The cryptography behind electronic passports (opens in new tab)

It is one of the core concepts of sovereignty--defining a territory and then deciding who or what gets to be inside. Along with a government with a monopoly on violence used inwards, and some foreign relations directed outwards, you have the recipe for a modern country.

A democracy cannot function if the electorate is not well defined. They are vulnerable to Sybil attacks, same as the distributed ledgers and hash tables.

How do you offer entitlements and quality healthcare to the entire population of the world without money?

Who should be allowed to participate in the decision-making process that allocates these finite resources?

The native Americans tolerated immigration, and we all know what happened to them.

On the topic of the article, every hotel outside the US I've used has asked for my passport; I didn't know that a copy of the details exposed weaknesses on the electronic side.

Do you treat your immediate family better than an absolute stranger?

If so, why? Aren't they all just people?

I was going to respond, but when I looked in my bag of trollfeed I saw it contained fuck all.

It's because generations/families are a thing. Even the countries taking the most immigrants like USA aren't expecting an immediate benefit, they're thinking 1-2 gens later.

Go to South Sudan and tell me if you still feel the same way.

If you want to have "safety net" social programs, it can't be avoided. At least until there's only one government.

It is a shame you are being downvoted, as it is an admirable ideology: why should someone be (dis)advantaged by the accident of where they were born.

In reality though, 8 billion people hold a wide spectrum of beliefs. I would not want to live in a society with low taxation and low welfare for example. How can I live side-by-side with those that do? Of course, we all have limited choice to move if our society does not match our beliefs.

The downvotes on this comment are wild. Like, you didn't even say we should definitely enact open borders right now. You just lamented how things are. And it is absolutely lamentable. All the responses are basically saying "but we need it!" Which isn't even addressing what you're saying. Plenty of necessary things are lamentable.

The comments rebuking you appear to forget that by definition GDP and wealth are derived from the population. Wealth for social programs is not a finite resource as the general consensus is that over one's lifetime more wealth is created by one's work effort than is needed to sustain the individual. Capitalism by definition extracts this extra wealth for the private interests of a few. But there's no particular reason that this extra wealth can't be used to assist those that may not even meet the necessity of output of sustaining themselves.

This is a difficult concept for people to understand because they look at their paychecks and go "I'm not deriving so much wealth!" well yeah. A huge, large chunk of your wealth is being extracted for capitalism. And in manners that will be very difficult for you to understand.

I'll try to explain it, though, for the audience that peruses these forums. You're a software developer.

You work for a public B2B software company. Your wealth is being extracted to: Pay for those company pizza parties, pay for the office you work in, pay in to the healthcare system that "your company is paying for" that isn't directly part of the premium you see on open enrollment, paying for the company holiday parties, paying into everyone's various insurance plans to reduce the out-of-pocket costs for everyone in those insurance plans (outside of your company, of course), paying for the CEO's multi-million dollar paycheck, paying for the bonuses of all of the management, paying for shareholder value and dividends, paying for the taxes your company pays, paying for the taxes you pay.

If your existence at your job didn't pay for those things, most companies will tend to lay you off.

And this goes for pretty much the vast majority of workers in the vast majority of jobs.

So saying that more immigrants somehow puts a strain on the system is just by definition incorrect, even if a percentage of those immigrants don't generate the same level of value you do as an individual. Do you think every person in your organization generates the same relative value? Of course not. In most businesses in America, does the janitor generate the same wealth as the CEO?

To be fair, there is a snarky comment to be made there about CEOs--but the objective reality is probably not. But the janitor is still generating some wealth by ensuring a safe, healthy, and comfortable workplace for the employees. Does that mean the janitor is not entitled to income? to healthcare? to benefits? to company holiday parties? to company pizza parties?

Just convert this into a much larger scale of the entirety of a country's population--and well, the answer is that most populations have enough free money floating around somewhere to provide essential services to everyone: education, food, safety and security, health, and likely even housing, electricity, and pretty much any other public service we could provide.

And this scales as a population grows.

