For a variety of reasons, September 11, 2001, was a crucial crossroad in modern aviation security. It was the first time ever that a civilian aircraft had been used as a missile, marking the beginning of the ‘War on Terror’, for which aviation had inadvertently become a frontline. It was also the day when the failure and inadequacy of aviation security was put beyond doubt. The events of 9/11 were proof, if proof was needed, that existing methods of airport security were deficient, broken and unsuited to the diverse challenges and threats posed in the 21st Century.
In May 2000, about 16 months prior to 9/11, a US Government Accountability Office report titled, ‘Weaknesses in airport security and options for assigning screening responsibilities’ had highlighted the ineffectiveness of airport security and in particular the current methods of checking the identity of travellers. Special agents had used fake credentials to gain access to secure areas at a number of large American airports. This included passing security checkpoints and walking to aircraft departure gates. The report concluded that these agents could have carried dangerous items such as explosives and weapons or narcotics onto the aircraft.
At best it was a damning indictment of the shortcomings of airport security in the United States, the largest and most sophisticated aviation market in the world. At worst, it was a worrying reflection of the state of aviation security globally. Against this background, it is perhaps understandable that prior to the terrorists’ incidents in New York and Washington DC, there was a lack of biometric technologies employed in front line airport security either in North America or anywhere else around the world. Specifically in the US, the vast majority of biometric applications used before 9/11 were not for passenger security but rather for employee access control. For the main part, passenger screening and identity verification were carried out manually and without the aid of technology.
Adoption of biometrics at airports
Almost immediately after 9/11, security and border management processes at airports began to be radically transformed by newly introduced legislation, procedures, processes and technologies. The use of biometric technology was an obvious choice for governments and airports. The technology was relatively mature, and although it had not been widely used in airports up to that time, it offered the possibility for governments and the air transport industry to improve security without negatively impacting passenger facilitation. In the airports, the adoption of biometric technology began in three key areas:
• passenger facilitation through secure self-service
• access control for airport workers
• border management and security
The air transport industry is constantly striving to improve passenger facilitation, reduce costs and improve efficiencies. The rapid expansion of passenger self service has been at the forefront of this effort, delivering substantial cost savings with the added benefit of putting passengers in control of their journey through the airport during check-in, bag drop, boarding and inbound immigration. Significantly, the continued expansion of passenger self-service is highly reliant on correct passenger identification and verification, since air travellers are implicitly ‘trusted’ to provide the right information and manage processes without the intervention of authorised aviation personnel.
Consequently, fail-safe security at vital points in the process is essential, otherwise the self-service business model is doomed to failure as it would reintroduce an unacceptably high level of uncertainty and risk. This fact has been recognised by the industry through the IATA-led Simplifying Passenger Travel initiative, which maps out the future of airport processes, built around secure self-service using biometrics at every step. Biometric data captured during check-in, can be used to verify the passenger at a common bag drop facility, at the security checkpoint and lastly during self-boarding at the gate prior to embarkation, using an eBoarding gate.
Beyond primary passenger processing activities, there are further selfservice and cost saving opportunities where biometrics identification can positively impact the experience of passengers journeying through an airport. For instance, at a number of tier 1 airports, several airlines are considering introducing ‘Frequent Flyer Cards’ embedded with a passenger’s biometric information. Once established, these embedded reward cards can be used to offer differentiated services to premium customers, such as expedited boarding and access to exclusive facilities at the airport, including lounges, fast track check-in zones or parking. Potential benefits of these developments include increased passenger satisfaction due to greater customer control, reduction in the time taken to board aircraft and a decrease in resource requirements.
Staff access control
The use of biometrics is now well-established at many airports as a means of securing and controlling access to restricted areas for staff, aircrew and suppliers; whether that be between landside and airside or for access to the apron, airfield, maintenance or baggage make-up areas.
Biometric technology overcomes the limitations of conventional access control systems based on pin codes or passwords and photo IDs; since unlike most traditional methods of identification, biometrics cannot be lost, forgotten, stolen or easily forged. Although access control is normally the responsibility of the airports, governments have played a role in driving standardisation and in some cases in the creation and enrolment of airport workers in national programmes. In Canada for example, the Canadian Air Transport Security Authority (CATSA) created the Restricted Access Identity Card (RAIC) programme. The Canadian Government administers the programme and provides the infrastructure for enrolling airport workers and issuing the biometric credential.
The airports are responsible for operation of the access controls systems, which involve a two-step verification process. Firstly, the credentials are checked against a list of valid RAIC cards and secondly, the airport workers live biometric is checked against the biometric stored on the RAIC card. Since 2003 the US has operated a similar programme called Transportation Worker Identification Credential (TWIC) at US seaports with more than 1.1 million enrolled workers and ships’ crew using a biometric credential based on the same standards used for federal worker identity cards. The programme is expected to become a basis for standardisation of airport worker credentials across America.
