Final Report Summary - ORIGINS (Recommendations for Reliable Breeder Documents Restoring e-Passport Confidence and Leveraging Extended Border Security)
Executive Summary:
The project ORIGINS aims to study the security of the extended border and more particularly passport breeder document security. The underlying idea of ORIGINS is to improve the security and therefore to restore the confidence in the application process and issuance of e-passports, by filling the gaps in security of breeder documents.
Indeed, while some assurance approaches have been implemented in a few countries, they remain insufficient to provide breeder documents in complete security and trustworthiness at a time when this is increasingly necessary.
This project therefore investigated exhaustively the current state of passport breeder documents requirements and issuing practices in Member States/Associated Countries. The identification of common security gaps led to the recommendation of possible solutions to overcome the security weaknesses in breeder documents. The project provided support for issuance bodies and border control communities. It also promoted the standardisation of breeder documents by creating a dedicated working group at a European level (CEN TC224 WG19).
These objectives have been achieved through the establishment of a strong networking environment between key actors in the sector (passport breeder document and e-passport communities, border control community, ministries, industry, SMEs, universities, NGOs, the European Commission, the European Parliament and the Council, etc.), exchange and dissemination of good practices between relevant communities, the definition and organisation of joint or common initiatives, meetings, conferences, events and with an appropriate management of the action. Broad communication and dissemination actions have been undertaken throughout the project lifecycle. At the same time, it is expected that ORIGINS’ results will continue to live beyond the end of the project, in particular via think-tank groups built during the project, standardisation groups and the implementation of ORIGINS’ recommendations.
Project Context and Objectives:
Breeder documents, notably birth certificates, represent the basic articulation between an individual and the community where an individual is born and lives. This junction is of fundamental importance since it provides the individuals with ‘documentary citizenship’ , namely, with the documented memory that enables him or her to entry (and exit, for that matter) the realm of civil, political, and also social life. With the introduction of electronic passports (e-passports) and the use of security features in the chip, of which biometric templates, the security of this crucial travel document - which was still only based on paper at the end of the last century and remained therefore easily forgeable - has been greatly improved. Nevertheless, if the physical security of the document is better protected per se, some weaknesses in the passport issuance process remain. Indeed, e-passports are delivered based on breeder documents (e.g. birth certificates) that do not have the same protection level and which are much easier to counterfeit.
It is a known fact that e-passports are now so difficult to counterfeit, that fraud attempts now focuses on
issuing process.
In most European countries, and identically in the rest of the world, breeder documents are unsecure documents while they are the basis of the identity for many of these countries. This lack of security has led to an inherent flaw in all the processes of identity creation using breeder documents as proof of identity/origin. Therefore, the weakest link of the chain of ID and travel documents issuance, and in particular of e-passport issuance, now is the entitlement process, in which the evidence of an applicant’s identity is evaluated. Such evidence is often provided in the form of breeder documents, which remain to date mainly paper-based without any form of security in their manufacturing or issuance processes.
Most breeder documents are much easier to forge than e-passports, and by using forged breeder documents (via identity theft or fake ID) people can obtain genuine travel documents. To make the matter worse, there is yet no standard format or standard issuance process for breeder document Europe wide or even within many Member States. As a consequence, an administration officer can barely authenticate a breeder document.
Many studies, one by Frontex on the Operational and Technical Security of E-passports, confirmed that this “breeder documents” issue was vital regarding the legitimacy of documents, which could be delivered on the basis of unreliable ones. It is therefore of the utmost importance to ensure the reliability of the e-passport issuance process for an efficient EU/Schengen border control, and that starts in the very first place with the reliability of the breeder documents. Likewise, e-passports are not the sole target concerned with the weakness of breeder documents: stolen, counterfeit or altered birth certificates are often used to obtain documents needed to create new identities, paving the way
to miscellaneous frauds, smuggling of migrants, drugs or weapons, trafficking in persons, terrorist mobility, etc.
This lack of harmonisation or even standardisation, in terms of issuance practice or physical support, is a key problem, especially in the e-passports domain where standards have been defined for the travel document but not for its issuance process. The existence of a standard for breeder documents would simplify the verification process all over EU/Schengen and Associated countries, and then the secure issuance of a passport anywhere when needed. This would have a direct impact for many EU citizens who nowadays no longer live in their country of origin. Like a Pandora’s Box, the opening of European borders has led to new possible frauds, and succeed in obtaining a passport in a MS/Schengen country provides access to all the countries of this zone. A lot of the fraud also lies in the fact that many EU countries have overseas links with peoples from there having the right to EU passports. Thus, it is difficult to have assurance in the identity chain.
The mission of ORIGINS is to investigate current security gaps of passport breeder documents, mainly birth certificates, and will be limited to these (even though the project’s results could be applied to other documents). It will recommend possible solutions enabling more secure and efficient authentication of individuals at passport issuing points, and which will indirectly improve the reliability of border control activities, while at the same time protecting privacy of the citizens through a privacy-by-design approach. ORIGINS will propose cost-effective solutions to dramatically improve the security of the breeder documents issuance process. All these recommendations will feed a pre-standard initiated at the European level.
The objectives of the ORIGINS project are:
• Identify breeder documents used in EU/Schengen and Associated Countries for the issuance of e-passports
• Make a comprehensive inventory at a European level of breeder documents requirements and issuing practices (in every EU/Schengen countries)
• Identify key common security gaps present in these processes
• Identify best practices of each country in the domain of breeder documents, and provide a guide of best practices for minimum level security in Europe
• Develop a tool-kit with multi-level security from which Member States can derive technology suggestions for their own breeder document implementation
• Supply technical know-how and assist the breeder document community to set up specific trainings for checking documents used in the e-passport application process
• Create a standardisation project on breeder documents in CEN TC224 WG18 based on the proposed possible technical and procedural solutions
• Establish a link to the ICAO New Technologies Working Group’s initiative on breeder documents
• Facilitate the access to training/ availability of training materials (and possibly tools) for the verification of breeder documents by e-passport issuance officers
• Study the ethical, societal and legal aspects related to breeder documents in general and of the proposed solutions in particular
• Disseminate the results to the issuance community and other relevant communities (such as the border control community), and standardisation groups
• Promote the need for requirements for breeder documents at a European Level towards the MS, so that they can put regulations in place
Project Results:
The ORIGINS project dealing with sensitive issues, most of its content has been classified EU restricted. Nevertheless, below can be found some important outcomes of the project on several topics:
- Usage of breeder documents in the passport application process
Even if European passports comply with passport specifications for both the physical document & electronic components, the passport application process is still quite heterogeneous.
