TSA asked to ensure safety of customer data after Clear closing
Transportation security agency given July 8 deadline to explain how private information will be safeguarded
Computerworld - The chairman of the House Committee on Homeland Security has given the Transportation Security Administration until July 8 to explain how the agency plans to ensure the security of private data collected by a recently shuttered company that offered a registered traveler program.
In a letter to the TSA's acting assistant secretary, committee Chairman Bennie Thompson (D-Miss.) expressed his concern over the abrupt closure of Verified Identity Pass Inc.
For a $199 annual fee, New York-based VIP offered a service called Clear that was designed to help air travelers get through airport security checks faster by vetting their identities and backgrounds in advance.
VIP was the largest of seven private companies approved by the TSA to operate a registered traveler program. VIP announced it was ceasing operations on June 21 because of financial reasons. The announcement prompted immediate concerns about the privacy and security of the detailed personal identity information, including fingerprints, iris scans and digital images, the company had collected on its approximately 260,000 customers.
In his letter last Friday, Thompson expressed similar concerns over the "handling" of personal identity data in the aftermath of the Clear shutdown. Though the registered traveler program is run by private companies, it is authorized by the TSA, which set specific requirements for the operators to follow, Thompson said. The requirements included the need for every operator of the service to collect details such as full legal names, home address, date and place of birth, gender, height, driver's license number, passport details and other information.
At the same time, the agency appears to have been silent on what steps should be taken if a company that collects the data were to go out of business, merge or be acquired by another company, Thompson noted.
"We are concerned about the security and safety of the information currently held by Clear," Thompson wrote. He asked the TSA to explain what role it will play in ensuring that "adequate privacy protections are in place prior to any disposition of the personally identifiable information." He also asked whether VIP had informed the TSA about its plans to shut down Clear, and whether the agency had asked the company about its plans for securing the personal data.
A TSA spokesman said the agency is in the process of drafting a response to Thompson's letter. The spokesman also pointed to an FAQ that the TSA posted on its Web site on Monday that directed questions about the Clear program back to the vendor.
"CLEAR has assured TSA that it is appropriately safeguarding the data," the FAQ noted. It also said that registered traveler service providers are required to use any collected data solely for the purpose for which it was intended unless customers had "expressly opted-in to other uses."
VIP, after initially offering no details on its plans for the collected data, has been more forthcoming over the past few days. In a note posted on the company's Web site, VIP assured customers that their information is being secured in conformance with the TSA's security and privacy requirements. The note also said that the company is using a "triple wipe" process to completely erase hard disks containing customer data at airports.
In addition, Lockheed Martin, the lead systems integrator for the Clear program, "remains committed" to protecting the privacy of information stored on VIP's central databases, the note said.
Despite such assurances, the company left open the possibility that the data could end up being acquired or sold to a third party, but only if it was going to be used for a registered traveler program.
"If the information is not used for a Registered Traveler program, it will be deleted," VIP said.
Read more about Security in Computerworld's Security Topic Center.
- The 20 Best iPhone/iPad Games of 2013 So Far
- 9 Steps to Build Your Personal Brand (and Your Career)
- 7 Consumer Technologies Coming to an Enterprise Near You
- 11 Signs Your IT Project is Doomed
- A walking tour: 33 questions to ask about your company's security
- 15 social media scams
- The 7 elements of a successful security awareness program
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Harness IT -- An Introduction to Business Intelligence Solutions
- Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Business Intelligence Shows its Smarts
- Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used...
- Proactive Planning for Big Data
- Big data is less about the terabytes and more about the query tools and business intelligence needed to make sense of massive amounts...
- Inquiry Spotlight: Consumer-Facing Identity
- The challenges of consumer-facing identity management, access management, and authentication differ in ways subtle and dramatic from those of the employee-facing variety. All Government IT White Papers
- Becoming An Analytics Driven Organization
- Join us on Tuesday, June 18, 2013, 11:00 AM EDT and learn how your agency can create an analytics culture that will enable...
- 3 Reasons Why Sepaton is the World's Fastest Backup Solution
- Leading analyst, Storage Switzerland learns how Sepaton backs up and deduplicates massive data volumes while maintaining the industry's fastest performance - all in...
- Enterprise File Sharing: All You Need to Know
- Security. Scalability. Control. These are just some of the many benefits of enterprise cloud file-sharing that you'll discover in this KnowledgeVault, packed with...
- Bridging HTTP and FTP with FileXpress Internet Server
- What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
- MFT and FileXpress - An Overview
- Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity. All Government IT Webcasts