Leaving aside the operational benefits of biometrics, biometrics technology offers economic advantages over traditional, manned cross-entry points for restricted areas on an airport. Take, for example, a conventionally manned landside-airside staff crossing. Ordinarily, it would take at least two full-time employees, each working eight-hour shifts to provide 16 hours daily coverage. By comparison biometrics could provide 24/7 coverage for a fraction of the cost, which amounts to substantial savings at airports with multiple crossing points. As a result, there are many airports taking this approach in conjunction with a CCTV camera, to ensure no one tampers with the devices or to perform spot checks.
Two airports using biometrics for staff access control combined with automated barrier systems are Amsterdam Schiphol and Manchester in the UK. Furthermore, by replacing manned crossing points with biometric identity management, both airports have successfully eliminated welldocumented high error rates associated with manual identity verification and authentication.
In several states including the United States, the EU, Abu Dhabi, Dubai, Singapore and Japan to name a few, biometrics were adopted for border security after 9/11. Predictably, the United States led the way in applying biometrics for passenger identification and verification in 2001 when it mandated, almost overnight, that US airports strengthen their security “by using biometrics or similar technologies that identify individuals based on unique personal biological characteristics”. Biometric technology uses these characteristics to identify individuals automatically.
This mandate, introduced at US airports in late 2001, was subsequently codified into American law on May 14, 2002, when the US president signed legislation HR 3525, the Enhanced Border Security and Visa Entry Reform Act of 2002. Following the American example, many other countries subsequently adopted biometrics for identity management at gateway airports for inbound immigration and entry. At many international airports, primary line immigration screening using biometrics is fast becoming the norm. In the United States, the US-VISIT implementations at the nation’s gateways are considered good examples. Similarly, many other government programmes such as IRIS in the UK or PRIVIUM in Holland, use biometrics to establish or validate identity at airport border control points.
Some authorities use fingerprints (USA, Canada, UAE etc) as the primary biometric, others use the face as favoured by ICAO (for instance, Australia) whilst some use IRIS (UK and Holland) and others hand geometry (Japan). Indeed, the last 12 months has seen unprecedented international legislative activities to push through biometrics for border security at many airports globally. For instance in the EU, Article 1 (3), Regulation (EC) Nr. 2252/2004 calls on member states to commence issuing ePassports and biometric eVisas.
The EU has also moved to issue policies concerning common standards for biometrics enrolment and vetting, to verify exit and entry – in a similar fashion to the United States. In the Far East where the picture is more or less the same, SITA is currently implementing a primary line biometrics capture immigration system, for the Indonesian Government. Benefits of using biometrics at such entry points include increased passenger throughput and flow rate. Biometrics also offers improved productivity, flexibility, immigration intelligence and potentially, a decrease in human error rate and the number of frontline immigration officers.
Challenges to adoption
Yet for all the advantages of biometrics over manual identity verification and authentication, some issues stand in the way of overwhelming global adoption. Pervasive worldwide implementation is still some way off, due partly to the fact that whilst there are global standards in place for biometrics, there is still no agreement on a single or common biometric identifier (fingerprints, iris, hand, face etc). The absence of such an agreement has implications for interoperability of biometric systems between states, which is a key obstacle to widespread implementation as governments are naturally reluctant to make a commitment in the face of uncertainty, regarding a globally accepted biometric identifier.
Equally impactful but less technical are concerns about data privacy and the encroachment of civil liberties; spurring opponents of biometric technology to push for robust limitations to address personal privacy issues. Over the last couple of years, high profile loss of consumer data by commercial entities and by governments as in the case of the British government, which lost data belonging to 25 million people has not helped.
The usefulness and role of biometrics in passenger self-service was effectively demonstrated during the miSense trials in 2007, for which SITA was a key solutions provider. The experiment, which involved passengers travelling between the UK, UAE and Hong Kong, successfully showed that biometrics is a key enabler of seamless, secure, self-service travel. In the trial, a biometric identifier captured during check-in, was used by participants for security access to airside, for self-boarding and finally for automated immigration at the country of destination. In effect, it proved once and for all, the central role that biometrics can play in simplifying and streamlining passenger travel.
Biometrics can be an incredibly powerful tool, capable of reconciling information collected during reservation, check-in, and boarding with arrival data at destination, thus allowing full transactional transparency for immigration intelligence gathering. However, biometrics is most effective when it is integrated with airline and airport processes to streamline aviation operations and make travel seamless, efficient and convenient. Moreover in this format, it is a potent deterrent and barrier to the worst kind of trans-border criminality, such as illegal migration, drug trafficking and terrorism. Lastly, in an integrated environment, where data and infrastructure are shared and duplication avoided, biometrics has the potential to offer outstanding security and processing advantages as well as cost benefits over manual identification methods.