The Transportation Security Administration (TSA) has suspended its "Clear" registered airline traveler program after a laptop containing personal data on 33,000 pre-enrolled members of the program was stolen from San Francisco International Airport.
The laptop was discovered missing from a locked office at the airport on July 26. The computer, which was password-protected but not encrypted, contained data such as names, addresses, dates of birth, driver's license numbers, and other information.
The data included on the laptop was for new members of the "Clear" program who had not completed the registration procedure.
Verified Identity Pass, Inc (VIP)., the company running the "Clear" program, minimized the risk of identity theft from the stolen data. "There is no reason to believe this is anything other than the simple burglary of a laptop, which the local police are investigating,"
said (VIP) founder CEO Steven Brill. "For it to be more than that, the thief would have to hack into two different passwordsand even then would not get what identity thieves want mosta Social Security number and/or credit card information."TSA has ordered VIP to update its security procedures, including encryption for all of its laptops, and to submit to an independent audit to ensure it is in line with TSA's standards before allowing it to resume registrations.
TSA said current "Clear" members would not be affected.
There are several "Registered Traveler" programs in operation around the country, enabling passengers to cut ahead in boarding lines by providing extensive personal data to the TSA and its contractor companies, and by paying regular fees per year. VIP's "Clear" program, with over 48,000 members and service in thirteen airports, is the largest of the programs.
VIP head Brill had previously made news for challenging the TSA's plans to increase fees for the Registered Traveler program to pay for screener salaries. Brill insisted that additional personnel were not needed to handle the "Clear" express boarding lines. The TSA eventually agreed to rescind the proposed rate hike.
Brill also supported the addition of a "ShoeScanner" tool to scan customers' feet without forcing them to remove their shoes during boarding. TSA chief Kip Hawley opposed the new technology, and the program was eventually dropped.
The laptop theft is the latest in a long string of embarrassing gaffes and privacy violations for the TSA, including the creation of a Web site designed to help passengers remove their names from terrorist watch lists that was so insecure it put them at risk for identity theft.
The "Clear" program in particular has been criticized for providing a quick way for wealthier passengers -- or criminals willing to pay-- to board flights without providing any real security benefit.
Writing about "Clear" in 2007, security analyst Bruce Schneier said, "The truth is that whenever you create two paths through security -- a high-security path and a low-security path -- you have to assume that the bad guys will find a way to exploit the low-security path."
