Introduction:
The majority of passports all around the world are readable by a machine which means that they contain printed information on the Identity page also referred to as a Data page that can be scanned by an optional reader. Whereas a digital passport is the same as a traditional passport.
An E-Passport also called a biometric passport, is a biometric identification card embedded with a chip that, contains all the information available in traditional passports and is designed to lighten the workload at passport checkpoints.
All the Indian citizens are likely to get e-passports starting from the year of 2021. As per certain current reports, it was stated that the government had originally issued 20,000 official and diplomatic e-passports which were embedded with chips for a trial basis. And after its successful test run, the issuance of the e-passports for all the citizens have started.
Status of the issuance of E-Passports
An E-Passport also called as a biometric passport, it is a biometric identification card embedded with a chip that, contains all the information available in traditional passports and are designed to lighten the workload at passport checkpoints
The e-passports shall go through the International Civil Aviation Organisation (ICAO) standards, and it shall be much difficult and harder to destroy. The chip at the front will come with an internationally recognized logo which will be meant for e-passports. The microchip that will be embedded in the passport will hold all important information relating to the passport holders that is the biometric data as well as the security features that will disallow unauthorized data transfer through Radio frequency identification (RFID).
Nowadays many of the major airports due to the increased level of automation from getting access to immigration areas to security checks, they all have faster processing time for the e-passport and e-visa holders. This is so because the computerized authorization is more secure and faster.
The Indian Government hasn’t waited for a single delay and has initiated this procedure already for its effectiveness. Whereas on the other hand the infrastructure is set in place to make sure it’s upgraded and the future-ready documents are provided to prohibit identity theft, forgery, and increased connectivity for an immigration process that is streamlined.
The Indian Application
Right to privacy under the Constitution of India, 1950 is read as “Protection of life and personal liberty: No person shall be deprived of his life or personal liberty except according to procedure established by law”. The above statement is defined as Article 21 of the Indian Constitution.
In the case of Justice K.S. Puttaswamy (Retd) vs Union of India[1], the Right to privacy was recognized as a fundamental right. This right expects people to respect each other’s privacy and lets them be in full control of their privacy. The right to privacy that was recognized as a fundamental right is something that doesn’t need to be articulated separately but can be derived from Article 14, 19, and 21 of the Indian Constitution, this was confirmed by the Supreme Court itself.
This is a natural, fundamental and inalienable right that not only remains in force as an integral part of the right to life and liberty but also attaches to the person who covers all the information and choices that he/she makes. This protects a person from all the analysis of the state at their home, their movements, and also over their reproductive choices, choice of partners, food habits, etc. therefore when a state takes an action it results in infringement of the right to privacy and is subjected to judicial review.
However, the E-passport initiatives may hamper these rights as it puts all the personal data of the citizens on a domain that can be highly exploited in many ways. As of now, they are no specific laws on data protection and privacy but there are provisions and amendments made to the Information Technology Act, 2000, that ensures every citizen’s right to data privacy. Section 43A and 72A of the IT Act, 2000 states the guidelines of compensation for improper disclosure of personal information.
Security and Privacy issues in E-Passports
The controversy of security and a citizen’s right to privacy is a globally debated context. One such recent debate in the Indian context was the instance of the case of Aadhaar, where the biometrics of every lawful citizen of the country was stored online.
This move by the government led to a lot of rage and the government was questioned with respect to the right to privacy that is protected under Article 21 of the Indian Constitution, 1950. When the citizens were expected to link the mobile number and their personal details with their Aadhaar many security issues arose. During the launching of the Aarogya Setu App by the Government of India the privacy issues reached another level when the users were asked to submit their personal information. Therefore it is a known thing that this initiative taken by the Central Government will also have major criticisms and repercussions too.
Tenable threats to E-passports
Although the implementation of E-Passports has been made across the world, its efficiency is still questionable. E-Passports presents a different security measure which is designed to safeguard their authenticity and more importantly from tampering and cloning attempts. As the guidelines do not mandate the digital signatures of the passport holders to be linked to their passport. The security protocols defined under ICAO should be more than enough to prevent such attacks from happening. However, according to the current specifications that regulate the Logical Data Structure of the e-passports chip it is feasible to bypass these protocols by exploiting certain flaws.
Even as per the ICAO guidelines it doesn’t mandate an authenticated and encrypted communication between readers and passports. Such chips that are unprotected are completely subjected to Clandestine Scanning. .“Faraday Cages”, is a popular called word that acts as a countermeasure to clandestine scanning. Disastrously this is not effective with respect to the eavesdropping on the passport to reader communications that happens in airports. On initiation of the protocol, the e-passports containing standard for RFID chips stipulates the emission of a chip ID. If the ID made is different for every passport then it could allow tracking the movements of the passport holder by any parties who are unauthorized. Certain common issues that exist with online data are Biometric leakage, identity theft, and cryptographic weakness.
Conclusion
With a rapid growth to become a digital society, India is expecting a new set of laws with respect to data privacy. The increasing privacy issues have made it mandatory for the new laws and legislations to be set up. This world of digitalization has infiltrated India. Our country has to tighten its protection of E-passports before it’s implemented on a large scale. Government has to walk an extra mile to ensure the protection of data while taking e-passports. Initiatives like Digital India have been taken by the Central Government which mainly aims to have a more strict judicial system and effective laws implemented for data protection and privacy. In order to suit the digital transforming society, it is of great importance for the ICAO guidelines to go through an effective evaluation. It also assumed that e-passports are not easy to destroy. However, at the same time, it should also be made sure that the security of the country is not protected at the stake of 1.32 billion Indians privacy. Therefore, thorough processing and foolproof methods of implementation have to be adopted in order to make this initiative as efficient as it is assumed to be.
References:
[1] Writ Petition (Civil) No. 494 of 2012, (2017) 10 SCC 1
Other Sources:
0 Comments