Even though many differences have been highlighted during the application procedure, all the countries interviewed so far rely on the same principle: physical presence of the applicant, provision of a government document and connection to a database.
To initiate the application procedure of a passport, most of the countries require an official government document that allows establishing a link towards centralised or decentralised databases that allow retrieval and /or verification of the applicant’s biographical & occasionally biometric data.
The Evidence of Identity requested for passport application process concerns mainly the applicant’s identity and citizenship.
We noticed that breeder documents are not massively used for passport issuance. Mandatory use of breeder documents is not common to all countries, they are most often used where there is no central registry for identification of physical persons. They also used on an optional basis for validation of civil events not yet registered in the country (very recent civil events or events occurred outside the national territory).
When requested, the most common foundational59 breeder document mandatory for passport application process is birth certificate.
As recommended by ICAO in its EOI initiative, breeder or government identity documents are not used in isolation but in combination to civil registries to confirm the legitimacy of the request and the credentials of the applicant.
When breeder documents are used:
- A single format per type of document should be adopted throughout the country. Content should follow agreed national or international standards
- Security features can be a plus but the trend is to enable authorities to exchange data electronically (limited citizen intervention)
Harmonization of breeder documents could facilitate the verification of national and international physical breeder documents.
International organisations such as ICCS have provided efforts to establish guidelines and recommended practices for the provision of harmonised procedures for physical certificates in particular multilingual certificates that can be useful when using breeder documents from another country.
The use of such harmonization practices would be even more beneficial if they can be adopted by other countries outside Europe, especially when national practices concerning civil registration differ from the European ones.
Concerning European countries, we would like to notice that according to most of the stakeholders interviewed during the project’s course, there is a main trend is to replace physical breeder documents with digital data for the passport application process. Public administration efforts are focused to reduce the use of paper documents as they are more easily counterfeited and their management is more costly. There is a trend to establish evidence of identity in a secure and efficient manner using electronic links with primary source of information and national databases. For that reason, any further investment in physical breeder documents modification (layout, security features) does not seem to be a unanimously preferred approach to secure the passport application process.
- Potential security gaps
Application process but also civil events registration may present weaknesses that jeopardize the passport security chain. As pointed out by the OSCE : ‘It was stressed that currently there are no reliable figures on how many travel documents are issued to fraudsters who have either forged breeder documents or applied for travel documents by abusing other weaknesses in the civil registry process.
Feedback from the interviews shows that for 1st issuance, when biometric verification cannot be performed either for legal reasons, or due to the absence of reference biometric records, then it is not easy to establish a non-ambiguous link between an applicant or the holder of an official document and the claimed identity.
For the 1st issuance there are usually no previous biometric records to use as a reference because citizen registration at birth does not include biometrics which leaves a gap in many countries between 0 and 12 years when the first official identity document is issued with a photo and or fingerprints.
In addition, there is not always a link with existing biometric records present in other databases (e.g. national identity card database) and even in this case verification concerns mainly photos inspection as storage of fingerprints is limited in time due to legal restrictions. In many cases inspection is done manually, and on a 1:1 mode which may present some limitations in verification.
So the challenge would be then to identify solutions that allow increase confidence in the fact that the present applicant is the rightful owner of the associated breeder documents and the claimed identity.
Some of the authorities consider that biometrics taken from new born babies would constitute a promising solution to ascertain the link between individuals and their civil records, thus securing identity since the first registration of a citizen. But this approach is at very early stage.
Another potential security issue lies in the breadth of the cross verification of the applicant’s identity. The majority of the countries interviewed consider that breeder documents do not provide sufficient evidence of identity when used on their own.
To counter breeder documents forgery risks, most countries have adopted a combined approach with applicant’s data verification in additional national registries or databases. In the UK, the verification of the claimed identity is done crossing various sources of information governmental and non-governmental ones. Additional security can be provided by asking random questions to check the applicant’s thorough knowledge of the claimed identity.
Breeder documents that are provided by other countries within or outside Europe can also present a security loophole if the civil events registration and evidence of identity verification practices do not follow the same security constraints as the country of the passport issuance. A dedicated analysis is needed to address the potential risks.
- Implemented best practices
1st issuance: increase confidence on the link between the applicant & the claimed identity using directly primary source information such as relevant civil/population register. This can be used for either data collection and or verification.
When possible replace physical documents by electronic data exchange.
When physical documents are used, add secure features that increase confidence in data integrity and issuing authority reliability (e.g. QR code).
Store historical data in passport database: keep the photos of previous applications.
Allow link with other official document databases (e.g. national identity card) to allow collection and /or comparison of biographical and biometric information (photos ...).
Cross verify the applicant’s data either using various information sources (public or private) and/or asking random questions integrated in the application process.
When collecting applicant’s biometric data, perform automatic comparison of existing biometric records (today visual inspection in most of the cases).
Live capture of photo to counter morphing fraud.
Organize an holistic approach for loss and theft of documents to prevent identity theft/fraud.
Leverage on digital transformation of government administration and e-government strategy to facilitate links and information sharing with different registries and databases. The choice of decentralized distributed systems may seem more convenient. However some countries consider centralized systems more secure and more consistent.
Assure secure management of access and update of all databases involved in the passport issuance process (civil registry, population databases, passport databases, archives ...).
Secure primary source of information (management of civil events registration and update): Secure the registration of the identity creation and the identity termination, by allowing event registration at the place where the event takes place eg birth and death (on-line notification/registration, civil act registration at hospitals). Using online registration /notification can also help to shorten the time lapse between identity creation/termination and the event registration contributing to the consistency and coherence of the registered data.
- Set of recommendations on solutions for enhancing passport breeder document lifecycle of document issued by all Member States.
Generally, the proposal aims for a standardized and harmonized approach for European breeder documents without huge additional costs for the issuing authorities and for an easily usable verification technology. The processing steps of the passport breeder document lifecycle have been organized within chapters, i.e. the structure reflects the lifecycle itself. Based on the conducted investigations and identified security gaps, each processing step has been analyzed in detail and appropriate recommendations were given.
ORIGINS provides recommendations for new concepts and according infrastructures to enhance distinct phases of life cycle procedures. Recommendations given have been compiled based on inputs of by experts of the ORIGNS consortium and the advisory board of the project. Emphasis was put on claim (first issuance, renewal, loss/robbery), provision, and issuance in order to provide secure primary-line processes. In addition, manufacturing, delivery and control were considered. Other parameters such as the need of supplementary documents to breeder documents or the trustworthiness of breeder documents issuers were studied. Given recommendations focus on a seamless integration to existing procedures. The security enhancement solutions against ICAO passport issuance recommendations were checked.
