Passport History ICAO Era
To my surprise, an examination of ICAO‘s published timeline, accessible via the following link: https://www.icao.int/about-icao/History/Pages/Milestones-in-International-Civil-Aviation.aspx, does not seem to accord the development and evolution of the passport the recognition it undeniably warrants.

In light of the passport's pivotal role in global mobility and cross-border interactions, it's remarkable that its historical journey remains absent from ICAO's annals.

Did you know that the forerunner to ICAO was the International Commission for Air Navigation? It held its first convention in 1903 in Berlin, Germany and a few more afterward.  However, it will take another 44 years to ratify the ICAO, which became operational on 4 April 1947 after the Convention on International Civil Aviation (also known as the Chicago Convention) in 1944. In October of the same year 1947, ICAO became an agency of the United Nations under its Economic and Social Council. 

"The history of passports within the ICAO is the history of a new standardization - Machine-Readable Travel Documents"

Rising air travel led to a new passport standard under the guidelines of ICAO

The League of Nations passport conference in 1920 was the first attempt to standardize passports. However, the remarkable expansion of air travel in the 1960s and ‘70s placed considerable demands on immigration processes, mirroring a historical pattern that had transpired a century earlier with train travel. Passport History ICAO Era

This mounting pressure necessitated enhancements and uniformity in passport standards to expedite the flow of passengers through airports. During this era, the International Civil Aviation Organization (ICAO), operating as a United Nations agency, assumed the pivotal role in overseeing the standardization of passports. 

"This new standardization changed passports regarding form, function and design"

Passport Cards Panel

In 1968, the International Civil Aviation Organization (ICAO) inaugurated a Passport Cards Panel with the primary goal of attaining standardization. 

Inaugural Meeting

The task of formulating recommendations for a standardized machine-readable passport book or card was entrusted to the Panel. The ultimate goal was to expedite passenger clearance at passport control points. Their inaugural meeting took place in Montréal from June 16 to 20, 1969. Passport History ICAO Era

Subsequently, the Panel’s diligent efforts led to the publication, in 1980, of technical specifications and guidance material for Machine Readable Passports (MRP) by the International Civil Aviation Organization (ICAO). This document, known as “A Passport with Machine Readable Capability” (Doc 9303), laid the foundation for the initial issuance of machine-readable passports. 

Nevertheless, the concept of passport cards presented a limitation, as there was no provision for the placement of visa stamps or inserts. 

"It's worth noting, however, that Annex 9 of the Chicago Convention explicitly outlined the long-term aspiration of eliminating the need for visas."

A working group within the International Organization for Standardization (ISO) actively refined these specifications, ultimately adopting them as an ISO Standard in 1985. Passport History ICAO Era

In 1984, the International Civil Aviation Organization (ICAO) established the Technical Advisory Group on Machine-Readable Travel Documents (TAG/MRTD). This group convened for the first time in Montréal from June 16 to 20, 1986. 

Comprising mainly government officials with expertise in border control and the issuance of passports and related travel documents, TAG/MRTD originally aimed to take over the responsibilities of the Panel on Passport Cards. 

Over time, TAG/MRTD’s mandate expanded to encompass machine-readable visas and cards due to the increasing complexity and volume of their work. ICAO found it necessary to form working groups to handle these tasks, and their contributions remained pivotal to the ongoing success of the Machine-Readable Travel Document (MRTD) Program. 

Substantial advancements were achieved in the development of MRTD standards and specifications, contributing to improved international security and travel facilitation. These specifications, outlined in ICAO Doc 9303, evolved from machine-readable passports to encompass all types of MRTDs: passports, passport cards, visas, and official identity documents.

The comprehensive parts within this document elaborated on cutting-edge technical specifications, including those related to biometric travel documents. Passport History ICAO Era

A successful liaison mechanism with the International Organization for Standardization (ISO) was established to endorse travel document specifications. 

Introduction of Machine Readable Passports (MRP) Passport History ICAO Era

In March 2005, the ICAO Council adopted two new standards for Annex 9, which pertained to the universal issuance of Machine Readable Passports (MRPs).

Such passports have sections that encode specific information as alphanumeric characters. These characters are printed in a format suitable for optical character recognition, rather than being presented in traditional text. This streamlines the passport processing for border control and law enforcement personnel, eliminating the need for manual data entry into computer systems. 

Standard 3.10 mandated that all ICAO Member States begin issuing only new MRPs starting from April 1, 2010, while Standard 3.10.1 required that all non-MRPs expire by November 24, 2015. 

Elimination of Handwritten Passports

This deadline of November 24, 2015, applied to all passport types, including Ordinary, Diplomatic, and Service documents. However, it did not intend to preclude the issuance of temporary travel documents designed for emergencies and laissez-passer documents, typically featuring a short and temporary validity period. 

Electronic Machine Readable Passports (eMRTD)

A more recent standard pertains to biometric passports, which include biometric data for traveler identity verification. These passports store essential information on a compact RFID computer chip, similar to data storage on smart cards. Similar to certain smart cards, the passport booklet design incorporates an embedded contactless chip, capable of securely storing digital signature data to safeguard the passport’s integrity and the biometric information. 

Logical Data Structure (LDS)

Every ePassport that complies with the ICAO standard utilizes a consistent data programming and storage format on the embedded chip. Adhering to the ICAO-prescribed Logical Data Structure (LDS), this chip safeguards information by rendering it read-only, ensuring that the data remains unalterable once the travel document is issued. Moreover, the chip secures the data against unauthorized changes. 

