FB pixel

Claim that DTC ‘is the strongest digital identity’ under the microscope

Opinions from FaceTec, Thales, WPF and Goode Intelligence
Claim that DTC ‘is the strongest digital identity’ under the microscope
 

Many more people have and use digital identities than even a year ago, but there is significant variety in the forms they take. This has given rise to consideration about the relative merits of different digital IDs, as the debate about what constitutes “good” ID meets real-world choice for consumers and businesses.

Digital travel credentials (DTCs) are one of the more prominent candidates, with some obvious advantages, like international interoperability. DTC pilots, including the DTC-1 credential developed by SITA and its strategic partner Indicio, appear to have been successful, and more implementations are being planned.

Indicio CTO Ken Ebert argues in a recent blog post that digital identities issued under eIDAS 2.0 and mobile driver’s license (mDL) programs in many countries and U.S. states do not deliver the same digital trust as DTCs.

Biometric Update reached out to a selection of influential voices and thought leaders in biometrics and digital identity to get their thoughts on Indicio’s bold claim.

How do DTCs stack up against other digital identities in terms of assuring digital trust?

Ebert states that the trust electronic chips bring to passports is transferred to DTCs via scans of the chips and comparisons of biometrics and liveness.

“Biometrics also bind the app and the device to the person, so there are multiple layers of protection against someone who isn’t the subject of the passport using it,” he explains.

The four industry leaders point out that DTCs are an extension of the ICAO 9303 passport standard.

FaceTec SVP of North American Operations Jay Meier says the system delivers digitally signed data which is “therefore easily verifiable and irrefutable,” and that “transferring that irrefutable data to the mobile wallet makes sense.” He does not view the essential elements of the system as “particularly new,” however, and still sees a potential trust gap.

Thales Head of Business Development and Strategic Marketing and new International Biometrics + Identity Association (IBIA) Board Chair Neville Pattinson notes the promise of W3C verifiable credentials, and the way they are being built into trust frameworks for identity and other credentials.

“These are way beyond what a government organization would likely issue,” Pattinson says. “They will have their place in the cyber-connected world of web interactions and ecommerce, ignoring political borders and countries.”

World Privacy Forum Founder and Executive Director Pam Dixon says that DTCs function “beautifully for cross-border travel, and it functions well for law enforcement and national security purposes. That is what it was designed for, and the system works.”

However, she cautions that passports in all iterations have limitations from a privacy perspective that make them unsuitable to serve as “for the foundation for a national or local ID ecosystem especially when thinking of this as bound to a smart phone. There are privacy considerations here with the data and the data flows, and there are multiple security considerations regarding the data being on the smartphone that require a lot of policy work.”

Meier emphasizes that “biometrics are the only trust factor derived directly from a physical human being and, therefore provides the strongest potential binding to that human,” and the importance of the data security architecture.

Any identity solution must be designed to manage risk, which is contextual, Goode Intelligence CEO and Chief Analyst Alan Goode notes. He says Type 1 DTCs “do a good job of assuring trust in the context of travel and border crossing.”

Goode has just completed a major market report on travel digital identity, and he also cautions that DTC Type-3, which will not require the traveler to carry their physical passport, “is probably many years away.”

What is the strongest form of digital identity in production or advanced piloting today?

Goode says that the answer depends on what the digital identity has been designed for. “DTCs are designed for high-assurance scenarios along with the supporting infrastructure so would be classified as being a strong form of digital identity.”

“Digital identity requires a system of symbiotic systems,” is how Meier puts it. He notes Utah’s mDL as an example of a well-implemented biometric system.

Dixon emphasizes that for many of the world’s people, DTCs are removed from anything they will ever experience.

Pattinson notes that for the U.S., once all states are issuing mDLs to the ISO 18013-5 (or -7) standard, “and a trust service is available to verify issuers digital signatures there will exist a highly interoperable and powerful federated digital identity trust framework to enable interaction with government and commercial relying parties.

“Watch W3C prove its worth in ecommerce and international communities on the web,” he adds.

How would you rank the relative importance of cryptographic verifiability, decentralization, and effective biometric liveness in establishing the trustworthiness of digital IDs?

The three characteristics are equally important, according to Goode.

Meier makes the point that “what matters is whether the stored data, however and wherever it’s stored, cannot be reused,” and decentralization is one of several ways to do this.

Pattinson makes a similar point to Meier’s earlier one on the centrality of biometrics, but also vouches for the necessity of the other two elements.

Overall, Goode says Indicio’s argument is sound.

“DTCs are designed to be secure and reflect the critical nature of securing a border. They, therefore, are amongst the strongest digital identity solutions,” he says, and lauds Indicio and SITA’s work in Aruba.

“DTC without Quantum Crypto (DTC still relies of RSA and Elliptic Curve) is going to fail badly and undermine the entire DTC trust framework with quantum computing availability,” Pattinson says.

“A DTC has been created for a specific situation and can be used beyond the travel industry of course, but it’s not the only player in this new emerging digital landscape.”

Dixon notes that like passports, smartphones are still inaccessible to billions of people.  GSMA notes in its 2023 State of Mobile Connectivity Report that 46 percent of the population does not own a smartphone.

DTCs have a growing place in an unsettled ecosystem, at least for now.

Pattinson says, “We are only now seeing the beginnings of our digital identity future and will surely see new and more secure ways of ensuring we are not a dog on the internet when we interact virtually.”

Related Posts

Article Topics

 |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Saudi Arabia’s Absher digital identity for financial inclusion and transactions

The Absher platform in the Kingdom of Saudi Arabia has emerged as the core pillar of the country’s efforts towards…

 

Malawi begins biometric voter registration pilot to test new system

A trial voter registration process will begin in Malawi tomorrow September 13 to put the country’s new Electoral Management Device…

 

Biometrics pilots, launches and investments foreshadow next areas for growth

Biometrics pilots, a patent, predictions and acquisitions paint a picture in the most popular news items of the week on…

 

Biometrics firms pitch privacy in age assurance ahead of US court battle

The U.S. is facing its first constitutional debate connected with age verification in 20 years: The Supreme Court will have…

 

Google announces beta test for digital IDs based on biometrics and US passports

A new type of digital ID based on U.S. passports in Google Wallet has been introduced ahead of beta testing….

 

Permira finalizes $1.3B majority stake acquisition of BioCatch

Permira Growth Opportunities has completed the acquisition of a majority position in behavioral biometrics and fraud prevention business BioCatch, four…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events