By Matthew Finn, Managing Director, AUGMENTIQ
Identity management is not a new concept; it’s one we’ve been grappling with for thousands of years. Yet the basic premise of identity management remains unchanged and continues to pose a challenge for the air transport industry: How do we establish someone is really who they say they are?
For the past 400 years or so, the predominant method for establishing identity has been the passport. Yet it was only in 1920 that any thinking developed to establish a global passport standard. Some 60 years later, in 1980, the International Civil Aviation Organization (ICAO) took over that global responsibility to develop and enforce international standards for passports, travel documents and identity cards – a responsibility ICAO still holds today.
Throughout the 1980s and 90s, the evolution of the standard focused principally on strengthening the physical features of identity documents, setting out recommendations on the use of specialist inks, paper, watermarks, printing techniques, laminates and other security features.
It wasn’t until the early 2000s when the emphasis shifted away from strengthening physical features to improving the relationship between the document and the person presenting it. Through this change in thinking, government and industry started looking at how to make it more difficult to falsify a passport, resulting in the introduction of biometrics – unique physical characteristics, specific to a person, tying their unique identity to their unique identity document.
And with that, the e-passport was born. It is only now in 2016, that just about everyone has a biometric e-passport, and that gives us a real opportunity to establish – and benefit from – the link between the person to whom the document was issued and the person presenting it.
Yet we still face the challenge of not knowing if the person in front of us is really who they say they are. Despite all of the fantastic advances in technology, we remain vulnerable.
Arguably, the evolution of the modern passport should have resulted in reducing, if not eradicating, the identity vulnerability. However, over the past few years, as security features of passports have improved, the previous problem of ‘document fraud’ has given way to a new and perhaps even more worrying problem of ‘identity fraud’.
Staff on the front line, no matter how well trained in document fraud detection, won’t be able to detect when a passenger is presenting a fake document – because it isn’t a fake; it’s a genuine document that’s been fraudulently obtained, that is, a genuine document issued to a fake identity.
The problem is the document has been issued to someone who doesn’t exist. As a consequence, there has been a near wholesale shift away from people trying to falsify what was once a genuine travel document to people creating entirely fake identities and getting genuine documents issued to them.
Much of this is owed to the fact that we have not paid nearly enough attention to the integrity of document issuance processes or the authenticity of ‘breeder’ documents such as birth certificates. In short, what we’re facing is the ability of people who can create a new identity, to obtain a birth certificate in that name and subsequently obtain a genuine document. Fraudulently-obtained genuine travel documents, or “FOGs” as they are often known, are notoriously difficult to detect.
To understand identity in a purposeful way, governments need to review the entire document issuance process: What documents were needed to apply for a new passport? What checks were made on those documents and the identity of the individual presenting them? And what measures are in place to ensure that identity is real and the person presenting the document in the future is the exact same person to whom it was issued?
Of course, technology can play an important role. But we have to be really robust about how we work together across the boundaries that exist between the public and private sector and collaborate across the entire spectrum of stakeholders: document manufacturers, technology providers, airlines, airports, ground handlers, governments, regulators and security organizations.
The challenge of identity management is not going to disappear. It’s here to stay and it will become increasingly complex. Companies such as SITA and other companies with deep specialization in identity management are in a unique position. They can offer support and help industry stakeholders to collaborate and use new technologies, such as biometrics, to secure the entire identity chain and the entire passenger process – in a way that improves security, mitigates risks and delivers better, smarter outcomes and experiences for the billions of passengers who travel every year.
Collaboration is absolutely essential to leading the way forward.
Matthew Finn is the managing director of AUGMENTIQ – an independent security consultancy working with government and industry to improve security at ports, airports and international borders. He is also the founder of the Security Leadership Lab. Contact: firstname.lastname@example.org