1

Taller Subregional sobre Mejores Prácticas en Seguridad deDocumentos de Viaje y Manejo de Identidad

Centro Internacional de Instrucción de Aeropuertos y Servicios AuxiliaresMéxico D.F., México, 12-14 de diciembre de 2011

Taller Subregional sobre Mejores Prácticas en Seguridad deDocumentos de Viaje y Manejo de Identidad

Centro Internacional de Instrucción de Aeropuertos y Servicios AuxiliaresMéxico D.F., México, 12-14 de diciembre de 2011

Erik SlavenasErik SlavenasMRTD Programme OfficerMRTD Programme Officer

Erik SlavenasErik SlavenasMRTD Programme OfficerMRTD Programme Officer

Evidence of Identity: the concept and ongoing work

Defining the termsDefining the terms

Evidence of Identity (EoI)Evidence of Identity (EoI)

Vs.Vs.

““breeder documents”breeder documents”

Evidence of Identity (EoI)Evidence of Identity (EoI)

Vs.Vs.

““breeder documents”breeder documents”

2

Why bother?Why bother?

Relative decrease of MRTD fraud – by Relative decrease of MRTD fraud – by

smart criminalssmart criminals

Focus on other weaker segments of Focus on other weaker segments of

the MRTD lifecycle – issuancethe MRTD lifecycle – issuance

Remedy: a robust issuance process Remedy: a robust issuance process

that fully uses EoI scrutiny and its that fully uses EoI scrutiny and its

strengths strengths

Relative decrease of MRTD fraud – by Relative decrease of MRTD fraud – by

smart criminalssmart criminals

Focus on other weaker segments of Focus on other weaker segments of

the MRTD lifecycle – issuancethe MRTD lifecycle – issuance

Remedy: a robust issuance process Remedy: a robust issuance process

that fully uses EoI scrutiny and its that fully uses EoI scrutiny and its

strengths strengths

3

An increasingly prevalent global An increasingly prevalent global

shift fromshift from document fraud document fraud toto

identity fraudidentity fraud

See Malcolm Cuthbertson’s The See Malcolm Cuthbertson’s The

Changing Dynamics of Travel Changing Dynamics of Travel

Document Fraud at Document Fraud at

http://legacy.icao.int/MRTDsymposhttp://legacy.icao.int/MRTDsympos

ium/2010/Docs/Cuthbertson.pdfium/2010/Docs/Cuthbertson.pdf

An increasingly prevalent global An increasingly prevalent global

shift fromshift from document fraud document fraud toto

identity fraudidentity fraud

See Malcolm Cuthbertson’s The See Malcolm Cuthbertson’s The

Changing Dynamics of Travel Changing Dynamics of Travel

Document Fraud at Document Fraud at

http://legacy.icao.int/MRTDsymposhttp://legacy.icao.int/MRTDsympos

ium/2010/Docs/Cuthbertson.pdfium/2010/Docs/Cuthbertson.pdf

4

International treatyInternational treaty

Globally interoperableGlobally interoperable

Well organized multilaterallyWell organized multilaterally

Existing systems and guidanceExisting systems and guidance

Security featuresSecurity features

Founded on premise of Founded on premise of

machine readabilitymachine readability

International treatyInternational treaty

Globally interoperableGlobally interoperable

Well organized multilaterallyWell organized multilaterally

Existing systems and guidanceExisting systems and guidance

Security featuresSecurity features

Founded on premise of Founded on premise of

machine readabilitymachine readability

No international foundationsNo international foundationsEndless numberEndless numberNo systems, no guidance, no No systems, no guidance, no generalized handbooks and generalized handbooks and above all, no interoperabilityabove all, no interoperabilityNo systems of security or other No systems of security or other guardian featuresguardian featuresNo international standards or No international standards or specificationsspecifications

No international foundationsNo international foundationsEndless numberEndless numberNo systems, no guidance, no No systems, no guidance, no generalized handbooks and generalized handbooks and above all, no interoperabilityabove all, no interoperabilityNo systems of security or other No systems of security or other guardian featuresguardian featuresNo international standards or No international standards or specificationsspecifications

MRTDs “Breeder Documents”MRTDs “Breeder Documents”

