ID security fears after researcher highlights passport flaws

The manner in which ID cards and passports are produced has been put into jeopardy after security flaws were identified by a Dutch researcher.

The news comes despite assurances to PrintWeek last week that to get access to the information encrypted on epassports, hackers would require getting past some of the most sophisticated encryption technology in the world.

Nevertheless, Jereon van Beek, a security researcher at the University of Amsterdam working with The Times newspaper, managed to clone the chips of two British passports in minutes.

He then implanted images of Osama bin Laden and a suicide bomber into the chips, which were passed as genuine by a UN agency passport reader.

However, the Home Office stressed that no one has yet been able to modify the data within the chip. It says counterfeiters would have to replace the unit in the e-passport, which is protected by physical security measures in the document.

A spokesman said: "We take security and privacy very seriously, which is why the British biometric passport meets international standards as set out by International Civil Aviation Organisation (ICAO) and we remain confident that it is one of the most secure passports available."

The revelations have sparked a backlash from critics of the scheme. Dominic Grieve, shadow home secretary, expressed concern that the document could be cloned so easily.

He added: "What is worse, the same technology will underpin the government's identity card scheme, which risks making us less safe."

Phil Booth, national coordinator of No2ID, said: "By putting your private information on a chip on a passport or ID card, designed to let it be skimmed-off for official purposes, the whole centralised approach to ID makes it easier for your life to be perfectly stolen. The government cannot be trusted to look after your identity.

"Measures it calls 'secure' are only securing official convenience. With an ID card or chipped passport, you'll never know who's walking around pretending to be you."

Campaigners are concerned that, with the amount of irreplaceable data on passports, such as fingerprints, criminals could have access to an unprecedented level of personal data if equipped with the right technology.

Mr van Beek said: "We're not claiming that terrorists are able to do this to all passports today or that they will be able to do it tomorrow. But it does raise concerns over security that need to be addressed in a more public and open way."

The government is pushing ahead with its ID card scheme, despite a damaging series of data losses over the last year. Britain introduced e-passports in 2006, following calls from the United States.