April 2016, Munich Airport: As part of the Lufthansa Group’s efforts to digitise travel, the airline first tested the use of biometrics—facial recognition, iris scan and fingerprinting—at their airport lounge. Following what the company says was a successful trial, in March this year, Lufthansa launched one-step biometric boarding utilising facial recognition, at Los Angeles Airport.
“During its initial trials, we cut boarding time by half,” said Bjorn Becker, Senior Director Product Management Ground Ops, Lufthansa. “We boarded approximately 350 passengers onto an A380 in about 20 minutes in comparison to 35-40 mins earlier.”
Twenty minutes. Half the time as before.
Lufthansa’s biometric boarding process looks like this:
- Self-boarding gates with facial recognition cameras capturing passengers’ facial images, as they approach the device.
- This image is sent to the US Customs and Border Protection database for real-time matching and verification.
- After a successful match and verification, which takes a few seconds, the system recognises the passenger as “boarded”.
- The passenger no longer needs to show a boarding pass or passport at the gate.
Lufthansa is not alone. British Airways, Delta Airlines, Qantas, Jet Blue, KLM and AirAsia are some of the airlines that have embraced biometric technologies (like lounge entry, biometric boarding) in its processes. Among the airports, Los Angeles Airport, Sydney Airport, Heathrow Airport, Gatwick Airport, Changi Airport, Orlando International Airport, Frankfurt Airport and Schiphol Airport have tested and/or currently use biometric technology for passenger screening, identity verification and border control.
A couple of months after Lufthansa began their lounge access biometric entry trial, Delta Airlines tested biometric boarding at Hartsfield–Jackson Atlanta International Airport (June 2016), followed by a pilot at New York’s John F Kennedy Airport in June 2017. That same year, in July 2017, Delta launched their biometric boarding process at the Reagan Washington National Airport.
Passengers flying through Atlanta use the facial recognition process of biometrics and those flying out of Washington National Airport simply place their index and middle fingers on the scanner until the device successfully identifies them.
This future of travel stands in stark contrast to how things used to be. And not long back.
Circa 1989, when Mumbai was still Bombay, flying internationally was literally a walk in the clouds—as simple as reaching the airport (often with a band of relatives in tow), checking-in (with bags bursting at the seams with food, gifts and more food), going through a cursory security check (the worst being a pat down) and boarding one’s flight. Verification was a one-on-one process—between the check-in agent and you, the security guard and you, the boarding agent and you; and, after you reached your destination, between the immigration officer and you. Flying was a facile experience.
Fast forward to today. It’s an hour-long ordeal. Or worse. Full body scanners, metal detectors, cameras, baggage x-ray machines, explosives-detection systems and bomb-sniffing dogs. Most major airports require you to take off any extra clothing and accessories that you have on your person, and many have you take off your shoes. Modern day air travel is less travel, more a test. Of endurance and character. This wasn’t always the case.
From Oregon to Seattle, via Babylon and Bengal
The number of people travelling by air has drastically exploded to more than 4 billion in 2017. Perceived threats have heightened and solutions to keep air travel safe have become increasingly intrusive. But, till around 1970, the only thing that one would consider before being air bound was, whether one could afford it and if one has access to an airport and a passport.
Then, “In 1971, a man who called himself Dan Cooper hijacked a passenger plane from Oregon to Seattle where he freed the 36 passengers in exchange for $200,000 in cash. As the nearly empty flight took off again, flying south, he parachuted out of the aeroplane with the ransom and was never seen again,” according to The New York Times. In what came to be remembered as the ‘DB Cooper Hijacking Case’, it remains one of the most mysterious cases of hijacking in the United States—unsolved till this day—which contributed to an eventual change in security procedures at airports.
Forty-five years later, in July 2016, the FBI announced that they “will no longer actively investigate this case”. But the upshot of that case in terms of security practices has remained, evolved and is in constant flux—from sky marshalls to metal detectors to modern airport technology as we have it today.
And this is where biometrics come in. With the promise of hassle-free travel. And the caveat that you are putting too much of yourself out there and in the absence of privacy laws, there is no surety how it might be used. Worse case scenario: against you. But before we get to that, a necessary primer.
Biometrics are unique physical and physiological characteristics, such as fingerprints, iris and facial scans, that can be used for automated recognition.
The earliest evidence characterising identity-based on physiology was in ancient Babylon, where fingerprints were used for business transactions on clay tablets, and in ancient China, where thumbprints were found on clay seals.
A growth in population combined with agricultural and industrial revolutions between the 18th and 19th centuries also saw a spurt in crime. There was an attempt to build standardised systems to identify individuals, including using a fingerprint—a method which was developed in India in the late 1800s by Edward Henry (then inspector general of police in Bengal), Hem Chandra Bose and Azizul Haque. The Henry System paved the way for the modern-day automated fingerprint identification system.
In the late 20th century, the use of computers became ubiquitous, bringing with it the possibility for digital biometrics. The idea for iris identification was first studied in the 1930s, but the first iris recognition algorithm patented only in 1994.
