I’m not talking about rarely issued things that might be used to allow people into top secret facilities or the like. This is about mass-issued things like passports, birth certificates, drivers licenses, and such. Are any of these sophisticated enough or manufactured based on some secret processes or whatever such that a foreign government (or sophisticated terrorist organization) couldn’t just make perfect counterfeit ones? Or are all the ID requirements that we face just directed at lay people but are useless in dealing with foreign intelligence?
I don’t see how there could be. Any document that can be produced by the resources of one government can be duplicated by another government which has similar resources.
That’s what I would think as well. Unless there’s some secret process for producing them or some sort of code built in, in some cases.
It’s certainly not beyond the ability of a government to make a passport or driver’s license which, in a visual inspection, is indistinguishable from the real thing. Probably it wouldn’t even take a government to do so; many countries have outsourced the production of such documents to private companies, and such companies have the technology to produce the documents. Some of these companies even provide documents to many different governments across the world. Giesecke+Devrient is one of the market leaders in this segment, but there are others too.
But it’s one thing to make the physical document, another to get this document into a government-maintained database where it would show up as genuine when searched for. I would think this is beyond the powers of the manufacturers of the hard-copy document. That’s part of the reason why many countries are switching to e-visas that are stored in and retrieved from a database, rather than a physical visa inserted into a physical passport.
I figure for any code to be useful, people would have to be aware it existed so they could check for it. So that means it would not be a secret code.
This, I would think, could be taken care of by means of asymmetric encryption. The government publishes a public key that could be used by anyone to authenticate a code included in the document. The code has been produced by means of the private key of this key pair, which is kept confidential by the government.
Some universities use a system along these lines to provide a possibility to authenticate diplomas (supposedly) issued by the university.
Public key infrastructure of this sort is used in biometric passports, though I don’t know the details offhand. IIRC there are signed digests of the data, with master signing keys presumably held somewhere secure by each government.
Or maybe they’re on a sticky note attached to some bureaucrat’s monitor.
Here is a description of the process by ICAO, the International Civil Aviation Organisation. In short, each country nominates one single certificate authority. This authority generates encryption keys called document signer certificates, a large number of which can be issued to whatever bodies are competent in that country to issue ID documents. Other countries can obtain public keys from the issuing country’s certification authority to authenticate documents (supposedly) signed with a document signer certificate from that country.
What do you mean by “ID”? A plastic card? Or anything one can use to verify one’s identity?
Key-pair encryption can provide security beyond the realistic ability of anyone to counterfeit, provided that it’s implemented well. A random schmo can say “Oh yeah, if you’re John Smith, then use your private key to encrypt today’s date and time, and tell me what the encrypted text is”. John then clicks a button, and produces something that looks like nonsense, and then the schmo takes that nonsense and John’s known public key, decrypts it, and finds the date and time. John has now proven, as conclusively as anything ever can be proven, that he genuinely has the John Smith private key.
As for implementing this in a little plastic card, it could be done with something like the chips now seen on all credit cards. Is it actually? I don’t know.
It depends a lot on how the ID is authenticated.
Most IDs these days are a token that links to a database, and they can be authenticated by the database, not by the actual physical ID.
When you go through customs and scan your passport, that may (I can’t find much information on whether it actually does) ping a database from the issuing country to verify that it’s real.
That + crytographically signed chips means that you can’t make a fake copy of the passport without exploiting the keys of the issuing country.
Even without the rfid chip in them, you could only make a copy of an existing id, but not generate a plausible new ID for a person who doesn’t exist.
If you just want to make the physical object look real and pass, say, a bouncer checking that you’re over a certain age, that’s probably within the skills of any reasonably competent nation state or some talented individuals.
This is similar to the question I have about those multiple fake passports that crop up in every secret agent action movie. When you fly into a country, the passport is not only visually inspected, it is typically scanned by computer. (even driving across the US-Canada border it is scanned) I presume most of the western countries that allow each other free travel have databases online that can validate their own passport against content, and I presume also other countries’ passports. Maybe you can bribe someone in Rwanda or Malaysia to give you a valid passport, but you would then require an extensive visa application process to visit most Western countries.