To ensure interoperability and smooth integration it is recommended to align the structure of digital breeder documents (stored on chips) with the established ICAO standard document 9303 and European Union Agency for Network and Information Security (ENISA) cyber security recommendations are suggested. Efficiency in terms of total financial cost of ownership is essential and has been identified as one of the key factors by experts of the ORIGINS consortium as well all as the advisory board of the project. It forms the basis of breeder document harmonization, regardless of the financial situation of the member states of the European Union, in order to achieve a high level of security and trust in the passport breeder document life cycle. Recommendations given in this report represent adequate countermeasures against fraud, misuse and identity theft in the breeder document life-cycle.
While some assurance approaches have been implemented in a few countries, they remain insufficient to provide breeder documents in complete security and trustworthiness at a time when this is increasingly necessary. By implementing recommendations given by the ORIGINS project confidence in confidence in the application process and issuance of e-passports will be restored, filling existing security gaps.
- List of recommendations for appropriate security features to be integrated to passport breeder documents (including document security features, biometric technologies etc.).
A particular focus has been put on interoperability aspects, considering security solutions to breeder documents in a practically interoperable way (cost efficient integration, compatibility to existing documents etc.).
Security solutions to breeder documents summarized in the project are vastly compatible in a practically interoperable way so that,
1. they are not only to be aligned with the future breeder document designs but also to be compatible to existing breeder documents;
2. they are easy to be modified, to adapt to different security and cost level requirements; and
3. they are easy and secure to link to digital records in a database to make them possible to authenticate in content.
Due to the above reasons proposed recommendations are mostly associated with low cost, which leverages their practical implementation. The presented recommendations specifically focus on the current landscape of breeder documents in the European Union. Regarding future perspectives it is important to note that, physical breeder documents like birth certificates might become obsolete. In particular, these might be fully replaced by digital breeder documents, i.e. specific data records, which comprise the information which is currently printed (or stored) on a physical document. Hence, physical security features will become irrelevant. Nonetheless, the information protection mechanism discussed in the project (cryptographic mechanisms, cryptographic protocols, etc.) will remain vital, as mentioned earlier.
- Standardisation aspect
Having taking care of both the European political context and the specific context of passport and various ID issuance which refer to some European regulation and specific national processes, a review of the existing standardization landscape in that domain has been established. It has been confirmed that voluntary standards play a significant role in the domain of Identity Management and travel documents in support of regulations. Furthermore, a gap analysis concluded that there is an opportunity for establishing a new voluntary standards to collect and harmonise best practices for breeder documents.
After due consideration, it has been proposed that an existing standardization technical committee CEN TC 224, should become the adequate receptacle to launch a new standardization activity. A first consensus could be achieved within two years in the form of a CEN Technical Report or a CEN Technical Specification.
Standardisation may be considered to raise a first level agreement on a voluntary European deliverable and implement key recommendations raised by ORIGINS's project on security issues for breeder documents.
The working group CEN TC224 WG19 created during the project will continue the work initiated during the lifetime of the project in order to achieve this first level of Technical Specification, which could serve as a basis for a standard, should the Member States and the EU support such an initiative.
- Privacy and data protection framework for technology solutions in breeder documents issuance
The main privacy concerns regarding enhanced security of breeder documents are:
1. Lack of transparency and oversight: Informed consent may be difficult to apply if the collection of data is mandatory due to specific regulations; nevertheless, the data subjects should have a considerable level of knowledge about what is being done and what will be done with their personal data. Privacy and data protection impact assessments should cover the different stages of the project (design, development, and implementation) and the privacy management of the resulting systems should be regularly reviewed. For this, the figure of a body or authority implementing PIAs (or P+EIAs97) is recommended, e.g. in the wider context of information management for identification through documents and databases.
2. Excessive, irrelevant or redundant data: The future utilization and contexts for the breeder document have to be clearly defined at the initial stage. Different purposes imply different data management and data protection assessments, risks and measures. The possibility of allowing member States the authority to make national adaptations may cause harmonization failures; since it is a document processed and managed at the European level, a very precise standardization is recommended. If the participating countries introduces variations in any aspect (e.g. security management, amount of data collected, system characteristics) the harmonization failures may affect the whole project.
3. Function creep: The infrastructures and systems generated for the management of the information collected in the framework of this project should be leveraged for the purposes originally defined. Both utilization for different or additional purposes or access by different or additional actors should be avoided or thoroughly assessed. Early detection of function creep threats can be accomplished through corresponding oversight mechanisms like regular reviews.
4. Extensive personal data access: Large amounts of personal data may be stored in centralised registers. Even if sensitive or biometric data is properly protected, abuse cases regarding access to this register have to be considered. An ambiguous policy of who can access these registers and under which circumstances may lead to undesired access or modification of personal data. This can be mitigated by defining clear access parameters (who –background check, what, why, how)+ traceing access and designing an access control system (Authentication, Authorisation, and Audit) that is coherent with these parameters.
5. Unprotected data: Personal data (and particularly, biometrics) may be stored in a format or architecture that is not compliant with privacy standards. This poses serious privacy risks both in the case of data stored in registers and in public documents. For instance, biometric traits may be exploited without the knowledge or control of the data subject. In addition, personal information can be linked across databases. Compliance with standard ISO/IEC 24745, and the use of BE is strongly encouraged in order to prevent these scenarios.
6. Data not deleted nor updated: Documents or registers containing personal data are frequently not deleted when the information they contain is outdated or has lost its purpose. In order to prevent this scenario, a clear definition of the cases where data should be no longer be kept is recommended, as well as secure deletion mechanisms for each case.
7. Utilisation by private actors: The utilization of the breeder documents by private actors, such as employers or retailers, must be thoroughly examined. Broadening the scope of actors with access to the managed information implies increasing the risks of loss of control of the data. Involving a wider scope of actors without ensuring the best conditions for responsible data management makes it more likely that unlawful or unethical practices occur.
In order to ensure privacy-by-design in breeder documents security, data has to be protected accordingly at each stage of its life (end-to-end protection). Moreover, the lifecycle of such data has to be transparent to citizens, so they are informed about how their data is being treated, and for what purposes (transparency). Data that is not strictly needed for the anticipated purposes of a particular breeder document should not be collected (data minimization). Data must be stored in such a way that it provides full functionality with security and privacy (positive sum approach). The use of cryptography, both conventional and BE is encouraged for this purpose. Moreover, a BE approach, where the control of the data is given to the user (User-centric) should be applied when possible. By ensuring these principles globally and specifically at each stage, privacy by default can be achieved which would comply with all Privacy by Design principles.