Identity DocumentsIdentity DocumentsIdentity DocumentsIdentity Documents

Intelligent criminal’s guide to identity fraud

Intelligent criminal’s guide to identity fraud

Don’t Do

Use fraudulently altered MRTDs

•Obtain breeder documents in another identity or - as the last resort - •Use fraudulent breeder documents•Exploit weaknesses in the passport issuance process•Become an impostor (preferably with a virgin stolen passport )

6

EoI: the 3-level approachEoI: the 3-level approach

Claim to an identity is tested by the PO checking:Claim to an identity is tested by the PO checking:

1.1. what the applicant “has” to support the what the applicant “has” to support the

claimed identity (“breeder docs”);claimed identity (“breeder docs”);

2.2. what the applicant “knows” about the identity what the applicant “knows” about the identity

that is claimed (social footprint);that is claimed (social footprint);

3.3. who the applicant “is” (biometrics).who the applicant “is” (biometrics).

Claim to an identity is tested by the PO checking:Claim to an identity is tested by the PO checking:

1.1. what the applicant “has” to support the what the applicant “has” to support the

claimed identity (“breeder docs”);claimed identity (“breeder docs”);

2.2. what the applicant “knows” about the identity what the applicant “knows” about the identity

that is claimed (social footprint);that is claimed (social footprint);

3.3. who the applicant “is” (biometrics).who the applicant “is” (biometrics).

7

EoI – Components of an Operational Model

EoI – Components of an Operational Model

The three components for establishing identity involve: 1. Evidence that the claimed identity is valid, i.e. that the

person was in fact born and, if so, that the owner of that identity is still alive. (Also read The Day of the Jackal by F. The Day of the Jackal by F. ForsythForsyth)

2. Evidence that the presenter links to the claimed identity – i.e. that the person claiming the identity is who they say they are and that they are the only claimant of the identity.

3. Evidence that the presenter uses the claimed identity – i.e. that the claimant is operating under this identity within the community.This is the model for the Evidence of Identity.

The three components for establishing identity involve: 1. Evidence that the claimed identity is valid, i.e. that the

person was in fact born and, if so, that the owner of that identity is still alive. (Also read The Day of the Jackal by F. The Day of the Jackal by F. ForsythForsyth)

2. Evidence that the presenter links to the claimed identity – i.e. that the person claiming the identity is who they say they are and that they are the only claimant of the identity.

3. Evidence that the presenter uses the claimed identity – i.e. that the claimant is operating under this identity within the community.This is the model for the Evidence of Identity.

8

Ingredients of EoIIngredients of EoI

9

1. “Breeder documents”1. “Breeder documents”Birth CertificateBirth Certificate

Certificate of citizenship/naturalisationCertificate of citizenship/naturalisation

Existing passport or other travel docExisting passport or other travel doc

National ID card / voter’s card (cedula)National ID card / voter’s card (cedula)

Features: gov’t issued, preferably has a photo, Features: gov’t issued, preferably has a photo,

has security featureshas security features

Difficulty: lack of uniformity, low security Difficulty: lack of uniformity, low security

features, lack of uniformityfeatures, lack of uniformity

Birth CertificateBirth Certificate

Certificate of citizenship/naturalisationCertificate of citizenship/naturalisation

Existing passport or other travel docExisting passport or other travel doc

National ID card / voter’s card (cedula)National ID card / voter’s card (cedula)

Features: gov’t issued, preferably has a photo, Features: gov’t issued, preferably has a photo,

has security featureshas security features

Difficulty: lack of uniformity, low security Difficulty: lack of uniformity, low security

features, lack of uniformityfeatures, lack of uniformity

10

2. Document databases and reference to official records2. Document databases and reference to official recordsCivil registry (births/marriages/deaths)Civil registry (births/marriages/deaths)

Voters registryVoters registry

Citizenship/immigration recordsCitizenship/immigration records

Professional licencesProfessional licences

Motor vehicle recordsMotor vehicle records

Court recordsCourt records

Property ownership recordsProperty ownership records

Automated or accessible via a secure real-time connectionAutomated or accessible via a secure real-time connection

Also – checking the identity against watch listsAlso – checking the identity against watch lists

- checking PO database/archives for similar names, DOB, name spelling - checking PO database/archives for similar names, DOB, name spelling

variationsvariations

Civil registry (births/marriages/deaths)Civil registry (births/marriages/deaths)

