Sujit Sunthankar, director, principal architect, government security solutions at SITA, gives us the inside track on the development of Australia’s Electronic Travel Authority (ETA) app. The ETA service has been available to eligible travelers to Australia for many years, but improved technology and a more tech-savvy market mean that users are now able to securely apply for an ETA from the convenience of their mobile devices.
Can you introduce us to the new ETA application?
The Australian ETA app is the result of a collaborative co-design effort involving experts from the Australian Department of Home Affairs, SITA and the Arq Group. Together, we represent many decades of business, domain and design experience.
Designed and developed in Sydney, the app allows eligible nationalities to securely apply for an ETA, in just minutes, from their mobile devices. Using enhanced technologies to auto-populate data from an applicant’s passport and capture their biometrics, this highly secure self-service process not only increases the accuracy and richness of data but greatly improves the user experience.
SITA has recently celebrated the 25th anniversary of its borders business, which started around the need for an ETA system for the 2000 Sydney Olympics. What was the inspiration for developing the ETA app 20 years on?
In 1996, SITA pioneered an ETA system for the 2000 Sydney Olympics to give the authorities advance visibility into the millions of visitors planning to cross the border, and reduce bottlenecks at Australian embassies and immigration checkpoints. Since it was introduced, the ETA has stood the test of time and has led the way for electronic visas being established as a standard channel for simple visa types (e.g., visa on arrival) by immigration departments worldwide.
After more than 20 years of massive technology change, it was time to reinvent the ETA through the Australian ETA app. New technologies and new paradigms create changing community expectations of access, experience and service, especially when innovation is the engine powering the change.
What did you have to take into consideration when designing the application?
The discovery and research phase of the project involved understanding the persona and core traveler needs. It focused on obtaining an in-depth understanding of applicant, business and travel industry requirements and expectations to define the end-to-end future-state user journey.
In developing a contemporary solution using advanced technologies, the team was mindful of the need to present an intuitive and secure product while delivering the complex capabilities relating to data capture, validation, auto-population and, most importantly, identity verification. We undertook comprehensive technical, integration and user testing to ensure the solution was ready and that user-centricity remained at the heart of the design. An abstraction layer encapsulated all third-party technologies, thus making the app futureproof and relatively easy for the current technologies to be replaced with new and better ones in the future.
Can you explain how the app works?
The app leverages mobile technologies (optical character recognition [OCR] and near field communication [NFC]) to capture and pre-populate critical passport and identity information directly from the passport. Accurately capturing important application data directly from a trusted source eliminates data entry errors and inconsistencies that impact visa processing.
The app authenticates and validates electronic passports through the smartphone’s NFC capability at the point of application rather than at physical borders. Access to the passport chip is obtained by using OCR to read the printed machine-readable zone (MRZ) on the inside of a passport and deriving a key. This key allows the chip to be accessed and authenticated using the digital certificates within the chip, ensuring the passport is genuine and the chip has not been compromised. Once the chip has been authenticated, the data on the chip — which consists of the travel document, identity data and a digital image of the passport holder — is read. It is then compared with a selfie image capture before proceeding.
The selfie image capture process performs complex liveness and anti-spoofing checks against multiple face risk profiles, which strengthens the identity verification of the applicant. These important security checks are undertaken seamlessly in real time by the app without inconveniencing the applicant.
The OCR, NFC, selfie image and complex liveness and anti-spoofing checks are integrated within the app in a novel manner, in what we believe to be an international first.
Travelers are entrusting the app with one of their most valuable assets — their data. How did you tackle privacy concerns during its development?
We employed a privacy by design approach throughout the app development, beginning with a privacy impact assessment to ensure that all instructions, data handling and storage comply with the Australian government’s strict privacy requirements.
All personal data is stored in a secure wallet on the user’s device. No data is shared with other stakeholders, except Home Affairs, which requires the information to process the ETA applications. Terms and conditions are clearly established within the app for the user to accept before proceeding. This explains how data is kept securely, as well as how it is used and protected when transmitting it to Home Affairs.
To further ensure personal privacy, applicants can delete their personal details and previous applications from the app at any time. In addition, travel agents who can apply on behalf of applicants do not retain applicant or application data on their registered devices after the application is submitted.
The app utilizes secure local storage and strong authentication protocols. All communication between the device and the back-end systems is encrypted, ensuring ultimate protection and control over user data.
What has been the feedback so far?
From the beginning, the experience design process prioritized ease of use for the applicant, with frictionless and intuitive user experience on both iOS and Android platforms. The resulting application has been well received, with multiple users complementing the ease of use and convenience.
Continuous monitoring, behavioral analytics and user feedback are part of the solution methodology. The ability to update the app rapidly has enabled enhancements to assist with reading various types of passports, providing support on processing status and improved animation for instructional guidance.
Valuable feedback provided by applicants through the app stores and the app’s Contact Us function has driven some of the changes and improvements implemented since pilot commencement, thereby further strengthening the app.
The engagement of global user groups for testing different devices and gathering user experience information ensured the app works across heterogeneous device environments and electronic passport variations. Since the app’s deployment in October 2020, it has already facilitated travel to Australia for thousands of individuals during the pandemic.
The Australian Electronic Travel Authority app has been nominated for the DrivenXDesign Sydney Design Awards 2021. DrivenXDesign is the world’s largest network of design award programs that come together to innovate, accelerate and grow demand for design. The Department of Home Affairs’ and SITA’s Australian ETA app is nominated in the ‘Digital – Government Services’ category.