Taller Subregional sobre Mejores Prácticas en Seguridad de Documentos de Viaje y Manejo de Identidad Centro Internacional de Instrucción de Aeropuertos y Servicios Auxiliares México D. F. , México, 12 -14 de diciembre de 2011 Evidence of Identity: the concept and ongoing work Erik Slavenas MRTD Programme Officer 1
Defining the terms Evidence of Identity (Eo. I) Vs. “breeder documents” 2
Why bother? Relative decrease of MRTD fraud – by smart criminals Focus on other weaker segments of the MRTD lifecycle – issuance Remedy: a robust issuance process that fully uses Eo. I scrutiny and its strengths 3
An increasingly prevalent global shift from document fraud to identity fraud See Malcolm Cuthbertson’s The Changing Dynamics of Travel Document Fraud at http: //legacy. icao. int/MRTDsympos ium/2010/Docs/Cuthbertson. pdf 4
Identity Documents MRTDs International treaty Globally interoperable Well organized multilaterally Existing systems and guidance Security features Founded on premise of machine readability “Breeder Documents” No international foundations Endless number No systems, no guidance, no generalized handbooks and above all, no interoperability No systems of security or other guardian features No international standards or specifications
Intelligent criminal’s guide to identity fraud Don’t Use fraudulently altered MRTDs Do • Obtain breeder documents in another identity or - as the last resort • Use fraudulent breeder documents • Exploit weaknesses in the passport issuance process • Become an impostor (preferably with a virgin stolen passport ) 6
Eo. I: the 3 -level approach Claim to an identity is tested by the PO checking: 1. what the applicant “has” to support the claimed identity (“breeder docs”); 2. what the applicant “knows” about the identity that is claimed (social footprint); 3. who the applicant “is” (biometrics). 7
Eo. I – Components of an Operational Model The three components for establishing identity involve: 1. Evidence that the claimed identity is valid, i. e. that the person was in fact born and, if so, that the owner of that identity is still alive. (Also read The Day of the Jackal by F. Forsyth) Forsyth 2. Evidence that the presenter links to the claimed identity – i. e. that the person claiming the identity is who they say they are and that they are the only claimant of the identity. 3. Evidence that the presenter uses the claimed identity – i. e. that the claimant is operating under this identity within the community. This is the model for the Evidence of Identity. 8
Ingredients of Eo. I 9
1. “Breeder documents” Birth Certificate of citizenship/naturalisation Existing passport or other travel doc National ID card / voter’s card (cedula) Features: gov’t issued, preferably has a photo, has security features Difficulty: lack of uniformity, low security features, lack of uniformity 10
2. Document databases and reference to official records Civil registry (births/marriages/deaths) Voters registry Citizenship/immigration records Professional licences Motor vehicle records Court records Property ownership records Automated or accessible via a secure real-time connection Also – checking the identity against watch lists - checking PO database/archives for similar names, DO 11 name spelling variations
3. “Social footprint” Interaction between the applicant and the society – documented or “known” Supporting docs: Medical records Marriage certificate Bank and taxation documents Employment record Driver’s licence and car registration Educational records House/electricity, gas meter, police records, etc Dealing with exceptional cases 12
4. Interview Regular or by request Applicant obliged to tell the truth by law Non-verbal aspects: confidence, behaviour, nervousness Photos submitted can be verified The replies must match the application story Can be used to extract additional info, clarify questions or discrepancies, support social footprint, confirm or give hints about misrepresentation, capture biometric data, etc. 13
5. Use of Guarantor Certifies the claimant’s identity – or likelihood under oath A member of a regulated profession (doctor, lawyer, policeman, etc) – or passport holders Must be verifiable through records Legal aspects: delivered under oath, misrepresentation a serious offence, cannot be paid or relatives Must have known the applicant for a long time Links with social footprint 14
6. References At least two recommended Independent and unrelated to applicant Can be contacted by the PO to confirm identity scrutiny 15
7. Use of biometrics Anchoring an identity to biometrics – a v. strong safeguard The first time – capturing – not v. useful for confirming identity The process must be robust and safeguards must exist Facial recognition: 1: N checks 16
ICAO Work on Guidance Material ICAO NTWG Working Paper “Towards better Practice in National Identity Management” on Eo. I presented to the TAG/MRTD 20 and approved for final development Early working version at http: //legacy. icao. int/icao/en/atb/meetings/2 011/Tag. Mrtd-20/Docs/Tag. Mrtd 20_WP 005_en. pdf Finished version to provide Guidance Material and reference on Eo. I to Sates 17
Summary Shift to fraudulent breeder docs and exploiting weaknesses in the issuance process Hence the need for robust Eo. I is more than “breeder documents” Eo. I – no strict science but a toolbox of techniques and approaches to establish the claimed identity beyond reasonable doubt Further reference – NZ presentation on Eo. I at http: //legacy. icao. int/MRTDsymposium/2010/Docs/Of fenberger. pdf 18
THANK YOU! Questions? Comments? Feedback? http: //www. icao. int/Security/mrtd/Pages/default. aspx eslavenas@icao. int 19
Скачать презентацию Taller Subregional sobre Mejores Prácticas en Seguridad de
682072ab452073ada4e4883573e6012f.ppt