An overview of a travel document security program developed specifically by the OSCE to combat terrorism and related threats to transnational movement
by Christopher Hornek & Paul Picard, Organization for Security and Co-operation in Europe (OSCE)
Industries A comprehensive program on Travel Document Security (TDS) has been developed by the Action against Terrorism Unit of the Organization for Security and Co-operation in Europe (OSCE) Transnational Threats Department. The program was initiated by OSCE participating States to prevent terrorist movement through the development of law enforcement tools that would address in a comprehensive manner concerns related to terrorism, policing and border management, and fight other transnational threats such as illegal migration and illicit trafficking in all its forms.
The TDS programme comprises several interrelated components that promote the security of identities, documents and borders. To help secure identities, the OSCE seeks to improve the documents, civil and population registration systems and other methods and processes used to verify and/or validate a citizen’s identity during the travel document application process. Ensuring respect for human rights and the rule of law is an indispensable element in our work on securing identities.
Biometric identifiers
To promote document security and commensurate border inspection, the OSCE supports the introduction by its participating States of electronic Machine Readable Travel Documents (eMRTDs) with biometric identifiers and their participation in the International Civil Aviation Organization Public Key Directory (ICAO PKD), a vital tool for border control as it allows effective validation of the authenticity of electronic security features and biometric data stored in electronic travel documents.
To strengthen border security the OSCE facilitates access by its participating States to passport control databases, including the INTERPOL database for Stolen/Lost Travel Documents (SLTD), thereby enhancing border management systems in order to better capture, verify, share and analyse information on cross-border movements.
While new technologies are being increasingly used in travel and identity documents, in many OSCE participating States the capacities at the border for machine-assisted inspection still lag behind. The OSCE helps the countries to address this through technical assistance projects that modernize equipment, as well as by training border officers on identifying forged documents with the use of basic forensic tools.
OSCE
With 57 participating States from Europe, Central Asia and North America, the Organization for Security and Co-operation in Europe (OSCE) is the largest regional security organization in the world.
The OSCE is a primary instrument for early warning, conflict prevention, crisis management and post-conflict rehabilitation. It has 16 missions or field operations in South-Eastern Europe, Eastern Europe, South Caucasus and Central Asia.
The Organization deals with three dimensions of security: the politico-military; the economic and environmental, and the human dimension. It addresses a wide range of security-related concerns, including arms control, confidence- and security-building measures, human rights, national minorities, democratization, policing, and counter-terrorism. All 57 participating States of the OSCE enjoy equal status and decisions are taken by consensus on a politically, but not legally binding basis.
With a view to the future of travel documents, the OSCE has two clear strategic goals: strengthening identity management and bringing border control up to the speed of biometrically enabled travel documents.
Identity management
With the introduction of eMRTDs, the physical security of travel documents has noticeably increased. Moreover, through the proper use of Public Key Infrastructure the electronic biographic and biometric data contained on electronically enabled travel documents can be validated with essentially 100% assurance of authenticity. Due to this ‘lockdown’ on the document, individuals or groups who want to use travel documents for terrorist activities or other illegal purposes apply for legitimate documents under false identities and pretenses. The acquisition of false identities, through either deceit or corruption, is an underlying threat to all travel document issuing systems.
Another important negative factor in this area that the OSCE has witnessed is the de novo introduction of electronic passports without integration with or use of identity management data from existing passport issuing databases. This widely spread disconnect between passport systems exposes a newly introduced ePassport to vulnerabilities that can weaken identity management and border security.
Therefore, when implementing an ePassport program, a government should consider wider strategic concerns and take due account of the needs and requirements of all the various agencies and ministries involved in issuing and inspecting travel documents.
Almost every day we need to verify our identity for purposes other than travel. Claiming and establishing one’s identity has become a ubiquitous task and one which will only grow, especially in cyberspace. To accommodate wider implications of the development of identity management systems and identity/travel documents, we work closely with the OSCE Office for Democratic Institutions and Human Rights (ODIHR) to promote a comprehensive approach to identity management, an approach that would incorporate human rights aspects into anti-terrorism work. ODIHR has sound experience in this area as it has been managing a program promoting freedom of movement and migration in the OSCE area.
Border control
Comprehensive border control promotes border security and facilitates cross-border movement, the two principles underlying the travel documents inspection process.
Centralizing information about passport bearers and travel documents is an excellent means of modernizing a country’s travel document inspection processes, as it permits accessing this information and carrying out an inspection via one machine-assisted transaction. The border control officer is able to ensure the authenticity of the passport, conduct law enforcement and database checks and critically, verify identity by matching the document to the bearer. The machine-assisted check ensures consistency and standardization of the data being checked and recorded and makes control procedures faster and more comprehensive. In fact, border control in the 21st century will revolve around the inspection of the traveller and the accompanying eMRTD.
Currently, however, passport control procedures in many countries of the OSCE region are lagging behind the capabilities offered by electronic travel documents, and border services still require much modernization to catch up with the new technologies being deployed by ePassports. This situation is complicated by the fact that eMRTD technology itself is a moving target with continuous introduction of new technologies such as Supplemental Access Control (SAC) and Logical Data Structure (LDS) 2.0, to name just two. Not only does this impact some issuing agencies, who are misled as to what is a minimum requirement and what an optional security benefit is, but it also creates clear interoperability issues at the border.
