Identity Theft Easy for Terrorists
New passport technologies might have helped
by Bob Sullivan
MSNBC
September 27, 2001
In 1995, a Saudi exchange student named Abdulaziz Alomari at the University of Colorado reported a common burglary. Thieves broke into his apartment and made off with Alomari’s briefcase, his passport tucked inside. Six years later, that passport was quite possibly carried by a hijacker onto American Airlines Flight 11, the first to slam into the World Trade Center on Sept. 11. In an age where marketing companies can track your every click on the Internet, how could a passport reported stolen six years ago be used to gain entry into the United States?
That's just one of the questions that weigh heavily on the leaders of the International
Civil Aviation Organization as it meets this week in Montreal. As the U.N. agency
responsible for setting international passport guidelines, the group is at the
cutting edge of international identity theft controls. For years, airlines,
governments and the International Civil Aviation Organization have pondered
the use of high-tech gizmos to track travelers across borders and foil passport-holding
imposters. But with identity theft potentially a key tool used by the Sept.
11 hijackers, updating passports has a new urgency.
It’s unclear just how important a role identity theft played in the Sept.
11 terrorist attack. Not long after the FBI published its list of the 19 hijackers,
published reports discredited at least nine of the names as fake. Several alleged
hijackers spoke to reporters in Arab newspapers, proclaiming they were alive,
innocent, and the victims of identity theft. Others simply had the unhappy coincidence
of having the same name as a hijacker.
But in at least two cases — Salem Alhazmi, allegedly on the flight that
crashed into the Pentagon, and Abdulaziz Alomari, whose flight struck the World
Trade Center’s north tower — identity theft victims told journalists
their passports were stolen in burglaries several years ago. That raises the
likelihood that the two hijackers entered the United States using false papers
— in one case, papers that were stolen on U.S. soil. Why weren’t they
stopped at the border?
Because no single worldwide agency keeps track of stolen passports, experts
say. Local police in Colorado who received Alomari’s burglary report might
have informed the Saudi Embassy — but the embassy wouldn’t routinely
inform the U.S. State Department or the Immigration and Naturalization Service.
And in the case of a passport stolen overseas, U.S. agencies are even less likely
to hear about it.
A WAY OF LIFE
Identity theft is common in the Middle East, according to Boaz Guttman, retired
chief superintendent of the Israeli police force’s National Unit for Fraud
Investigation. Forged documents — now even easier to produce, with the
proliferation of home laser printers — are used to migrate from Arab state
to Arab state or to get in and out of the Gaza Strip, he said.
“It is not a sin at all to use forged documents. It’s a way of life,”
Guttman said. “And in any terror attack, generally, you will find I.D.
theft.”
It’s likely that Osama bin Laden’s terrorist cells utilize identity
theft on an even more sophisticated scale. If terrorists assumed the identities
of citizens from U.S.-friendly Arab states to help in their dirty work, as Saudi
officials still maintain, it’s probably not the first time. The Times of
London reported last week that former CIA director James Woolsey has said stolen
Kuwaiti identities were a key element of the first plot to take out the World
Trade Center. During the 1990 invasion of Kuwait, bin Laden agents murdered
12 Western-educated men for the express purpose of stealing their paperwork
for later use, Woolsey said. Ramzi Yousef, prime suspect now being held for
the 1993 trade center bombing, used several of those identities.
IN THE DARK
With nearly six years of warning about this tactic — Yousef was arrested
in 1995 — why wouldn’t U.S. border guards be on alert for travelers
trying to enter the country with stolen passports?
Put simply, there is nothing remotely like a comprehensive list or database
of such stolen identities, leaving border guards in the dark.
But even such a powerful database did exist, it would only be as useful as the
Immigration and Naturalization agents who used it, said Bob Viteretti, a former
New York City prosecutor who now does security consulting for Kroll International.
“It’s like baggage scanning. We don’t always put the most sophisticated
person in this spot,” Viteretti said. “And not every passport is checked.
If you go during peak hours, it’s more randomly done than we probably would
like to acknowledge.”
TECHNOLOGY WOULD HAVE HELPED
With an estimated 1.7 billion travelers last year, this imperfect system is
already stretched beyond its capabilities to nab every criminal before he or
she crosses. But it doesn’t have to be that way, says Bernie Ashe, CEO
of AiT Inc. AiT technology is used by passport- and visa-issuing agents in over
20 countries, including Canada and the United Kingdom. Ashe thinks existing
facial recognition software, or other image scanning devices, might have helped
authorities stop the Sept. 11 attacks.