Here is a list of trivially obvious ways that they solve problems:

1. They can be read significantly faster, or even automatically, which cuts down on long border control lines even when the biometrics are not used.

2. They are significantly harder to forge without the consent of the issuer, even for other nation-states.

3. They can store biometrics that allow the bearer's identity to be verified automatically and with a very high degree of confidence.

I am all for being skeptical of the government's actions, but passports are a ridiculous place to have such a strong kneejerk reaction. You're already on a list and your movements are being tracked. ePassport features are only more convenient when compared to older passports.

For one thing, with printed passports border officials have to recognise all the anti-fraud features on all the passports issued worldwide in the past 10 years.

Quick, what security image on a valid UK passport - a thistle, a daffodil, a rose, a clover, a coat of arms (but not the same coat of arms as on the front cover), a map of the UK, a harlequin pattern, a crown, a lighthouse, a pair of bird wings, William Shakespeare, an oak leaf, a compass, a marine chronometer, the letters UK, the words United Kingdom, a Bermuda-rigged boat, a square-rigged boat, a steamship, or the holder's birth date?

It's a trick question, you'll find all of them; they changed the passport once for brexit, and again after the queen's death. And that's just one document from one country. Far simpler to just hold it to the reader and get a beep.

For another thing, if you're worried about bribed officials - it's much harder to bribe airport border officials if they're required to scan every passport into a computer, and match it against the airline's passenger list.

Usually some state's passports grant the holder more privileges than those issued by another state precisley because of the perceived risk of them being (not) obtained by fraud. Your genuine Sealand passport is less practically useful than a genuine Finnish one for use in the context of international travel.

The cryptography aspect is basically preventing the corrupt Sealand government official from stamping out ones that might be confused for, for example, a Finnish one.

Sealand[1] being used as an example least likely to cause offense - but you can understand that most governments around the world really do want to ensure that they are the only ones issuing their passports, and hence what that means for their citizens.

[1] https://en.wikipedia.org/wiki/Principality_of_Sealand

Cryptography is a tool that turns arbitrary problems into key management problems. It doesn't solve problems, but it constrains them in useful ways.

1. It's easier to centralize cryptographic cert issuance than passport issuance.

You may allow embassy personnel to issue passports, while still requiring a computer system in the homeland to verify that the person actually exists in some government register (and that photos match) before the certificate can be issued.

If you give embassy personnel blank passport templates, they can issue passports with completely fake identification details, for people who have never existed. The moment computers get into the mix, that may no longer be possible, or at least leave an audit trail.

2. There's no risk of surveillance. Reading data from the chip still requires you to read the MRZ, so you can't do that remotely.

There's nothing a chip gives you that you wouldn't get from a normal passport (beyond a very easy and hard-to-fake way to verify that the passport is authentic).

The history of passports has always been surveillance and control of movement of, and enforcing quotas on, the proles.

In their earliest form, they were documents from your lord that permitted you to travel, and specified where you belonged and where you were allowed to travel to, most often used for internal travel. Later and in general, they were used to keep the poor from moving, for example, to find work elsewhere.

Later Americans used them to limit European immigration based on country of origin, Europeans used them in WWII to do some not good things, Soviets used them to exile or keep undesirables where they wanted them, etc

Electronic passports are about faster processing. The nerd drama is mostly irrelevant.

That's an overly cynical take. Obviously it means that a criminal organization would need to recruit officials before they could issue fake passports. Which is already pretty hard.

And maybe they would need to recruit multiple officials across multiple agencies. And if these agencies has internal policing, then even if they manage to do that, they now have another vulnerability where the criminal operation can be discovered and sabotaged.

> authoritarian countries that issue modern e-passports but do not allow free elections

Those tend to not issue passports (of any kind) to many citizens.

Then there's access. In America for example only half the adults in the country even have a passport, and I suspect that skews quite heavily towards one demographic. Do you think that India, Nigeria, or Russia have more equitable access?

