Biometrics technology for security screening in the U.S. has been in development since the 9/11 terrorist attacks in 2001 and it advanced in 2016 when the Department of Homeland Security (DHS) and Customs and Border Protection (CBP) joined to put a biometrics exit/entry plan in place.
Speaking on a Future Travel Experience webinar on the state of biometrics in North American travel, LAM LHA Security Innovation founder & managing partner Anne Marie Pellerin said there was high demand among travelers for biometrics, pointing to a 2022 IATA survey in which 76% of respondents said they wanted to use biometric data for airport processes. “They’re tired of pulling out all their documents all of the time,” she said. “They want a simplified process, and they want biometrics to be used in the travel space.”
Pellerin said the use of biometrics took a big leap forward when government agencies began working together. In 2017, the Transportation Security Administration (TSA), part of DHS, began biometric trials, then developed a biometrics roadmap.
“You saw government agencies coming together and comparing notes, which was a great best practice for other federal agencies looking at how CBP, the aviation domain—and, more broadly, at ports and borders—were collecting biometric data from passengers and how TSA was intending to enhance the passenger experience over time,” she said.
In 2022, TSA developed an identity management roadmap, followed by Credential Authentication Technology (CAT), which are units that scan a traveler’s photo ID and match it with their flight details. The new CAT units, referred to as CAT-2, are equipped with a camera that captures a real-time photo of the traveler.
In addition to cooperation between airports, airlines and governments, Pellerin said other key learnings include a full-fledged government vetting process that is in play with both TSA and CBP, standard setting, interoperability and partnering with the public on privacy.
Standard setting keeps federal agencies from trying to act in a vacuum, she said. “The National Institute of Standards and Technology NIST 800-63, version 4, is being looked at across the community,” Pellerin said.
NIST 800-63 provides technical requirements for federal agencies implementing digital identity services, using authenticators, credentials, and a risk-based process of selecting assurance levels. Version 4 responds to the changing digital landscape.
Interoperability between all the different biometrics capabilities is also key. “The question five years ago was, ‘which biometric would be the one of choice—fingerprint, facial, iris?’ I think all the stakeholders in the ecosystem have learned that those different biometrics capabilities have to speak to one another and be connected in some manner.”
Pellerin said the industry has also learned it must talk to the public about privacy and the use case. “We’re not tracking everyone with biometrics; we’re using them in a very meaningful, specific way,” she explained. “And it’s very much an opt-in process, which is privacy by design and how the US system has been put together.”
The lack of a national ID has been a big hurdle for biometrics in the US, Pellerin said, along with funding for future investments. “The TSA and CBP have really stepped up to make these investments across the network. The question is, ‘Will airlines and airports have the resources to follow suit?”
Pellegrin said a big opportunity for the future of biometrics centers around building something that’s more fluid and dynamic “so we don’t have to have one big, heavy process that everybody buys into. There can be a lot of different options that provide something that is seamless and can be easily anticipated by the passengers. I think we’re seeing more and more that lots of different solutions could be implemented, and the goal is to create that infrastructure so that we can pull them all together.”