It’s always a challenge to keep up with advances in fast-developing technology, especially when the media and the industry reporting it can’t seem to keep the information appropriately focused on who’s in charge of what. Case in point: biometrics. There appear to be at least two separate paths of reportage in the airport world to describe the benefits and limitations of using biometrics: one is an overly grand view of how passenger convenience/ facilitation brought about by biometrics will become a leisurely curb-to-gate stroll through the airport; the other is improved security capabilities, both physical and cyber, to meet the constantly changing threat. The desired follow-on for both is increased interoperability among all biometric users and stakeholders ... in essence, a one-size-fits-many approach. What’s wrong with this picture?
That’s a question being addressed by several research efforts, although many fail to recognize the quite different roles, requirements and operational purposes of multiple airport, airline, government, first responder and commercial users; the very different capabilities and constraints of various biometrics such as facial recognition, fingerprint, iris scan, voice recognition, etc., and heeding that old airport caution, “when you’ve seen one airport....”. Some airlines are currently testing facial recognition to speed the passenger from the ticket counter to the loading bridge, but doesn’t get you past the screening checkpoint outbound or the CBP process inbound (notwithstanding Pre-Check and Global Entry, which have their own issues), and it has zero to do with the airport’s physical and cyber-security requirements.
There has been testing in the past; in 2006 a TSA program tested new technologies, including biometrics at 22 airports, but available technologies and underlying software at the time were still not sufficiently mature to be widely implemented. Today, that excuse appears to have been largely overcome, but we’re now back to the original basic questions: which one, to use where, to do what, and which, if any, may be sufficiently adaptable to a wide range of interoperable functions to be viewed as THE common international biometric default so that everyone can play nicely together.
My personal opinion is that none, including the presumptive leading current candidate of facial recognition, can attain that broad goal of broad operational unification for a multitude of reasons, but I am admittedly biased toward the physical security side of the quadri-lateral equation. Translation: (a) the IATA/ACI “One-ID” passenger-centric concept operated by many (but not all) airlines, but interestingly does not name facial as its operative biometric; (b) the Annex 17/ Doc 8973 airport-centric physical security, with a sub-set of blended cyber security systems connecting those two; (c) a mash-up of constantly changing international regulations such as Europe’s somewhat extra-territorial GDPR, and (d) 32 variations on a theme surrounding all the other outliers that don’t seem to fit in anywhere above, requiring us to maintain a 2nd level global structure of parallel but noncompliant legacy systems at small airlines, small airports, small countries... and we haven’t even talked about any legal, regulatory, international agreements and privacy issues yet. Buckle up, folks ... it’s going to be a long and expensive ride, and I’m guessing it’s going to look very different than any of us thought.