- Globally Based
- Posts
- 🛂 Known Traveller Digital Identity: Overview and Status in 2024
🛂 Known Traveller Digital Identity: Overview and Status in 2024
The travel sector is under pressure because of more travellers, increased security requirements and infrastructure limits. One of the recently proposed solutions could be the Known Traveller Digital Identity concept. Let’s explore the idea further.
The travel, tourism and transportation sector is under high pressure because of a growing number of travellers, increased risk and security requirements and infrastructure capacity limits. This kind of pressures hinder a secure and smooth cross-border journey and cause a lot of pain for businesses, governments and travellers themselves. This combo might reach a tipping point, putting at risk the travel experience and future growth of the industry.
And now, with the help of the latest advancements in digital identity, biometrics, blockchain and other technologies, there is a great hope to find a way to untangle the current state and solve all of these issues.
One of the potential solutions could be Known Traveller Digital Identity. Let’s have a closer look at the concept in this issue.
IN THE ISSUE
Modern Challenges in Travel
People travel for many reasons, culturally or business-related. The demand for travel is huge. Today, the number of people travelling is unprecedented. It is estimated that the number of international arrivals stands at more than 1.2 billion, and by 2030 this figure is projected to reach 2 billion.
At the same time, the concept of crossing the border is quite new, and previously you didn’t even need a passport to cross the border. But after the First World War, countries began issuing passports to their citizens and introducing border controls, including due to homeland security, geopolitical tensions, threat of terrorism, mass surveillance analytical, economic, statistical and other purposes.
Therefore, the demand and emphasis on safe crossings is greater than ever and has only increased over all this time. Governments and agencies have been introducing new procedures, such as customs and obtaining a visa, and the old ones have become even more complicated.
Due to so much demand and growth, many airports in Europe are facing expansion problems. Capacity at which airports in Asia operate is often higher than 100%.
Over the past decade, aviation security costs have increased by more than 2X.
If you ever travelled (I assume you did if you’re reading this), you probably noticed how inconvenient and awkward the whole process of border-crossing is.
Travel journey with the highest pain points marked in blue, according to World Economic Forum.
Known Traveller Digital Identity Concept
One potential solution to the aforementioned challenges could be an initiative under a weighty name – Known Traveller Digital Identity – introduced by World Economic Forum.
Known Traveller Digital Identity (KTDI) — a joint initiative first introduced in 2018 by World Economic Forum, aiming to overcome current travel challenges by further digitalisation and utilising latest technologies, including digital identity, blockchain, biometric, biographic and travel history data that would enable the traveller to authorise entities in the traveller journey to access selected information about them to allow for risk-rating, verification and access.
To give an example, how this KTDI program is supposed to work.
Information about us is uploaded into a database (ideally placed in a blockchain distributed ledger). This should be an identity document from the authorities (and other data such as travel history, bank statements, previous bookings, etc. from government offices or agencies). When you want to cross a border, you give the border control authorities access to this database in advance before the trip, so that they can see that you are allowed to enter (e.g. have a visa) and pose no threat. Using facial recognition (ideally linked to your smartphone), the border security system can recognise you and let cross the border, skipping the queues of other travellers.
Similarly, an airline company would request your data access to let you check in and board. A car rental company would request your data to see if you are of a certain age, have enough in your bank account to rent a car.
Technology and Solution Overview
Latest advancements in blockchain, biometrics and web technologies might be a good match for the implementation.
The idea, according to the World Economic Forum’s reports, is to build such a solution upon the decentralised identity model and W3C standards.
The decentralised identity model means that the individual owns and manages their identity or personal data themselves. And W3C means World Wide Web Consortium, the non-profit organisation for developing Web standards (how the Internet should work).
Decentralised identity is commonly referred to as self-sovereign identity (SSI), a term used to describe “the digital movement that recognises an individual should own and control their identity without the intervening administrative authorities”.
Core Values & Technologies
The World Economic Forum’s reports outline 4 core values and technologies for a possible implementation.
Values of KTDI, according to World Economic Forum.
Personal — The identity information must be protected from unintentional disclosure.
Portable — The identity owner must be able to use their identity data wherever they want and not be tied into a single technology provider.
Private — The identity owner must be in control of who can see and access their data and for what purposes.
Persistent — The identity lives with the individual from life to death.
And these technologies can find application adhering to the values.
Distributed ledger enables trust in the network without the control of one central authority. A distributed ledger is a consensus peer-to-peer network of replicated, shared and synchronised digital data geographically spread across multiple countries or institutions. No central administrator or centralised database should exist. Permissioned public ledger seems to fit the most for KDTI. This should not necessarily be a blockchain, some other frameworks like R3’s Corda or Estonian government’s X-Road also share the similar principles. With blockchain, however, it is currently unclear what party should have what permission to read or write to the ledger.
Cryptography allows an appropriate level of security in authorization and sharing of information. In short, decentralised public-key infrastructure (DPKI) should be used, where information is secured with a “key-pair”, consisting of a public key, which is visible to everyone, and a private key, which is visible to and controlled only by the identity owner. And a distributed ledger can be viewed as a distributed certificate authority that maintains the mapping of identities to public keys.
The zero-knowledge proof (ZKP) method is useful to help secure the identity. ZKP is a cryptographic algorithm that allows users to verify information without actually disclosing the information – verifying only that the information is indeed correct with a very high probability.
