Commercial, Regulation

Biometrics, Privacy Concerns, and the Future of Authentication

IDEMIA’s next-generation CAT machine uses biometrics to enable acceptance of digital identity credentials such as Mobile ID. (Photos: IDEMIA)

Biometrics enable fast and seamless authentication or identification. However, as the TSA tests facial recognition in U.S. airports, there have been concerns about privacy in regards to how passenger data is stored.

The company IDEMIA specializes in identity and security solutions. Its brand recognition primarily stems from its collaboration with the Transportation Security Administration (TSA), notably through the TSA PreCheck program. As the enrollment provider for TSA PreCheck since its inception in 2013, IDEMIA has registered more than 17 million individuals who have joined the program.

Additionally, the company is widely recognized for providing Credential Authentication Technology (CAT) machines used at TSA checkpoints. “We are the sole provider of both the CAT-1 and now the CAT-2 machine,” Lisa Shoemaker, Vice President of Corporate Relations at IDEMIA, told Avionics

“The CAT-1 machine is what is deployed at almost every airport checkpoint lane today. TSA announced the awarding of a contract to produce the CAT-2 machines earlier this year,” she noted. The seven-year contract includes a ceiling of $128 million.

CAT-1 machines verify the authenticity of travelers’ ID cards by cross-referencing with passenger manifest data as well as TSA-managed systems like Secure Flight, a risk-based passenger pre-screening program that identifies low- and high-risk passengers. The TSA officer performs a 1:1 match between the displayed image and the person standing in front of them.

The CAT-2 machine features a mounted camera screen that captures the image of the individual’s face prior to the 1:1 match process. Those enrolled in the Face ID program, currently being piloted in Atlanta, have the option to forego ID insertion entirely. The technology being tested at the airport there relies solely on a facial match.

According to IDEMIA, the next-generation machine uses biometric technology to enable acceptance of digital identity credentials such as Mobile ID.

Travelers can always opt out of the 1:1 face match process and to go through manual processing by the TSA.

A biometric facial recognition platform has been implemented at Frankfurt Airport by SITA, an air transport technology company. “Passengers can use biometric technology to seamlessly pass through each stage of the journey by simply scanning their face,” according to SITA.

“IDEMIA is very proud of the position that we have taken around privacy as we’ve developed all of the applications and tools that our customers use,” Shoemaker remarked. She added that the company firmly upholds the principles of privacy on the edge and privacy by design and does not retain any of the information that is collected. IDEMIA relies entirely on its customers’ policies and practices.

“All of these agencies, whether they are federal, state, or local, have their own laws that govern how they can collect data, what they do with it, and when they can dispose of it,” she explained. 

As partners in this domain, IDEMIA maintains a steadfast stance of non-possession of any collected data. Shoemaker firmly believes that such practices should be upheld across the industry. “That’s not always the case,” she said. “I think that’s where some advocates on the other side of the aisle from us on this would have concerns—there’s not necessarily a guarantee that every vendor has that type of policy in place.”

She also remarked that transparency is of paramount importance when a government engages a vendor with different data collection and retention policies. It is crucial for consumers interacting in these spaces to have explicit knowledge of how their information will be handled. 

Particularly in collaborations with the federal government, there are comprehensive policies in place to ensure that vendors are prohibited from retaining, selling, or utilizing the data for any unintended purposes. Furthermore, once an application is completed, access to the data is typically restricted.


Receive the latest avionics news right to your inbox

Comments are closed.