Technology Embarked the Issuance of New ICAO e-Passport: Case Study of Malaysia e-Passport

By

Shara Fedayu Sarif

Graduate Business School

Faculty of Business Administration
Universiti Teknologi MARA
40000 Shah Alam, Selangor.

Abstract traveler’s identity, and assist with the automation of certain

Recent development of passport is the introduction of e-
Passport throughout worldwide. It was believed that e-
Passport has helped immigration system to work faster and
in much more simpler way. The recent development of e-
Passport to Malaysia as it was firstly introduced among all
other countries is an achievement to Malaysia and also
being the most secured e-passport device as compared to
other countries. In line with other research paper,
journals, and other written published article, this paper
will be discussing on the brief definition on e-passport, the
benefits and few shortcomings especially in privacy and
security issues of the current e-passport.
Keyword: e-Passport, immigration system, biometrics,
ICAO, Auto-Gate.
travel processes.
However, despite all, Malaysia has taken big step
to venture early into this system. In Malaysia, e-Passport
was first introduced in 1998. Contracts for the e-Passport
system are awarded by the Department of Immigration
Malaysia in 1998 and Malaysia being the first country in
the world to launch its electronic Passport. Now, Malaysian
e-Passport version International Civil Aviation
Organization (ICAO) has been fully introduced to all
Malaysian by Minister of Home Affairs Dato’ Seri
Hishammuddin Tun Hussein on 2nd February 2010
monitored under Immigration Department of Malaysia
[ CITATION Imm10 \l 1033 ].

Literature Reviews

Introduction e-passport and Biometrics

As world grows older, technology has taken its In May 2003, under the structure of the ICAO
place to help all processes and procedures become simpler, formulated a standard for the new document, known
faster, and a lot easier. Following several immigrant issues, familiarly as the e-Passport. The standard called for e-
terrorist and others that have occurred, many countries Passports to contain an integrated circuit (IC) chip that
accelerated plans for the adoption of a new passport could secure information about the bearer.
standard that would increase security of travel documents.
The goal was to adopt new technology that would ensure
Specifically, the standard specified that all e-
the integrity of the passport issuance process, and improve
Passports were to contain a “photo” of the traveler in jpeg
the ability of border authorities to accurately establish the
image format. ICAO also endorsed the addition of
identity of passport holders who were seeking entry
additional identifying data such as fingerprints and iris
privileges.
images. In regulations published in December 2004 the
European Union required that e-Passports contain a facial
Schedules for implementation of the new e- image plus “fingerprints in interoperable formats”
Passport vary by nation. While several nations are already
issuing such documents, most implementations are
[ CITATION ICA10 \l 1033 ].
scheduled to comply with current US requirements for
issuance systems to be in place by October 26, 2006. Due
to the typical ten-year expiration cycles of the current
generation of passports, however, it will be a decade before
countries that provide the major sources of global tourism
will be completely converted to the new, more secure
format.

