Imagine if your smartphone was all you needed to get through passport control, that you no longer had to present any physical documents when crossing borders? If the EU gets its way, this dream will become a reality for all EU citizens traveling within the Schengen zone.
We’re not there yet, of course. There are still some important issues to be ironed out, and as a long-standing technology partner of the EU, Sopra Steria is only too happy to contribute to the debate around this initiative.
Speeding up passport control
This new EU initiative, announced as part of the 2021 Schengen Strategy, is particularly compelling. Its purpose is to establish a common format for digital travel documents, thereby making crossing borders even easier. To begin with, digital documents are often easier to issue than physical ones. And they also make life easier for those working at border controls, allowing international travel to go more smoothly. In addition to saving time, the initiative will also help to prevent the use of fraudulent travel documents.
All this goes to the core of one of our EU freedoms – the right to free movement within the bloc. It also relates to the Schengen Acquis, which allows all citizens of a Schengen country to travel throughout the Schengen area without border checks.
To be honest, the idea behind this remote identification process using digital travel documents is hardly new. The EU Digital Wallet proposal amending the eIDAS Regulation already allows for remote identification and authentication of EU citizens. So-called trust providers within that system provide electronic services around digital certificates and timestamps, etc. to secure online transactions and form a circle of trust.
Our experience in the implementation of the eIDAS Regulation has taught us, however, that the digital identification of individuals poses a number of challenges. These are important to highlight here as they also concern digital travel documents:
- One key issue is the definition of the roles and responsibilities of the different parties: the holder of the document, the verifier, and the issuing authority. The immediate question is which of these main stakeholders can be trusted to become the issuing authority for a digital travel document.
- For reasons of transparency and accountability, it must be clear from the start whether government authorities or citizens are responsible for the digital travel document, as this will affect how the initiative is implemented. This idea of responsibility also goes hand-in-hand with the notion of data controllership, meaning that there must be an entity that decides why and how the digital travel document is used.
- Gaining the trust of citizens is crucial to the adoption of new technologies. This is all the more challenging since a digital travel document is not only complex in nature but also a highly political issue. In the context of this initiative, sensitive and biometric personal data will be automatically processed on a large scale. This can result in serious implications for people if their data are wrongfully processed or fall into the wrong hands. Following the example set in similar EU large-scale IT systems (SIS, VIS, Eurodac), the EU must also ensure that the data controller of this initiative is subject to extended transparency and scrutiny obligations.
- Security and privacy must be taken into consideration in the proposal phase of the initiative to ensure security and privacy-by-design. Also, smartphones are much more vulnerable to cyberattacks than PCs, and hackers can use them as entry points to break in and compromise the security of the entire solution. Therefore it should become a priority to develop a solution for this initiative that implements security as an integral part of the system across its entire lifecycle.
- With regard to the availability of a digital travel document, it is important to address concerns about accessing the document when the smartphone’s battery is low, or worse, when the phone is broken or lost and the document needs to be securely transferred to a new device. Close attention must also be paid to the choice of technology. If for instance, near-field communication (NFC) technology is chosen, it should guarantee not only confidentiality, integrity and availability of information, but also interoperability across different smartphones.
- Finally, the use of digital travel documents should be an easy option for every European citizen. Particular care should therefore be given to the accessibility and affordability of the solution for vulnerable groups and minorities, based on their specific needs.
While drawing attention to potential privacy and security issues, as well as other vital concerns, we strongly support the EU’s digital travel document initiative as we are convinced that it will be of benefit to millions of EU citizens.
For more detailed advice, download our white paper on the digitalisation of travel documents. Or better yet, contact me directly for a no-obligation discussion.