Malaysia Airlines mistake: stolen passports 'soft underbelly' of air security

The two men who boarded Malaysia Airlines Flight 370 with stolen passports revealed 'a major hole in airport security internationally,' experts say.

The two men who boarded Malaysia Airlines Flight 370 with stolen passports have highlighted a post-9/11 security weakness that has a relatively simple, though potentially costly, solution.

It is not known if Pouria Nour Mohammad Mehrdad or Seyed Mohammed Reza Delavar played a role in the disappearance of the plane, the fate of which remains a mystery. But it is becoming clear that some of the measures intended to tighten security of airports are not universal, and that risk can fluctuate by airline and airport.

Had the two Iranian men flown on an American or British airline – or from and American or British airport – the chances of them being caught would likely have increased significantly. Airline authorities in those two nations searched Interpol’s Stolen and Lost Travel Documents (SLTD) database more than 238 million and 140 million times, respectively, last year – more than any other countries.

In fact, fewer than 20 of Interpol’s 190 member countries used the database at all last year, authorities say. Many countries are reluctant to invest in the technology and professional training needed to implement the heightened security, says Amos Guiora, a law professor at the University of Utah who studies security issues.

The result is that “passports are the soft underbelly of the airline industry,” he says. “The system needs to reboot itself.”

Mr. Mehrdad and Mr. Delavar traveled from Tehran to Kuala Lumpur, Malaysia, using legitimate passports, Interpol says. But there, they booked tickets to travel to Beijing and from Beijing to Amsterdam and later to Germany. Authorities say the passports they used for those bookings were stolen in Thailand from an Italian and Austrian.

Both passports had been reported to the SLTD database and therefore would have shown up if a search had been made.

Countries’ reluctance to rely more fully on SLTD data means what happened on Flight 370 is a common occurrence. About 4 of every 10 international passengers are not screened using the SLTD database, Interpol says. The screening identifies people identified as war criminals, terrorists, and murderers, as well as listening stolen passports. There are currently more than 40 million entries, and these have resulted in more than 60,000 successful hits.

“Undeniably, this story represents a major hole in airport security internationally. There are airports in countries all around the world that do not bother to check readily available databases to see if the passports are being used by their actual owners,” says Thomas Mockaitis, a counterterrorism expert at DePaul University in Chicago. “Criminals are very good at finding gaps in security. Like a mouse getting into your house, it only takes a small hole.”

This lack of vigilance makes “stolen passports worth a fortune on the black market” in lax regions, adds Professor Guiora.

The vulnerabilities laid bare by Flight 370 suggest a need to reach out to airline authorities, some say.

“This should be a worry for us all,” said Interpol Secretary General Ronald Noble in a statement released Tuesday. “If countries are not carrying out full screening of international passengers against Interpol’s databases, then we must look to work with private industry in addressing this security gap.”

But wider use of the SLTD database is not a cure-all, experts say. Beyond better screening techniques, airline authorities need to rescreen passports whenever travelers board a connecting flight, as Mehrdad and Delavar were planning to do in Beijing.

“Each airport needs to consider itself as the initial point of departure,” says Guiora. “It strikes me that relying on another airport to do the right screening probably doesn’t really work.”

Passports themselves can also include various features that make them more difficult to manipulate. Passports issued in the US and in Europe, in particular, are encoded with watermarks, chips, and photo scans (as opposed to photos that can be removed and put on another document).

Meanwhile, passports issued in many countries are “easier to steal and use to make a fraudulent one,” says Sylvia Pacher, a forensics security expert at Corvinus Consulting Group near Washington. “If you have the kind of passport without a chip, it makes it much easier to manipulate.”

Many security experts say relying on passport validity as a security measure is inherently limited. If the passport is not reported stolen and the person’s appearance resembles that of the person in the photo, the passport will not show up in a database and security becomes dependent on the scrutiny of the individual screener.

One option is biometric technology, which can be embedded in a passport and includes face recognition and a fingerprint. Such technology is the only surefire method airports can use to ensure accurate identification, says Shahar Belkin, the chief technology officer of FST21, a biometric security company in Israel.

“If you are able to identify a person based on their face, fingerprint, body size, and voice, then you are in a much better position identifying the cardholder.”