(Plus in those spy movies, they dig these passports out of a lock box or under the floor years later. A passport expires in 5 or 10 years - so how long is that stash good for? Presumably you can only be a spy on the run for about 10 years/)
I presume the better technique would be to find someone who resembles the faker, and create a fake passport with a more compliant picture but the same information. (I believe this is what Mossad did with the assassins flying into Dubai?)
I presume any country or undercover organization with sufficient funds can replicate the physical attributes of a passport. The more interesting issue would be whether there is an RFID chip and whether that can be duplicated successfully. Considering the buzz about privacy issues, it doesn’t sound like these chips are currently securely encrypted.
But then wouldn’t the computer at least alert the officer - hey! This guy is not known to have left the USA, where’s he coming from?? or worse yet - he asks where you are coming from, where you’ve been and the computer says a different answer, “this guy just flew to Japan last week” now says he’s arriving from only Germany.
So the real question is - how comprehensive is the computerized passport tracking and validation? Do the various western countries’ computer systems exchange information?
I studied overseas a few decades ago in a country - let’s call it Country A - which had a hostile relationship with a neighboring country - call it Country B. As a result, you could not travel to Country B with a Country A passport. However, you could travel to country B with an American passport.
There were people in Country A who were motivated to visit Country B (a religious sect or something with a shrine in Country B). They had apparently set up a lab of sorts and were offering Americans $200 (IIRC) to let them use their passports. They would simply remove the laminate from the passport, remove the picture of the actual holder and substitute a picture of one of their guys. Then after they returned from Country B they would reverse the process.
I don’t recall if I knew anyone who had actually done this, but it was pretty well known. I was a bit tempted myself - $200 was decent money for me back in those days - but I was afraid my passport would get either defaced in the process or confiscated by authorities.
Yes, they do, and sometimes these things get political. An example was when the European Court of Justice held that the agreement between the EU and the US to that effect was in violation of EU law.
There are various security features that can be used on things like banknotes or passports that are very easy to produce, but almost impossible to reproduce.
An example of this is a Guilloché Pattern.. Simply by use of several toothed wheels (see spirograph) you can produce a unique pattern. Keep the exact sizes of the wheels a secret, and it is impossible for anyone else to reproduce.
Oh, they can make a curve with their own wheels, but it will be a different curve. A trained eye can spot the difference.
OK, if you use different wheels, you get a different pattern. So don’t use different wheels. It’s not that hard to determine the sizes of wheels used.
Unless you are Canadian or Mexican (thanks to NAFTA) the USA will fingerprint you on arrival. Plus, they take your picture. your fingerprint may not be in the system, but now it is. I doubt they do a search when you enter, but should their suspicions be aroused, customs or some three-letter agency may dig deeper and like everything these days, you’ve left a trail.
These discussions remind me of the movie Parker where Jennifer Lopez says to Jason Statham who is posing as a potential real estate client “I did a credit check on you, and until 6 months ago you didn’t exist.”
The question with any fake ID is - are you trying to get past a checkpoint one time, are you trying to stay under the radar for a while, or are you trying to stay forever incognito? Fabricating a duplicate/imitation ID is easy with modern photo-reproduction technology, given unlimited budget. But creating the entire backstory and data history is something else.
Nowadays, even for a traffic stop the police will validate your license (and car license plate) against a database.
Show me how it’s done. Please determine the sizes of the wheels used to make this image.
Oh yes, just to be clear, they would usually only use a cropped part of a curve. A would-be forger cant even see the whole pattern.
This seems like the sort of thing that people use fourier transforms to reverse engineer - they are superimposed harmonics, right?
I don’t pretend to understand the maths, but I’ve heard that a 3-wheel pattern is impossible to reverse-engineer.
Anyway, I was using it as an example of something that is easy to make, but hard to reproduce. Just because one government can make it easily, it doesn’t mean a rival government can do the same.