We’ve written before about states developing applications for paperless driver’s licenses . Now Australia is taking it one step further: Paperless passports.
The country is already fairly advanced in passport technology. Australia supports ePassports , meaning it can read chips on passports and automatically takes photographs of everyone entering and leaving the country. “An ePassport contains a chip storing information about the passport holder such as their photo, name, sex and passport number,” writes Ariel Bogle in Mashable. “Combined with Australia’s SmartGate technology in many local airports, it allows people to enter the county without speaking to a customs officer after a machine compares a live image of the traveller with the one stored on the passport.” The country is also developing a facial biometrics database that will enable agencies to share the 100 million facial photographs they already have.
But Australia is now considering a cloud-based passport , if it can get security concerns worked out. At the moment, it is more of a conceptual idea . “It remains to be seen how it would even work once you arrive,” writes investment blog ValueWalk. “Do you give a secret handshake? PIN code? Or do you get to bypass the immigration line altogether?”
The idea came up at a hackathon held at the Australian Department of Foreign Affairs. “Under a cloud passport, a traveller’s identity and biometrics data would be stored in a cloud, so passengers would no longer need to carry their passports and risk having them lost or stolen,” writes Latika Bourke for the Sydney Morning Herald. Currently, 38,718 passports were registered as lost or stolen in 2014-15, along the lines of the 38,689 reported missing the previous year, she writes. The goal of the project is to make it easier to do business in Australia and create more jobs, according to Foreign Minister Julie Bishop, who proposed the program . (Or “ spruiked ” it, if you want to use the Aussie term.)
At this point, Australia and its neighbor New Zealand (which said it was actually the one that came up with the idea ) are considering a trial, Bogle writes. “’We think it will go global,’ she’s reported as saying,” observes Stilgherrian, a mononamed Australian correspondent for ZDNet. “When you think about it, that isn’t such a bad thing for a passport system.”
That is, of course, if potential security issues could be settled. People have already expressed concern about security aspects of the facial biometrics database and a metadata database of Internet users , which started this fall.
“The idea of a cloud passport would of course be grounded in absolute security,” Bishop told the press. Exactly how this “absolute security” would be attained, she didn’t say. Australia also hasn’t talked about the idea with any countries other than New Zealand , reports ITNews Australia.
“The Government must also consider the privacy implications if Internet providers are to be compelled to collect data on Australians,” writes Steve Dalby, chief regulatory officer for Internet provider IINet. “The vast amount of data stored would prove to be an appealing target for hackers all around the world—creating a risk of information and identity theft in the event that storage of the data is breached.” It could also be abused by law enforcement and considered a privacy violation, writes Bogle.
“They might as well paint a bulls-eye on the server farm and hang a sign on it that says ‘Please Hack Me,’” writes ValueWalk. “In the black market, that kind of data is worth billions. And governments don’t exactly have a sterling track record of tip-top network security.” A recent report from the Australian Government’s Cyber Security Centre said government cybersecurity incidents are up over 300 percent from 2011 to 2014, the organization writes, such as one incident that released the information about 10,000 refugees .
Managing the database itself would also be a security issue, Intelligent Business Research Services infosec analyst James Turner tells ITNews Australia. “The big questions around this database of identities will need to focus on data governance,” he was quoted as saying. “Who will be allowed to make changes, how are updates to records authorized, and all the way through, a comprehensive and reliable audit trail will need to be maintained, and protected to the same level as the cloud database.”
Ironically, the system could also make work more difficult for law enforcement, because they would find it more difficult to create aliases themselves, according to Turner. “Naturally, this cloud repository of identities will be of great interest to nation states keen on creating false identities for their spies,” he tells ITNews. “[The repository] would let a nation state validate if someone was actually who they claimed to be. This could make operations tricky for Australian spooks or undercover officers who want to work under an alias.”
Eventually, though, the whole notion of “Papers, please!”—passports have been around for more than a hundred years—could become a thing of the past.