What Happens To All That Personal Data Clear Holds? It's Unclear

from the that's-a-problem dept

I have to admit, there was one part of the "Clear" airport "fast pass" program created by Stephen Brill that I never fully understood. In order to join Clear, you had to submit all sorts of personal info -- which raised a lot of questions when the company behind Clear, Verified Identity Pass, lost a laptop with all that data last year. But what's never been clear to me is why this data was needed. If you had a Clear card, it wasn't like you went through any less of a security check. You just got to cut the line. That's it. You still ended up needing to go through the same security check. So why did Verified Identity Pass -- or the Department of Homeland Security who VIP passed the data on to -- need your personal info in the first place?

Either way, that's now raising a lot more questions because no one seems entirely sure what happens to all that data now that the company has gone out of business. While the company insists that airport kiosks and employee computers are being wiped clean, there are still plenty of questions about just who still has access to the data, and what happens to it if someone else buy's up VIP's assets or if the company declares bankruptcy and creditors get access to their assets.

7 Comments | Leave a Comment..

Airport FastPass 'Clear' Shutting Down

from the not-so-speedy-any-more dept

I have some friends who have used Clear, the "verified passenger speedlane" for frequent travelers, that let you basically cut the security line. For the most part, they all loved it. Despite the fact that I do a lot of flying, it never really seemed worth it to me. Plus there were security questions, such as when a laptop containing applicant data got lost last year. Oops. In the end, though, I have to admit almost never seeing anyone making use of the Clear shortcut at the airport, suggesting the private company that operated it wasn't making very much money. That now seems confirmed, as apparently the program is shutting down.

The company's founder, Stephen Brill, has already moved on to his next company -- a misguided attempt to make people pay for online news content. While Brill certainly has a big name reputation, it seems like he's had a lot of companies go sour in a row at this point. There was Brill's Content and then Contentville. Now there's Clear (whose official name was "Verified Identity Pass"). And the whole "iTunes for news" concept seems pretty questionable as well...

33 Comments | Leave a Comment..

TSA Vendor Who Lost Laptop Apologizing To People Who Didn't Even Apply

from the good-record-keeping dept

We recently wrote about how TSA-approved vendor, Verified Identity Pass, had lost a laptop containing all sorts of unencrypted data on people who had applied to be a part of the TSA's "fast pass" Clear program (letting you skip the long security lines for a $100/year). While the laptop was eventually found (in the same place it was lost), the company insists that no data on the laptop was compromised, and has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they're just informing people at random now. Or someone else applied in Weinberger's name. Makes you feel very secure, doesn't it?

14 Comments | Leave a Comment..

TSA Loses Laptops With 'Verified' Flyer Details

from the your-middle-name-is-what-now? dept

The concept of a "trusted" or "verified" traveler program at airports has been shown as not particularly secure for years -- but it didn't stop the TSA from aggressively rolling out the program. There's no doubt that, for frequent travelers to locations participating in the "Clear" program, it's wonderful. You pay $100/year and you get to bypass all the security lines, and head to a special faster security screening line, supposedly because your background is already "cleared." As Bruce Schneier writes in the above link, in terms of security, all this really does is give those looking to break security a better target. Get some "terrorists" on the list, and you've just made life a lot easier.

Either that, or pretend to be someone on the list.

And what better way to do that then to get your hands on the details of everyone on the list. Well, it appears that the TSA has forgotten its middle name, and failed to protect its own laptop carrying the (unencrypted, of course) details of 33,000 people on the clear list (Update: to clarify, the laptop was actually lost by a TSA vendor, but considering these were applications made to the TSA, it's not clear that the difference here really matters). While it certainly may have just been lost or stolen by someone who wanted a free laptop, whoever has that laptop now has the names, addresses and driver's license or passport numbers of 33,000 applicants. It's unclear if it indicates which of those applicants were approved, but I would still imagine that info would be useful to someone looking to bypass airport security.

The company that runs the program, Verified Identity Pass, issued statement that isn't particularly comforting:

"We don't believe the security or privacy of these would-be members will be compromised in any way."

First of all, that's not true. If you've exposed people's names, addresses and driver's license or passport numbers, their security has certainly already been compromised. But, more importantly, rather than those individuals' security and privacy, I would be worried about overall airport security, which has now been compromised. Update: So, this is weird. The laptop has been found. Where was it? Right where it was last seen. Not clear if it was actually lost or someone just got confused or what -- but still not particularly comforting.

28 Comments | Leave a Comment..