As these new capabilities come on line it is

important to have a clear picture of how the documents
may be used to tighten up issuance systems, establish a
 It is exceptionally important to note that while
such features are often referred to as “biometrics”.
Biometrics is uses as biometric authentication where it is
the verification of human identity through measurement of
biological characteristic. These enhancements are stored
only as true images of the feature. These features will
certainly be used in future applications that extract
biometric data from the images, but the ICAO standards do
not specify how – or if – the images are to be converted or
later employed to enable the actual use of biometrics in
operational programs.
In one media conference, Immigration and
Naturalization Service under the US Department of Justice
inspectors has informed public that the Malaysian e-
passport is the finest and the best in the world [ CITATION
Yus07 \l 1033 ]. The embedded chip in an e-passport
stores a photo of the holder, but not his fingerprints. This
was proved by a statement by developers of the technology,
whereby it is impossible to duplicate and forge digital keys
stored on the chip making information encoded into
Malaysian passports have so far remain secure.
Weerakkody (2006), in her paper stated that
fingerprinting as one of the biometrics method was
introduced in a bid of combat the problem of one million
Indonesian illegal immigrants in Malaysia, who come in
search of work. Currently, the latest development of e-
passport in Malaysia that we can view is where Nigeria
Immigration Service has concluded arrangements to roll
out the issuance of e-Passport to Nigerians resident in
Malaysia [ CITATION Ale09 \l 1033 ].
Plus factor of E-passport
1. Preventing Identity Fraud
A research programs has been build in order to
determine whether or not the new biometric applications
use in e-passport could be used to compare one image
against all other stored images for the purpose of revealing
those who may be attempting to commit identity fraud. And
it was reported that biometric face recognition programs
have demonstrated some success at this task [ CITATION
Ric05 \l 1033 ], suggesting possible matches and ranking
them for human operators to discern who may be an
imposter. Such, e-Passport ensures that the future images
are received and stored in a form that makes them
amenable to biometric-based checks.
Improvements in the accuracy and speed of face
recognition technologies may eventually make it feasible to
conduct such searches in other high-risk security
environments, including at the border. In either instance,
i.e. during issuance or in a real-time border operations
mode, the e-Passport with its imbedded jpeg image of the
bearer provides the key to better control over who is
attempting to defraud the international travel network.
As for Malaysian e-Passport, there is a facial
recognition software used in the e-Passport deployment.
The facial characteristics in an applicant’s new passport
photo are compared against facial images in Dept of
Immigration Malaysia’s database [ CITATION Imm10 \l
1033 ].
This will allow Dept of Immigration Malaysia to
detect applicants who are trying to obtain a duplicate
passport or someone trying to obtain a passport using a
stolen identity.
2. Supporting the Staffed Border Inspection Process
The second benefit to be derived from the universal
adaptation of the e-Passport standard is to establish the
certainty of the relationship between the travel document
and the bearer. When a traveler presents the new e-Passport
at the border, the inspector will use updated reader
technology to scan the chip and view the image that is
stored in the document. This will enable officers or check-
in staff (if airline or ground handling agents are authorized
to do so) to make a quick check to determine:
 That the image printed on the document
biographical information page matches exactly
the image that is stored on the IC chip
 That the same image matches the person standing
at the inspection checkpoint or airline counter
3. Serving as Secure, Common Tokens for Automated
Programs
Using a token simplifies a task that might
otherwise require a search every record in a database to
confirm identity. ICAO passport has been used as this type
of token1 since the means of printing and reading the data is
fully standardized. To date, trials that have been designed
to test how biometrics may be used to automate passenger
services have usually relied on different types of tokens to
trigger the process of confirming the traveler’s identity
against a stored record.
Certain programs have avoided this operational
model by using technologies such as iris recognition.
Nevertheless, most biometric-based automation projects
rely on tokens because of to be in sequence with marketing
1
“Token” a simple pointer like a magnetic stripe card or
personal identification number, other times a complex PKI-
protected smart card – implies a relationship between a
“live” biometric check and data that is housed in a database
or on the token itself.
programs, flexibility in the choice of biometric
technologies, usability features that make operation similar
to other familiar applications such as automated teller
machines, and compatibility with commercial standards for
card and data storage formats.
As for Malaysia, we successfully developed the
first e-Passport Autogate system that reads e-Passport and
authenticate fingerprint biometric to a few international
airports in UK and USA as part of our effective border
control system application.
Shortcomings of E-passport
Data leakage threat
Leakage of e-passport data thus presents two
problems with consequences that extend beyond the e-
passport system itself [ CITATION Ari05 \l 1033 ]:
Identity Theft: A photograph, name, and birthday give a
head start to a criminal seeking to commit identity theft.
With the addition of a social security number, the criminal
has most of the ingredients necessary to build a new
identity or create a fake document.
Tracking and Hotlisting: Any static identifier allows for
tracking the movements of an RFID device. By itself, the
movements of an individual may not be that interesting.
When combined with other information, however, it can
yield insight into a particular person’s movements. Further,
this information only becomes more useful over time, as
additional information is aggregated.
Biometric threat
Among other data, e-passport will include
biometric images. In accordance with the ICAO standard,
these will initially be digitized headshots, while
thumbprints are used for the Malaysian e-passport. These
images would not need to be secret to support
authentication if the physical environment were strictly
controlled. However, existing and proposed deployments of
e-passports will facilitate automation, and therefore a
weakening of human oversight. This makes secrecy of
biometric data important. Because biometric authentication
is an automated process, it leads naturally to the relaxation
of human oversight, and even to self-service application.
At Kuala Lumpur International Airport,
Malaysian citizens present their e-passports to an
“AutoGate” and authenticate themselves via a fingerprint
scanner, without any direct human contact. If the
fingerprint matches the e-passport data, the gate opens and
the e-passport holder continues to his or her flight. The
result will be diminished human oversight of passenger
authentication and greater opportunities for spoofing of
biometric authentication systems.
Token threat
As being mention above on the existing of token
application in e-passport development, while
implementation of such systems was relatively simple,
there were a few disadvantages. Tokens were said to be
different from program to program, which in turn limited
the scale of any passenger automation scheme.
Other than that, consensus was difficult to obtain
on selecting any one token that could be used bring
programs to critical mass, i.e., achieve enough acceptance
worldwide to favorably affect operations and truly simplify
traveler services.
Improvement on Immigration System
Further automation may play a role in helping
that decision maker to ascertain if there is a true match
between the stored image, the printed image, and a
captured image of the bearer. Face recognition technology
may be adapted to compare the three sources of
information and provide input on the accuracy of the data
match. In its ultimate form the combination of manual
examination of the data, automated input from a biometric
subsystem, and validation of the document should
significantly improve the accuracy of an inspection.
Adding additional biometric images to the chip
may reduce the some of the security and operational
concerns, as both fingerprint and iris recognition biometrics
will provide more accurate performance in border control
applications at the present level of technical development.
Again, however, simply adding more data to the chip is not
likely to provide full protection against penetration
attempts that are built around the vulnerability of a setup
that makes decision solely on the basis of information on
passport.
This weakness may be overcome if the additional
images (fingerprints in the case of the EU, and perhaps iris
elsewhere) that are contained on the e-Passport are first
validated by an enrollment authority and then stored
separately in a database. An architecture in which these
verified images are used to confirm an identity that is
linked to a particular passport by checking against a secure
database is a powerful concept of operations that could be
used to eventually cover a large percentage of travelers.
Other improvement on the immigration system is
the used of NexCodeTM defeating the utilization of Radio
Frequency Identification (RFID) has come to stand for
families of technologies that communicate data wirelessly
from a small chip, often called ‘tag’ [ CITATION Kum08
\l 1033 ]. RFID technology had proven to have serious
security flaws whereby identity information can be stolen
and cloned. The features of NexCodeTM are applied into Bibliography
the existing immigration identity and travel authentication
materials. This is to ensure information is correctly linked
to intended identities and detection of fraudulent activities
that usually relate to other forms of crime. Additionally,
immigrant enforcement officers will be equipped with
secure mobile phone-based field enforcement applications
to carry out identity verification operations around the
country.

