One ID: Preparing for end-to-end seamless travel across borders
Seamless passenger flow is a hot topic in passenger facilitation and although the industry has started to develop and implement this, preparation for the next phase cannot wait; a digital identity to be used globally. Here Annet Steenbergen, Chair of IATA’s Passenger Facilitation Working Group, aims to set out a possible blueprint for secure and efficient global cooperation between airport stakeholders.
CREATING a trusted chain for passengers’ identities throughout the airport process and beyond, solves many of today’s aviation challenges. Persistent passenger growth, global security risks, infrastructural constraints and more demanding passengers form part of a complex set of challenges that meet their solution in the secure and trusted processing of each passenger with a single secure identity check.
Airports including Changi, Schiphol and Aruba are in the process of implementing a biometric end-to-end passenger flow, demonstrating that this is the time for the industry to prepare for the next step: from seamlessness in airports to seamlessness between airports. When passengers experience an easy and secure process the question will be ‘why a smooth process at departure but not at arrivals?’
The reason we must address this issue now is that in order to achieve the goal of a single token, or digital identity in some form for end-to-end passenger facilitation, we need to ascertain standards – both technical and legal. This means we need the capability to connect and send information throughout the end-to-end passenger journey – from booking the ticket to arriving at the destination and possibly beyond – in a way that is reliable and secure. This begs the questions: How can this be achieved and where to start, with so many stakeholders involved?
Within IATA’s Passenger Facilitation Working Group, a task force called ‘One ID’ has begun work on this. One ID aims to establish a trust framework between airport ecosystems to form a foundation for a dependable digital identity, including biometrics to be shared between stakeholders on a need-to-know and allowed-to-know basis.
This requires the process established in one airport ecosystem to connect with another airport ecosystem. I use the term ‘airport ecosystem’ in this context for a reason. To share a single verified and authenticated capture of a passenger’s data and biometrics throughout the various stages of an airport, there needs to be greater depth of cooperation between the core stakeholders that make up an airport ecosystem; the airline, government and airport itself. In my previous article for International Airport Review1, I described how to establish such a public-private cooperation taking our experience from the Aruba Happy Flow as a starting point.
Imagine that someone is booking a flight and as part of the process they can also submit their verified and authenticated passport information. Their mobile device can read the passport by opening the RFID-chip and, by taking a selfie, the biometrics can be matched to ensure that the passport holder is the one submitting the data. The individual can consent to securely share this data and their digital identity for the purpose of the trip with specific parties that they will be in contact with. These parties might need to check the individual’s identity for a specific reason or require specific information related to them, such as their frequent traveller status or special assistance requirements.
Upon arrival at the airport, the traveller’s face is enough to identify them, when required. Check-in is not needed; only bag drop wherein they identify and check in solely by showing their face. As a frequent traveller, when approaching security, they’re identified by cameras as a trusted traveller and as such directed to the appropriate lane. At border control they can maintain walking pace as the authorities were informed in advance of their intent to travel and already agreed that they are genuine. The cameras recognise the passenger’s facial biometrics and the gate opens as they approach it. Similarly, the airport lounge doors open following a quick look in the camera.
Should they decide to shop before the flight, they need not show their boarding pass as a camera at the checkout will verify their biometrics, only sharing the necessary information. At boarding, once again, when approaching the gate, they will be automatically identified allowing them to proceed and get settled for their flight.
Upon arrival from a red-eye flight, instead of queuing for immigration, they can continue walking as the immigration authorities have also received and checked their verified and authenticated passport information (including biometrics) in anticipation of their arrival. Finally, having consented to share their arrival information with the hotel, their check-in there is prepared in advance.
This ultimate end-to-end passenger process is of course not yet available, but we can imagine the reality of this in the near future.
Towards a ‘trust framework’ for airport ecosystems
For a digital identity to be shared between public and private parties and across borders, the first prerequisite is the willingness of stakeholders to trust a digital identity provided by another. This alone will enable federated identity management between parties to be established that ensures a common type of transaction between the participants in a consistent and predictable manner2.
This brings us back to consideration of how this can be achieved: How can such a trust framework with so many stakeholders be created?
Firstly, the reason for creating a trust framework needs to be clear for all involved. Each stakeholder needs to benefit from an interoperable system that shares a trusted identity in an efficient and secure manner. In order to ensure that cooperation between participants is trusted by all it needs to be transparent in its operation. This will enable new parties to join – scalability being an intrinsic part of the trust framework.
The second stage requires those airport ecosystems that are ready and willing to begin this next level stakeholder cooperation to establish a multi-party contract. This contract should define the technical standards, legal rules and regulations that apply; and define the governance that self-enforces and self-certifies the execution of the agreement.
The technical standards stipulated to ensure secure transmission of a digital identity should include requirements to comply with privacy rules and regulation. Cyber-security and data protection are pivotal and any breach will harm the trust of the cooperation and the passenger.
