• articles
• News
• speeches
• Stephenson Strategies
• top blog posts
• W. David Stephenson bio

Appeared originally in Mass High Tech, Sept. 28, 2001. Reproduced with permission

by W. David Stephenson

As we search for a combination of measures to reduce the likelihood of future terrorist attacks, one part of the solution may be a “smart” passport that would instantly cross-check the traveler’s passport with data bases of known terrorists.

Smart cards — credit-card sized cards with embedded integrated circuit chips — are far more common in other parts of the world than in the US. However, the World Trade Center disaster may speed their adoption in the US.

In a 1997 research paper, Charles Siu-cheung Chan of the Queensland University of Technology in Australia, outlined a hybrid smart passport solution. It would combine tamper-proof passport and visa information in the card combined with a biometric verification system (he suggested that the geography of the person’s hand, a 3-D recording of fingers’ length and placement, skin translucency and hand thickness might be the best biometric record. Records of the person’s retina, or DNA might also be used).

According to Chan, when entering the customs area, travelers would insert their cards in a reader and their hands in a biometric scanner. If the data matched, the personal information would be transmitted to a central server computer, where it might be cross-checked to determine if the traveler was wanted for a criminal violation. If it did not match, an alarm would sound.

Malaysia is already using the smart-card part of such a package, using a system developed by that country’s IRIS Technologies, a leader in smart card technology. Since August of last year, travelers at Kuala Lumpur International Airport using smart-card passports from the country can clear customs in as little as 10 seconds by placing their cards against a sensor. If the passport is recorded as lost or stolen or if the traveler is wanted for criminal activities, a monitor asks the traveler to proceed to a customs agent. To avoid fraud, an immigration officer compares the photo stored on the card and displayed on the monitor with the actual traveler’s face.

The Malaysian government is considering adopting Chan’s concept of a biometric double-check provision by adding a fingerprint reader, since travelers’ fingerprints are already stored on the digital passports. To increase the cards’ utility, a traveler’s medical records could also be stored on the digital passport.

There are several obstacles to smart passports, both technically and legally. From a practical standpoint, there would have to be a global agreement on technology and data to avoid a bewildering variety of readers at every international airport and travelers having to carry a pocketful of different cards.

That would have been inconceivable before September, but so much has changed: perhaps the nearly global coalition to confront terrorism that has emerged since that tragedy might make such an integrated system a priority, under the UN’s aegis. While not a major concern in some countries where citizens already are required to carry some form of national identity card at all times, in countries such as the US there would be serious concern about the digital passport if it might be construed as a precursor to a national identity card that would infringe on privacy rights.

IRIS has developed just such a “Government Multi-Purpose Card,” being used by people in part of Malaysia. The smart cards combine a national identity card, driving license, immigration and passport details, medical records, and a digital cash system for small purchases. The company worked with a broad range of governmental agencies and the national bank to develop the system.

Despite privacy concerns, there actually is the beginning of a smart-card system in the US. Several western states are collaborating on an experimental ” Health Passport Project,” in which low-income mothers and their children have smart cards. The cards give doctors and hospitals instant access to the patients’ health records as well as determining their eligibility for benefits. Privacy and security are critical aspects of the project. The second phase of the project will include Web-based information.

When I asked Charles Chan whether he thought his proposed system could have prevented the WTC disaster, he was understandably non-committal. Chan did say he thought that, “with the 2-factor authentication provided by the smart card, at least we can be sure if someone claiming to be the owner of the card really is, and we can sure of the country who issues the visa. If the system in the airport links with some CIA database containing lists of terrorists, they can be acknowledged more easily and effectively.”

Sadly, the current paper-based system, which makes it impossible to link passports with criminal data bases, and which allowed passports to be easily attained using aliases, was at least partially to blame for the recent disaster. It allowed the terrorists, even ones with prior records, to enter and stay in the US, in some cases for several years. If solutions to privacy concerns can be engineered into the system, digital passports may become a global reality much sooner than anyone might have expected because of the instantaneous links to terrorist data bases that they would offer. Yet, they still won’t let us sleep easily again: if bin Lauden has a $300 million fortune, what’s to keep him from acquiring such a system and creating his own cards?