Leader: Of course passport security is too weak

Botnets, distributed denial of service attacks, mass mailers, spyware, Trojans - these are all regular security threats. The other thing they all have in common is that none of them was around 10 years ago.

We mention this because the UK government and other governments around the world are launching ePassports whose security will have to be as robust today as it is 10 years down the line.

And today it doesn't look all that robust, given reports that attendees at a hacker convention in Las Vegas have seen a demonstration showing how easy it is to clone one such passport.

Security threats evolve and change quickly and something that was deemed secure at some stage can, six months or a year later, become a successful target for the criminally minded.

So to assume that an electronic passport will be secure for the full 10 years its owner holds it flies in the face of everything we know about security.

The technique displayed in Las Vegas used equipment that can easily be bought. It relied upon an understanding of passport standards which are posted online for all to see by the International Civil Aviation Organisation.

silicon.com Public Sector

Get the latest public sector news straight to your inbox. Sign up for the PS newsletter today!

And this is before the majority of passport holders in the UK even have their first chipped passport - we can only imagine how sophisticated the techniques will be in 10 years' time.

At the moment the cloning of the chip isn't all that useful, in and of itself - though could potentially be the first stage in producing forged documentation as part of a wider counterfeiting effort.

But, as we say, it is early days. Let's see where we are - not that our passports will give the clearest indication of that if they've been cloned - 10 years from now.