Sitting around the dinner table recently at a family gathering my sister, who lives in Paris, was venting her frustrations about the queues she experienced recently at the electronic border gates in Heathrow airport.
My brother then chimed in with his experiences, which went something along the lines of: “I couldn’t get through either, the machine didn’t like the look of me!”
I asked if he had removed his glasses, as they might have affected the facial scanner. He said he hadn’t been asked to remove them; had he known, he would have.
This conversation highlights an important point - that while the biometric or e-passport is better than its predecessors, it is still not the perfect solution. We cannot lose sight of the customer experience in the rush to deploy the latest technology because of its touted gains in efficiency or the increased return on investment. The customer experience must be better than what exists now: 20 or 30 seconds for a passenger to clear an e-gate is too long when there are 400 people behind them waiting to be processed. It needs to be two or three seconds.
The number of passengers passing through airports is set to double by 2029
With 1.8 billion international arrivals expected worldwide in 2030, identity management is going to become even more complex because not all countries, government agencies, airports and airlines are at the same level of maturity. It is absolutely critical that all the actors in the travel ecosystem know with certainty that every passenger is who they claim to be. This will require new processes to be designed, tested and adopted which will in turn require significant increases in transparency, industry and governmental cooperation and better communication between all the stakeholders. New technologies like biometrics, blockchain and zero-knowledge proofs have a significant role to play.
One possible solution under development for creating a better airport and travel experience is a passenger token. The token uses a passenger’s facial biometric data to identify them at the various points in the airport where there is an engagement of some kind. This removes the need for the regular presentation of travel documents at every step of their journey.
To make this possible, the passenger’s facial biometric must be bound to their ticket, visa, boarding pass and passport at the very start of their journey. This could work as follows: the passenger checks-in at home and declares their passport details as part of this process. These details can be securely verified with their government’s passport office using privacy-preserving technologies such as zero-knowledge proofs; the passport office packages the e-passport and other associated travel details into a token, with the customer’s express consent included to allow it to be accessed by parties who need to view it. This information is then made available to the relevant government agencies, airports and airlines for the duration of the traveller’s journey.
The use of new technologies doesn’t stop with advanced biometrics. Blockchain technology, which allows for the secure and seamless distribution of information across multiple systems, organizations or even countries, is being touted as a means of ensuring efficient and secure distribution of traveller information. By allowing a customer to declare their information once at the start of their journey, have it verified by an authority, and then allow permission for all the stakeholders to securely view and access it, passenger movement through airports could be dramatically improved. The information could also be provided to the customer themselves to be carried in their mobile phone or other device capable of secure storage.
This could mean that no matter where in the world you are, any government agency could simply verify your identity by taking a photo or video of your face or by scanning your phone to verify that you are who you say you are and are authorized to travel. Plus, it could be done according the principles of privacy by design - so that the data is stored in a single, secure location, and all parties who need access to it can do so through a permission-based architecture. This could provide a much better way to verify a person’s claimed identity than having to rely on the person themselves presenting a paper-based document in the form of a passport.
But as with all technological advances there are risks that should not be ignored. Facial recognition is not foolproof. False positives as well as false negatives are a real and significant risk. These should not be downplayed or ignored in the rush to improve efficiency and increase profitability. The security of the travelling public always must be the primary objective. The right to privacy of the individual and how their personal data is used must also be treated with the appropriate level of care and consideration.
While it is still early days, the signs are positive. If this new vision for the identification and processing of airline passengers can win the support of governments, the airline industry and the travelling public themselves, it bodes well for a future of safe, secure and comfortable air travel.
Tags: Rob Leslie, Sedicii, Heathrow, Aviation, Cybersecurity, Innovation, ZKP, Identity, World Economic Forum, Travel and Tourism, Blockchain, International Security