TSA’s Looking to Rapidly Verify Passengers Without Biometrics or Physical IDs

nep0/Shutterstock.com

Prior to the pandemic, hundreds of travelers would attempt to pass through security checkpoints each day without identification.

The Transportation Security Administration is on the hunt for an alternative means to verify passengers’ identities at security checkpoints in real time—without relying on biometrics or commonly accepted physical identification—to be used when travelers can’t present appropriate forms of ID.

A possibly fee-based, digital services application that enables users to submit personal biographic information on the front end, which can then be authenticated through one or more databases on the back end, is the technological tool the agency is setting sights on, according to a request for information published this week. 

“Prior to the COVID-19 National Emergency, TSA encountered over 2.5 million passengers a day and, on average, 600 instances of passengers without acceptable ID,” officials wrote in the RFI, noting that usually those people would then prove who they are over the phone, via the agency’s National Transportation Vetting Center.

Thousands of transactions across TSA’s entire airport enterprise would need to be processed per hour by the potential solution, which the agency wants to be configurable with an application or website that travelers can tap directly into on their cellphones. Through it, passengers could manually enter “biographic data elements” including their name, date of birth, address and cellphone number. In under five minutes, the system would interface with a “back end database of known entities” that incorporates a variety of “unique sources for each element of identity information,” and subsequently displays a “pass” or “fail” status as to whether the individual should move forward. It would need to “provide an authentication/verification service to provide trust that the physical person owns the digitally verified biographic data,” according to TSA.

The asset would also need to be equipped with capabilities to determine if the cellphone number used has been spoofed, and use data modeling and algorithms to spot any inconsistencies with the traveler’s data history that may indicate potential for fraud. However, TSA appears not to aim to use the process as a new recurring standard for individual travelers, noting that the “system shall be able to use a unique [non-personally identifiable information] identifier to track and/or help create a configurable rule to potentially limit how many times a passenger can attempt to use this solution.” And though the to-be-developed application might collect fees for service, the money would be paid not to TSA, but directly to the vendor to offset operation costs.

The agency lists a range of technical, identity assurance and privacy requirements on top of those mentioned above—and clarifies it’s open to vendors that can solely provide the identity services requirements, the digital service application, or both. Those in a position to offer only one would need to clarify capabilities to integrate with another vendor in their submission responses to the RFI. On top of that, the agency also asks industry insiders to address nine questions about their expertise to provide needed capabilities, previous work with TSA and more.

Interested vendors are invited to respond to the RFI by Aug. 28.