Unclear What Happens to Personal Info with Clear
Mon, 06/29/2009 - 7:39am
Samantha Bomkamp, AP Transportation Writer
NEW YORK (AP) — More than a quarter million people are wondering what will happen to their fingerprints, social security numbers, home addresses and other personal information now that a company that sped them through airport security is out of business. Government officials are wondering too.
The sudden shutdown of the Clear program, run by Verified Identity Pass Inc., last week has raised more concerns about who keeps our personal information, how well it's protected from theft and whether it could be sold to the highest bidder.
If Verified files for bankruptcy protection or is taken over by another company, security experts say it's unlikely customers' private data would be handed over to creditors or new owners. But they — as well as some members of Congress — are starting to trace the data trail.
Worries about protecting personal information and the danger of identity theft cover many areas of life in the 21st century beyond travel — from drawing cash out of an ATM to handing a credit card over to a store or restaurant.
Clear said it will secure the personal information it gathered, which it says it handled according to Transportation Security Administration standards, and will "take appropriate steps to delete the information."
Clear only provided information to TSA when it was part of the agency's pilot program, Registered Traveler, which ended in July 2008.
In a statement on its Web site Friday, Verified Identity Pass said that all of its Clear airport kiosks have been wiped clean of data. Employees' laptops are in the process of being cleared.
Although it was a private company, Clear had to follow TSA guidelines and report personal information to the TSA to get its members through special fast-lane security lines at about 20 airports.
Spokesman Greg Soule said Friday that the agency didn't keep any data for passengers after July 2008, when Clear began operations as a fully private company. Soule said that the TSA is obligated to delete all information it collected during the pilot program by July 31.
Soule emphasized that Clear was a private company responsible for destroying its own data. But security experts are still questioning the TSA's methods. Some say the Transportation Security Administration should manage passenger data better and not store so much of it for so long.
"This question about whether or not (the TSA is holding on to information from Clear customers) is actually part of a bigger debate," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "This is just one of the long-running battles; they simply keep too much data on too many people for too long."
The intimate information shared with the TSA by Clear could leave some people especially vulnerable if there were a security breach, he said. In addition to information such as social security numbers and home addresses, Clear took eye scans, fingerprints and digital photos of every one of its approximately 260,000 members.
"I think the customers of Clear should be concerned about this," Rotenberg said. "Fingerprints are one of the most effective ways to (steal someone's) identity."
Clear grew out of the government agency's Registered Traveler program, which requires "biometric identifiers." Two similar companies — FLO and Vigilant, still operate similar databases, but are far smaller. Rotenberg said he doesn't believe that all the data the TSA collected from Clear members is going to be deleted. And the longer the data is held, the more potential there is for leaks.