- Societal aspects of breeder documents
We identified public security challenges that relate to current birth certificates and a basic technical choice between local and central storage of biometric data in bolstering the primary evidence of identity. In fact, the modern world has already countries that have instituted a central identity database that serves as the primary legally binding evidence of identity. While this is the case, other countries continue to out rule the establishment of a central identity database amid privacy concerns. Meanwhile, misuse of identity continues to be growing concern to the public security and preservation of privacy. Furthermore, the war(s) in Middle East, huge refugee flows and the illegal immigration pressure
Europe faces, are likely to make the situation worse rather than better in immediate future. This calls for effective and timely response.
An assessment of societal and ethical acceptability of a specific use of technology is about weighing, if the expected (security) benefits are greater than the potential (privacy) risks. Ultimately, one should strive for minimal privacy invasion, when solving a specific public security issue.
Our conclusions, which follow the above analysis of literature and empirical data, are fairly straightforward.
We believe that the security and reliability of birth certificates should be enhanced with additional security features. Also, we favour the inclusion of fingerprint data on birth certificates, given that this data is stored securely on match-on-chip card or equivalent. This will allow document holders to retain the control over the use of their biometric data, especially fingerprint images, minimising this way possibilities of possible abuse of sensitive personal data.
We acknowledge, having said the above, that the rapid change of facial and fingerprint images in early age may necessitate a relatively frequent renewal of the document. This seems to be an unavoidable effort and cost of a strong biometric link between a document and its holder. Still, earlier search has revealed that public prioritises the convenience of a document in its use foremost.
Adults prefer to carry their identity card rather than passport on daily basis because of its more convenient physical appearance. Also, successful introduction of a government issued multi-purpose document that can be used off-line and on-line with any public or private sector applications would be desirable. Furthermore, development of a new document and the related infrastructure is time and resource consuming.
One of the obvious solutions to the above would be start to issue identity cards instead of birth certificates to newborns immediately from birth. We favour this approach, which may require, depending on country, administrative changes, but can be, nonetheless, implemented relatively quickly, avoiding the costs of development, international standardisation and introduction of a completely new document. However, the above alone would still prove insufficient in tackling the immediate security challenges in the European Union, such as detection of a person attempting to assume multiple identities or multiple physical persons using the same identity.
From ethics perspective, we find that there is a compelling and justified public security need for better handling of the data on government issued identity documents. Furthermore, earlier research has revealed that there is a strong support to the establishment of a central database of identity documents across the different EU member states. Therefore, we advise that these countries where no universal database of government issued identity documents exists consider establishment of an either centralised or distributed database that allows to search for any government issued identity document. While doing so, we call for caution in deciding which biometric data would such database include. Generally, inclusion of basic document information along with facial images of the document holders would be a good starting point in securing the continuity of identity and avoiding possible misuses.
It is, having said the above, absolutely crucial that the purposes of the establishment and use of the database, expected benefits and risks of processing biometric data are communicated clearly the to the public. Such communication should include also information on convincing measures, which are taken to avoid any potential function creep at any point in future.
Also, appropriate administrative and technical measures for processing biometric data should be established. This should, obviously, include proper access control and data security measures. Also, procedures need to be established for erasing temporarily stored data, when storing this data is not necessary any more or allowable storage time has passed. Most importantly, proper accountability and auditing systems should be established. Preferably, an independent auditor should be mandated to oversee and assess the security and privacy protection measures, which have been actually taken, on regular basis.
Potential Impact:
One could reasonably expect that, in the future, governments will embrace the vision of a global identity project that would be based on both citizen comprehensive information and secure databases. Therefore, we envision that countries will set up secure infrastructures using cloud-computing technology, compliant with data protection and privacy regulations, to prevent identity theft or related criminal activities.
International organizations like ICAO could provide guidelines to the Member States towards recommended practices for ID management infrastructures, whether they are public, private, national or international. Provided that national legal framework provides for it, individual registration will certainly involve a unique personal number, based on random algorithms, which will be used for recording their civil activities from birth to death. Non-intrusive biometrics will be widely used to support the evidence of identity of citizens.
The objective will be to accumulate the evidence of identity across the entire lifespan of individuals, until researches on biometrics allow taking advantage of stable samples starting from the birth of persons in respect with proportionality principle. In this context, non-intrusive biometrics shall play a significant role contributing to the evidence of identity during the life time.
Basic data shall be collected at birth (date of event, first name, name, gender, city) and continuously updated over the lifetime so that to include any civil changes such as marital status, nationality and descendants in an efficient and consistent way.
In addition, this official set of data shall be automatically enriched with various information collected from public or restricted sources, without infringing data protection and privacy regulations. Their integrity can be assessed and will contribute to increase the level of assurance of the provided evidence of identity.
That way governments will be able to increase confidence in the issuance process of the citizen official documents.
ORIGINS has analysed the current issuance of breeder documents used for passport delivery, identify security loopholes in this process, propose adequate security measures and processes to enhance the security of breeder documents. These objectives have been achieved through a respect of the privacy of European and non-European citizens, applying from the very start a privacy-by-design concept. The results include proposal for standards and also may require the use of biometrics in managing reliable national or European register of births, marriages and deaths. Finally they contain security measures and processes for issuing, transmitting, using and archiving.
Through a detailed investigation and assessment of the security gaps in the breeder document issuance process, recommendations and solutions have been proposed to redress the gaps in a EU/Schengen perspective, aiming to improve the EU overall issuance and inspection environment.
The project promulgates and disseminates the results through current international conference related to breeder documents, the European standardisation process as well as ICAO standardisation activities. Specific activities address cost-effective training and communication methods.
ORIGINS’ results will continue to live beyond the end of the project, in particular via think-tank or standardisation groups (CEN TC224 WG19) built during the project. These groups will be able to continue the work initiated in ORIGINS, while the consortium may be the advisor to the Commission. The implementation of ORIGINS’ recommendations can be envisioned through possible future EU projects, and can be seen as a strong market opportunity for the EU industries and SMEs involved in the breeder documents and e-passports area. Eventually ORIGINS Advisory Board and end-users can push for legal initiatives and European regulations, allowing for the implementation of the project’s recommendations.
Indeed, the standardisation group called CEN TC224 WG19, created thanks to ORIGINS, is probably the most outstanding outcome of this project, since it will continue to live after the end of this project, paving the way for a possible standard at a European level. But this way will take time and will need the support of Member States and probably of some EU regulations or Directives in order to make the dream of harmonised breeder documents come true.
