Inverid Honorable Mention in Gartner Magic Quadrant for IDV
Using our App? Go here
Travel and Borders Identity Documents

ICAO Traveller Identification Programme Symposium

ICAO TRIP takeaways by Jim Slevin

In the blink of an eye the 19th ICAO Traveller Identification Programme (TRIP) Symposium, or should that read as the ‘DTC Symposium’ is over. So, sat as I am an airport lounge, just for a change, what were my key takeaways this year? 

 

For those deciding whether to read on, here are the main points: 

  • The weather – I am British after all
  • Order, order – have we got our roadmaps right?
  • Digital Travel Credentials – Hype? Mankinds’ savior? Or simply more talk?
  • Border Management - Genuine, tangible improvements to security and facilitation
  • Standards and Testing – and why I have a corporate crush on NIST! 

Let’s get the flippant piece out of the way first. Thank heavens the Montreal winter had not yet kicked in, so blue skies and, in the main, above freezing temperatures were kind to us all. In the last year, some good improvements at Montreal airport to their security screening also meant an improved experience on route to my aircraft departure. That said despite all the talk of digital solutions the departure journey was no more seamless than a year ago; more on that later.

Order, Order 

It was clear that there are a large number of risks that ICAO are managing to their ethos of ‘no country left behind. This was clear in the discussions on a number of fronts but was eloquently positioned by those in ICAO working groups explaining where we are with the Passports globally and the ICAO Public Key Directory (PKD). 

It was great to hear that 165 countries are now formally recognized as issuing ePassports. It was therefore disappointing to read only 100 of those are members of the ICAO PKD to enable everyone globally to benefit from the very essence of the security mechanisms provided by Passive Authentication and signing certificates. In fairness at TRIP 18 in 2023 there were 92 members of the PKD so at least it has increased. 

That still leaves 28 states not yet issuing passports, in some instances for legitimate reasons (population size and travel propensity) and of course chipped passports are not mandatory, to ensure no country is left behind. 

Against this background, where we do not have digitalization of existing secure documents under full control and transparency (e.g. shared keys) the race to move to pure digital feels at best, strained. My feeling, which may be very unpopular and viewed in vendor circles as constraining innovation, was I witnessed some very sensible, pragmatic order being brought to proceedings in regards to the likes of Digital Travel Credentials. 

Digital Travel Credentials

 So, DTC. This subject dominated the proceedings this year more than ever. 80% of vendor presentations and more than 70% of the overall symposium presentations discussed DTCs. On the vendor front in terms of DTC there was more ‘me too’ than Hollywood (I’m sure I’ll get cancelled somehow for that one). 

At times I was expecting to hear that global and peace would be achieved and climate change reversed as a result of DTC such was its lauding. I started to then get really nervous when I listed to a presentation that Bluetooth Low Energy (BLE); an inherently insecure technology, being suggested as the best way to achieve terminal communications for DTC, which by nature will include personal data or at the least pointers to sensitive personal data. 

It was excellent to hear from the states on their experiences and learning from the limited DTC pilots undertaken to date. Including what worked and what did not work and the complexity in navigating initial ‘baby steps’ to steal one presenter’s point in the DTC space. The legal, privacy, coordination and operational challenges remain material and vary across states and even ports. 

I’ll speak more on standards later but I was delighted to hear that ICAO is not pushing forward with DTC Type 2 until there is absolute clarity on the standards for an alternative Physical Component (PC) for this type of DTC. Whilst this approach may be unpopular with many in the travel and aviation community the data privacy, data security and open standards that were and are hard fought for in ICAO Doc 9303 for physical passports should not be sacrificed on the altar of innovation and vendor return on investment. 

That said I amongst others will watch with anticipation as to when the ISO SC17 Working Group 3 (with liaison to Working Group 4) will be in a position to advise on the security and certification of the PC to support Type 2 and eventually Type 3. 

Whilst I have seen presentations on the DTC pilots with the Netherlands and Finland previously they were a welcome voice of reason on what could have easily become DTC hype over reality. Al the best to Finland for part Deus in the form of DTC 2 HEL – perhaps laughing in the face of adversity?  

Border Management

In amongst the presentations lay a real gem in the Frontex INNOVATE presentation on the App4EES pilot and outcomes. Great to see real progress being made to assist in facilitation of the security hard benefits through the Schengen Entry Exit Systems without being caught into the DTC hype. Who wouldn’t want to see a 29% improvement in Visa Exempt processing times anyone. However, the presentation also highlighted some very specific areas of improvement needed, not least building the trust of Border Officers in the data. I for one am already looking forward to the Travel to Europe Transition update next year at TRIP. 

"Physical Passports are not going away anytime soon"

What is clear from all of the proceedings is physical Passports are not going away anytime soon and that of course has implications for a post quantum world. To that end it was good to hear that PQC planning continues within the Working Groups to ensure we have Post Quantum Cryptography (PQC) standards and transition plans in place in advance of the need (i.e. when quantum computing is available to threat actors). With 10 year passport lifecycle taken into consideration then this requires a crystal ball, to some degree, to ensure passports still in circulation remain secure. 

Standards and Testing

Last but not least the updates from NIST were worth their weight in gold and as mentioned I have a real crush on their work. I have been working with and around biometrics for the last 30 odd years and I have nothing but admiration for the small biometrics team at NIST. Their benefit is only matched by their humility. Within one presentation it was noted that the rapid improvements in general terms of  facial recognition can be attributed to algorithm developers introduction of AI (or perhaps more accurately machine learning). I beg to differ. I believe the algorithm providers have ‘upped their game’ including the use of training and learning technologies as a direct result of NIST shining la light on their performance over the last 20+ years. I only wish NIST had the bandwidth to shine the same scrutiny on many other security tools in the marketplace (optical document verification would be top of my list). 

 So in summary, I thank ICAO TRIP for the Symposium. I especially thank those maintaining and building on standards for privacy, security and interoperability in global travel now and into the future.  

Bon voyage. 
Picture of Jim Slevin

Jim Slevin

Jim Slevin is the regional director for the UK and Ireland at Inverid.

published on November 26, 2024

Back to blog

Continue reading

readid-app-passport-demo

Try it yourself for free

Interested in NFC-based identity verification? Our free personal app ReadID Me is available in the App and Plays stores. No personal information is shared with Inverid or other parties; it is a client-only verification.

Or subscribe to our newsletter, sent about 6 times per year. 

Subscribe to newsletter Try our ReadID Me app