> Except that history has proven the plenty of crime organizations can fake those really well and pass undetected and maybe you missed it, but the authenticity of your passport or any ID document is proven and validated by the secure cryptographic element in the chip within it, not the fancy features in the plastic/paper of the document, that's why chipped passports are now the norm.
In any case, the forging scales much worse than just getting your hands on a database when you have to forge a physics document with decent security features. It’ll never be 100% secure, but then neither will be a virtual passport.
> Fancy physical documents without security chips are inherently less secure, not more.
All new and future identification documents will have a chip anyway. The baseline is not just a piece of paper.
You start from the premise that a physical document is trivial to forge, therefore it is not an improvement over a purely numerical one. But that’s circular logic. In reality, it is more difficult to steal, copy and re-sell a physical passport than a cryptographic key.
>In reality, it is more difficult to steal, copy and re-sell a physical passport than a cryptographic key.
Just, how? A pickpocket can steal your passport and anyone, even a police officer on the street could have a hard time figuring out if it's actually you or not if your photo looks remotely like the thief. How is it easier to steal passport crypto keys (not the passport number) from a secure government database than someone's passport off the street?
Also, the authorities can cancel your stolen passport, but the pickpocket will still own it physically and can use it to enter places like nightclubs or worse (other than airports and hard borders, nobody checks the passport electronically vs the government database, they all just glance at it and call it a day).
I have the feeling you have no idea how secure passport crypto chips and NFC chips are and you assume all passport crypto keys are some databases sitting randomly on the internet.
Or are you simply assuming that something physically printed must be inherently safer than "some bits"?
> Just, how? A pickpocket can steal your passport and anyone, even a police officer on the street could have a hard time figuring out if it's actually you or not if your photo looks remotely like the thief.
A pickpocket needs to come close enough and risk being caught. It does not scale very much. Falsifying them, whilst not impossible, is also risky and also does not scale. Particularly if the thief needs to look like the person on the photograph.
> How is it easier to steal passport crypto keys (not the passport number) from a secure government database than someone's passport off the street?
That is not the problem (although it is a problem: secure government systems are breached with some unfortunate regularity these days). But for it to be practical, people need to have the keys with them, i.e. on their phones or computers, where protection is much harder to guarantee. Putting them in an air gapped unique device is much better, whether it is something like a Yubi Key, a chip in a passport, or a chip card.
> Also, the authorities can cancel your stolen passport, but the pickpocket will still own it physically and can use it to enter places like nightclubs or worse (other than airports and hard borders, nobody checks the passport electronically vs the government database, they all just glance at it and call it a day).
I don't think anyone seriously cares about night clubs. Most of them accept non-chipped drivers licenses or old fashioned paper ID cards anyway, which is practically no security at all. The point is that the hurdle is high enough to avoid teenagers going in.
> I have the feeling you have no idea how secure passport crypto chips and NFC chips are and you assume all passport crypto keys are some databases sitting randomly on the internet.
Which random smartphone maker would you trust for this? Do you trust all the links in the chain?
Something does not need to be "sitting randomly on the Internet" to be breached.
Besides, I am not sure what you assume about my assumptions. Cryptography is fine. Cryptography on everybody's phone for this application is a terrible idea. Your passport does not need to be on an Internet-facing device.
In any case, the forging scales much worse than just getting your hands on a database when you have to forge a physics document with decent security features. It’ll never be 100% secure, but then neither will be a virtual passport.
> Fancy physical documents without security chips are inherently less secure, not more.
All new and future identification documents will have a chip anyway. The baseline is not just a piece of paper.
You start from the premise that a physical document is trivial to forge, therefore it is not an improvement over a purely numerical one. But that’s circular logic. In reality, it is more difficult to steal, copy and re-sell a physical passport than a cryptographic key.