List of Websites:
The public website address of the project is: www.origins-project.eu
The relevant contact detail for the website is: stephane.caillebotte@idemia.com
The project ORIGINS aims to study the security of the extended border and more particularly passport breeder document security. The underlying idea of ORIGINS is to improve the security and therefore to restore the confidence in the application process and issuance of e-passports, by filling the gaps in security of breeder documents.
Indeed, while some assurance approaches have been implemented in a few countries, they remain insufficient to provide breeder documents in complete security and trustworthiness at a time when this is increasingly necessary.
This project therefore investigated exhaustively the current state of passport breeder documents requirements and issuing practices in Member States/Associated Countries. The identification of common security gaps led to the recommendation of possible solutions to overcome the security weaknesses in breeder documents. The project provided support for issuance bodies and border control communities. It also promoted the standardisation of breeder documents by creating a dedicated working group at a European level (CEN TC224 WG19).
These objectives have been achieved through the establishment of a strong networking environment between key actors in the sector (passport breeder document and e-passport communities, border control community, ministries, industry, SMEs, universities, NGOs, the European Commission, the European Parliament and the Council, etc.), exchange and dissemination of good practices between relevant communities, the definition and organisation of joint or common initiatives, meetings, conferences, events and with an appropriate management of the action. Broad communication and dissemination actions have been undertaken throughout the project lifecycle. At the same time, it is expected that ORIGINS’ results will continue to live beyond the end of the project, in particular via think-tank groups built during the project, standardisation groups and the implementation of ORIGINS’ recommendations.
Project Context and Objectives:
Breeder documents, notably birth certificates, represent the basic articulation between an individual and the community where an individual is born and lives. This junction is of fundamental importance since it provides the individuals with ‘documentary citizenship’ , namely, with the documented memory that enables him or her to entry (and exit, for that matter) the realm of civil, political, and also social life. With the introduction of electronic passports (e-passports) and the use of security features in the chip, of which biometric templates, the security of this crucial travel document - which was still only based on paper at the end of the last century and remained therefore easily forgeable - has been greatly improved. Nevertheless, if the physical security of the document is better protected per se, some weaknesses in the passport issuance process remain. Indeed, e-passports are delivered based on breeder documents (e.g. birth certificates) that do not have the same protection level and which are much easier to counterfeit.
It is a known fact that e-passports are now so difficult to counterfeit, that fraud attempts now focuses on
issuing process.
In most European countries, and identically in the rest of the world, breeder documents are unsecure documents while they are the basis of the identity for many of these countries. This lack of security has led to an inherent flaw in all the processes of identity creation using breeder documents as proof of identity/origin. Therefore, the weakest link of the chain of ID and travel documents issuance, and in particular of e-passport issuance, now is the entitlement process, in which the evidence of an applicant’s identity is evaluated. Such evidence is often provided in the form of breeder documents, which remain to date mainly paper-based without any form of security in their manufacturing or issuance processes.
Most breeder documents are much easier to forge than e-passports, and by using forged breeder documents (via identity theft or fake ID) people can obtain genuine travel documents. To make the matter worse, there is yet no standard format or standard issuance process for breeder document Europe wide or even within many Member States. As a consequence, an administration officer can barely authenticate a breeder document.
Many studies, one by Frontex on the Operational and Technical Security of E-passports, confirmed that this “breeder documents” issue was vital regarding the legitimacy of documents, which could be delivered on the basis of unreliable ones. It is therefore of the utmost importance to ensure the reliability of the e-passport issuance process for an efficient EU/Schengen border control, and that starts in the very first place with the reliability of the breeder documents. Likewise, e-passports are not the sole target concerned with the weakness of breeder documents: stolen, counterfeit or altered birth certificates are often used to obtain documents needed to create new identities, paving the way
to miscellaneous frauds, smuggling of migrants, drugs or weapons, trafficking in persons, terrorist mobility, etc.
This lack of harmonisation or even standardisation, in terms of issuance practice or physical support, is a key problem, especially in the e-passports domain where standards have been defined for the travel document but not for its issuance process. The existence of a standard for breeder documents would simplify the verification process all over EU/Schengen and Associated countries, and then the secure issuance of a passport anywhere when needed. This would have a direct impact for many EU citizens who nowadays no longer live in their country of origin. Like a Pandora’s Box, the opening of European borders has led to new possible frauds, and succeed in obtaining a passport in a MS/Schengen country provides access to all the countries of this zone. A lot of the fraud also lies in the fact that many EU countries have overseas links with peoples from there having the right to EU passports. Thus, it is difficult to have assurance in the identity chain.
The mission of ORIGINS is to investigate current security gaps of passport breeder documents, mainly birth certificates, and will be limited to these (even though the project’s results could be applied to other documents). It will recommend possible solutions enabling more secure and efficient authentication of individuals at passport issuing points, and which will indirectly improve the reliability of border control activities, while at the same time protecting privacy of the citizens through a privacy-by-design approach. ORIGINS will propose cost-effective solutions to dramatically improve the security of the breeder documents issuance process. All these recommendations will feed a pre-standard initiated at the European level.
The objectives of the ORIGINS project are:
• Identify breeder documents used in EU/Schengen and Associated Countries for the issuance of e-passports
• Make a comprehensive inventory at a European level of breeder documents requirements and issuing practices (in every EU/Schengen countries)
• Identify key common security gaps present in these processes
• Identify best practices of each country in the domain of breeder documents, and provide a guide of best practices for minimum level security in Europe
• Develop a tool-kit with multi-level security from which Member States can derive technology suggestions for their own breeder document implementation
• Supply technical know-how and assist the breeder document community to set up specific trainings for checking documents used in the e-passport application process
• Create a standardisation project on breeder documents in CEN TC224 WG18 based on the proposed possible technical and procedural solutions
• Establish a link to the ICAO New Technologies Working Group’s initiative on breeder documents
• Facilitate the access to training/ availability of training materials (and possibly tools) for the verification of breeder documents by e-passport issuance officers
• Study the ethical, societal and legal aspects related to breeder documents in general and of the proposed solutions in particular
• Disseminate the results to the issuance community and other relevant communities (such as the border control community), and standardisation groups
• Promote the need for requirements for breeder documents at a European Level towards the MS, so that they can put regulations in place
Project Results:
The ORIGINS project dealing with sensitive issues, most of its content has been classified EU restricted. Nevertheless, below can be found some important outcomes of the project on several topics:
- Usage of breeder documents in the passport application process
Even if European passports comply with passport specifications for both the physical document & electronic components, the passport application process is still quite heterogeneous.
Even though many differences have been highlighted during the application procedure, all the countries interviewed so far rely on the same principle: physical presence of the applicant, provision of a government document and connection to a database.
