Project Overview

Concept

Breeder documents, notably birth certificates, represent the basic articulation between an individual and the community where an individual is born and lives. This junction is of fundamental importance since it provides the individuals with ‘documentary citizenship’ , namely, with the documented memory that enables him or her to entry (and exit, for that matter) the realm of civil, political, and also social life. With the introduction of electronic passports (e-passports) and the use of security features in the chip, of which biometric templates, the security of this crucial travel document - which was still only based on paper at the end of the last century and remained therefore easily forgeable - has been greatly improved. Nevertheless, if the physical security of the document is better protected per se, some weaknesses in the passport issuance process remain. Indeed, e-passports are delivered based on breeder documents (e.g. birth certificates) that do not have the same protection level and which are much easier to counterfeit.

Examples of breeder documents - Birth certificates from various countries

The opinion of the European Data Protection Supervisor (EDPS) on e-passports regulation states that: “The issuing of passports in the Member States of the EU is dealt with under the national law of those Member States. National law requires the presentation of various documents, such as a birth certificate, citizenship certificate, family book, parental authorization, driving licence, utility bill, etc. These documents are usually called "breeder" documents, as passports may stem from them.” It is a known fact that e-passports are now so difficult to counterfeit, that fraud attempts now focuses on the issuing process. One prominent case of a genuine passport based on a fake breeder document was detected during the investigation of the Hamas commander Mahmoud al-Mabhouh in Dubai. German intelligence services have established that one of the suspects received German citizenship and thus a German passport based on claimed pre-World War II address of his grandparents from the municipality of Cologne.

In most European countries, and identically in the rest of the world, breeder documents are unsecure documents while they are the basis of the identity for many of these countries. This lack of security has led to an inherent flaw in all the processes of identity creation using breeder documents as proof of identity/origin. Therefore, the weakest link of the chain of ID and travel documents issuance, and in particular of e-passport issuance, now is the entitlement process, in which the evidence of an applicant’s identity is evaluated. Such evidence is often provided in the form of breeder documents, which remain to date mainly paper-based without any form of security in their manufacturing or issuance processes.
Most breeder documents are much easier to forge than e-passports, and by using forged breeder documents (via identity theft or fake ID) people can obtain genuine travel documents. According to a report submitted to the French Ministry of the Interior in October 2011, fraud in breeder documents could be several percent of the total number of biometric passports in circulation, due to the number of false documents submitted to state civil services. In another domain, a study in France dated April 2010 evaluated identity theft cost for CNAF (French National Health Service), up to 800 M€ (200K frauds cases for 11M families). To make the matter worse, there is yet no standard format or standard issuance process for breeder document Europe wide or even within many Member States. [34] A very few incorporate document security mechanisms, like the Netherlands where a citizen can obtain an extract of the birth certificate printed on security paper from his/her local administration. As a consequence, an administration officer can barely authenticate a breeder document. ICAO is however working on a code of good practice in national ID management, and specifications for birth certificates will be part of these recommendations.

Many studies, one by Frontex on the Operational and Technical Security of E-passports, confirmed that this “breeder documents” issue was vital regarding the legitimacy of documents, which could be delivered on the basis of unreliable ones. It is therefore of the utmost importance to ensure the reliability of the e-passport issuance process for an efficient EU/Schengen border control, and that starts in the very first place with the reliability of the breeder documents. Likewise, e-passports are not the sole target concerned with the weakness of breeder documents: stolen, counterfeit or altered birth certificates are often used to obtain documents needed to create new identities, paving the way to miscellaneous frauds, smuggling of migrants, drugs or weapons, trafficking in persons, terrorist mobility, etc.
The EU, and most truly the World, will have to face another major issue going beyond the breeder document per se: millions of births go unrecorded worldwide every year. This problem was clearly raised during an Interpol meeting in Lyon in 2010, but will not be addressed during this project. Conclusions were that this is the very first step to take into account for establishing effective solutions.

Some approaches to counteract the weaknesses of breeder documents have been implemented in a few countries. In Belgium or UK, centralized databases are used to inventory all required information related to citizens who apply for an e-passport, without any use of breeder documents. In France, the dematerialization of civil documents is piloted since 2011: when a user makes a request for a birth certificate, the town hall of residence is responsible for contacting the town hall of birth to check the data necessary for the process (such as national ID card or passport application). Some security printers or manufacturers also produce secure paper or security features that could partly solve the issue of breeder documents.

