There is a continued emphasis across the travel industry and government to re-design the checkpoint and customs experience to more effectively and efficiently process travelers. The aviation travel experience is most often analyzed from the perspective of the passenger screening and boarding experiences. These processes are stressful, take time, require passenger queuing, and generally present a challenge in an environment that is highly regulated, very secure, and often limited in terms of real estate.
The Transportation Security Administration’s (TSA) Transportation Systems Integration Facility is continuously analyzing new technologies that enhance security and reduce passenger friction while assessing the technology, facility, operations, usability, and other factors associated with airport security. In addition, air carriers and airports are doing the same thing. Mobility and self-service will continue to be the focus for all stakeholders and technology providers, and new technologies will be largely driven by Digital Identity services enabled with biometrics or other advanced technology services driven by Artificial Intelligence (AI). That being said, kiosks, automated screening technologies, touchless biometric scanners, mobile applications, and other self-service and touchless technologies will continue to proliferate across airports within the U.S.
Like many broad technology themes, the definition of Digital Identity can change depending on the scenario and how it’s being applied. The National Institute of Standards and Technology describes Digital Identity as “the unique representation of a subject engaged in an online transaction” and notes that “a digital identity is always unique in the context of a digital service, but does not necessarily need to uniquely identify the subject in all contexts.”
What’s important about Digital Identity is that we establish “trust”. For regulated environments, such as aviation, finance, health, defense, law enforcement and other market verticals, establishing a Digital Identity is the first necessary step in extending trust for access or authorization of a digital service.
Back when biometrics were first touted and trialed for air travel, there was a fairly high degree of kickback from the public. This primarily manifested as distrust and concern about what their data would be used for, which resulted from a lack of understanding.
However, we live in a different world today which is more accepting of innovation and more understanding of data management. The public have become used to sharing data online and seeing new technology rolled out across national infrastructure. In recent months, as the travel industry rebounds from the COVID-19 pandemic, new measures that enable touchless travel have become not only accepted but commonplace.
Digital Identities enable digital services, which are often touchless, and people across the U.S. and beyond have been quick to embrace concepts that make it both easier and safer to travel. This global pandemic is driving touchless technology adoption from years to months in some cases, and we’re seeing a big shift in how the travel industry is responding. This is all enabled through Digital Identity, which is tied to trust when leveraging the Digital Identity for a service.
Identity theft and other digital or cyber-related incidents must be taken seriously. Digital Identity solutions are prolific across consumer, commercial, and public markets, and bad actors are always probing technology providers and individuals to determine where they can exploit an individual’s identity with malicious intent. The challenge we all face is educating consumers on how they can limit their exposure to bad actors.
When we talk about Digital Identity in the context of facilitating biometric and digital-based services that increase the experience or ease of accessing a product or service, it’s much easier for people to conceptually understand the Digital Identity touchpoints. People tend to lose focus on the fact that as soon as they logged into a computer or mobile device and created an account with an online service, they just exposed their identities to the world of bad actors. It is vital that cybersecurity protections and data security controls are built into products to reduce that exposure while enabling advanced data security controls like encryption and multi-factor authentication. This gets back to trust, and people need to have better awareness of who their digital service providers are and how those providers are protecting their personal data.
The identity data used by airports and air carriers must be tightly managed, and data quality issues lead to added costs and risks. When we transition an airport to our designated aviation channeling service, we always perform a thorough review of data and eliminate numerous erroneous, duplicative, and outdated Digital Identity records. This process has eliminated potential liability for our airport partners when considering the impacts associated with identity theft or a security incident associated with unauthorized access from erroneous Digital Identity information.
Some of the biggest challenges we are faced with involve the trust determination process, and trust is the key determining factor in authorizing Digital Identity services in regulated industries such as aviation. From the government’s perspective, we typically associate trust to an FBI-based background check and a level of fitness determination associated within a person. We think there are opportunities for the government to re-design that process and apply reciprocity across other trust-based services in the government that streamline the process and allow people to more easily engaged Digital Identity services. For example, legislation was introduced last year to address the use of the Known Traveler Number (KTN) as an alternative identity source to a REAL ID for checkpoint processing. This is a creative idea, and while there are some operational challenges associated with the implementation of this idea, it does create an interesting dialogue about how to use Digital Identities to more effectively associate Government credentials and “trust” levels for accessing various services.
It will be interesting to see how the Trusted Traveler market will respond to Digital Identities. Enabling use of Digital Identities eliminates friction in the travel experience, and it dovetails nicely with many of the innovative Trusted Traveler program activities that both the TSA and CBP are exploring for checkpoint and customs processing. There are literally less touchpoints within the checkpoint queue and passenger screening. When you add in the continued expansion of mobile-based check-in and facial verification services for boarding aircraft, the Digital Identity aspect becomes very important. TSA does understand this, and there are several activities, many of which are supported by DHS Science & Technology Broad Agency Announcement initiatives, that are looking at how better to use Digital Identities to reduce checkpoint friction while enhancing security.