“I think it would have made a difference, I really do,” he said.
“I can’t say for sure. But I think it would have increased the chances
of someone detecting somebody who was on a watch list.”
AiT has a technology that lets a computer compare the image included on the
traveler’s paperwork with the live camera image, looking for inconsistencies.
A second test sends the live image off to a central database filled with images
of suspicious travelers.
“We think it’s magnificent. It uses existing information people have
in their wallets anyway,” she said. “You are not creating new requirements.
It’s completely non-intrusive. The traveler is aware it’s happening
because the camera is right there. And it works.”
The International Civil Aviation Organization has studied a number of “machine
readable travel document” formats, but generally has agreed on facial recognition
biometrics, said Denis Chagnon, ICAO spokesperson. But agreeing on a concept,
and implementing a new worldwide system using it, are two very different things,
he said.
“It won’t work if three governments have that system,” Chagnon
said. “All governments have to adopt the system, all 187 states.... It’s
a big job — but there’s been a lot of progress.”
Key to any of these systems is matching the paperwork with the traveler to ensure
the two match. NEXUS Group International Inc. will be presenting its high-tech
passport solutions to the 187 countries represented at this week’s International
Civil Aviation Organization Assembly Session. With instant international adoption
unlikely, CEO David Lobb said some of these technologies can be implemented
piecemeal, increasing security gradually.
“You could implement it at various stages, you can enhance what is already
done now. Just identifying (airport and airline) employees would be a step,”
he said.
His company offers several biometrics I.D. solutions, but Lobb said he prefers
use of image captures compared to a central database of known troublemakers.
Self-contained ID cards — such as a card with an embedded, digitized fingerprint
used for verification — can ultimately be hacked and copied, he said.
“With central databases you also get data mining,” he said. Travelers
who log suspicious border-crossing patterns can be flagged, for example.
STILL AN IMPERFECT SYSTEM
But it’s hardly perfect. For one, U.S. and Canadian citizens are not used
to having the movements tracked so closely, admits Chagnon, and fliers might
complain about the facial recognition software. There were noisy complaints
against similar software used at this year’s Super Bowl. There have also
been reports that the software performs less-than-perfectly — no arrests
were made courtesy of the software during the Super Bowl. And the St. Petersburg
Times reported that the Santa Ana, Calif. Police Department made no arrests
using similar technology during a four-year trial period.
But even if it did work, the most critical element to stopping imposter border
crossings, the central database of suspicious travelers, doesn’t exist
yet. The international police agency Interpol allows some countries to swap
arrest warrant information, but nations have been very reluctant to share “watch”
lists like suspected terrorists. Even Soren Frederiksen, president of CompuBlox
Inc., which writes software for Nexus, admits the problem.
“We make the technology.... There’s nothing we can do about the database,”
he said.
So in the end, were such facial recognition software in place when alleged hijacker
Abdulaziz Alomari entered the U.S., it still wouldn’t have flagged the
passport as stolen unless the Saudi government had contributed that information
to a central database. It is possible, however, that it would have noticed his
face didn’t match the picture on the passport — or the face scanned
by I.D. computers the last time someone claiming that identity passed a checkpoint.
Either way, the system won’t work unless information is widely shared.
“Unless the computer systems are loaded with this information, and every
customs inspector checks everyone, it doesn’t do any good,” Viteretti
said. “But it’s not all that difficult a task. Given the electronic
world we live in, that’s something that is doable. In fact, it’s a
no-brainer, I’d say.”
© 2001 MSNBC
FAIR USE NOTICE: This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available in our efforts to advance understanding of criminal justice, political, human rights, economic, democracy, scientific, and social justice issues, etc. We believe this constitutes a 'fair use' of any such copyrighted material as provided for in section 107 of the US Copyright Law. In accordance with Title 17 U.S.C. Section 107, the material on this site is distributed without profit to those who have expressed a prior interest in receiving the included information for research and educational purposes. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml. If you wish to use copyrighted material from this site for purposes of your own that go beyond 'fair use', you must obtain permission from the copyright owner.