Voters registryVoters registry

Citizenship/immigration recordsCitizenship/immigration records

Professional licencesProfessional licences

Motor vehicle recordsMotor vehicle records

Court recordsCourt records

Property ownership recordsProperty ownership records

Automated or accessible via a secure real-time connectionAutomated or accessible via a secure real-time connection

Also – checking the identity against watch listsAlso – checking the identity against watch lists

- checking PO database/archives for similar names, DOB, name spelling - checking PO database/archives for similar names, DOB, name spelling

variationsvariations

11

3. “Social footprint”3. “Social footprint”Interaction between the applicant and the society – Interaction between the applicant and the society –

documented or “known”documented or “known”

Supporting docs:Supporting docs:

Medical recordsMedical records

Marriage certificateMarriage certificate

Bank and taxation documentsBank and taxation documents

Employment recordEmployment record

Driver’s licence and car registrationDriver’s licence and car registration

Educational recordsEducational records

House/electricity, gas meter, police records, etcHouse/electricity, gas meter, police records, etc

Dealing with exceptional casesDealing with exceptional cases

Interaction between the applicant and the society – Interaction between the applicant and the society –

documented or “known”documented or “known”

Supporting docs:Supporting docs:

Medical recordsMedical records

Marriage certificateMarriage certificate

Bank and taxation documentsBank and taxation documents

Employment recordEmployment record

Driver’s licence and car registrationDriver’s licence and car registration

Educational recordsEducational records

House/electricity, gas meter, police records, etcHouse/electricity, gas meter, police records, etc

Dealing with exceptional casesDealing with exceptional cases 12

4. Interview4. Interview

Regular or by requestRegular or by request

Applicant obliged to tell the truth by lawApplicant obliged to tell the truth by law

Non-verbal aspects: confidence, behaviour, nervousnessNon-verbal aspects: confidence, behaviour, nervousness

Photos submitted can be verifiedPhotos submitted can be verified

The replies must match the application storyThe replies must match the application story

Can be used to extract additional info, clarify questions or Can be used to extract additional info, clarify questions or

discrepancies, support social footprint, confirm or give hints discrepancies, support social footprint, confirm or give hints

about misrepresentation, capture biometric data, etc.about misrepresentation, capture biometric data, etc.

Regular or by requestRegular or by request

Applicant obliged to tell the truth by lawApplicant obliged to tell the truth by law

Non-verbal aspects: confidence, behaviour, nervousnessNon-verbal aspects: confidence, behaviour, nervousness

Photos submitted can be verifiedPhotos submitted can be verified

The replies must match the application storyThe replies must match the application story

Can be used to extract additional info, clarify questions or Can be used to extract additional info, clarify questions or

discrepancies, support social footprint, confirm or give hints discrepancies, support social footprint, confirm or give hints

about misrepresentation, capture biometric data, etc.about misrepresentation, capture biometric data, etc.

13

5. Use of Guarantor5. Use of Guarantor

Certifies the claimant’s identity – or likelihood - Certifies the claimant’s identity – or likelihood -

under oathunder oath

A member of a regulated profession (doctor, A member of a regulated profession (doctor,

lawyer, policeman, etc) – or passport holderslawyer, policeman, etc) – or passport holders

Must be verifiable through recordsMust be verifiable through records

Legal aspects: delivered under oath, Legal aspects: delivered under oath,

misrepresentation a serious offence, cannot be misrepresentation a serious offence, cannot be

paid or relativespaid or relatives

Must have known the applicant for a long timeMust have known the applicant for a long time

Links with social footprintLinks with social footprint

Certifies the claimant’s identity – or likelihood - Certifies the claimant’s identity – or likelihood -

under oathunder oath

A member of a regulated profession (doctor, A member of a regulated profession (doctor,

lawyer, policeman, etc) – or passport holderslawyer, policeman, etc) – or passport holders

Must be verifiable through recordsMust be verifiable through records

Legal aspects: delivered under oath, Legal aspects: delivered under oath,

misrepresentation a serious offence, cannot be misrepresentation a serious offence, cannot be

paid or relativespaid or relatives

Must have known the applicant for a long timeMust have known the applicant for a long time