[Your new passport = your face]
While biometric technology has been around for decades in law enforcement, its adaptability has endeared it to manufacturers of consumer goods and for identity verification and border security, making it ominous and a significant security game changer in our modern world—be it in criminal justice or in air travel. Airports and airlines across the globe—the US, Europe, Australia, Asia and South America—have either run pilots or already have processes which use biometric technologies in one form or another.
The US Customs and Border Protection (CBP) has also developed a process where a travel document is not necessarily the primary method to retrieve traveller information. Instead, the traveller’s face may be used to match against US Department of Homeland Security and US government holdings to successfully identify travellers as they enter and depart the country. Jennifer Gabris, Office of Public Affairs, CBP explained, “A facial biometric capture device [camera] can be installed at an airline or airport departure gate without any significant changes to existing airport physical infrastructure. A biometric entry-exit system based on facial recognition is minimally disruptive to the flow of travel…strengthening the integrity of the immigration system, making our borders stronger.”
Notably, facial recognition technology had a false start before it became mainstream. According to James Wayman, “The earliest work in facial recognition technology was done in 1962-64 in Silicon Valley, Palo Alto—a company called Panoramic research Inc—probably funded by the US government. They did some work, they didn’t get very far with it; things didn’t start really taking off till 1989-90.” Wayman is Director of the Biometric Identification Research Program at San Jose State University.
Privacy advocates see the increased use of biometrics for verification and data collection as a red flag in a world that has seen the net of surveillance being thrown wider and farther. They fear that we may be headed towards a Black Mirror-esque world where technology has unanticipated, and often dire, consequences.
While biometric technology may have its value, regular episodes of violation and supervision by authorities and governments—like the scanning of the footage of 1.8 million Yahoo! Users by NSA for terrorists, as revealed by Edward Snowden, unregulated police face recognition in the United States, China’s use of facial recognition glasses for urban surveillance and its “social credit system” and the United Kingdom’s recent announcement to compile a centralised biometric database of its citizens for law enforcement to access and share—making privacy a real concern.
"If you are a government and want to increase surveillance on the population, what is your best shot?"Baptiste Robert, security researcher
A July 2016 report by UK-based charity Privacy International stated: “In non-democratic and authoritarian systems, the power gained from the use of surveillance technologies can undermine democratic development and lead to serious human rights abuses. State agencies are also utilising technologies used for surveillance for offensive and military purposes as well as espionage.”
“Technological developments since the Cold War, during which espionage and the monitoring of civilians were widespread, has increased the intrusiveness and power of surveillance. The ability to monitor the communications of entire groups and nations on a mass scale is now a technical reality, posing new and substantially more grave human rights issues.”
Baptiste Robert, a French security researcher, agrees.
“If you are a government and want to increase surveillance on the population, what is your best shot? Moreover, people are ready to accept almost everything in an airport if it is for security reasons,” Robert said.
James Wayman, Director of the Biometric Identification Research Program at San Jose State University, disagrees. Governments want to track you using your cell phone (if they want to track you)—“they don’t want to try and match your face against a database of thousands of people—it is just not accuAirate enough,” he said in a podcast interview earlier this month.
However, he agreed that the laws governing biometric privacy in the US are inadequate, with still no full understanding of the type of legislation that is needed to protect people from this technology.
Europe, however, could be a good example to follow for robust data policy and privacy laws. The European Union General Data Protection Regulation (EU GDPR) came into effect in May 2018.
According to The International Air Transport Association (IATA) Annual Review 2018: “It introduces obligations for any organisation that offers services to “data subjects who are in the Union,” whatever their nationality or place of residence and regardless of their actual place of business operations. This extraterritorial reach means that all major airlines are likely to be covered by the EU GDPR and should plan for compliance. Non-compliance is punishable by fines equal to 4% of global turnover—akin to fines imposed on multinational corporations under EU competition laws.”
This means, airlines will need to ensure that they handle the personal data of EU passengers correctly and that third parties processing personal data on their behalf also comply. The EU GDPR is stringent about permissions for using personal data and about where that data is held, how it is protected, how long it is kept, and what to do if a personal data breach occurs.
“The United States, for example, has a patchwork of federal and state laws governing data protection. The best way forward for airlines is to use the set of laws that are the most stringent and applicable to their operations as baseline standards. For many, that will be the EU GDPR,” IATA’s 2018 review stated.
Speaking to Ajay Sandhu of ‘The Human Rights, Big Data and Technology Project’ in July 2017, Tanya O’Carroll, a Technology and Human Rights advisor at Amnesty International, pointed out that “the big eye in the sky is not aimed equally at everyone”.
“I say this to my friends and my family every time the debate comes up. I defend [privacy rights] not just for myself. I defend [privacy rights] because there are other individuals who are unfairly treated as suspicious by the state,” O’Carroll told Sandhu. The Human Rights, Big Data and technology project is part of the University of Essex Human Rights Center. It analyses big data and technology from a human rights perspective.
