Fake IDs are an important tool for terrorists, as evidenced by the recent attacks in Paris. News that some of the terrorists in Paris possibly used false passports to facilitate travel in Europe —and that at least one posed as a Syrian refugee to enter the EU— point to the fact that identity theft and fraud are directly tied to both national and global security. The ability of terrorists to steal or falsify identities is a major weakness in U.S. counter-terrorism efforts. We need to make it harder for terrorists to falsify their identities, and prevent them from acquiring valuable identity documents.
Terrorists depend on stolen or fake passports, and other forms of identification obtained through fraudulent means. A credible ID lets terrorists blend in, grants them a clean slate to avoid no-fly lists or intelligence agency radars, and gives them access to potential target locations. There is a precedent for this tactic being used by terrorists in the U.S. — 6 of the 19 terrorists involved in the 9/11 attacks purportedly used fake Saudi Arabian names and passports, and the FBI has investigated numerous other cases involving terrorism and identification fraud.
Two main problems exist. First, is the ease with which fraudulent or stolen documents can be used to obtain a government-issued ID. As a border state, Texas is particularly vulnerable in this regard, and, according to the U.S. Department of State, Texas ranks number one in the nation as the claimed place of birth on fraudulent passport applications. With a forged, stolen, or altered birth certificate —which are relatively easy to purchase, and very difficult to spot— an individual can secure a wide range of legally accepted forms of identification. Second, there is usually only one chance to get it right when vetting someone’s identity. Once that person is allowed to enter the US, or even worse, issued an ID credential such as a birth certificate and driver’s license, the vetting process has ended. A mistake in one state can have consequences everywhere else in the country, as the individual that wasn’t properly vetted to begin with now has both freedom of movement throughout the U.S. with relative anonymity and has the ability to obtain other identity credentials. This makes it harder for law enforcement and Homeland Security officials to monitor and track individuals with known ties to terrorism.
A new approach to authenticating identities for the purpose of issuing credentials is required —one that takes advantage of new and emerging technologies, and which leverages our increased understanding of all the ways an identity can be vetted. The Center for Identity at The University of Texas at Austin is a national center of excellence in identity management, security, and privacy conducting valuable research to help guide this new approach.
To begin with, we need standardization throughout the U.S. regarding the types of documents used for credentialing. Thousands of registrars across the country currently issue official birth certificates, and the types of paper, formats, signatures, and security features employed vary widely. This makes it too easy to forge these types of documents and to pass the forgeries off as legitimate. Identity authentication needs to involve more than birth certificates alone; non-traditional types of identifying information should be incorporated, such a biometrics, or the vast amount of publicly available information.
Next, information sharing between counties, U.S. states, and government agencies must improve dramatically. Innovative guidelines for positively verifying a person’s identity must be agreed upon.
Finally, better training is needed for key stakeholders, including city and country registrars, hospital personnel, law enforcement, and DMV employees. Government employees need to know how to spot a fake ID, and who to contact if they do. Educating the right people in the right places to spot fake or illegitimate identification, can go a long way towards strengthening our defenses and preventing freedom of movement and activity by would-be terrorists.
The most effective way to protect against future terrorist attacks is to disrupt them before they can happen. To do this, we must positively identify potential terrorists in the US, and dramatically improve our ability to prevent them from obtaining credentials that allow them to blend in, gain freedom of movement, and avoid monitoring and surveillance. Rethinking our current identity credentialing system is a great place to start.