Links with social footprintLinks with social footprint 14

6. References6. References

At least two recommendedAt least two recommended

Independent and unrelated to Independent and unrelated to

applicantapplicant

Can be contacted by the PO to Can be contacted by the PO to

confirm identity scrutinyconfirm identity scrutiny

At least two recommendedAt least two recommended

Independent and unrelated to Independent and unrelated to

applicantapplicant

Can be contacted by the PO to Can be contacted by the PO to

confirm identity scrutinyconfirm identity scrutiny

15

7. Use of biometrics7. Use of biometrics

Anchoring an identity to biometrics – a Anchoring an identity to biometrics – a

v. strong safeguardv. strong safeguard

The first time – capturing – not v. The first time – capturing – not v.

useful for confirming identityuseful for confirming identity

The process must be robust and The process must be robust and

safeguards must existsafeguards must exist

Facial recognition: 1:N checksFacial recognition: 1:N checks

Anchoring an identity to biometrics – a Anchoring an identity to biometrics – a

v. strong safeguardv. strong safeguard

The first time – capturing – not v. The first time – capturing – not v.

useful for confirming identityuseful for confirming identity

The process must be robust and The process must be robust and

safeguards must existsafeguards must exist

Facial recognition: 1:N checksFacial recognition: 1:N checks16

ICAO Work on Guidance Material

ICAO Work on Guidance Material

ICAO NTWG Working Paper “Towards ICAO NTWG Working Paper “Towards better Practice in National Identity better Practice in National Identity Management” on EoI presented to the Management” on EoI presented to the TAG/MRTD 20 and approved for final TAG/MRTD 20 and approved for final developmentdevelopmentEarly working version at Early working version at http://legacy.icao.int/icao/en/atb/meetings/2011/TagMrtd-20/Docs/TagMrtd-20_WP005_en.pdfFinished version to provide Guidance Finished version to provide Guidance Material and reference on EoI to SatesMaterial and reference on EoI to Sates

ICAO NTWG Working Paper “Towards ICAO NTWG Working Paper “Towards better Practice in National Identity better Practice in National Identity Management” on EoI presented to the Management” on EoI presented to the TAG/MRTD 20 and approved for final TAG/MRTD 20 and approved for final developmentdevelopmentEarly working version at Early working version at http://legacy.icao.int/icao/en/atb/meetings/2011/TagMrtd-20/Docs/TagMrtd-20_WP005_en.pdfFinished version to provide Guidance Finished version to provide Guidance Material and reference on EoI to SatesMaterial and reference on EoI to Sates

17

SummarySummary

Shift to fraudulent breeder docs and exploiting Shift to fraudulent breeder docs and exploiting

weaknesses in the issuance processweaknesses in the issuance process

Hence the need for robust EoIHence the need for robust EoI

EoI is more than “breeder documents”EoI is more than “breeder documents”

EoI – no strict science but a toolbox of techniques EoI – no strict science but a toolbox of techniques

and approaches to establish the claimed identity and approaches to establish the claimed identity

beyond reasonable doubtbeyond reasonable doubt

Further reference – NZ presentation on EoI at Further reference – NZ presentation on EoI at

http://legacy.icao.int/MRTDsymposium/2010/Docs/Ofhttp://legacy.icao.int/MRTDsymposium/2010/Docs/Of

fenberger.pdf fenberger.pdf

ICAO ongoing work on EoI – stay tunedICAO ongoing work on EoI – stay tuned

Shift to fraudulent breeder docs and exploiting Shift to fraudulent breeder docs and exploiting

weaknesses in the issuance processweaknesses in the issuance process

Hence the need for robust EoIHence the need for robust EoI

EoI is more than “breeder documents”EoI is more than “breeder documents”

EoI – no strict science but a toolbox of techniques EoI – no strict science but a toolbox of techniques

and approaches to establish the claimed identity and approaches to establish the claimed identity

beyond reasonable doubtbeyond reasonable doubt

Further reference – NZ presentation on EoI at Further reference – NZ presentation on EoI at

http://legacy.icao.int/MRTDsymposium/2010/Docs/Ofhttp://legacy.icao.int/MRTDsymposium/2010/Docs/Of

fenberger.pdf fenberger.pdf

ICAO ongoing work on EoI – stay tunedICAO ongoing work on EoI – stay tuned18

19

THANK YOU!

Questions? Comments? Feedback?

THANK YOU!

Questions? Comments? Feedback?

http://www.icao.int/Security/mrtd/Pages/default.aspx

eslavenas@icao.int