In March, the National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence, announced that it was seeking feedback from all stakeholders in the digital identity sector regarding a project examining the use of such ID on mobile devices.
Mobile devices have become convenient platforms for many uses such as making payments, checking in to a flight, or storing event tickets. More recently, demand has surfaced to use mobile devices to replace physical identification cards, such as government issued driver’s licenses, with a digital equivalent.
In April 2021, the Department of Homeland Security’s Office of Strategy, Policy, and Plans and Transportation Security Administration (TSA) published a request for information in the Federal Register seeking information about security standards and technologies concerning mobile driver’s licenses. TSA is interested in mobile driver’s licenses because, compared to physical driver’s licenses, mobile driver’s licenses could provide greater security to TSA and all federal agencies verifying an individual’s identity, stronger privacy protections to individuals, and health and safety benefits to all users by enabling touchless identity verification.
Standards for new digital credentials are now emerging that can support both greater individual control of identity attributes and immediate validation with issuing sources. This provides the potential for both improved usability and convenience for the end user and stronger assurance in identity for organizations.
On March 23, 2022, Phoenix Sky Harbor International Airport became the first airport to deploy a new technology that allows airline passengers to use their state-issued mobile driver’s license or mobile identification card in Apple Wallet on iPhone or Apple Watch to verify their identity for airport security screening purposes. At the time, TSA Administrator David Pekoske said he expected the airport to be the first of many to feature this innovation. Indeed, Maryland joined Arizona as the second state to offer this feature in May 2022 and the latest adoptee is the State of Georgia which announced on May 18 that it was preparing to deploy the technology this month.
Running alongside the Apple program, TSA, the Utah Driver License Division and GET Group North America announced that in March this year that TSA would accept Utah mobile driver’s licenses via the GET Mobile app as a valid travel credential in TSA PreCheck lines at select airports around the country.
Ronald Reagan Washington National Airport, Dallas/Fort Worth International Airport, Miami International Airport, Salt Lake City International Airport, and Hartsfield-Jackson Atlanta International Airport are also among the growing list of airports where mobile driver’s licenses are now accepted by TSA.
At Salt Lake City for example, TSA is using second-generation Credential Authentication Technology (CAT-2) units that are equipped with readers that allow TSA PreCheck-eligible travelers to use mobile driver’s licenses or photo IDs for TSA identity verification purposes.
A TSA spokesperson told Homeland Security Today that the agency is continuing its evaluation of biometric and digital identity solutions for identity verification. “Automated biometric technology can play an important role in increasing aviation security effectiveness, particularly at the airport checkpoint, by enhancing current manual identity verification procedures,” the spokesperson said. “Identity management is a central element to security screening. TSA is working to ensure that its biometric capabilities align with leading standards for identity assurance to strengthen vetting outcomes and identity verification. Participation is entirely voluntary.”
The spokesperson revealed that TSA is currently conducting biometric operational assessments – to include facial recognition, mobile driver’s license or digital ID – at 25 domestic airports to study the potential for significant enhancement in identity verification, improved checkpoint efficiency and to provide passengers with a better checkpoint experience.
“TSA has grounded the tests in scientific rigor and early results are promising enough with a small sample, that TSA is essentially expanding the sample size from 115 deployed lanes to about 200 deployed lanes,” the spokesperson told us, adding that further expansion will be “driven by data not dates”.
TSA’s operational assessments are working to improve identity verification while maintaining roughly the same throughput rates and standards as older technology. “In our very early stages, we are generally handling about 180-200 passengers per hour,” TSA told us.
Participation in the assessments is purely voluntary. If a passenger does not wish to have their photo taken, they can tell the officer at the Travel Document Checker podium. Their photos will not be captured. There is no issue and no delay with a passenger exercising their rights to not participate in the automated biometrics matching technology.
In addition, TSA is implementing a number of controls into its technology assessments in the interest of data privacy. Live photos and ID photos are overwritten by the next passenger’s scan. They only remain in RAM memory and are purged when the officer logs off or turns off the machine. There is also an automatic log-off feature after 30 minutes of non-use. There is one exception to overwriting the scan, which is during data collection periods when data is sent to the Department of Homeland Security’s Science and Technology Directorate (S&T). S&T deletes all stored encrypted data, which does not include actual images, within 24 months.
In June 2021, TSA partnered with S&T to test volunteer participant demographic information to measure biometric performances of the systems and found no consistent statistically significant difference across gender, race and skin tone. TSA and S&T will soon be conducting follow up testing with a larger sample size to further improve the systems.
TSA is also working with the S&T, Homeland Security Investigations Forensic Laboratory, and NIST, on a series of technology challenges to evaluate the ability of systems to authenticate identity documents, assess the “liveness” of selfie photos, and evaluate identity verification using images taken with smartphones and similar devices.
Since its inception, TSA has been a pioneer in testing, developing and deploying the smartest technologies to bolster security as well as enhance the travel experience. Its efforts with identity verification continue in the same vein and will no doubt be followed closely around the world.
Find out more about the emerging digital ID and biometric solutions at TSA