BEST PRACTICES WORKSHOP ON TRAVEL DOCUMENT SECURITY ORGANIZED BY THE OAS/CICTE AND ICAO SAN SALVADOR, EL SALVADOR JUNE 9-11, 2008 9:00 Opening session DAY 1 Welcoming Remarks and Objectives Dr. Carol Fuller, Secretary, CICTE Mr. Mauricio Siciliano, ICAO MRTD Program His Excellency, Licenciado René Mario Figueroa Figueroa, Minister of Public Security and Justice of El Salvador 9:30 Session 1: Overview of Machine-readable travel documents, ICAO standards and specifications Moderator: Mike Holly ICAO TAG/MRTD expert Member, ICAO New Technologies Working Group USA 9:45 Machine Readable Passports according to ICAO Standards Malcolm Cuthbertson Consultant of De La Rue Identity Systems International Organization for Standardization (ISO) United Kingdom ICAO document 9303 Machine Readable Passports Basic MRTD Standards and Specifications 10:15 COFFEE BREAK 10:45 Electronic Machine Readable Passports according to ICAO Standards Barry Kefauver ICAO TAG/MRTD expert United States ICAO document 9303 passports, identity cards and visas; Biometric identifiers contactless chips & RFID technology Interoperability with border control. Public Key Directory (PKD) Public/Private Key Infrastructure (PKI) (policy issues) 1
11:15 Questions & Discussion Suggested topics: How to implement machine readable passport projects How to plan and coordinate MRPs implementation projects Issuance training issues Machine-readers and border control points. Border control training issues 12:00 Summary of Session I by Moderator 12:15 LUNCH 14:00 Session II. Handling & Issuance Moderator: Barry Kefauver ICAO TAG/MRTD expert United States 14:15 Implementation of ICAO MRTD Standards and Specifications 14:45 Ivanka Spadina Forensic Analyst INTERPOL France 15:15 COFFEE BREAK Vladimir Hernández Lara Deputy Director General for Delegations Secretariat of External Relations Mexico ICAO Standards Blank travel document book control and accountability Applicant identity verification Vulnerabilities of breeder documents used as basis for issuance Ensuring that breeder documents are integrated with a comprehensive identification and civil registration system Ensuring high quality capture of biometric identifiers during enrolment Replacement of lost and stolen travel documents Physical security of issuing facilities Application/issuance procedural standards Internal control, audit and staff training. OAS Commitments regarding Interpol Introduction to Interpol s SLTD and Automated Search Facility (ASF) Populating the database and quality/reliability of data updating; Integrated solutions to access SLTD (FIND/MIND) Giving real time access to Interpol s lost and stolen database. 15:45 State example Implementation of Interpol systems in the United States 2
Joseph Jung National Central Bureau INTERPOL United States 16:15 Questions & Discussion: Connection to the Interpol databases, in particular the FIND solution Hit confirmation/resolution, follow-up procedures. Suggested topics: Comprehensive passport and document issuing systems; Modernizing civil registration systems Integrated approaches to managing identity information; National Personal Identification Numbers (NPIN) Domestic standardization of breeder documents (including birth certificates) Integration with private procedures, e.g. Advanced Passenger Information (API) Interoperability with border control Connection to domestic & international databases, e.g. Interpol. 17:00 Summary of Session II by Moderator 17:15 ADJOURNMENT FOR THE DAY 3
DAY 2 9:00 Session III. International Cooperation Moderator: Mauricio Siciliano Machine Readable Travel Documents Program ICAO Canada 9:15 Christopher Hornek The Technical Assistance Program of OSCE/ATU Action against Terrorism Unit (ATU) Organization for Security and Cooperation in Europe (OSCE) Austria 9:45 State Example MRP Implementation Projects in Ecuador Jose Sandoval (Ecuador) Minister Counsellor Embassy of Ecuador Chile Introduction of new MRPs Legislative, financial, procedural aspects How Ecuador implemented a new passport issuing system; What problems were faced in the process, and how they were overcome; Lessons learned 10:15 State Example MRP Implementation projects Ricardo Barceló Passport General Directorate, Ministry of Foreign Affairs Dominican Republic 10:45 COFFEE BREAK Roll-out of State MRP system. How the Dominican Republic implemented a new passport issuing system; What problems were faced in the process, and how they were overcome; Lessons learned 11:15 State Example emrp Implementation Project Mike Holly Passport Office, International Affairs Bureau of Consular Affairs-State Department United States 11:45 Questions & Discussions Suggested topics: How to define a country s document security needs; How to implement new passport systems; Necessary legislation; 4
Inter-agency steering committee; Formulating a government tender; Public-Private Partnerships. 12:45 Summary of Session III by Moderator 13:00 LUNCH 14:30 Session IV. The Importance of the Integrity of Breeder Documents for the Issuance of IDs and Travel Documents Moderator: Mauricio Siciliano Machine Readable Travel Documents (MRTDs) Program ICAO Montreal, Canada 14:45 Presentation 1 - Overview of the Travel Document Issuance and Production Processes in Canada Josée Bessette Director of the Printing Centers Passport Canada 15:15 Presentation 2 - Civil Registry and Identity Documents in Chile 15:45 COFFEE BREAK Juan Antonio Velásquez Morales Civil Registry and Identification Department Ministry of Justice Chile 16:15 Questions & Discussions 17:00 Summary of Session IV by Moderator 17:15 ADJOURNMENT FOR THE DAY 5
