How the world’s most secure ID documents protect trust and privacy
By Neville Pattinson, Head of Business Development and Strategic Marketing at Thales
Most of us hardly think about our passports – let alone the security features in them – except when we need to travel. So what is it that makes a passport the most trusted ID document for authorities all around the world? The basis for this trust comes from the modern, chip-enabled biometric technologies that are embedded in these documents. These technologies not only help protect and regulate international borders, they also keep the personal data of travelers safe. With an accompanying set of global standards defined by the International Civil Aviation Organization (ICAO) – a United Nations’ body – passports are able to be universally trusted and secure.
Yet, the expectations of travelers and governments are evolving as digital identities become more common and require transferring the same level of security and privacy assurance in existing passports to these new digital companions.
The modern passport
The established trust and security in modern ICAO-compliant passports is no small feat. Passports must be broadly interoperable and in a way that avoids exposing an individual’s personal information to unauthorized persons.
Creating this necessary trust for governments and people requires that certain data be shared, be verifiable and be secure. Accompanying the printed information in a passport is a digitally verifiable credential containing additional information to identify a person – including biometric identifiers. Comparing all of this information provides assurances to border guards that the data has not been tampered with and gives individuals the highest available degree of trust and privacy – a process that is anything but simple as layered security and processes protect privacy and reduce fraud. However, this wasn’t always the case.
During early development of e-passport standards, it was discovered that chipped information in a passport could be read by intercepting radio signals between passports and passport readers from distances of up to 30 feet away. This was an obvious issue which required the implementation of additional protections to retain personal privacy and national security. Addressing the problem, governments adopted technology specifications that ensure passport chips only communicate with readers during specific authentication procedures that are a combination of scanning printed information, accessing stored data, physical document access, encryption and decryption mechanisms and of course the live document bearer who is able to present the document.
These type of past challenges have created good lessons-learned for how passport security is examined and it has helped set standards for future e-passport enablement – a challenge Thales is well prepared to tackle having equipped more than 40 countries with e-passport technologies.
As passport identity capabilities are being extended into the digital realm, with digital travel credentials, that same security is being thought through to ensure e-passports remain as secure and trusted as their traditional companions.
The major trends driving change are the modern traveler, who continues to demand increased convenience and privacy, and governments that are increasingly concerned about security. Together, these trends are driving demand for new e-passport capabilities.
Leading the charge on digitized passports is the aviation community – an industry at the intersection of government regulation and traveler demands.
Well before the COVID-19 pandemic, aviation stakeholders were pushing for a way to digitize passports to allow touchless, automated processes that replace time-consuming manual checks. However, doing so while preserving security, interoperability and privacy, is a challenging task.
Standards and frameworks for digital travel credentials (DTCs) are still in development, and basic questions like whether DTCs should be derived from the physical passport itself, or generated by the issuer are still being debated by international standards bodies and governments.
Once globally accepted frameworks are established, technology providers will be able to provide travelers with DTCs that allow people to check-in for flights and submit their information for security and customs checks ahead of time. An appealing proposition for authorities as early checks allow more time for robust security checks.
Advance data submission and digital verification will significantly improve airport process efficiency, reducing processing time and therefore the length of security lines at checkpoints. It could also allow travelers to bypass some touchpoints altogether, like check-ins, and reduce or eliminate the exchange of physical documents.
The technologies exist today that would allow all airport checks to be completely touchless but getting widespread adoption will take time as it will require trust. Fortunately passports have a strong foundation of trust and security that bodes well for the future of DTCs.
About the author
Neville Pattinson is the Head of Federal Government Sales at Thales Group’s DIS Identity & Biometric Solutions team based in Austin, TX. Pattinson is a leading expert and thought leader on digital identity solutions such as smart cards, electronic passports, various biometric technologies and mobile digital identity to keep identity credentials secure, private and trusted.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.