Checkpoints at airports have always been an object of passenger discontent with both document and immigration checks consistently receiving the lowest scores in passenger satisfaction surveys. Biometric technology has long been hailed as the ‘silver bullet’ to solve airport checkpoint-focused issues, improving processing speed, accuracy and security simultaneously, but is it really the panacea to end all travel ills? Tom Knierim investigates.
The European Union (EU) has put biometrics at the very core of its Smart Borders programme since 2013, while the US accelerated the roll-out of airport biometric systems through a Presidential Executive Order signed in 2017.
For its part, the aviation industry is pressing ahead with various independent biometric boarding trials, while the International Air Transport Association (IATA) tries to solve the issue of global interoperability (itself a remaining barrier that stands in the way of a truly paperless end-to-end passenger journey).
Indeed, the IATA’s OneID initiative aims to unify the industry by agreeing on global standards and introducing a collaborative identity management solution with biometric technology at its heart.
With such market force behind biometric technology, it may come as something of a surprise to learn that the global forecasts for biometric-based airport automation sees the deployed units only triple by 2022.
Set for a future of biometric airport automation?
Is it simply a case of ‘all biometric’ then? Not so fast. Potential data breaches and privacy concerns pose an issue for many commentators. Data protection regulation affords biometric data special protection. Biometric information, of course, can identify a person by their physical or behavioural characteristics. It’s unique and irreplaceable, and could well expose innocent people to identity theft.
You may be able to change your password or bank account if either is compromised, but you cannot change your fingerprint. Data protection regulations therefore sanction the legal use of biometric data in the context of airport automation only under specific and explicit circumstances.
Many have concerns about the prospect of entrusting a third party with such precious data. Such unease may be justified. The US Customs and Border Protection agency reported earlier this year that images from its growing facial recognition database had been compromised as part of a malicious cyber attack. Thousands of passenger records were stolen from airlines such as Air Canada and Malindo Air, while millions of citizen records from Brazil and Ecuador are now up for sale on The Dark Web. These real world examples only serve to demonstrate how vulnerable our personal data can be.
The risk of data loss is multiplied if it should be shared in a network of globally interconnected systems with many independent stakeholders. The aviation infrastructure relies on a plethora of interconnected systems with airlines, airport authorities, Governments and various industry/third party service provider exchanging information in order to transport passengers. Often, these systems were designed before cyber security was a real concern. A recent KPMG survey of Chief Information Officers found that IT leaders in the transport sector have much lower confidence in their ability “to identify and deal with cyber attacks” compared to their peers in other critical industry sectors.
Who can be trusted?
Another major concern is trust in how the data’s used. Governments and industry alike often favour the creation of large centralised databases containing biometric information to overcome interoperability challenges. However, there’s mounting public unease that the use of such systems may go beyond improving passenger satisfaction or security by collecting data to profile people for surveillance or commercial reasons at the peril of data privacy.
Setting aside the issue of bias and error rate with some biometric technology, critics state that such systems may not comply with certain core principles of data protection. The top European Data Protection Supervisor, for example, has been very critical of such databases since the introduction of the EU Smart Border programme in 2013, demanding strict purpose limitation and transparency.
Other countries may have been more lenient in the past, but this position is also changing quickly. Although there are no federal laws restricting the use of biometric data in the US, states such as California, Illinois, Texas and Washington are leading the way with similar data protection regulations. Others are sure to follow.
Embedded in consumer consciousness
Biometric authentication is already deeply embedded (and accepted) in our consumer consciousness through the use of smart phones. It’s also clear that, due to all of its benefits, the travel sector is firmly set on a path towards biometric-based airport automation. Yet less privacy may not be the currency the passenger is willing to pay.
Take, for example, the aforementioned IATA OneID concept. It also centres around yet another biometric enrolment-based identity management platform that’s “persistent for a certain period of time and doesn’t need to be repeated for every trip”. Creating more biometric databases potentially managed by one or multiple commercial entities to achieve end-to-end paperless boarding for the sole reason of passenger convenience may be a goal that’s increasingly difficult to justify.
As the digital society matures, so does understanding of the associated risks and long-term privacy implications of handing over personal data. Organisations – whether public or private – must be cognisant that the privacy debate is only getting started and that scrutiny of such solutions can only intensify.
The right balance needs to be found between protecting the privacy rights of passengers and, at the same time, improving travel convenience and security. Technology will need to adapt to serve the objectives of all.
Where do we go from here?
Technology is already evolving and suggesting new and innovative approaches to address these concerns. An important emerging trend in biometric data management is that of ‘identifiable anonymity’ – a term coined to describe secure authentication against a known identity without the release of any identifiable personal data (more of which anon).
One alternative that’s gaining some traction in the US is the concept of the ‘mobile passport’. Instead of the creation of large biometric databases managed by a third party, this approach leaves full control with the data owner (ie the traveller). Any sensitive biometric information is encrypted and never leaves the passenger’s mobile device. While this approach addresses some of the regulatory challenges such as purpose limitation and transparency, it still falls short on the issue of identity assurance – the process of reliably linking the digital identity to the individual traveller.
The emerging idea of a ‘Biometric Identity Service’ may offer a viable solution here. Unlike large-scale civil identity schemes (eg national IDs and Visa systems, etc) where biometric and other personally identifiable information (PII) is stored together with all other data about a given individual, this approach stores all data centrally, but disaggregates the biometric and other PII data. The ‘Biometric Identity Service’ needs a certified third party to vet identities and link them to its biometric data to then provide an ongoing identity authentication service.
The approach here is consistent with that of ‘Zero Trust’ as it allows authentication against a known identity without releasing any identifiable personal data. It has the potential to radically reduce data theft as transactional and PII are separated and, therefore, rendered useless to a determined hacker.
This approach would offer the individual more anonymity and control over the data by limiting the ability of organisations – commercial or otherwise in nature – to combine data sources in order to profile individuals.
Tom Knierim is Industry Advisor at Westlands Advisory
*Harvey Nash/KPMG CIO Survey 2018
*IATA OneID Concept Paper