To protect data from being exposed to stakeholders that are not allowed access to certain data, the Privacy by Design principle should be accepted as a founding, starting principle.
Airport authorities will, for example, participate in a trust framework, but in most cases will not be allowed access to full passport data and passenger biometrics. Rather, they only need to know boarding card information that can grant airside access for passengers, or the fact that a passenger needs special assistance.
Ensuring that information is only shared on a need-to-know and allowed-to know basis is central to the data sharing cooperation.
Further technical standards will have to comply with ICAO ePassport standards as well as government requirements, in order for digital identities to be accepted and used for border control processes.
Legal rules and regulations
Each airport ecosystem adheres to the privacy laws of the country it resides in, but these may differ between countries. This can complicate the sharing of personal data across borders. To make it still more complicated, airlines will have to adhere to the privacy laws of the country in which their head office resides, which creates a patchwork of applicable laws. Therefore, an univocal and clear-cut approach to privacy law is called for, that aims to best ensure the privacy of the passenger and the stakeholders.
We must also remember that the current practice; for instance, the legal responsibilities at border control or at check-in, will not change overnight. Passports are read and – in case of automated border control – biometrics are matched between passengers and their travel documents. These laws and regulations will need to be adhered to.
The Privacy by Design principle ensures the way digital identities will be shared between parties takes highest account of passenger privacy. The point of departure is that each party is only allowed access to the specific information that is strictly necessary for them to execute their own processes.
Given this, it is prudent to reflect briefly on the repercussions of the EU General Data Protection Regulation (GDPR) that will come into force on 25 May 20183. This regulation will apply to all European airlines and has extraterritorial applicability.
The implications of the GDPR are far reaching for EU-based airlines as they will have to comply with it, regardless of the nationality of the passengers, the country of departure, or the country of destination. This will therefore impact any airport ecosystem that wants to set up a seamless flow and has connecting European air carriers.
The GDPR currently provides for the highest standards guaranteeing the privacy and protection of personal data of, in this case especially, passengers. Complying with this will contribute to the trust that passengers have in the system. It will furthermore increase their willingness to consent to participate in a simplified and more efficient passenger facilitation through seamless flow.
The technical standards need to be agreed upon and enforced, as well as the legal rules and regulations. Some form of governing will therefore need to be in place for the trust framework to function. It may seem daunting to establish, but every airport ecosystem will have to establish some form of governance to operate their seamless flow. This will have a similar impact on the governance for a seamless flow reusing a digital identity between airport ecosystems.
What might be a better way to visualise this trust framework is think in terms of a quality label, or control mark, that is based on a set of rules and technical standards that are known and available for all. If an airport ecosystem wants to have the ‘Passenger Digital ID-quality’ label (as we are terming it here) and join the trust framework – it needs to comply with the rules and regulations that the quality label sets in order to get ‘Passenger Digital ID-certified’4.
Transparency of this set of rules is therefore imperative. The trust that forms the foundation of a quality label and what it stands for can only be obtained and upheld by knowing that all the participants guarantee and take responsibility for it.
In order to gain or keep certification, participants must accept self-enforced checks and possibly peer reviews.
A trusted chain of identity throughout the airport process and beyond is possible and does not need a lengthy treaty process to establish. The technology and laws are in place to securely implement such a system. It takes a group of airports, airlines and governments that understand that tomorrow’s passenger end-to-end journeys need a solution that requires them to commit to a new level of public-private cooperation. The willingness to take the first step will be driven by the understanding that there are benefits for all involved.
1. Annet Steenbergen & Bart Schermer, International Airport Review, Volume 21, Issue 3, May 2017. www.internationalairportreview.com/ news/33112/key-seamless-travel
3. www.eugdpr.org/eugdpr.org.html This means it will apply to the processing of personal data of data subjects by an organisation, whether it is based in the EU or outside the EU. The request for consent to process data will have to be done in clear and plain language and must be easy to withdraw. Notification of any data breach will become mandatory within 72 hours. To ensure the data protection from the onset of the design of any system, the Privacy by Design principle is incorporated in the GDPR. Breaches can be fined with a penalty of up to four per cent of the annual global turnover – up to a maximum of €20 million.
4. Airlines who want to connect to a seamless flow may individually choose to get certified to join and be able to give their passengers the same level of service and security when arriving at or departing from an airport ecosystem with a seamless flow.
ANNET STEENBERGEN is Co-founder and First Coordinator of the Aruba Happy Flow5 project for the Government of Aruba. She has had more than 20 years international experience working in the field of border control, border management and public private cooperation at airports. In 2016 Annet took on the Chair of IATA’s Passenger Facilitation Working Group and has a seat on the Passenger Experience Management Group at IATA. Besides her work for the Government of Aruba, Annet is a consultant on passenger facilitation innovation with a strong focus on single token end-to-end solutions.