OSCE Surveys States to Identify Best Identity Management Practices

2,236

Several years ago a US investigator was able to obtain four genuine passports using fake names and fraudulent documents. In one case, he used the Social Security number of a man who had been deceased since 1965. In another, he used the Social Security number of a fictitious five-year-old child created for a previous investigation, along with an identification that showed he was 53 years old. The investigator then used one of the fake passports to buy a plane ticket, obtain a boarding pass, and pass through a security checkpoint at a major airport.

Earlier this year, it was discovered that thousands of Indian citizens had paid a criminal gang for false birth and marriage certificates from the former Portuguese colonies of Goa, Diu and Daman. According to Portuguese law, Indibwgans born in these areas before 1961, or their children and grandchildren, can apply for Portuguese passports because these were colonies of Portugal until that year. However, British and Portuguese police learned that this loophole was being systematically abused in order to obtain a genuine EU passport using false breeder documents.

These two widely reported examples illustrate how gaps in the identity management process can be exploited to acquire genuine passports through fraudulent breeder documents. Following UN Security Council Resolution (UNSCR) 2178, which expressed grave concern about those who attempt to travel to become foreign terrorist fighters, there is a major focus in preventing the cross-border movement of terrorists and terrorist groups.

Since the Resolution was adopted, States have undertaken measures to strengthen border controls, increase information sharing, and enhance the use of watch-lists. The increased restrictions will force terrorists to examine other means of crossing borders. Despite the fact that border controls are tightening, and that we have highly secure passports with biometric chips, the processes for acquiring a genuine passport remain open to abuse by criminal and terrorist groups.

Identity deceptions are particularly prevalent when there are disconnects between passport and civil registry identity management systems – with civil registry systems often being the weaker link.

INTERNATIONAL EFFORTS

The ICAO TRIP Strategy clearly recognizes that travellers’ identity verification is about more than ensuring a secure travel document. The Strategy outlines the so-called five dimensions of traveller identification management, of which Evidence of Identity is one of the key parts. The ICAO Implementation and Capacity Building Working Group (ICBWG), to which the Organization for Security and Co-operation in Europe (OSCE) is an observer, has been working steadily on the issue, and has produced excellent guidance on Evidence of Identity. The ICBWG, in co-operation with regional partners, also remains available to assist States with assessments and developing robust evidence of identity processes. The EU and others are also engaged in initiatives to improve the security of breeder documents.

Though the good news is that this gap is now recognized and efforts are being made to address it, to date there is little reliable data on the depth and scale of the problem.

 

 

WHAT HAS THE OSCE BEEN DOING?

As the world’s largest regional security organization, with 57 participating States spanning five continents from Vancouver to Vladivostok, the OSCE is well-positioned to support global efforts to improve identity management processes. OSCE participating States have agreed to comply fully with the recommended ICAO minimum security standards for the handling and issuance of passports.

Following the adoption of UNSCR 2178, there was a call from the OSCE Ministerial Council to prevent the movement of foreign terrorist fighters through effective border controls and controls on the issuance of identity papers and travel documents. In addition, OSCE participating States have also adopted a range of commitments aimed at facilitating freer and wider travel in the OSCE region, and improvements in the security of travel documents has a direct and positive effect on visa facilitation processes. In line with these dual mandates, the OSCE Executive Structures actively co-operates to support participating States in both the security of borders, and the facilitation of cross-border mobility.

In November 2013, in order to support the ICAO TRIP Strategy, the OSCE organized an Expert roundtable on Addressing the Link between Travel Document Security and Population Registration/Civil Registration Documents and Processes. It is worth repeating one of the primary recommendations that emerged from this roundtable:

Given the diversity of civil registry systems in operation and national discrepancies in how well they are linked to travel document issuance, the OSCE should develop a compendium of best practices on effectively linking the most common civil registration systems in the OSCE region with travel document issuance systems. This compendium would allow OSCE participating States to compare their own system to best practice examples that are most similar to their own system, thereby allowing them to spot potential weaknesses. Likewise, this compendium could be used for capacity-building purposes in the OSCE area.”

In response to calls from the expert community to contribute to improved information sharing on good practices in identity management, in 2014 the OSCE initiated a consultative process involving joint work by its Vienna-based unit working on international travel security, and its Warsaw-based unit working on population registration and freedom of movement. Coming at the problem from both the perspective of security, and of rights to human contacts across borders, these joint efforts agreed the aim of developing a Compendium of Good Practices in Identity Management in the OSCE Region was important.

Moving forward, the OSCE organized an expert group meeting in March 2016 to determine the content of a draft questionnaire to be sent to the relevant authorities of OSCE participating States. The experts also discussed other aspects of identity management systems which should be further researched and reflected in the planned Compendium, steps that included taking stock and reflecting on existing good practices.

DATA COLLECTION AND GOOD PRACTICE PROMOTION

Baseline data on the identity management systems of OSCE participating States is currently being obtained by means of a questionnaire that was developed with the assistance of a select group of identity management experts. This questionnaire was distributed to the relevant travel and identity documents issuance authorities in 57 OSCE participating States during the summer, and responses are now being collated as one element of preparation in the Compendium publication.

It is hoped that by responding to carefully designed questions, the authorities will provide feedback on the main characteristics of their national identity management system, looking specifically into the characteristics of their civil registration system, their ID and travel document issuance system, data sharing between the two systems, verification of the identity of both citizens and resident non-citizens, internal audit, and staff vetting procedures.

As part of the development process, the OSCE will also organize regional expert meetings to present preliminary results and findings obtained from the questionnaires and facilitate expert discussions aimed at reaching a shared agreement on specific identity management policies that constitute cases of good practice and contribute to increased security of the identity management framework.

The development of this Compendium has several important objectives:

  • First, it will support increased data collection on existing polices on identity management and use of evidence of identity as part of the travel documents issuance process;
  • Second, it will help increase awareness among State authorities on the best practices related to secure identity management and the issuance of travel documents;
  • Finally, it will provide guidance when developing procedures for issuance of travel documents based on verifiable evidence of identity.

NEXT STEPS

The development of the Compendium goes hand in hand with the global initiatives that are led by ICAO to promote evidence of identity as part of the ICAO TRIP Strategy. The OSCE intends to work with the ICBWG to explore how the Compendium can be both further disseminated and further utilized beyond the OSCE region, as well as whether there are opportunities for its development in support of capacity building activities.

In addition to supporting the security angle of traveller identification, the Compendium initiative and the OSCE’s promotion of good practices in identity management more generally, also, aims to support citizens’ access to civil and political rights; the implementation of e-government services; accurate voter registration; and the protection of a range of other human rights.

 

ABOUT THE AUTHORS


ZORAN DOKOVIĆ joined the OSCE’s Office for Democratic Institutions and Human Rights (ODIHR) in 2008, where he works as Migration/Freedom of Movement Adviser. His work focuses on providing assistance to the OSCE participating States in developing and adapting their administrative and legislative frameworks for population registration to facilitate citizens’ access to state-guaranteed social and political rights. His work also supports participating States in promoting wider cross-border travel and person-to-person contacts within the OSCE region.

SIMON DEIGNAN manages the OSCE’s Travel Document Security Programme within the Transnational Threats Department, work that includes document security, identity security, access to databases, training in the physical inspection of travel documents, and expanding the use of Advance Passenger Information. He has been working on OSCE issues since 2010 including as a Political Advisor for both the Irish and Swiss Chairmanships.

Author source references and additional information can be provided upon request to ICAOTRIPmagazine@icao.int.

[name]
[name]