
Net! (18.11.2006)