To initiate the application procedure of a passport, most of the countries require an official government document that allows establishing a link towards centralised or decentralised databases that allow retrieval and /or verification of the applicant’s biographical & occasionally biometric data.
The Evidence of Identity requested for passport application process concerns mainly the applicant’s identity and citizenship.
We noticed that breeder documents are not massively used for passport issuance. Mandatory use of breeder documents is not common to all countries, they are most often used where there is no central registry for identification of physical persons. They also used on an optional basis for validation of civil events not yet registered in the country (very recent civil events or events occurred outside the national territory).
When requested, the most common foundational59 breeder document mandatory for passport application process is birth certificate.
As recommended by ICAO in its EOI initiative, breeder or government identity documents are not used in isolation but in combination to civil registries to confirm the legitimacy of the request and the credentials of the applicant.
When breeder documents are used:
- A single format per type of document should be adopted throughout the country. Content should follow agreed national or international standards
- Security features can be a plus but the trend is to enable authorities to exchange data electronically (limited citizen intervention)
Harmonization of breeder documents could facilitate the verification of national and international physical breeder documents.
International organisations such as ICCS have provided efforts to establish guidelines and recommended practices for the provision of harmonised procedures for physical certificates in particular multilingual certificates that can be useful when using breeder documents from another country.
The use of such harmonization practices would be even more beneficial if they can be adopted by other countries outside Europe, especially when national practices concerning civil registration differ from the European ones.
Concerning European countries, we would like to notice that according to most of the stakeholders interviewed during the project’s course, there is a main trend is to replace physical breeder documents with digital data for the passport application process. Public administration efforts are focused to reduce the use of paper documents as they are more easily counterfeited and their management is more costly. There is a trend to establish evidence of identity in a secure and efficient manner using electronic links with primary source of information and national databases. For that reason, any further investment in physical breeder documents modification (layout, security features) does not seem to be a unanimously preferred approach to secure the passport application process.
- Potential security gaps
Application process but also civil events registration may present weaknesses that jeopardize the passport security chain. As pointed out by the OSCE : ‘It was stressed that currently there are no reliable figures on how many travel documents are issued to fraudsters who have either forged breeder documents or applied for travel documents by abusing other weaknesses in the civil registry process.
Feedback from the interviews shows that for 1st issuance, when biometric verification cannot be performed either for legal reasons, or due to the absence of reference biometric records, then it is not easy to establish a non-ambiguous link between an applicant or the holder of an official document and the claimed identity.
For the 1st issuance there are usually no previous biometric records to use as a reference because citizen registration at birth does not include biometrics which leaves a gap in many countries between 0 and 12 years when the first official identity document is issued with a photo and or fingerprints.
In addition, there is not always a link with existing biometric records present in other databases (e.g. national identity card database) and even in this case verification concerns mainly photos inspection as storage of fingerprints is limited in time due to legal restrictions. In many cases inspection is done manually, and on a 1:1 mode which may present some limitations in verification.
So the challenge would be then to identify solutions that allow increase confidence in the fact that the present applicant is the rightful owner of the associated breeder documents and the claimed identity.
Some of the authorities consider that biometrics taken from new born babies would constitute a promising solution to ascertain the link between individuals and their civil records, thus securing identity since the first registration of a citizen. But this approach is at very early stage.
Another potential security issue lies in the breadth of the cross verification of the applicant’s identity. The majority of the countries interviewed consider that breeder documents do not provide sufficient evidence of identity when used on their own.
To counter breeder documents forgery risks, most countries have adopted a combined approach with applicant’s data verification in additional national registries or databases. In the UK, the verification of the claimed identity is done crossing various sources of information governmental and non-governmental ones. Additional security can be provided by asking random questions to check the applicant’s thorough knowledge of the claimed identity.
Breeder documents that are provided by other countries within or outside Europe can also present a security loophole if the civil events registration and evidence of identity verification practices do not follow the same security constraints as the country of the passport issuance. A dedicated analysis is needed to address the potential risks.
- Implemented best practices
1st issuance: increase confidence on the link between the applicant & the claimed identity using directly primary source information such as relevant civil/population register. This can be used for either data collection and or verification.
When possible replace physical documents by electronic data exchange.
When physical documents are used, add secure features that increase confidence in data integrity and issuing authority reliability (e.g. QR code).
Store historical data in passport database: keep the photos of previous applications.
Allow link with other official document databases (e.g. national identity card) to allow collection and /or comparison of biographical and biometric information (photos ...).
Cross verify the applicant’s data either using various information sources (public or private) and/or asking random questions integrated in the application process.
When collecting applicant’s biometric data, perform automatic comparison of existing biometric records (today visual inspection in most of the cases).
Live capture of photo to counter morphing fraud.
Organize an holistic approach for loss and theft of documents to prevent identity theft/fraud.
Leverage on digital transformation of government administration and e-government strategy to facilitate links and information sharing with different registries and databases. The choice of decentralized distributed systems may seem more convenient. However some countries consider centralized systems more secure and more consistent.
Assure secure management of access and update of all databases involved in the passport issuance process (civil registry, population databases, passport databases, archives ...).
Secure primary source of information (management of civil events registration and update): Secure the registration of the identity creation and the identity termination, by allowing event registration at the place where the event takes place eg birth and death (on-line notification/registration, civil act registration at hospitals). Using online registration /notification can also help to shorten the time lapse between identity creation/termination and the event registration contributing to the consistency and coherence of the registered data.
- Set of recommendations on solutions for enhancing passport breeder document lifecycle of document issued by all Member States.
Generally, the proposal aims for a standardized and harmonized approach for European breeder documents without huge additional costs for the issuing authorities and for an easily usable verification technology. The processing steps of the passport breeder document lifecycle have been organized within chapters, i.e. the structure reflects the lifecycle itself. Based on the conducted investigations and identified security gaps, each processing step has been analyzed in detail and appropriate recommendations were given.
ORIGINS provides recommendations for new concepts and according infrastructures to enhance distinct phases of life cycle procedures. Recommendations given have been compiled based on inputs of by experts of the ORIGNS consortium and the advisory board of the project. Emphasis was put on claim (first issuance, renewal, loss/robbery), provision, and issuance in order to provide secure primary-line processes. In addition, manufacturing, delivery and control were considered. Other parameters such as the need of supplementary documents to breeder documents or the trustworthiness of breeder documents issuers were studied. Given recommendations focus on a seamless integration to existing procedures. The security enhancement solutions against ICAO passport issuance recommendations were checked.