DAY 3 9:00 Session V. Conclusions and Recommendations Moderator: Francine Hanna Program Manager, Document Security and Fraud Prevention OAS/ CICTE 9:15 Presentation of Session Reports by Moderators (15 minutes each) 10:00 Discussion of Reports, Recommendations, Next Steps 11:15 Closing Ceremony 6
Background The Best PracticesWorkshop on Travel Document Security in the Central American Region is jointly organized by the Secretariat of the Inter-American Committee against Terrorism (CICTE) of the Organization of American States (OAS) in co-operation with the International Civil Aviation Organization (ICAO). This event is held in accordance with the CICTE Work Plan which specifically mandates the Secretariat to develop, in cooperation with Member States and appropriate international and regional organizations, programs to identify and share best practices in the area of document security, including targeted technical assistance projects. Under United Nations Security Council Resolution 1373, the Inter- American Convention against Terrorism, and the universal counterterrorism instruments (conventions and protocols) of the United Nations, all OAS Member States have committed to promote cooperation and the exchange of information to improve their controls on the issuance of travel and identity documents and to prevent their counterfeiting, forgery, or fraudulent use. In addition, the CICTE Member States have committed to comply with the security standards and practices set out in the Chicago Convention on International Civil Aviation, its annexes (particularly Annex 9), and International Civil Aviation Organization (ICAO) recommendations. In addition, all ICAO Member States have committed to implement Standard 3.10 of Annex 9 to the Chicago Convention to: aim to comply fully with the recommended ICAO minimum security standards for the handling and issuance of passports as well as other travel documents by 1 April 2010; begin to issue machine-readable travel documents, if possible with digitized photographs, by (Date), pending the availability of technical and financial resources. The United Nations Global Counter-Terrorism Strategy, adopted by the General Assembly in September 2006, highlighted the importance of travel document security and encouraged Member States to step up efforts and cooperation at every level, as appropriate, to improve the security of manufacturing and issuing identity and travel documents and to prevent and detect their alteration or fraudulent use, while recognizing that States may require assistance in doing so. The objective of this Best Practices Workshop is to build on, and contribute to, these ongoing efforts, to emphasize the importance of promoting travel document security, and to share Best Practices and information on the issuance and control of travel and identity documents. Of major importance is how increased travel document security can improve the effectiveness of counter terrorism actions. Different aspects of travel document security will be covered as outlined below, with the objective of identifying existing gaps, best practices, and possible areas of improvement. Guidelines for Speakers To facilitate discussion within time constraints, keynote presenters will be asked to limit their presentations to 25 minutes. Power Point presentations are welcome. Interventions and questions from the floor are highly encouraged, but are to be kept to a five minute maximum. During interventions, participants are encouraged to share national specific experiences and requirements for successful requests for travel document security assistance, to identify needs and ways of possible improvement in this area, and to utilize panel experts as resources for enhancing overall document security. In this regard, please note that active discussion between participants is considered the most beneficial aspect of this conference. Participants are therefore strongly encouraged to come prepared to discuss and share specific experiences, to identify needs and assess areas of possible improvement and to utilize panel experts as resources. Moreover, participants are welcome to submit more detailed written remarks, which will be provided to all participants. Registration Experts and participants are encouraged to arrive at 8:00 am. 7