Biometrics connects the physical with the digital world and ensures legitimate use of identity information. To ensure that the person showing their documents is the legitimate holder, biometric recognition (like face, fingerprints, iris) has been found to be better than humans at quickly and accurately confirming individual identity.
Mobile devices enable the traveller to carry their digital identity and autonomously choose to share it accordingly. Using a mobile phone is the easiest way to create private keys, send public keys and keep digital records with the corresponding private key or decentralised identifier. The mobile identity app should show users all their digital identity parts and let them control and share them with the government and private companies in different ways depending on the service they want to use. The information shared with border control will be different from what's needed for a hotel booking.
Prototype Blueprint
On the two pictures, below it is displayed how the first prototype is supposed to work from the technical point of view and accordingly to the decentralised identity model.
Decentralised identity model by World Economic Forum.
The mobile interface is the traveller’s private key store. It holds all their attestations. First, the traveller's identity is verified by their government. Then, their digital identity is created and added to a ledger. The traveller can give consent to others to view and validate their attestations. The others can check the ledger and request more information if needed. The prototype shows technology barriers and invites experimentation to improve it. It is also being evaluated for feasibility in expanding to the wider public and private sectors.
High-level prototype blueprint by World Economic Forum.
Mobile Interface Prototype
At World Economic Forum with Accenture, they even went ahead and designed a mobile interface to visualise possible traveller’s and authority’s perspectives, as displayed below.
Mobile interface traveller perspective by WEF. | Mobile interface authority perspective by WEF. |
Current Status
The timing of the proposed KDTI initiative was epic! The World Economic Forum introduced it right before the pandemic hit. The latest technical Specification Guidance report is dated as of March 2020 – perfect time for travelling…
A pilot project between Canada and The Netherlands governments involving a few airlines started in 2021 but came to a halt in 2022 due to the Covid-19. However, as of 2024 there are still some discussions to revive the program testing. Some other countries consider implementing some kind of simpler variation of the initiative.
But, actually, the Covid-19 sped things up a bit. The digital vaccination certificate is what KTDI is in a nutshell. It was required to show the valid certificate to be able to enter a restaurant, check into a hotel or simply travel. Otherwise, access was denied. In China or South Korea, even worse, it was impossible to do almost anything like taking a bus if you couldn’t show the green button on your smartphone, meaning you were probably not infected.
And since then, digital Covid certificates made permanent. In November 2022, the heads of government of the 20 most economically powerful nations (G20) decided to make digital health passports a permanent requirement for international travel – that will probably become noticeable during the next pandemic.
Europe is developing its own decentralised Digital Identity initiative called the European Self-Sovereign Identity Framework (eSSIF) based on the European Blockchain Service Infrastructure (EBSI).
The European Commission has reached the final agreement on EU Digital Identity Wallet on 8th November 2023. And in order to test the Wallet, four large-scale pilots were launched in May 2023.
You don’t notice much of those until it’s there.
Controversies
Probably one of the most important criticisms against the initiative is that it introduces fictional voluntariness. In other words, national border control has a greater power. At a border, the authorities decide if someone can enter and if a traveller doesn’t release much data about them, they may be seen as suspicious.
Imagine Booking.com implemented such a system and started to require not only passport details and billing address for a booking but also bank account information, would you have a choice not to comply?
This is similar to what happens in the WWW today. When you browse around, you have to voluntarily agree to monitoring requests of websites or just stay away.
“The concept of transnational digital identity paves the way to total and global surveillance.”
The zero-knowledge proof (ZKP) method could be useful to mitigate disclosing too much information, but you can see yourself how easy a real world implementation can go in the wrong direction.
Following the China example of observing and restricting their citizens during the pandemic as well as its own previous experience, France has recently implemented a QR-code based access system for the upcoming Olympic Games in Paris, so that people will be restricted to enter certain areas.
This kind of Digital Identity initiatives can easily assist governments in achieving their goals of mass surveillance.
End Note
In this edition, we have explored the Known Traveller Digital Identity initiative introduced by World Economic Forum. While being based on the state-of-the-art technologies and thus being quite complicated and interesting, and if done right, it has a huge potential to change the way we travel and cross national borders. But only if done right… otherwise, we might end up in the world of mass surveillance dystopia, having some Orwellian characteristics.
Thank you for reading it through, that’s all for this issue!
What are your thoughts? Having had such developments over the recent years, do you think we are going to the right direction?
If you like the post, consider sharing it with your friends — this will help explore more concepts on the way to a bright “Globally Based” future!
Until next time!
đź“ŤMinsk, Belarus
— Ilya
References
World Economic Forum. The Known Traveller Unlocking the potential of digital identity for secure and seamless travel, January 2018, link.
World Economic Forum. Digital Borders Enabling a secure, seamless and personalised journey, January 2017, link.
World Economic Forum. Security in Travel Promoting Seamless and Secure Travel through Cross-Border Data Sharing and Collaboration, March 2016, link.
World Economic Forum. Known Traveller Digital Identity Specifications Guidance, March 2020 link.
Norbert Häring. Blog, link.
European Commission. Policies, link.
BiometricUpdate.com, articles, link.
Other references are included in the direct links.
Reply