Earlier this year, in March, SITA, a company specialising in air transport IT and communications solutions, published ‘Biometrics for Better Travel: An ID Management Revolution’. The report set the number of air passenger at 7.8 billion by 2036. This is almost double the current figures of over 4 million passengers in 2017 by IATA. “Across the world, airlines are required to check that passengers are who they say they are and that they have the right travel documents,” said Sean Farrell, Director, Strategy & Innovation, SITA. With passenger numbers set to double by 2036, airlines and airports need to be able to move them through these checks as securely and quickly as possible. Biometrics is the technology that can deliver this.
The company which provides biometric solutions to airports predicted that using biometrics to check passengers’ identity would power the era of faster and more secure self-service processes, with innovative ID management programs becoming “more commonplace worldwide as 63% of airports and 43% of airlines plan to invest in biometric ID management solutions in the next three years.”
Vision-Box, a provider of electronic identity management solutions, which has more than 80 international airports using its technology, proves the point. Jean-François Lennon, VP for Marketing & Sales at Vision-Box, explains why their technology works. “It is an enabler towards a document less and contactless passenger participation—it provides a better experience, passengers feel better treated, they have more time to enjoy the airport’s facilities and boarding is quick.”
Closer home, Malaysia-headquartered airline AirAsia launched its Fast Airport Clearance Experience System (Faces) in February this year, at the Senai International Airport. The airline offers its passengers a seamless travel experience from check-in to boarding using biometric facial recognition technology. The process is a two-fold one where a passenger enrols for the service and gets verified through the Passenger Reconciliation System (PRS), after which they use their facial scans to board the flight.
Faces is fully owned and operated by AirAsia, making it unique in the airport biometric technology ecosystem where most airlines partner with airline technology companies to build systems for them.
"The introduction of a biometric exit system does not change current advanced passenger information protocols..."Jennifer Gabris, Office of Public Affairs, US Customs
In India, while there has been no official announcement on using biometric technologies at airports, the industry has shown interest in incorporating biometrics into air travel and linking it to India’s digital ID system, Aadhaar.
In August 2015, Hyderabad’s Rajiv Gandhi International Airport (RGIA) started offering India’s first paperless e-boarding facility. Though different from global biometric airport technologies, the airport sought to use India’s biometric ID system, Aadhaar, as part of the process. “With the implementation of e-boarding at RGIA, now a domestic passenger flying from the airport will need only a mobile e-boarding card and his Aadhaar Card Number to gain entry into the airport,” noted a press release by RGIA.
In November 2016, Bengaluru International Airport was reported to be testing the feasibility for biometric screening. Earlier this year, in India, The Economic Times reported that the Airports Authority of India (AAI) had chosen three airports to implement biometric passenger systems.
Earlier this month, on July 3, Vision-Box, a leading global technology company which builds integrated electronic Identity management platforms, opened shop in New Delhi. Vision-Box’s VP for Marketing & Sales, Jean-François Lennon, told The Ken about the opportunity he sees in India. “India is a gigantic market given the size of its population and its demographics—which are very encouraging v/s China. The domestic aviation market is gigantic and has increased consistently over five-six years. This calls for infrastructure and we are very excited about the opportunities India presents.”
[Bye bye paper]
In most biometric programmes that are currently active or under trials, a passenger can choose if they want to participate. If not, the biometric procedure is non-binding. However, even as some experts and data activists pushback, industry surveys show passengers adopting and embracing new biometric and digital technologies with much enthusiasm.
The ‘Passenger IT Trends Survey 2017’ by SITA, a leading air transport and communication service provider, found that 57% of respondents would surely use biometrics instead of a passport or boarding pass. “The fact that not only are these passengers happy to use biometric technology but, as SITA’s research shows, they have higher rates of satisfaction when they do so, is very encouraging. High rates of passenger satisfaction will encourage both airports and airlines to move to secure and seamless passenger processing,” Sean Farrell, Director, Strategy and Innovation, SITA, told The Ken.
Farrell said that SITA foresees a world where passengers can walk into the airport, approach an automated bag-drop position that will identify them by their face, and progress through security and border checks without “breaking their stride”.
Jennifer Gabris, branch chief of the media division Office of Public Affairs, US Customs and Border Protection, says that biometric technology use in security and border protection is here to stay. “The introduction of a biometric exit system does not change current advanced passenger information protocols, it offers a means to innovate and transform the current process while allowing it to perform its critical immigration and security function,” she said.
Lufthansa’s Senior Director for Ground Product Development, Dr Bjorn Becker, told The Ken that a February 2018 survey of passengers showed that 89% of international travellers who tested biometrics liked the experience, 64% favoured biometrics as the only travel token and 85% expect Lufthansa to implement biometrics.
IATA expects 7.8 billion passengers to travel in 2036, almost twice as many as the 4 billion air travellers expected to fly this year. The transport association’s 2017 Global Passenger Survey revealed that of the passengers surveyed, 82% wanted to use a digital passport on their smartphones for as many flight-related processes as possible, and 64% favour biometric identifiers as their preferred travel token.
Do the math.
In achieving these numbers, biometric technology has the potential to make data the new oil. And everybody knows what happens when you strike oil.
Disclaimer: A previous version of this article misspelled James Wayman’s name, which has now been corrected. We regret the error.