Annotated Agenda Day 1: Opening Session The conference will be opened by a high-ranking official of the host government, with welcoming remarks by the CICTE Secretariat and ICAO. Session 1: Issuance of Machine Readable Passports and electronic Machine Readable Passports Moderator: An ICAO representative will give an overview of the technical document 9303, activities undertaken in the framework of the Universal Implementation of Machine-readable Travel Documents Programme. Machine Readable Passports according to ICAO Standards In line with ICAO and OAS commitments, Member States must comply with ICAO Standard 3.10 requesting Contracting States to begin issuing Machine Readable Passport by 1 April 2010. Such issuance shall be done according to standards and specification established in ICAO Doc 9303. All but five OAS Member States have already begun this process. Electronic Machine Readable Passports according to ICAO Standards For those Member States that are now issuing machine-readable travel documents (MRTDs) with digitized facial images, there will be a workshop session dealing with taking security a step further and issuance of electronic passports. These are defined as MRTDs with an embedded contactless integrated chip. In addition to the machine-readable zone (MRZ), which provides a more restricted machinereadable amount of data, smart card chips allow much greater amounts of data including biometric identifiers, additional text data, and electronic visas to be stored securely. The information stored on the chip must be retrieved using special readers. Thus, it has become necessary to develop an interoperable method of communication between the epassport and the passport reader during the authentication process at border controls. Session 1 will also focus on this process. The first keynote presentation will be delivered by the a member of the ICAO New Technologies Working Group (NTWG), who will focus on universal interoperability of machine readable passports and epassports at border controls and the policy issues of the Public Key Directory (PKD) to this end. This presentation will be complemented by an international expert affiliated with the International Organization for Standardization (ISO), who will describe the technical aspects of protecting and unlocking data of MRPs and epassports. Session 2: Handling & Issuance Day 2: Because new technologies have enhanced the security of personalized documents, terrorist networks and organized crime groups are increasingly focused on attacking vulnerabilities within document issuing systems. They are honing methods to falsify identity at the outset and gain legitimate documents under assumed identity. Thus, increased emphasis must be placed on securing the enrollment, personalization and issuance (handling and issuance) process, which is essential for international and national credibility of the personalized document. Additionally, enrollment processes must be linked to the domestic database of lost and stolen documents, which in turn should be regularly and rapidly reported to Interpol, in order for that information to be available at border control throughout the world. Reciprocally, this necessitates that border control points be sufficiently equipped to allow real-time query access to identify lost or stolen documents during the authentication process. 8
The opening keynote presentation on handling and issuance will be delivered by a member of the ICAO NTWG. It will focus, inter alia, on the recommended ICAO minimum security standards for the handling and issuance of passports as well as other travel documents. The presentation will also share best practices on a holistic and integral approach to protect travel document handling and issuance processes from end-to-end. The Interpol Project Manager for Stolen and Lost Travel Documents will then give a presentation on integrated solutions to access Interpol databases. The intervention will focus on the deployment of technical platforms allowing connection to the Automated Search Facility/Stolen Travel Document Database (ASF/SLTD). This will be followed by a representative of the USA Interpol, who will give a practical synopsis of how Interpol platforms, particularly the Fixed Interpol Network Database (FIND) solution was implemented in the USA with technical platforms to connect with Interpol databases. Session 3: International Co-operation This session will focus on how participating States can best maximize international co-operation to implement new document & identity systems according to their domestic needs, specificities, as well as available resources. Focus will be placed on the process of implementation and not so much on the document security features. This will include legislative, financial and procedural aspects of introducing new document issuing systems, including lessons learned and best practices. In this session, national presentations will be given by countries from the Hemisphere and elsewhere. These will focus on, respectively, the roll-out of new epassport issuing systems, the interoperability of epassports at border control during the authentication process, as well as how new document systems affect the handling and issuance system. The Organization for Security and Cooperation in Europe (OSCE) will make a presentation on its experience in training programs on the subject in Europe. Session 4: The Importance of the Integrity of Breeder Documents Breeder documents are those first identity documents such as birth certificates, social security cards, and cedulas (in Latin America) which are used to obtain travel documents. Vulnerabilities in the issuance of breeder documents can undermine the integrity of travel documents. A comprehensive approach is needed for document security that integrates breeder documents with a comprehensive identification and civil registration system in order to ensure security and identity management. This session will deal the issuance and control of breeder documents and control procedures to prevent their potential use by terrorists or criminals. 9