TSA asked to ensure safety of customer data after Clear closing
Transportation security agency given July 8 deadline to explain how private information will be safeguarded
Computerworld - The chairman of the House Committee on Homeland Security has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of private data collected by a recently shuttered company that offered a registered traveler program.
In a letter to the TSA's acting assistant secretary, committee Chairman Bennie Thompson (D-Miss.) expressed his concern over the abrupt closure of Verified Identity Pass Inc.
For a $199 annual fee, New York-based VIP offered a service called Clear that was designed to help air travelers get through airport security checks faster by vetting their identities and backgrounds in advance.
VIP was the largest of seven private companies approved by the TSA to operate a registered traveler program. VIP announced it was ceasing operations on June 21 because of financial reasons. The announcement prompted immediate concerns about the privacy and security of the detailed personal identity information, including fingerprints, iris scans and digital images, the company had collected on its approximately 260,000 customers.
In his letter last Friday, Thompson expressed similar concerns over the "handling" of personal identity data in the aftermath of the Clear shutdown. Though the registered traveler program is run by private companies, it is authorized by the TSA, which set specific requirements for the operators to follow, Thompson said. The requirements included the need for every operator of the service to collect details such as full legal names, home address, date and place of birth, gender, height, driver's license number, passport details and other information.
At the same time, the agency appears to have been silent on what steps should be taken if a company that collects the data were to go out of business, merge or be acquired by another company, Thompson noted.
"We are concerned about the security and safety of the information currently held by Clear," Thompson wrote. He asked the TSA to explain what role it will play in ensuring that "adequate privacy protections are in place prior to any disposition of the personally identifiable information." He also asked whether VIP had informed the TSA about its plans to shut down Clear, and whether the agency had asked the company about its plans for securing the personal data.
A TSA spokesman said the agency is in the process of drafting a response to Thompson's letter. The spokesman also pointed to an FAQ that the TSA posted on its Web site on Monday that directed questions about the Clear program back to the vendor.
"CLEAR has assured TSA that it is appropriately safeguarding the data," the FAQ noted. It also said that registered traveler service providers are required to use any collected data solely for the purpose for which it was intended unless customers had "expressly opted-in to other uses."
VIP, after initially offering no details on its plans for the collected data, has been more forthcoming over the past few days. In a note posted on the company's Web site, VIP assured customers that their information is being secured in conformance with the TSA's security and privacy requirements. The note also said that the company is using a "triple wipe" process to completely erase hard disks containing customer data at airports.
In addition, Lockheed Martin, the lead systems integrator for the Clear program, "remains committed" to protecting the privacy of information stored on VIP's central databases, the note said.
Despite such assurances, the company left open the possibility that the data could end up being acquired or sold to a third party, but only if it was going to be used for a registered traveler program.
"If the information is not used for a Registered Traveler program, it will be deleted," VIP said.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard
- This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting
- This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle
- This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle. All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts