When I flew Alaska out of Portland recently, I noticed that there were still kiosks there for international travel. Those machines’ days may be numbered now that Alaska has rolled out a remote passport verification option. This is a promising development, though I’ll admit I don’t fully understand if there are any privacy implications.
We’ve all been there. You’ve checked in online for an international trip and gone to the gate only to have your name called over the loudspeaker. Why? It’s because your passport has to be manually verified by an agent. This step is annoying for the airline, especially since there’s always some guy at Cinnabon who doesn’t get to the gate until the last minute and then acts clueless when agents are continually calling his name over and over.
Alaska is now partnering with Airside — which was recently purchased by Onfido — to enable mobile passport verification. Onfido is not an app meant for tracking dogs named Fido. (It’s pronounced on-fee-doh anyway.) It was the brainchild of three Oxford students who wanted to help streamline the process of identity verification in hiring and finance.
Airside, meanwhile, got its big break as one of the early app providers of the Mobile Passport service for US customs and immigration. That has now been consolidated into a single government app, but Airside moved on to focusing on identity verification for travel purposes. It is powering the current trial with American where AAdvantage members can use their mobile ID if they have TSA Precheck at Washington/National airport. And now, it is doing this project with Alaska. It’s not a surprise to see Onfido pick Airside up since the businesses are complementary.
Airside’s plan is to allow everyone to upload and verify their IDs once. Once that’s done, travelers can use the app to give permission to share that verification with any vendors.
California still doesn’t allow digital driver licenses, so I couldn’t test that, but I was able to upload my passport. First, you have to take a selfie. Then you scan the passport photo page where it parses the machine-readable gobbledy-gook at the bottom. Lastly you have to use NFC on your phone where it can then read the chip in your passport to confirm that it’s valid. (Just a note, it said to put my phone on the photo page to read the chip, but that didn’t work. I had to put it on the back page.) Once this is done, your passport is verified, and it remains there in the system until you need it.
If I were flying internationally on Alaska, I’d just open up the Airside app. In there I pick the service I need, which is Alaska Airlines Mobile Verify. I click on New Trip and then I just have to select my verified document, departure city, departure date, and confirmation number. That information is transmitted back to Alaska and I am ready to go.
This is entirely separate from the check-in process which you’d handle on the Alaska app or website. It’s just that when that process is done, it will show in Alaska’s system that the passport has been verified so no further action is needed. After the initial setup in the app, this is really easy, even if it does require a separate app.
Now the question is, how secure is it? Airside’s website talks about it a lot.
Keep data only in the hands of users. Opt-in, enrollment-based flow puts users in control. By enabling consent-driven, time-bound sharing, you’ll meet complex global and local regulatory compliance laws.
The idea is that you control where your information can be used. The information clearly had to go through Airside’s process to verify in the first place, and I’m assuming it’s not entirely stored on your device but I could be wrong. The way it is set up, the information can only be shared with entities with which you want to share. And if you change your mind, you can always revoke your consent to share that information.
I built a fake trip on the app just to see how it would work. I gave consent, info was sent to Alaska, and all was well. But then I went back in and revoked that consent. It’s pretty intuitive.
Every time I go into the app, I used biometrics to get in, but you can also use a password. I know that every time my phone locked or I navigated to another app, as soon as I came back it required verification again. So it feels secure in that sense, at least.
I’d love to hear from some privacy experts about how secure this is and whether there’s anything to be concerned about. It does appear that the company takes it seriously, and since Onfido is UK-based, I assume that means it abides by far stricter rules than are required here in the US.
Alaska and American obviously trust the company, as does the federal government. I can see this making things a lot easier in the future as more vendors begin to accept digital identification.