And even if they did, what stops the state issuing extra fake passports to citizens they want to vote.

of course then there's key elements of a free election, freedom of access to the ballot paper, freedom to campaign the same as others, freedom from imprisonment because you are running against the incumbent leader, having each vote being worth the same. Many countries prevent people in jail from voting, or even people who used to be in jail. Many countries give more power to one constituency than another, almost all have some level of unequal access to campaigning.

It's not a "Free election" or "no election".

The actual casting of the vote is only part of the story.

> authoritarian countries that issue modern e-passports but do not allow free elections

You are trying to solve a political problem with a technological solution.

1. Many authoritarian countries don't allow freedom of travel (i.e. it is not easy to get a passport)

2. If they don't care free election, what's stopping them issuing more passport just for voting?

3. What's stopping them confiscating or revoking your passport?

Yes, as long as the passports implement a signing scheme, and the set of valid public keys (the electorate) can be agreed upon. If you can sign arbitrary data, then you can sign other public keys, including whatever the voting system requires.

Vitalik has a great blog post about blockchain voting.

https://vitalik.eth.limo/general/2021/05/25/voting2.html

You probably wouldn't want to use the cryptography on the passports themselves to implement the voting system. You probably want to use one of the general purpose zkSTARKs or multi-party-computation systems.

>Can activists organize an election for all citizens of that country in some online form, asking the voters to scan their passports using their phones, so that

By the point said activists reach organizational capacity to do so, they have already won and can hold the vote basically with scanning a qr code with a simple app.

>only legitimate citizens (who have passports) can vote

this makes no sense as a requirement in a situation you described.

The authoritarian govt controls who gets passports and can create fake people if it wants.

This would also add the requirement of an accurate internal clock.

Not an expert but my understanding is that active authentication only occurs after the basic “I can see the MRZ data” authentication passes first. You can’t skip proving you can read the MRZ in any scenario.

U.S. passports have a unique shielding which prevents them from being read whilst closed. It’s a low tech solution but I think it’s an amazing example of clever mitigations.

I think this is a similar situation with Felica IC cards in Japan.

Enhanced ID allows border crossing for most cases covered by the passport card, while real ID does not, for reasons that are unclear to me.

Wait, so these IDs essentially just broadcast what amounts to a static identifier wirelessly (which allows tracking and cloning, but not document authentication)? What's the point of that?

Or was there some cryptographic scheme that has since been broken?

Passports and money are quote complex to be forgery-resistant. With internet existing it turns out, it's easier to discard the physical form altogether and only leave pure chain of trust digital form.

It already happened to money, it is slowly happening to passports and ids too.

> I’m wondering how they will manage to upgrade them - for future algorithms without breaking compatibility.

The same way as always -- introduce a new version of the passport, which can as well be verified through a completely different system altogether.

What's even more impressive is that this technology has been around for decades!

> I’m wondering how they will manage to upgrade them - for future algorithms without breaking compatibility.

Just like all other smartcard systems: Very, very slowly. Credit and debit payment cards with a smartcard (EMV) chip have similar issues – even small patches take multiple years due to the relatively long average card validity.

I have same — dead chip.

Cost of replacement is not relevant as the chip and passport are linked, so need a new passport to get that fixed. Not terribly costly. But annoying given that, like you, it is due to no obvious fault on my part.

However it seems pretty routine. All the face-scanning readers eventually (after several attempts and failures) bubble you up into to a process exception that refers you to a human and you get sent into another queue: this time, to be reviewed by a human.

Unless border control are particularly by the book, most of them will simply accept the explanation, and let me directly into the human queue. Sometimes this works out for the better — for all their cleverness, the automated scanners seem particularly tricky for them to keep working reliably. Other times there's lots of families travelling, and I end up waiting a bit longer.

Either way, I'm glad that most of them are alive enough to the issue that time consuming try/fail/repeat/escalate/re-queue part of the process can be skipped.

i went through border control twice at an airport after going to the wrong gate and when i returned to the uk the e-gates immediately declined to process it (the camera etc. didn't move and e.g. reject the facial recognition, it just immediately said go to the desks). i've always wondered what that was about, how do they know i didn't just go to a third country?