However, what can vary is the method by which the chip shares its LDS data with an authorized reader terminal. There are presently three generations of protocols, all officially recognized by the ICAO and founded on the guidelines of ICAO document 9303. These protocols are known as BAC (Basic Access Control), EAC (Extended Access Control), and SAC (Supplemental Access Control). 

All three protocol generations execute the fundamental task of verifying the chip’s authenticity and gaining access to its data. However, with each subsequent generation, additional mechanisms are introduced to enhance the security of this transaction. 

BAC Passport History ICAO Era

ICAO introduced BAC in 2005, it is based upon 24 characters from the Machine Readable Zone, and it is the most common choice for the majority of currently circulating eMRTD to access unprotected data in Data Group 1 and Data Group 2 which are the only mandatory Data Groups by ICAO. 

EAC

In 2006, Germany developed EAC, which was subsequently acknowledged (though not made compulsory) by the ICAO. EAC extends BAC capabilities with specialized security measures for safeguarding biometric data and authenticating authorized readers (Terminal Authentication). In June 2009, the European Union mandated EAC for fingerprints in Data Group 3 of all eMRTD issued by Schengen Acquis Member States.

SAC

In 2010, the ICAO introduced SAC as an enhancement to both BAC and EAC protocols. SAC improves upon these protocols by incorporating asymmetric cryptography for encryption in three variations (General Mapping, Integrated Mapping and Chip Authentication Mapping), and extending the key derivation process not just from the MRZ, but also with the use of a six-digit Card Access Number (CAN). 

The European Union has already adopted the most recent SAC format, and numerous others are expected to follow suit. 

LDS1 Passport History ICAO Era

Covers the electronic version of what is written on the data page of a travel document. Identification of the traveler and the issuing authority. These data are static and remain valid over the lifetime of the ePassport. 

LDS2

ePassports utilizing LDS2 will empower the chip to perform multiple passport functions, enhancing efficiency, reducing administrative burdens, and bolstering security. LDS2 can update travel data over time, including now electronic stamps or visas and other travel(er) related information, like extra (information on) biometrics. 

Processing traveler data electronically is secure and reliable with the right PKI, ensuring proper certificates. This is crucial due to the increasing global air traveler numbers and constant implementation of Automated Border Control (ABC) systems.

To ensure electronic data processing, the following security infrastructures are mandatory. 

Public Key Infrastructure (PKI) Passport History ICAO Era

PKI enables secure communication between ePassports and readers (e.g., border control systems). The data on the passport is encrypted with the public key. It can only be decrypted by the corresponding private key. This ensures that only authorized entities can access and verify the data.

PKI employs a pair of cryptographic keys – a public key and a private key. The public key is freely shared and used for encryption, while the private key is kept secret and used for decryption. In ePassports, these keys are used to secure and verify the authenticity of the data. 

Digital signatures ensure the integrity and authenticity of the data stored on the ePassport’s chip. When information is written to the chip, it’s digitally signed with a private key. To verify the data, a reader (e.g., a passport control system) uses the corresponding public key to check the signature. 

Certificate Authorities (CAs) are trusted entities that issue digital certificates to ePassports, verifying their authenticity. These certificates include the passport’s public key and other information. 

Public Key Directory (PKD)

PKD is a critical component of the security infrastructure for electronic travel documents. The primary purpose is to facilitate secure and efficient exchange of digital certificates and public keys. These are necessary to verify the authenticity and integrity of electronic travel documents. ICAO PKD serves as a centralized, globally recognized repository for the digital certificates and public keys used in ePassports. It’s like a trusted and standardized database of these security elements. Passport History ICAO Era

It allows countries and organizations involved in passport verification to securely and efficiently share digital certificates and public keys. This is crucial because ePassports can be issued by one country but presented for inspection in another, and both need to be able to trust and verify the passport’s data. 

Unfortunately, only 92 of more than 125 countries issuing eMRTD’s are a member of ICAO PKD. Countries that do not share their certificates with other countries therefore will not be able to use ABC systems in that other country.

ICAO PKD has a global reach and is accessible to authorized parties worldwide.It ensures a standardized, secure, and reliable means of exchanging the necessary security information, regardless of the countries involved in the passport issuance and verification process.

The infrastructure also facilitates the distribution of information about revoked or compromised certificates. If a passport is lost or stolen, for example, its digital certificate can be revoked in the PKD to prevent its misuse. 

Passport Card

The following countries are using passport cards (Year of introduction): USA 2008, Ireland 2015, USA, and Maldives 2017. The technical basis for this kind of Identity/Travel Cards is Doc 9303, Part 3. Only the Maldives Card has also a financial service function. 

The US passport card is not valid for international air travel. It’s only usable for land and sea travel to Canada, Mexico, Caribbean countries, and Bermuda. The Irish passport card, on the other hand, is valid for travel to all EU Member States, the EEA (Iceland, Liechtenstein, and Norway), Switzerland, and the United Kingdom. Passport History ICAO Era

Epilog Passport History ICAO Era

This collection of information illustrates the evolution of passports since ICAO took charge of passport-related affairs. When I contacted ICAO about this issue, I quickly sensed they might not be inclined to address it for various reasons. Also, a UN agency’s stringent editorial guidelines were expected.

While some may overlook the DTC topic, it’s essential to note that DTC is unrelated to the passport itself. Therefore, excluding DTC from the discussion was a logical decision. Passport History ICAO Era

I extend my gratitude to Hans de Moel for assisting me in gaining a better understanding of technological terms and structures. This support enables me to craft an article that is accessible to non-experts.

What are your thoughts on the article? Is there anything you would like to contribute or rectify?