Skip to main content

Unclear what happens to personal info with Clear

FILE - In this Aug. 8, 2007 file photo, Roger Perlsen, of New York-based
AP – FILE - In this Aug. 8, 2007 file photo, Roger Perlsen,
of New York-based Verified Identity Pass' Clear …

NEW YORK – More than a quarter million people are wondering what will happen to their fingerprints, social security numbers, home addresses and other personal information now that a company that sped them through airport security is out of business.

Government officials are wondering too.

The sudden shutdown of the Clear program, run by Verified Identity Pass Inc., this week has raised more concerns about who keeps our personal information, how well it's protected from theft and whether it could be sold to the highest bidder.

If Verified files for bankruptcy protection or is taken over by another company, security experts say it's unlikely customers' private data would be handed over to creditors or new owners. But they — as well as some members of Congress — are starting to trace the data trail.

Worries about protecting personal information and the danger of identity theft cover many areas of life in the 21st century beyond travel — from drawing cash out of an ATM to handing a credit card over to a store or restaurant.

On Tuesday, the parent company of retailers T.J. Maxx and Marshall's said it will pay $9.75 million in a settlement with a number of states related to massive data theft that exposed tens of millions of payment card numbers.

Clear said it will secure the personal information it gathered, which it says it handled according to Transportation Security Administration standards, and will "take appropriate steps to delete the information."

In a statement on its Web site Friday, Verified Identity Pass said that all of its Clear airport kiosks have been wiped clean of data. Employees' laptops are in the process of being cleared.

Although it was a private company, Clear had to follow TSA guidelines and report personal information to the TSA to get its members through special fast-lane security lines at about 20 airports.

The TSA however has stopped short of promising that it will delete the information it has stored from Clear, and won't say why. Spokesman Greg Soule said, though, that the agency didn't keep any data for passengers after July 2008, when Clear began operations as a fully private company.

Some experts say the Transportation Security Administration should manage passenger data better and not store so much of it for so long.

"This question about whether or not (the TSA is holding on to information from Clear customers) is actually part of a bigger debate," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "This is just one of the long-running battles; they simply keep too much data on too many people for too long,"

The intimate information shared with the TSA by Clear could leave some people especially vulnerable if there were a security breach, he said.

In addition to information such as social security numbers and home addresses, Clear took eye scans, fingerprints and digital photos of every one of its approximately 260,000 members.

"I think the customers of Clear should be concerned about this," Rotenberg said. "Fingerprints are one of the most effective ways to (steal someone's) identity."

Clear grew out of the government agency's Registered Traveler program, which requires "biometric identifiers." Two similar companies — FLO and Vigilant, still operate similar databases, but are far smaller.

Rotenberg said he doesn't believe that all the data the TSA collected from Clear members is going to be deleted. And the longer the data is held, the more potential there is for leaks.

TSA's own record raises doubts about the security of personal information it holds. In 2007, it lost an external hard drive containing the personal and financial information of 100,000 current and former agency workers. In 2006, the TSA inadvertently exposed thousands of Americans' personal information on the Internet when they launched an unsecured Web site to help travelers whose names were incorrectly on airline watch lists.

Clear had breaches as well. Last year, the TSA suspended the program temporarily after a laptop containing pre-enrollment records of about 33,000 customers was lost at San Francisco International Airport.

On Thursday, the House Committee on Homeland Security sent a letter to TSA Assistant Secretary Gale Rossides expressing concern about the handling of Clear members personal data.

"While we recognize that Clear is not a government program managed by TSA, we are concerned about the protocols Verified Identity Pass will implement in the next few days as Clear winds down," the letter read. "...It appears the TSA allowed the private sector to determine a method of storage and disposal of extremely sensitive personal information. It is our understanding that TSA's directives are silent on the disposal of data in the event of a company's merger, buy out, or bankruptcy."

The letter went on to say that the committee is "concerned about the safety and security of the information currently held by Clear."

Rotenberg said he doesn't think the TSA is properly prepared to deal with removing the large amount of private information from Clear customers.

"It's not clear to me that they're really going to destroy it," he said. "The TSA policy does not appear to adequately consider the consumers of Registered Traveler programs if the company ceases operations. I don't think they anticipated this."

Comments

Popular posts from this blog

ASEAN pushes for resumption of N. Korea nuke talks

ASEAN and friends: Foreign Ministers from left, Vietnam's Pham Gia Khiem, South Korea's Kim Sung-hwan, Japan's Takeaki Matsumoto, Indonesia's Marty Natalegawa, and China's Yang Jiechi, hold hands during a group photo at the opening session of ASEAN Plus Three Foreign Ministers' Meeting in Nusa Dua, Bali, Indonesia, Thursday. (AP/Dita Alangkara) Associated Press, Nusa Dua | Thu, 07/21/2011 2:19 PM Foreign ministers from 10 Southeast Asian nations are calling for a speedy resumption of talks aimed at convincing North Korea to abandon its nuclear weapons program. China, the US, Japan, South Korea and Russia had been negotiating since 2003 to persuade Pyongyang to dismantle the program in exchange for aid and other concessions. The North pulled out of the talks about two years ago after being censured for launching a long-range rocket. It has indicated a willingness in recent months to return to the table. The 10-member Association of Southeast As...

Army: Gunmen kill Indonesia soldier in Papua

 Associated Press, Jayapura | Thu, 07/21/2011 6:47 PM An army officer says unidentified gunmen have ambushed Indonesia soldiers and killed one of them in the easternmost province of Papua. The chief army officer in Papua says soldiers are still searching for the gunmen. Maj. Gen. Erfi Triassunu said the ambush Thursday morning happened outside a village in the hilly district of Puncak Jaya. Triassunu said the victim was a first private killed by a shot to his head. No information was available on the other soldiers. The attack occurred one day after a military tribunal indicted three low-ranking soldiers for killing a civilian in Puncak Jaya last year. Papua is a former Dutch colony incorporated into Indonesia in 1969 after a U.N.-sponsored ballot. A small, poorly armed separatist movement has battled for independence ever since.