What Happens To All That Personal Data Clear Holds? It's Unclear
from the that's-a-problem dept
I have to admit, there was one part of the “Clear” airport “fast pass” program created by Stephen Brill that I never fully understood. In order to join Clear, you had to submit all sorts of personal info — which raised a lot of questions when the company behind Clear, Verified Identity Pass, lost a laptop with all that data last year. But what’s never been clear to me is why this data was needed. If you had a Clear card, it wasn’t like you went through any less of a security check. You just got to cut the line. That’s it. You still ended up needing to go through the same security check. So why did Verified Identity Pass — or the Department of Homeland Security who VIP passed the data on to — need your personal info in the first place?
Either way, that’s now raising a lot more questions because no one seems entirely sure what happens to all that data now that the company has gone out of business. While the company insists that airport kiosks and employee computers are being wiped clean, there are still plenty of questions about just who still has access to the data, and what happens to it if someone else buy’s up VIP’s assets or if the company declares bankruptcy and creditors get access to their assets.
Filed Under: clear, personal info, stephen brill
Companies: verified identify pass
Comments on “What Happens To All That Personal Data Clear Holds? It's Unclear”
Why the data...because they were still trying?
My guess is that the reason they wanted all the background data is that they were still trying (or hoping) that they could get TSA to go along with their original plan of letting pre-screened folks get through with less checking.
Obviously (to anyone who’s read Bruce Schneier for any length of time) that would be a stupid idea, and the TSA never went along with it.
I’ll be fascinated to see what happens to those information assets.
If this is anything like some of my past experience being in a company shutting down, you can expect that a good number of those laptops (thought to be risky) managed to Walk away, along with desktop gear, computers, incidental equipment, paperwork that looks interesting and All of the paperclips.
Everything else will be sold off in bulk lots. From buying computers at bulk lots before, any data-stripping is haphazard at best (like pulling out all the hard drives.. only to sell them, otherwise untouched, as a separate auction lot)
We may indeed here more (bad) news from this shell of a company before things are over, if any connected party actually cares enough to step up for responsibility after their big shutdown firesale.
Brill says data is with Lockheed Martin & TSA can access:
http://blogs.wsj.com/middleseat/2009/06/23/clear-update-what-happens-to-your-personal-data/
Re: Re:
Brill says data is with Lockheed Martin & TSA can access
Err, Lockheed Martin may have a copy of the data, but obviously not the only copy as evidenced by VIP loosing a laptop with it. It’s all those other copies that are the immediate concern (despite Brill’s attempt at misdirection).
Delete
The appropriate strategy, would be to delete the data.
It amazes me that many companies are constantly scream infringement when it comes to their “private” data being used by someone else. However, they don’t seem to have a problem with claiming that a customers private data is in fact theirs!
In an era where identify theft is hyped as a major issue, the logical conclusion is that all customer data must be deleted. First, it should not be considered a company asset. Second, if the data is not deleted; the possibility exists that an unethical company can buy the private data and then re-sell it, and then re-sell it again. So if we want to preclude the misuse of private data, when a company goes out of business they should not be considered as having an interest in that data any longer and it should be deleted.
Ulterior Motive?
Collecting a lot of ‘unnecessary’ personal data about people who have money to burn on cutting the line at airports sounds to me like a very sophisticated social engineering scheme. Imagine convincing the rich and powerful to part with such information, and to pay a premium for doing so. I’d be interested in who got access to this data while the company was still in business. But then, I tend to think of possible scenarios that *might* happen, and turn them into short stories, like the one called “Incident on Concourse B”, which starts like this…
+ + +
Lendon Forrester, clattering bags of jumbled canned goods, ran up the steps and opened the door. “Did I miss it?”
“No,” Frannie Jurdens called from the kitchen. “They’re still in a holding pattern.” She capped the jug she’d been filling, and placed it beside the others on the counter.
Len glanced at the reporter on the living room TV in passing. “…the ticket counter behind me, air travel in our city has ground to a halt. This same ‘ghost-town’ scenario is being played out at airports across the country, in the wake of this morning’s thwarted terrorist attack in Cincinnati.”
Frannie looked up as he entered. “I don’t know, Len. The media’s crawling with rumors.”
+ + +
You can read the whole thing (and lots of other stories) here:
http://klurgsheld.wordpress.com/2007/09/05/short-story-incident-on-concourse-b/
P. Orin Zack
People could try to sue the companies who have data leaks to bring down the entire data compilation companies. To make it so expensive that no one except the government anyway can afford to run one. (the government is the only institution that doesn’t have to run a profit since it operates on it’s taxpayers money, loans, and paper money printed from thin air).