Delivering a Biometric Travel System in Eleven Weeks

The Full Story

Registered Traveler was one of the most complex delivery efforts I ever managed — not because it was the largest program or had the biggest budget, but because everything had to arrive at the same place at the same time, and almost none of it was fully under my control.

The prime contractor was Verified Identity Pass, which had developed the public concept, secured the funding, and held strong opinions about the customer experience down to individual words on enrollment screens. If they wanted a phrase changed in the applicant flow, the expectation was that the engineering team would treat it as the priority of the moment. That was the customer environment. We were the system integrator, and the deadline was eleven weeks.

In that timeline, we had to assemble a working biometric identity system that could enroll travelers, capture identity information, collect fingerprints and iris images, package the data, send it to government systems, support card production, and later verify the traveler at the airport using the card and live biometrics. It was not one software application. It was a collection of systems, devices, vendors, physical locations, interfaces, and workflows that all had to line up.

The kiosks were being built by an outside company in Colorado. Each unit had to house a computer, identity document scanner, iris scanner, fingerprint scanner, and receipt printer, all in a physical design acceptable to airport operations and consistent with the program's brand. They wrote the software running inside those kiosks, and we had to integrate it into our central system — the kiosk enrollment screens, the local workflow, the device integrations, and the communication back to the central system. The kiosk couldn't just look right; it had to be usable by newly trained enrollment agents working with real customers in a live airport.

The central identity management system was our server-side backbone. It had to receive enrollment data from the kiosks, manage biometric and identity records, package transactions for TSA, receive results, support card issuance, and maintain each member's record. This was not an era of managed cloud infrastructure — we were building and hosting real servers ourselves, with our own database, backup, recovery, and security responsibilities.

The smart card work was its own challenge. This was early in the smart card era and nobody on the team had any experience with it. We had to work out what would be written to the card, how biometrics would be stored, how the card would be read at the airport, and how the kiosk would compare a live sample against the stored biometric. I assigned it to our best software talent, because it needed exactly that. Iris capture was also new territory for us. Our background was fingerprints, and iris was a different modality entirely — different scanner output, different storage characteristics, different integration approach. There was no institutional knowledge; we had to learn it while building it.

Outside the core team, the dependency list was long: the kiosk manufacturer, the smart card provider, the iris scanner company, the document scanner vendor, TSA, the prime contractor, internal Lockheed Martin teams, and the operations groups managing power, space, and network access inside Orlando International Airport. Every one of those threads carried real risk. A slip in kiosk hardware, smart card development, iris integration, TSA interfaces, or airport infrastructure could derail the whole launch. I had all of this work scheduled down to fractional days — which sounds excessive until you've managed that many dependencies with no slack at the end. You need to know what depends on what, when a one-day slip is harmless and when it takes down the launch, and who needs help before they fall behind.

The Orlando team was small, about a dozen people, and I had pulled together the best. It mattered. Work like this can't survive a weak link in a critical path. When someone got stuck, there had to be someone close enough and capable enough to pull them through — and that happened more than once. As the launch approached the schedule became brutal, long days turning longer, until the final weekend became all-hands. We worked through Saturday and into Sunday morning, with live launch looming on Tuesday.

There is a particular feeling in those hours. You've done everything you know how to do, you have the right people giving you everything they have, and things still must come together, for real. It's not done because everyone cares. It's done when it works. We finally got a usable software build late Sunday morning. I took the team to Denny's. That breakfast still means something to me — not because it was ceremonial, but because it wasn't. It was just a bunch of tired engineers, after working through the night, realizing that maybe we were going to make it. They had stayed because the mission mattered to them, and I had stayed because I wasn't going to be the leader who went home, telling them I trusted them to finish without me.

The kiosks were being installed at the airport that weekend, with very little time for end-to-end testing in the live configuration. The first test of the full system under prolonged full load would be the Tuesday launch. Large companies normally avoid that kind of exposure — you test, you stage, you control. This program didn't give us that. It was a public launch. The Wall Street Journal was reporting. The NBC Today Show was filming. On launch morning, the system worked. People enrolled, the lines kept moving, the kiosks captured data, the transactions moved. For a few hours, you could see the thing we had spent eleven weeks building successfully operating in a live airport. It was glorious.

Then the system started to slow down. Every kiosk depended on acknowledgments from the identity management system before it could advance cleanly, and under prolonged load the database started to lag. Enrollment agents, trained but new, did what seemed reasonable when a transaction hung — they restarted it. That added load and made the problem worse. Lines and frustrations grew. I was at the airport, moving between kiosks, watching the problems escalate in front of me, and calling back to the engineering team.

We spent the afternoon finding the root cause. The problem turned out to be poorly formed database queries that behaved acceptably under low volume and collapsed under ten simultaneous live kiosks. Once the right person looked in the right place — at the code itself, not just the system monitors — the issue was clear. The queries were rewritten that night, we pushed a new build and tested it hard enough to trust it, and by the next morning the system ran correctly. That rough patch on Tuesday afternoon was the last public outage in Orlando.

That episode is part of the story, but it's not the story. If we'd had the time to stress-test the full system under real load before launch, we'd have found the bug quietly and nobody would remember it. The only reason it became memorable is because the schedule gave us no clean opportunity to run the full system before real customers were standing in line. The actual accomplishment was getting the system there at all — kiosks, smart cards, iris capture, identity management, TSA interfaces, card production, and airport deployment all converging on a single morning after eleven weeks, working well enough to serve thousands of people.

Even after the system stabilized, I couldn't relax. What worried me most was the server holding sensitive personal and biometric data. If that data was lost, corrupted, or exposed, the program faced consequences well beyond an operational problem — TSA would shut it down. So I continued to push the infrastructure team just as hard in the weeks after launch as before — test the recovery, build a sandbox, prove it again, find another way to look at it. I just knew we had taken something raw into production too quickly, and I needed to build my confidence that it was solid.

The program eventually expanded to other airports. The original business later changed hands and the assets were sold. But that program still exists today as Clear — operating at airports and venues across the country — tracing its lineage directly to that first system at Orlando International Airport. When I see a Clear kiosk now, I still remember what Sunday morning looked like before the build came together, and what Tuesday morning looked like after it did.