As ID & Secure Document News™ celebrates its 10th year in print, I took a moment to delve into the archive and re-read the newsletter’s first editorial in September 2013. This gave, as the newsletter’s raison d’être, the increased societal and commercial interest in secure identity, principally driven by ‘terrorism, technology, illegal immigration and global criminality’.
Quite a prescient piece of journalism! For which I cannot take any of the plaudits as I became editor only at the beginning of 2020, but as we mark the 10th anniversary of IDN it is striking to look at how, despite the rush of technology into the sector, one critical change to ID management, triggered by a seminal event in US (no, world) history, remains unfinished.
The 9/11 terrorists who carried out the attacks in 2001 did so using real identification documents. The lapse in security was not so much in the issuing of the documents, but that many of the terrorists used fraudulent identities to successfully apply for the document. They were able to obtain genuine passports and visas from their home countries, and in some cases, they also used fake or stolen IDs to create a false identity or to provide additional cover.
For example, some of the hijackers had obtained valid visas to enter the US, and they used their real passports for this purpose. However, they also used fake IDs and aliases to rent apartments, open bank accounts, and carry out other activities while in the US. These fraudulent (but real) documents helped them blend into society and avoid arousing suspicion.
The use of both real and fake documents was part of a broader strategy by the hijackers to maintain a low profile and avoid detection by authorities. Their ability to exploit weaknesses in the immigration and security systems at the time allowed them to carry out their attacks.
In the wake of 9/11, there were significant changes to immigration and security procedures to prevent similar incidents in the future.
The 9/11 Commission, officially known as the National Commission on Terrorist Attacks Upon the United States, investigated various aspects of the terrorist attacks, including the misuse of identity documents by the hijackers. The commission’s findings related to this issue were outlined in its final report, which was published in 2004 1. Here are some key findings regarding the misuse of identity documents:
1. Multiple identities: Many of the hijackers used multiple aliases and fake names, making it challenging for authorities to track their movements and activities. Some had multiple driving licences with different names and addresses.
2. Exploiting gaps in immigration and security systems: As an example, some of the hijackers had entered the country legally with valid visas, but they subsequently violated the terms of their visas by staying in the US beyond the authorized period.
3. Lack of information sharing: The commission found that intelligence agencies and law enforcement agencies did not effectively communicate and share information about potential threats.
4. Recommendations for improvement: As a result of its findings, the 9/11 Commission made several recommendations aimed at strengthening the country’s security and intelligence capabilities. These recommendations included improving information sharing among agencies, enhancing border security measures, and implementing more rigorous identity verification processes.
In response to the commission’s findings, the government implemented various reforms and measures to address the vulnerabilities in the immigration and security systems and improve its ability to detect and prevent terrorist threats. These changes were part of a broader effort to enhance national security and prevent future attacks.
The REAL ID Act, passed by the US Congress in 2005, emerged as a response to some of the 9/11 Commission’s recommendations for improvement.
The Act set out stringent requirements for state-issued driving licences and identity cards. It mandated that these documents adhere to enhanced security standards, making it more challenging for fraudsters to create counterfeit IDs. These standards include the use of biometric data, such as facial recognition, and the incorporation of anti-counterfeiting features like holograms and machine-readable technology.
The REAL ID Act was initially met with resistance by some states, with concerns about its cost, logistical challenges, and potential invasion of privacy. However, over the years, most states have come into compliance with the Act, but enforcement of the REAL ID requirements at airports has been postponed several times since its original deadline of October 2020 and now has been pushed back to May 2025.
The REAL ID Act’s journey through the years reflects the complex interplay of security concerns, privacy rights, and logistical challenges in modern ID management that IDN has chronicled in its pages.
For the 10 years that IDN has been reporting on the technologies being adopted by the industry to digitise identity so that machines can measure the correlation of an enrolled with a presented identity. I conclude that much of the shifts have been driven by the demand to deliver faster and more convenient verification for online services.
Whether identity is tested in person or online, by human or machine, there still remains the central unknown exploited by the 9/11 terrorists. How certain can I ever be that the person requesting a particular right or privilege (to open a bank account, to enter and work in a country, to drive a car...) is the person that legally has that right?
As a two-part question, these break down to (a) are they who they claim to be, and (b) does the person that they claim to be have the right they want to exercise?
So, I ask myself… would the 9/11 terrorists have been able to enter the US in 2001 if they had had to enrol in a biometric scheme to apply for a passport, visa or driving licence? My uneasy answer is that it would be harder but still possible.
Which is why IDN will continue to be the voice of the physical and digital identity and secure document industry to not only make online financial transactions and eGovernment services more convenient, but also to champion the use of secure identity technologies to combat ‘terrorism, illegal immigration and global criminality’.