By Trevor Butterworth
Analyst Alan Goode recently noted that “the travel industry is at the vanguard of digital identity adoption globally.”
As a company leading the vanguard, with partner SITA, we agree. But there’s a lot to unpack here for consumers and other business sectors.
To legally cross a border, you must have a passport; therefore, it stands to reason that crossing a border “digitally” requires a digital identity as trustworthy (or even more trustworthy) than a physical passport. We explored the idea of “government-grade” digital identity in a previous blog and how Digital Travel Credentials following standards set by the International Civil Aviation Organization (ICAO) achieved this grade by using decentralized identity technology.
This technology changes the fundamental way we identify ourselves digitally and online, and the way we share and authenticate information.
- They allow us to hold our own data in a highly protected way
- They make this held data cryptographically verifiable so that it is portable and trustworthy.
- This eliminates the need for “identity accounts” that require logins and passwords which are at risk of being phished or faked (for example, frequent flyer programs).
- This in turn eliminates the need for identity accounts with personal data to be stored by third parties for verification (a security risk because the data is stored in centralized databases that are difficult to protect against data breaches)
- This also means that a person can hold their own biometric data, bind it to their digital identity, and have it cryptographically verifiable in a way that obviates the risk of AI deepfakes.
Centralized databases accessed through user accounts are a fundamentally weak way to manage identity and authentication to access resources. This is because they are susceptible to a single point of failure.
Here’s a hypothetical: Imagine a business database with a million customer accounts and their account details. Imagine all but one customer — 999,999 — are hypervigilant about regularly changing passwords and clicking on suspicious SMS messages or emails. And then that one person clicks, in error, on a phishing email and inputs their account login and password. That phishing attack nets the personal details of all 999,999 user accounts.
That is the essence of data breaches and identity theft: It’s an all you can eat buffet costing billions of dollars in both losses and security. Current solutions treat the symptoms rather than the disease: multifactor authentication, passwordless, single sign on; all add complexity, expense, and friction to what is meant to be an instant process without removing the underlying problem.
And we haven’t even talked about complying with data privacy regulation.
What the travel sector has quickly realized is that decentralized identity solves all these critical identity and access management problems: Let the customer hold their data and let the portable trust created by decentralized identity do all the work.
With government-grade verifiable identity credentials, travel can be seamless because we can authenticate this information when it is presented by customers. We don’t need to store and manage it.
Tackling the biometric threat
Perhaps one of the most important and least commented on aspects to digital travel is that decentralized identity saves biometric systems from catastrophic risk.
Biometrics were the answer to passwords: Instead of the farce of coming up with new, complicated phrases every few months to manage your account login, use your face. Or voice. Or fingerprint.
These became the seamless answer to password theft — until generative AI technology suddenly made biometrics easy to fake. And while you can reset a password, you can’t reset a person’s physiological characteristics. Once a person’s biometrics are stolen, how are they supposed to get them back?
This is where verifiable credentials and decentralized identity come to the rescue. There are multiple ways to bind liveness and biometric information to an identity check such that you can be sure that I am who I claim to be. And because this biometric information can be verified cryptographically, it can be held by the traveler instead of being stored in an airline database, where it turns into a permanent privacy and security liability.
Verifiable credentials save biometric systems.
First-class data sharing
|This is why what’s happening in travel with digital identity is showing the world the future. We have taken the toughest use case — crossing a border digitally — and solved it to the satisfaction of governments, airlines, airports, AND travelers.
The combination of people holding their own data, deciding who they want to share it with, and this data being cryptographically verifiable rewrites the entire digital landscape. With portable trust, information can go anywhere.
####
