article

Biometrics: The long and winding road…

Posted: 12 April 2023 | | No comments yet

For Issue 1 2023 of International Airport Review, Ian Law, Chief Digital Transformation Officer for Los Angeles World Airports (LAWA), gives an overview of the use of biometrics within airports and what is has taken to get to this point, as well looking ahead to the future.

New biometric gates Tom Bradley International Terminal.

New biometric gates at the West Gates at Tom Bradley International Terminal. Credit: LAWA

Not too long AGO, any conversation about seamless, frictionless, and hassle‑free traveller experience was liberally sprinkled throughout with mentions of biometrics. Biometric technology would allow passengers to whisk through any airport, onto any flight and out the other end without the need to reach for a passport, a driver’s license or even a boarding pass. But times have changed.

The once could-do-no-wrong answer to the industry’s woes has, like many aviation technologies, evolved through trial and error to fill specific cracks in a sector with as many different needs and standards as it has destinations. So, where is biometrics today? And does its winding trajectory in recent years shed any light as to where it is headed next?

Biometric technology’s Satya Yuga

Not too long ago, circa 2014, biometric technology had shot to prominence in the industry as the solution to the most intractable friction points in the traveller’s journey. Vendors’ cartoon videos extolling the virtues of biometrics showed healthy, happy, slender parents shepherding their obedient offspring though the airport, opening doors, dropping off bags, bypassing long security queues, buying duty free (yes!) and boarding flights, all with a simple smile to strategically placed biometric cameras. The system did the rest. It truly was biometric technology’s golden era. Full of promise.

A series of high‑profile hacking events, though in other sectors, still caused anxiety in boardrooms about big data bases of private information.”

Biometrics in travel was nothing new. It had been used for years, but mostly passively. Biometrics were collected, largely by immigration agencies, often fingerprints, but were rarely used in real-time identity adjudication. Its primary propose was to simply store a record.

New technologies created new hope for biometrics in travel. Faster and accurate digital camera technologies, higher bandwidth and infinitely scalable cloud compute platforms and more secure encryption algorithms, all contributed to revitalising the potential for biometric technology to alleviate travel bottlenecks at scale. The value of real-time verification could not be understated. It was a game-changer.

Biometric technology promised to do away with the error-prone and lengthy manual processing of documents. No more waiting while officials thumbed through passports, read, and reread letters and documents, and no more fumbling for boarding passes. Everything would be faster, leaner, and slicker. Cameras could capture accurate facial pictures as subjects walked by, removing the need for the stop-and-go process that plagued airport processing chokepoints. Cameras also put an end to the which biometric? debate.
Cameras would ensure face, in most places, trumped forefingers, thumbs, and eyes and most countries converged on the face as their de facto biometric.

While mainstream interest, and investment, in biometrics initially grew out of the need to verify traveller cross-border identity, the travel industry was quick to grab the concept and apply it to other process friction points. Check-in, bag-drop, duty-free purchasing and airport lounge access were all identified as targets for the faster, paperless, touchless wonder. Local hotel check‑in and car rental also became candidates. Even better, biometric information could be moved between airports, and airports and airlines, to guarantee seamless transit for travellers at their destination airport.

And along came reality

While biometric technology was very promising for the aviation sector, is also proved to be a very potent and complex technology. Taking a biometric reading, scanning a face, was the easy bit. Though early cameras went through teething pains with differing lighting conditions, varying skin tones, and set-up configurations, these were largely ironed out.
The bigger issues centred around the governance of biometric information, the storing, protection and retention of the information and the standards by which the information would be exchanged between agencies, states, and nations. These were gritty, difficult issues on many levels. If country A verifies a traveller’s biometric identity, can country B accept that verification without doing its own?

The common thread through all the biometric solutions today, whether governments, airlines or airports is that they are based on stakeholder‑owned data bases. This architecture is inherently unscalable and fragmented and undermines the potential of biometrics to allow the secure and easier movement of travellers around the globe.”

Privacy groups and different territories’ privacy laws and regulations challenged the use of biometric technology and the use and retention of biometric data.
The concept of a traveller generating a biometric token to move ‘ahead of them’ along their journey was fractured. Influential international organisations, like the World Economic Forum, worked with countries to pilot cross-border travel using digital tokens. It was not easy navigating issues of privacy, ownership, and sovereignty.
A series of high-profile hacking events, though in other sectors, still caused anxiety in boardrooms about big data bases of private information. Now the use of biometrics seemed an overkill for all but national security purposes.

Two-step tango

Some jurisdictions created a public-private collaboration to manage the risk of handling biometric information. In the USA, the Department of Homeland Security introduced the Traveler Verification Service (TVS). TVS in used to fulfil a long-standing legislative mandate to record travellers exiting America. U.S. gateway airports started to deploy biometric technology, mostly e-gates, at their international departure gates, to integrate with TVS. LAX recently completed its rollout of e-gates in its international terminals.
Helpfully, TVS also allows airlines to verify traveller identity during boarding without the need to handle biometric information. TVS is essentially a government Verification-as-a-Service solution.

A collaboration where the government handles the most sensitive data but provides a trusted adjudication to other stakeholders is the best of both worlds, for now.

Is that it?

Biometric technology has found a groove in the aviation industry. It’s still only a shade on the original vision but it’s here to stay in one form or another.
Though a labyrinth of local and national regulations that govern the handling of biometric tokens must be navigated, some major airports and airlines have purchased their own biometric solutions to improve the travel experience. Airline representative body IATA has issued guidance to airlines on how to implement biometric solutions.
The common thread through all the biometric solutions today, whether governments, airlines or airports is that they are based on stakeholder‑owned data bases. This architecture is inherently unscalable and fragmented and undermines the potential of biometrics to allow the secure and easier movement of travellers around the globe.
The latest iteration of internet technologies, branded under the banner of Web 3.0, allows greater direct individual ownership of sensitive personal data by the traveller and better controls of who can have it, for what purpose and for how long. It puts the owner in control. It’s privacy-centric and there are precedents in other sectors. In California, the Department of Motor Vehicles (DMV) will pilot this year the use of a digital driver’s licenses to support traveller verification on domestic flights using Credential Authentication Technology (CAT) deployed at major U.S. hub, including LAX.

But Web3.0 is another disrupter. It means that the industry must consent to the traveller’s privacy standards rather than the other way round, as it is today. It allows for the freer movement of travellers but undermines concepts of loyalty and lock-in that underpin the sector’s commercial model. It paves the way for anonymity and privacy protection at the cost of customisation and familiarisation. It might be right for the traveller but is it right for the industry? Time will tell.

About the author
Ian Law LAWAIan Law was appointed Chief Digital Transformation Officer for Los Angeles World Airports (LAWA) in May 2022. His responsibilities include the development and delivery of LAWA’s digital transformation strategy, oversight of LAWA’s Information Management and Technology program and LAWA Guest Experience. Prior to his appointment, Ian was Chief Information Officer (CIO) at San Francisco International Airport (SFO), where he led the award-winning Information Technology team to innovate solutions in ground-transportation, passenger processing, tenant services, information analytics and cloud-hosted digital services. Ian is the current vice-chair of ACI World’s Airport Information Technology Standing Committee (AITSC) and an industry contributor on the American Association of Airport Executives’ (AAAE) Airport Consortium on Customer Trust Program (ACT). He holds a BSc in Computer Science from University College Cork, Ireland and an MBA from Cranfield School of Management, England.