To ensure interoperability and smooth integration it is recommended to align the structure of digital breeder documents (stored on chips) with the established ICAO standard document 9303 and European Union Agency for Network and Information Security (ENISA) cyber security recommendations are suggested. Efficiency in terms of total financial cost of ownership is essential and has been identified as one of the key factors by experts of the ORIGINS consortium as well all as the advisory board of the project. It forms the basis of breeder document harmonization, regardless of the financial situation of the member states of the European Union, in order to achieve a high level of security and trust in the passport breeder document life cycle. Recommendations given in this report represent adequate countermeasures against fraud, misuse and identity theft in the breeder document life-cycle.
While some assurance approaches have been implemented in a few countries, they remain insufficient to provide breeder documents in complete security and trustworthiness at a time when this is increasingly necessary. By implementing recommendations given by the ORIGINS project confidence in confidence in the application process and issuance of e-passports will be restored, filling existing security gaps.
- List of recommendations for appropriate security features to be integrated to passport breeder documents (including document security features, biometric technologies etc.).
A particular focus has been put on interoperability aspects, considering security solutions to breeder documents in a practically interoperable way (cost efficient integration, compatibility to existing documents etc.).
Security solutions to breeder documents summarized in the project are vastly compatible in a practically interoperable way so that,
1. they are not only to be aligned with the future breeder document designs but also to be compatible to existing breeder documents;
2. they are easy to be modified, to adapt to different security and cost level requirements; and
3. they are easy and secure to link to digital records in a database to make them possible to authenticate in content.
Due to the above reasons proposed recommendations are mostly associated with low cost, which leverages their practical implementation. The presented recommendations specifically focus on the current landscape of breeder documents in the European Union. Regarding future perspectives it is important to note that, physical breeder documents like birth certificates might become obsolete. In particular, these might be fully replaced by digital breeder documents, i.e. specific data records, which comprise the information which is currently printed (or stored) on a physical document. Hence, physical security features will become irrelevant. Nonetheless, the information protection mechanism discussed in the project (cryptographic mechanisms, cryptographic protocols, etc.) will remain vital, as mentioned earlier.
- Standardisation aspect
Having taking care of both the European political context and the specific context of passport and various ID issuance which refer to some European regulation and specific national processes, a review of the existing standardization landscape in that domain has been established. It has been confirmed that voluntary standards play a significant role in the domain of Identity Management and travel documents in support of regulations. Furthermore, a gap analysis concluded that there is an opportunity for establishing a new voluntary standards to collect and harmonise best practices for breeder documents.
After due consideration, it has been proposed that an existing standardization technical committee CEN TC 224, should become the adequate receptacle to launch a new standardization activity. A first consensus could be achieved within two years in the form of a CEN Technical Report or a CEN Technical Specification.
Standardisation may be considered to raise a first level agreement on a voluntary European deliverable and implement key recommendations raised by ORIGINS's project on security issues for breeder documents.
The working group CEN TC224 WG19 created during the project will continue the work initiated during the lifetime of the project in order to achieve this first level of Technical Specification, which could serve as a basis for a standard, should the Member States and the EU support such an initiative.
- Privacy and data protection framework for technology solutions in breeder documents issuance
The main privacy concerns regarding enhanced security of breeder documents are:
1. Lack of transparency and oversight: Informed consent may be difficult to apply if the collection of data is mandatory due to specific regulations; nevertheless, the data subjects should have a considerable level of knowledge about what is being done and what will be done with their personal data. Privacy and data protection impact assessments should cover the different stages of the project (design, development, and implementation) and the privacy management of the resulting systems should be regularly reviewed. For this, the figure of a body or authority implementing PIAs (or P+EIAs97) is recommended, e.g. in the wider context of information management for identification through documents and databases.
2. Excessive, irrelevant or redundant data: The future utilization and contexts for the breeder document have to be clearly defined at the initial stage. Different purposes imply different data management and data protection assessments, risks and measures. The possibility of allowing member States the authority to make national adaptations may cause harmonization failures; since it is a document processed and managed at the European level, a very precise standardization is recommended. If the participating countries introduces variations in any aspect (e.g. security management, amount of data collected, system characteristics) the harmonization failures may affect the whole project.
3. Function creep: The infrastructures and systems generated for the management of the information collected in the framework of this project should be leveraged for the purposes originally defined. Both utilization for different or additional purposes or access by different or additional actors should be avoided or thoroughly assessed. Early detection of function creep threats can be accomplished through corresponding oversight mechanisms like regular reviews.
4. Extensive personal data access: Large amounts of personal data may be stored in centralised registers. Even if sensitive or biometric data is properly protected, abuse cases regarding access to this register have to be considered. An ambiguous policy of who can access these registers and under which circumstances may lead to undesired access or modification of personal data. This can be mitigated by defining clear access parameters (who –background check, what, why, how)+ traceing access and designing an access control system (Authentication, Authorisation, and Audit) that is coherent with these parameters.
5. Unprotected data: Personal data (and particularly, biometrics) may be stored in a format or architecture that is not compliant with privacy standards. This poses serious privacy risks both in the case of data stored in registers and in public documents. For instance, biometric traits may be exploited without the knowledge or control of the data subject. In addition, personal information can be linked across databases. Compliance with standard ISO/IEC 24745, and the use of BE is strongly encouraged in order to prevent these scenarios.
6. Data not deleted nor updated: Documents or registers containing personal data are frequently not deleted when the information they contain is outdated or has lost its purpose. In order to prevent this scenario, a clear definition of the cases where data should be no longer be kept is recommended, as well as secure deletion mechanisms for each case.
7. Utilisation by private actors: The utilization of the breeder documents by private actors, such as employers or retailers, must be thoroughly examined. Broadening the scope of actors with access to the managed information implies increasing the risks of loss of control of the data. Involving a wider scope of actors without ensuring the best conditions for responsible data management makes it more likely that unlawful or unethical practices occur.
In order to ensure privacy-by-design in breeder documents security, data has to be protected accordingly at each stage of its life (end-to-end protection). Moreover, the lifecycle of such data has to be transparent to citizens, so they are informed about how their data is being treated, and for what purposes (transparency). Data that is not strictly needed for the anticipated purposes of a particular breeder document should not be collected (data minimization). Data must be stored in such a way that it provides full functionality with security and privacy (positive sum approach). The use of cryptography, both conventional and BE is encouraged for this purpose. Moreover, a BE approach, where the control of the data is given to the user (User-centric) should be applied when possible. By ensuring these principles globally and specifically at each stage, privacy by default can be achieved which would comply with all Privacy by Design principles.