Both TSA and CBP understand that Digital Identity and trust alignment, enabled through a mobile-based process driven by a biometrically-enabled identity verification, further streamlines their operations while enhancing security. It’s a win-win for aviation workers, Trusted Travelers, who have a better travel experience, and for TSA and CBP, who increase their effectiveness while reducing operational costs.
The COVID-19 pandemic has forever changed the game with regards to touchless technologies, which are enabled through Digital Identity services. There are already several technology providers within the travel and entertainment markets that are rolling out health pass services as a way of extending “health trust” to travelers or entertainment patrons. While there are clear touchless benefits that Digital Identity services can facilitate, this has also brought a lot of attention to the acceptable use policies of Digital Identity data. It’ll be interesting to see how our nation balances HIPAA and BIPA laws with Digital Identity services that enable providers to restrict access to services or products based on a person’s health, security, and other protected data.
TSA needs to continue making strides on accelerating the time it takes to field new technologies that enhance security while reducing the friction on travelers. This is a very complex process, but as long as industry continues to expose new technologies and new ways of doing business, TSA will continue to use these new technology-enabled services to enhance its layered security approach for the benefit of all transportation stakeholders. That’s what travelers desire, but that’s also what’s required to keep pace with the changing threat environment.
This article was written for Homeland Security Today by:
Kyle Scott – VP of Strategy and Digital Identity, Telos Corporation
Kyle Scott, a Vice President within Telos’s identity line of business, oversees Telos’s digital identity services and is leading Telos’s roll-out of a nationwide Trusted Traveler service. He has more than 15 years of experience implementing identity solutions within the aviation security market. Mr. Scott also serves as the company’s Program Manager for the DHS EAGLE II contract. He holds a Master’s Degree in Applied Economics from the University of Oklahoma and a Bachelor’s Degree in Environmental Science & Engineering from the United States Military Academy at West Point.
Dawn Lucini, VP of Aviation Security, Telos Corporation
Dawn E. Lucini serves as the Telos ID Vice President for Aviation Security. In this role, Ms. Lucini serves as liaison to the aviation industry to expand industry knowledge of Telos ID aviation security capabilities, which include channeling services, identification management, integration and biometrics. In addition, Ms. Lucini provides aviation security operations, policy, and regulatory subject matter expertise and guidance to Telos ID airport and air carrier partners. She serves as Executive Sponsor of all Telos ID Category X Airport designated aviation channeling (DAC) implementations and large-scale DAC integration projects, leading a team responsible for DAC account management, operations, help desk, and customer care. Lucini serves as the Telos ID representative to aviation industry associations, including the Airports Council International – North America (ACI-NA), Airport Law Enforcement Agencies Network (ALEAN), National Safe Skies Alliance, Airport Consultants Council (ACC), and the Florida Airports Council (FAC).
Prior to joining Telos ID, Ms. Lucini was employed by the Transportation Security Administration (TSA), as Branch Chief, Airport Policy for the Transportation Sector Network Management (TSNM) Commercial Aviation Division, now identified as the Office for Security Policy and Industry Engagement (OSPIE). Prior to joining TSA, Ms. Lucini served as the 2008 Chair of the ACI-NA Public Safety & Security Committee and was the Airport Security Administrator for the McCarran International Airport in Las Vegas, Nevada.
Ms. Lucini began her aviation career at ACI-NA, rising to Senior Manager, Regulatory Affairs responsible for assisting in the strategic development of ACI-NA’s policy on Public Safety & Security and Facilitation issues. Ms. Lucini worked with the newly created TSA on developing and implementing new security procedures and requirements for airports.
Ms. Lucini is a graduate of West Virginia University.
Nathan Lefebvre, Program Manager of Digital Identity in Transportation, Telos Corporation
Mr. Lefebvre has served as a private and public sector subject matter expert and consultant for over 19 years. He has held senior positions at Lockheed Martin, Safran, Smiths Detection, and Telos. He has worked with a variety of Government clients including the Department of Homeland Security, Transportation Security Administration, US Customs and Border Patrol, United States Secret Service, the Canadian Air Transport Security Authority, and the United States Capitol Police.
As a part of his tenure with the TSA, Mr. Lefebvre served as the Portfolio Manager for the Passenger Screening Program (PSP) Carry-On Baggage technology portfolio at TSA, consisting of various checkpoint screening technologies accounting for a total of $1.7 billion in lifecycle costs. He also served as the lead desk officer for the Asia Pacific region in the Office of Global Strategies and the supervisory manager in the Office of Training and Workforce Engagement (OTWE). He has extensive expertise in security equipment technologies, security policy and procedures, and contract management.
Mr. Lefebvre is a graduate of the University of Texas with a BA Degree in History and Asian Studies and holds a MS degree in IT Management from Colorado Technical University.