Bill Sillery writes that smartphones have great potential to revolutionise the way biometrics are collected for visas and travel purposes, but there are clear limits to the level of trust one can place on DIY biometrics.
The ICAO TRIP (Traveller Identification Programme) that takes place in Montreal each year is arguably the single most important conclave for the mechanics of managed migration in the current calendar. The buzz among the delegates and presenters for the past couple of years has been around smartphones.
As little as five years ago the conference was firmly focussed on machine-readable passports, but now it is all about the potential unlocked by using smartphones as one of the machines.
This isn’t just buzz. Governments and the private sector are rushing to unlock the benefits that self-service mobile solutions bring, particularly where these benefits include avoiding having customers make trips to expensive facilities to give their biometrics or validate documents.
The UK Government is already using a Canadian-developed smartphone application, WorldReach Software’s IdentityReach, to allow EU nationals to apply for settlement ahead of Brexit. Unsurprisingly, uptake of IDV (as it is labelled in the UK) has been high given that the alternative to the ten-minute DIY process is an in-person visit to a facility to have credentials and identity checked.
The smartphone app – which has informally become known as the “chip-checker” – is typical of most planned offerings: the applicant downloads a trusted application and uses the phone’s NFC functionality to read the chip on the passport. This pulls in both the facial image which is used to perform a 1:1 facial verification vs. a selfie, and data from the chip that is used to confirm its validity and authenticity.
This replaces all the steps that might otherwise require inspection by an officer, all within an adaptive application process that can be followed wherever you are.
The smartphone in this case short-cuts the need to invest in facilities and staff and offers a much more convenient experience to customers. The benefits are obvious, which is why the Canadian solution and similar are of great interest to governments and the industry.
The uses and benefits beyond Brexit are manifold and obvious. The Brexit solution is being examined widely for use in any situation where someone needs to prove their biometric identity remotely. Examples include land-border scenarios where travellers use their phone to pre-register their journey and vehicle, or as a way of adding biometric checks to otherwise fully online ETA or VOA programs.
With the smartphone collection of finger-scans very much on the way, it is attractive to look at the smartphone as the complete replacement for biometric facilities, but this is a trap to be careful to avoid. There are limits on the trust you can place in smartphone biometrics because you cannot control the collection environment in the way you can at a facility.
Biometric collection has an intrinsically non-technical collection step. This allows a lot of opportunity for trickery, including submitting manipulated images to the more simple option of using someone else’s biometrics.
There is a simple truth that if you can’t trust the way a biometric was collected, then you can’t trust the biometric, and trust is in effect binary. While there may be a spectrum of trust there is a cut-off point that boils down to the question “do I trust the biometric enough for what I want to use it for?”.
In the case of the UK’s scheme then answer is yes. The biometrics collected from the chip and selfie simply replace those collected in the conduct of a 1:1 check in a facility. The images are neither being used as the basis for a biometric identity, nor to add a new mode to an identity that will be relied upon in any way after the leave to remain has been granted and linked to the passport.
Consider for a moment the potential to use a similar application in the visa application space. For the past fifteen-years or so, most visa applications have required the applicant to visit a visa application centre where there fingerprints and facial image are collected in a controlled and monitored environment. Could a smartphone app replace this step? No, because you can’t trust that the biometrics sufficiently well.
There are a couple of ways to look at this.
In the special case of visas, fingerprints are collected from first-time visa applicants because the receiving government doesn’t want to rely on the passport as the only means of identifying a person. A passport can be deliberately lost en route to conceal a person’s identity or point of origin. A person can have, or have had, past identities that are not necessarily revealed by the passport.
Biometric collection is a way to independently fix a person’s identity, so that they could not conceal it at some later point. So the prints and facial image collected in this way are used to both check against past identities and lock that identity from that point onward. Being able to subvert either of these steps by submitting someone else’s prints or a doctored image is not acceptable.
In a more general case, a smartphone biometric step can and should be examined in the context of a chain of trust. While the biometrics can be used to verify identity in order to create a new link in the chain, they cannot become the basis of that new link.
So, for example, it is okay to verify someone’s identity biometrically in order to attach an electronic visa to a passport, but it is not okay to trust that biometric to identify them in some passport-less situation in the future. Similarly you can’t use a smartphone to add fingerprints to an existing identity solely on the basis that you’ve verified their face against their passport.
Put simply, smartphones can be used to verify against existing biometrics, but not create or add new ones. The collection of a biometric for the first time – or the collection of biometrics to update old ones – needs to take pace in a controlled environment to prevent collection-side trickery.
So, by this rule, smartphones could – and probably will – become the way you verify your identity against existing biometric records, but when you give a biometric for the first time, or replace an old one, you will still need to do it in a controlled and monitored setting.
Bill Sillery is a freelance writer and consultant in identity management and managed migration. During his career as a consultant he has assisted in the design and delivery of major biometric identity management solutions for the UK and Canadian governments, and in the research projects developing mobile solutions for biometric verification. His interests and work are in the grey area between biometrics as a security solution and a facilitation mechanism. He is a citizen of Canada, the United Kingdom and Ireland, and lives in Montreal, Quebec.