- Societal aspects of breeder documents
We identified public security challenges that relate to current birth certificates and a basic technical choice between local and central storage of biometric data in bolstering the primary evidence of identity. In fact, the modern world has already countries that have instituted a central identity database that serves as the primary legally binding evidence of identity. While this is the case, other countries continue to out rule the establishment of a central identity database amid privacy concerns. Meanwhile, misuse of identity continues to be growing concern to the public security and preservation of privacy. Furthermore, the war(s) in Middle East, huge refugee flows and the illegal immigration pressure
Europe faces, are likely to make the situation worse rather than better in immediate future. This calls for effective and timely response.
An assessment of societal and ethical acceptability of a specific use of technology is about weighing, if the expected (security) benefits are greater than the potential (privacy) risks. Ultimately, one should strive for minimal privacy invasion, when solving a specific public security issue.
Our conclusions, which follow the above analysis of literature and empirical data, are fairly straightforward.
We believe that the security and reliability of birth certificates should be enhanced with additional security features. Also, we favour the inclusion of fingerprint data on birth certificates, given that this data is stored securely on match-on-chip card or equivalent. This will allow document holders to retain the control over the use of their biometric data, especially fingerprint images, minimising this way possibilities of possible abuse of sensitive personal data.
We acknowledge, having said the above, that the rapid change of facial and fingerprint images in early age may necessitate a relatively frequent renewal of the document. This seems to be an unavoidable effort and cost of a strong biometric link between a document and its holder. Still, earlier search has revealed that public prioritises the convenience of a document in its use foremost.
Adults prefer to carry their identity card rather than passport on daily basis because of its more convenient physical appearance. Also, successful introduction of a government issued multi-purpose document that can be used off-line and on-line with any public or private sector applications would be desirable. Furthermore, development of a new document and the related infrastructure is time and resource consuming.
One of the obvious solutions to the above would be start to issue identity cards instead of birth certificates to newborns immediately from birth. We favour this approach, which may require, depending on country, administrative changes, but can be, nonetheless, implemented relatively quickly, avoiding the costs of development, international standardisation and introduction of a completely new document. However, the above alone would still prove insufficient in tackling the immediate security challenges in the European Union, such as detection of a person attempting to assume multiple identities or multiple physical persons using the same identity.
From ethics perspective, we find that there is a compelling and justified public security need for better handling of the data on government issued identity documents. Furthermore, earlier research has revealed that there is a strong support to the establishment of a central database of identity documents across the different EU member states. Therefore, we advise that these countries where no universal database of government issued identity documents exists consider establishment of an either centralised or distributed database that allows to search for any government issued identity document. While doing so, we call for caution in deciding which biometric data would such database include. Generally, inclusion of basic document information along with facial images of the document holders would be a good starting point in securing the continuity of identity and avoiding possible misuses.
It is, having said the above, absolutely crucial that the purposes of the establishment and use of the database, expected benefits and risks of processing biometric data are communicated clearly the to the public. Such communication should include also information on convincing measures, which are taken to avoid any potential function creep at any point in future.
Also, appropriate administrative and technical measures for processing biometric data should be established. This should, obviously, include proper access control and data security measures. Also, procedures need to be established for erasing temporarily stored data, when storing this data is not necessary any more or allowable storage time has passed. Most importantly, proper accountability and auditing systems should be established. Preferably, an independent auditor should be mandated to oversee and assess the security and privacy protection measures, which have been actually taken, on regular basis.
Potential Impact:
One could reasonably expect that, in the future, governments will embrace the vision of a global identity project that would be based on both citizen comprehensive information and secure databases. Therefore, we envision that countries will set up secure infrastructures using cloud-computing technology, compliant with data protection and privacy regulations, to prevent identity theft or related criminal activities.
International organizations like ICAO could provide guidelines to the Member States towards recommended practices for ID management infrastructures, whether they are public, private, national or international. Provided that national legal framework provides for it, individual registration will certainly involve a unique personal number, based on random algorithms, which will be used for recording their civil activities from birth to death. Non-intrusive biometrics will be widely used to support the evidence of identity of citizens.
The objective will be to accumulate the evidence of identity across the entire lifespan of individuals, until researches on biometrics allow taking advantage of stable samples starting from the birth of persons in respect with proportionality principle. In this context, non-intrusive biometrics shall play a significant role contributing to the evidence of identity during the life time.
Basic data shall be collected at birth (date of event, first name, name, gender, city) and continuously updated over the lifetime so that to include any civil changes such as marital status, nationality and descendants in an efficient and consistent way.
In addition, this official set of data shall be automatically enriched with various information collected from public or restricted sources, without infringing data protection and privacy regulations. Their integrity can be assessed and will contribute to increase the level of assurance of the provided evidence of identity.
That way governments will be able to increase confidence in the issuance process of the citizen official documents.
ORIGINS has analysed the current issuance of breeder documents used for passport delivery, identify security loopholes in this process, propose adequate security measures and processes to enhance the security of breeder documents. These objectives have been achieved through a respect of the privacy of European and non-European citizens, applying from the very start a privacy-by-design concept. The results include proposal for standards and also may require the use of biometrics in managing reliable national or European register of births, marriages and deaths. Finally they contain security measures and processes for issuing, transmitting, using and archiving.
Through a detailed investigation and assessment of the security gaps in the breeder document issuance process, recommendations and solutions have been proposed to redress the gaps in a EU/Schengen perspective, aiming to improve the EU overall issuance and inspection environment.
The project promulgates and disseminates the results through current international conference related to breeder documents, the European standardisation process as well as ICAO standardisation activities. Specific activities address cost-effective training and communication methods.
ORIGINS’ results will continue to live beyond the end of the project, in particular via think-tank or standardisation groups (CEN TC224 WG19) built during the project. These groups will be able to continue the work initiated in ORIGINS, while the consortium may be the advisor to the Commission. The implementation of ORIGINS’ recommendations can be envisioned through possible future EU projects, and can be seen as a strong market opportunity for the EU industries and SMEs involved in the breeder documents and e-passports area. Eventually ORIGINS Advisory Board and end-users can push for legal initiatives and European regulations, allowing for the implementation of the project’s recommendations.
Indeed, the standardisation group called CEN TC224 WG19, created thanks to ORIGINS, is probably the most outstanding outcome of this project, since it will continue to live after the end of this project, paving the way for a possible standard at a European level. But this way will take time and will need the support of Member States and probably of some EU regulations or Directives in order to make the dream of harmonised breeder documents come true.
List of Websites:
The public website address of the project is: www.origins-project.eu
The relevant contact detail for the website is: stephane.caillebotte@idemia.com