It was also reported from The Star (2010), that

the upgraded security features of the Malaysian e-passport,
which stores data and complies with the International Civil
Aviation Organisation standard, have been well received by
various groups.

The launched the new e-Passport which included

newer security features that allowed for better monitoring
of Malaysians overstaying in foreign countries. It is also
not easily forged. This e-Passport would help simplify
immigration procedures at the airports and help to address
the issue of theft and abuse of Malaysian passports.

Conclusion

Several benefits, shortcomings of e-passport have

been discussed in this paper with example from Malaysian
country which has launched its forgery-proof e-Passport.
This e-Passport is capable of protecting the identity of
passport holders and minimizing the incidence of forgery,
as it was in line with the ministry’s objectives to combat
human and drug trafficking which often involved the use of
fake passports to fool the authorities.

Malaysian passport was forgery-proof as it had a

special security chip which would help the authorities
strengthen control at the country’s entry points where it
helps the Immigration Department to scan high-risk
travelers more effectively apart from facilitating the
movement of genuine travelers.

With the further improvement of e-Passport, this

may cater the need to secure the integrity of travel
documents and put in place a standard travel document for
ICAO member countries. Holders will be able to pass
through immigration checks smoothly as they can go
through automatic gates without the need to go to
immigration counters [ CITATION Nam10 \l 1033 ].

Though the implementation of e-passport was

only fully introduced in early 2010, and there are still some
improvement requires, but we believe that this deployment
are just the first wave of next generation identification
devices. E-Passport may provide valuable experience in
how to build more secure and more private identification
platforms in the years to come.
Human Development Report 2009. (2009). The Human Development Index. United States America: United Nations development
Programme (UNDP).

ICAO. (2010). Safety and Security Audit. Retrieved 11 4, 2010, from International Civil Aviation Organization:
http://www.icao.int/

Immigration Department of Malaysia. (2010). Passport. Retrieved 11 4, 2010, from Official Website Immigration Department of
Malaysia: http://www.imi.gov.my/

Juels, A., Molnar, D., & Wagner, D. (2005). Security and Privacy Issues in e-Passports. First International Conference on
Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05) .

Kumar, A. (2008, 7 15). National Security Solution to provide real-time access. New Malaysian System for Immigration .

Mede, A. (2009, 5 29). Immigration issues Nigerians e-Passport in Malaysia from June 2 . Retrieved 11 7, 2010, from Nigeria
Daily News.com: http://ndn.nigeriadailynews.com/templates/?a=17963

Nam News Network. (2010, 2 3). MALAYSIA LAUNCHES ICAO VERSION OF INTERNATIONAL PASSPORT. Retrieved 11 7,
2010, from brunei fm!: http://www.brunei.fm/

Norton, R. (2005). e-Passport: Uses, Limitations, and Impact on Simplifying Passenger TRavel Initiatives. USA: National
Biometric Security Project.

Sulaiman, Y. (2007, 7 6). Our e-passport system is world’s best, Malaysia. Retrieved 11 4, 2010, from Travel Video News - The
world on the web: http://www.travelvideo.tv/news/

The Star. (2010, 2 5). E-passport security features lauded. Retrieved 11 7, 2010, from thestaronline:
http://thestar.com.my/news/story.asp?file=/2010/2/5/nation/5607855&sec=nation

Weerakkody, N. (2006). A Comparison of Australian and Malaysian Views on the Use of Biometric Decices in Everyday
Situations. International Journal of Learning .

*****

Shara Fedayu Sarif was born on 4th October 1984. She is

currently pursuing her Master in Business Administration
in Universiti Teknologi MARA, Shah Alam, Malaysia. She
was previously possessed her Bachelor in Business
Administration (Hons) Finance from Univesiti Teknologi
MARA, Arau Perlis Kampus, while her Diploma in
Banking in Universiti Teknologi MARA, Segamat Johor
Campus.

About the Author