So long, passports? Paperless travel may very well be in our near future.
On June 26, Canada and the Netherlands announced the Known Traveller Digital Identity Program. The pilot project will be tested internally throughout the rest of this year, with the goal of completing the first end-to-end paperless journey in 2020. Rather than being stored on a chip on a traveller’s passport, identity information will instead be encrypted and safely stored on their smartphones.
Offering a seamless travel experience, the only requirement for verifying this information through a smartphone is a facial scan. Prior to the traveller’s arrival, the destination authority will have already been provided with early, trusted and verified information. Perhaps most importantly, it will put passengers in control of when and how their data is shared. Travellers will be able to manage their data, agreeing to share it with their airline and border authorities.
With partners including the Governments of Canada and The Netherlands, Montréal-Trudeau International Airport, and technology partners Accenture and Vision-Box, this program is an excellent example of intergovernmental and public-private cooperation.
Such conveniences are afforded by biometrics – the physical or behavioral human characteristics that can be used to digitally identify a person. Methods for authentication include fingerprints, facial recognition, retina scanning and iris recognition.
At the 2019 IdentityNORTH Annual Summit last month, biometrics were a considerable topic of discussion. While there is some debate around the ethics of biometrics, this space is one where Canada is taking a positive lead.
We’ve highlighted two of these Summit presentations that provide interesting use cases and perspectives on biometrics.
Canadian Airport Announces Digital Identity Project Integrating Blockchain and Biometric Authentication
In this session, Sales Director at Nodalblock Brenan Isabelle spoke about his company’s digital identity project with the Saint John Airport in New Brunswick, which involved using their blockchain technology to enhance security. The Saint John Airport was the first in North America to integrate biometric and blockchain authentication, and Isabelle hopes that this project will become the security standard for airports around the world.
“There’s a number of different layers of security for airport employees, the most protective layer is a biometric two-factor authentication card, currently issued to about 100,000 airport employees in Canada,” said Isabelle.
Isabelle took the audience through the intricacies of the project, explaining that Nodalblock’s digital identity technology recognizes authorized personnel in full motion video and the system incorporates a private blockchain back-end, which stores encrypted evidence of each user’s identity. The system authenticates each user in real time based on a check of this evidence. The technology is highly secure. The full motion video ensures “liveliness”, or in other words, ensures the camera cannot be tricked by a high-resolution photo, and the blockchain ensures a secure environment to store identity data and access logs.
He explained the challenges Nodalblock is working through with these Restricted Area Identity Cards (RAIC), given not issued to all employees or covering all entry and exit points of the airport, so security can still be compromised.
When it comes to digital identity in airports, Canada is a leader. “There is no widely [available] biometric authentication for U.S. airports,” noted Isabelle.
Biometrics at the Crossroads – The Coming Privacy v. Usability Battle
Forrester’s Principal Analyst Merritt Maxim detailed some of the interesting legal cases surrounding the use of biometrics. He explained that biometrics are being used everywhere, from the travel industry, to buying cannabis, to scanning crowds for criminals.
Recognizing the obvious ‘Big Brother’ implications with the last example, he talked about some of the challenges facing the other uses of biometrics, namely: privacy, consent, and the changing legal and regulatory environment. He spoke about the Biometric Information Protection Act (BIPA), which outlines that companies need explicit consent to collect biometric information, and how it came into play with the amusement park Six Flags (the state law was passed in the state of Illinois. While other states are considering similar laws, the law in Illinois is currently the only one in effect in the United States). Amusement parks, like Six Flags, use fingerprint entry so that if entrants lose their card they don’t have to pay the exorbitant fee to get a new one, but there isn’t an option to opt out of scanning your fingerprint – something which will likely become more legally problematic in the future, he believes.
Maxim then told the audience about one instance where a family sued the Six Flags park for taking their son’s biometric information without consent and the law ruled in favour of the complainant. Maxim explained that many organizations were under the impression that if there was no harm then there was no foul, so to speak. But the Six Flags case proves that consent is significant.
“As we look at the biometric landscape, there is tremendous opportunity in terms of how it can drive customer experience and the user enrollment process.” – Merritt Maxim
He also spoke about how facial recognition can lead to implicit bias and discrimination – using the Champions League final as an example where it went terribly wrong. The police used facial recognition software in attempts to spot troublemakers and limit the amount of disruption, but it turned out that 92 per cent of the people they detained were false positives, said Maxim.
Despite all of this, Maxim told the audience that he is optimistic about the future of biometrics. “As we look at the biometric landscape, there is tremendous opportunity in terms of how it can drive customer experience and the user enrollment process,” he said.
But he cautioned there’s still a lot to figure out, mentioning that biometrics can be inaccurate and there are still issues around scalability, storage, and the continually evolving legal and regulatory environment.
“You need to really understand what you’re getting into, and consent comes first and foremost,” Maxim stressed.
For more details on the IdentityNORTH 2019 Annual Summit sessions, including “Canadian Airport Announces Digital Identity Project Integrating Blockchain and Biometric Authentication, and Biometrics at the Crossroads – The Coming Privacy v. Usability Battle,” join our community mailing list to view the full Conference Report.
Miss the 2019 Annual Summit?
Join our community mailing list and receive the Conference Report