ICAO Public Key Directory
The 2009 OSCE Ministerial Council Decision No. 11 takes note of the ICAO’s work to develop the ICAO Public Key Directory (PKD), a globally interoperable validation system for eMRTDs that significantly improves border security measures and thereby contributes to counter terrorism and to the prevention of illegal cross-border activities.
The decision also notes that it is an ICAO-recommended practice that States issuing or intending to issue ePassports and/or implementing automated checks on ePassports at border controls should participate in the PKD. It also calls on the participating States to consider becoming participants in the ICAO PKD, subject to administrative and financial resources, and thereby to contribute to enabling border control and other relevant national authorities to validate digital signatures of eMRTDs.
In early 2009, when the OSCE began its initiative to promote the ICAO PKD, only six OSCE participating States had signed up to the Directory. Since then this number has jumped to 20, and four OSCE Partners for Co-operation have also joined. Nonetheless, only 33 countries out of more than 100 states issuing ePassports are currently participants of the PKD.
The OSCE tries to bridge this gap by organizing workshops to promote understanding of the benefits of participation in and of the administrative, financial and technical aspects of the PKD. In addition to the May 2010 OSCE wide workshop co-organized with ICAO and attended by 200 participants, such capacity-building events have been held in Uzbekistan, Moldova, Kyrgyzstan and Albania.
In addition to promoting participation in the ICAO PKD, the OSCE is also encouraging the use of the PKD to validate eMRTDs at the border as a precondition for an integrated travel document control. After the travel document has been established as genuine through PKD, further checks can be conducted using a number of tools. They include, but are not limited to, INTERPOL databases, exit/entry records, travel history, visa databases, traveller screening through Passenger Name Records (PNR) and Advance Passenger Information (API) and biometric verification to ensure that the document, the identity and the traveller all match.
Security program
Since 2003, the OSCE has organized more than 55 workshops, seminars, training courses and study visits in the area covered by the Travel Document Security program. The geographic focus was on Central Asia, and a strong partnership was established with the region. More than half of the projects were completed there, with more than 800 out of a total number of 1,600 participants coming from Central Asia.
A flagship example is Uzbekistan, which hosted three events and sent more representatives to OSCE travel document security events than any other participating State of the OSCE. In 2010 the OSCE together with ICAO developed a set of recommendations to accompany the roll-out of Uzbekistan’s electronic passport system. Based on the OSCE/ICAO report, we delivered legal, technical and policy advice for the introduction of Uzbekistan’s ePassport, donated 32 passport enrolment stations for the Uzbekistan Interior Ministry and held a seminar on ICAO PKD issues.
From 2007 to 2010 the OSCE managed a project in Moldova that provided the country’s Border Service with the hardware and web-services to access INTERPOL databases in real-time. Initially, access was rolled out to 16 border control points – on the borders to Romania and Ukraine and at the Chisinau and Iasi international airports – and 11 police stations. Subsequently the Moldovan authorities took ownership of the project and extended INTERPOL database access to 23 border control points. At the conclusion of the project, INTERPOL experts trained Moldovan border, customs and police officials in using the equipment to access the databases. To enhance integrated passport control, the OSCE donated more than 50 electronically enabled passport scanners to the Moldovan Border Service to be able to use the ICAO PKD in practice through verifying digital signatures of electronic passports.
The Moldova project has proved very effective, with statistics indicating that the number of queries from the Moldovan border is very high, both in absolute and proportional terms. Equally impressive is that Moldovan authorities have shared more than 460,000 domestic records with INTERPOL’s Stolen/Lost Travel Document (SLTD) database and more than 1,000 records with the Stolen Motor Vehicle (SMV) database. This enables border control officers throughout the world to flag Moldovan documents or vehicles due to criminal use.
Building on the momentum developed in Moldova and on the lessons learned from this country, the OSCE and INTERPOL designed similar projects for Kyrgyzstan and Tajikistan to connect border control points in each country to INTERPOL’s databases. The project objectives in these two Central Asian countries, which share a long and complex border, also included the development of domestic databases and enhancing inter-agency co-operation between relevant agencies.
Forged documents
Many OSCE participating States still lack proper equipment at the border to effectively inspect the growing volume of electronic passports in circulation. Thus passport control officials in many places in the OSCE region still have to resort to hand-held physical detection methods. The OSCE repeatedly received feedback from its participating States that their border control officers who do not have recourse to machine-assisted optical verification of document security features are unable to keep track of newly-designed document security elements, as well as of new forgery methods.
To help address the issue, the OSCE implemented a training programme entitled Increasing Operational Awareness to Detect Forged Documents, developed by the Austrian Federal Interior Ministry. Training on forged documents identification as part of the OSCE Travel Document Security program was identified by the OSCE office in Skopje and is jointly implemented by the OSCE Transnational Threats Department’s Action against Terrorism and Borders Units. Officials from passport, customs, drug control and forensic authorities take part in the course.