TSA asked to ensure safety of customer data after Clear closing
Transportation security agency given July 8 deadline to explain how private information will be safeguarded
Computerworld - The chairman of the House Committee on Homeland Security has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of private data collected by a recently shuttered company that offered a registered traveler program.
In a letter to the TSA's acting assistant secretary, committee Chairman Bennie Thompson (D-Miss.) expressed his concern over the abrupt closure of Verified Identity Pass Inc.
For a $199 annual fee, New York-based VIP offered a service called Clear that was designed to help air travelers get through airport security checks faster by vetting their identities and backgrounds in advance.
VIP was the largest of seven private companies approved by the TSA to operate a registered traveler program. VIP announced it was ceasing operations on June 21 because of financial reasons. The announcement prompted immediate concerns about the privacy and security of the detailed personal identity information, including fingerprints, iris scans and digital images, the company had collected on its approximately 260,000 customers.
In his letter last Friday, Thompson expressed similar concerns over the "handling" of personal identity data in the aftermath of the Clear shutdown. Though the registered traveler program is run by private companies, it is authorized by the TSA, which set specific requirements for the operators to follow, Thompson said. The requirements included the need for every operator of the service to collect details such as full legal names, home address, date and place of birth, gender, height, driver's license number, passport details and other information.
At the same time, the agency appears to have been silent on what steps should be taken if a company that collects the data were to go out of business, merge or be acquired by another company, Thompson noted.
"We are concerned about the security and safety of the information currently held by Clear," Thompson wrote. He asked the TSA to explain what role it will play in ensuring that "adequate privacy protections are in place prior to any disposition of the personally identifiable information." He also asked whether VIP had informed the TSA about its plans to shut down Clear, and whether the agency had asked the company about its plans for securing the personal data.
A TSA spokesman said the agency is in the process of drafting a response to Thompson's letter. The spokesman also pointed to an FAQ that the TSA posted on its Web site on Monday that directed questions about the Clear program back to the vendor.
"CLEAR has assured TSA that it is appropriately safeguarding the data," the FAQ noted. It also said that registered traveler service providers are required to use any collected data solely for the purpose for which it was intended unless customers had "expressly opted-in to other uses."
VIP, after initially offering no details on its plans for the collected data, has been more forthcoming over the past few days. In a note posted on the company's Web site, VIP assured customers that their information is being secured in conformance with the TSA's security and privacy requirements. The note also said that the company is using a "triple wipe" process to completely erase hard disks containing customer data at airports.
In addition, Lockheed Martin, the lead systems integrator for the Clear program, "remains committed" to protecting the privacy of information stored on VIP's central databases, the note said.
Despite such assurances, the company left open the possibility that the data could end up being acquired or sold to a third party, but only if it was going to be used for a registered traveler program.
"If the information is not used for a Registered Traveler program, it will be deleted," VIP said.
Read more about Security in Computerworld's Security Topic Center.
This state transportation department uses computer science students from a local university as programming interns, and everyone is happy with the arrangement -- until one intern learns how to bring down the mainframe.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Path Selection Infographic
- Path Selection Infographic
- Hyperconvergence Infographic
- A wide range of observers agree that data centers are now entering an era of "hyperconvergence" that will raise network traffic levels faster...
- Preparing Your Infrastructure for the Hyperconvergence Era
- From cloud computing and virtualization to mobility and unified communications, an array of innovative technologies is transforming today's data centers.
- How WAN Optimization Helps Enterprises Reduce Costs
- If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity... All Government IT White Papers
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the...
- Endpoint Data Management: Protecting the Perimeter of the Internet of Things Not surprisingly, "Internet of Things" (IoT) and Big Data present new challenges AND opportunities for enterprise IT. Teams need to harness, secure and...
- All Government IT Webcasts