However, these solutions remain insufficient to provide breeder documents with complete security and trustworthiness. And currently, both ID cards and the current e-passport issuance process are considered as being unreliable. Breeder documents have to be delivered on the basis of reliable information and processed securely from a system standpoint. What is needed is a complete secure chain from the issuance of a standardized breeder document based on an accurate and up-to-date register of births, marriages, deaths to its secure transfer, authentication, secure use and archive. This precludes the development of a standardized format of breeder documents, the training of operators involved for issuance or verification, the confidence on provided data, the security of the document to guarantee the authenticity and integrity of the embedded data as well as a secure issuance process to eventually a suitable infrastructure to control revocation of breeder documents after death.
This lack of harmonisation or even standardisation, in terms of issuance practice or physical support, is a key problem, especially in the e-passports domain where standards have been defined for the travel document but not for its issuance process. The existence of a standard for breeder documents would simplify the verification process all over EU/Schengen and Associated countries, and then the secure issuance of a passport anywhere when needed. This would have a direct impact for many EU citizens who nowadays no longer live in their country of origin. Like a Pandora’s Box, the opening of European borders has led to new possible frauds, and succeed in obtaining a passport in a MS/Schengen country provides access to all the countries of this zone. A lot of the fraud also lies in the fact that many EU countries have overseas links with peoples from there having the right to EU passports. Thus, it is difficult to have assurance in the identity chain.

In 2008, in a joint statement the European Parliament and the Council lamented the great diversity of situations and procedures in the Member States regarding which ‘breeder documents’ should be produced in order to request the issuing of a passport. During the same year, the European Data Protection Supervisor (EDPS) recommended the Commission to ‘propose additional measures for harmonizing the way in which “breeder” documents are produced and which of them are required for a passport’. More than two years later, in 2011, a study by Frontex indicated that the issuance procedure and entitlement criteria for an e-passport remained regulated at a national level only. ‘The apparent reason for this’, stated the 2011 Frontex research, ‘is that the process of issuing passports is tightly linked to sensitive issues like national sovereignty and national citizenship.’ More recently, in 2012, the presidency of the EU, held by Cyprus, suggested the creation of a ‘EU Harmonized Handbook to the detection of travel documents’ and the ‘development of minimum security standards for breeder documents’.
Although the weaknesses of breeder documents security have been well known for many years, there is no yet wide acceptance about the suitable solutions at a European level to overcome the issue. Concurrently, initiatives as the conclusion of the EU Justice and Home Affairs Council of the European Union on December 2 and 3, 2010 invited the Member States to consider mechanisms on “preventing and combating identity-related crimes and on identity management, including the establishment and development of permanent structured cooperation between the Member States of the European Union” for which breeder documents and birth certificates are an essential element.

A collaborative effort grouping European industries, research institutes, technical experts from the domain, and supporting end-users in the research of appropriate solutions, is needed to ensure the passport breeder document security. ORIGINS will therefore take into account the various studies conducted on the subject up to now, and establish an important connection with past and on-going European Projects related to e-passport breeder documents.

As ORIGINS will develop a dynamic program over the project’s duration together with international bodies, it will take into account the various activities carried both at EU and international levels. A specific attention will be paid to EU initiatives – ECRN, PEPPOL, STORK and STORK2.0. The last three are EC funded R&D programs which aimed to strengthen ID to facilitate the relationships between citizens and government administrations. ORIGINS will take advantage of the activities carried on by ENISA, the EC Heraklion based security agency, in particular through its report on “Security issues in Cross-Border Electronic Authentication” . In a first phase, the consortium will assess the findings and outputs of related R&D initiatives; then it will determine how to proceed and propose recommendations for better ensuring the link between travel credentials and birth legitimacy. Consortium members are already involved in the FIDELITY initiative . Cross-fertilization is currently envisioned so that both programs can benefit from their mutual findings. FP7-SEC FIDELITY (2012-2016) proposes a multi-disciplinary research and development initiative, integrating innovation capacities and expertise on e-passports and related processes and infrastructures, in order to address the complete architecture and e-passport lifecycle. In view of the important role of the e-passport to hinder criminal and terrorist movements and hence contribute to the protection of society, and considering the very specific identified weakness of e-passports currently, that are breeder documents, ORIGINS is willing to complement FIDELITY by coordinating and support actions which aim to increase security surrounding such documents. Finally, ORIGINS will also connect with the latest initiative on the area, i.e. the development of the E.U. Think Tank on Breeder Documents established on 30 May 2012 in order to deliver recommendations on common minimum-security standards for breeder documents.

ORIGINS aims to investigate security gaps of passport breeder documents, mainly birth certificates, and will be limited to these (even though the project’s results could be applied to other documents). It will recommend possible solutions enabling more secure and efficient authentication of individuals at passport issuing points, and which will indirectly improve the reliability of border control activities, while at the same time protecting privacy of the citizens through a privacy-by-design approach. ORIGINS will propose cost-effective solutions to dramatically improve the security of the breeder documents issuance process. Eventually the ORIGINS project shall feed in suggestions to the EU Council’s “Working Party on Frontiers/False documents/Mixed Committee” that is seeking to establish the minimum-security standards for breeder documents (currently a national competence). In order to adopt these standards, which will protect the identity of EU citizens, the Council will have to prepare a proposal for regulation to the EU Commission. This was also mentioned in the Council conclusion during the Belgium presidency in December 2010.

Project News

The European Conference on Breeder Documents will be held in October 2016 (Date TO BE CONFIRMED) by the ORIGINS European Project. It will take (...)

+ All project news

Upcoming Events

No upcoming events at the moment.