Whoops   1 comment

Have you heard of “Clear”?

No, it’s not a drug, it’s a travel program in which you give a company access to lots of personal information about you in return for a “get out of security free” card which enables you to bypass the security screening at the airport.

No, I’m not going to talk about why this program is utterly boneheaded, but if you’re interested in commentary you can read this thread (this provides some random internet commentary).  The money quote from Bruce’s post:

But the stupid idea is the background check. When first conceived, traveler programs focused on prescreening. Pre-approved travelers would pass through security checkpoints with less screening, and resources would be focused on everyone else. Sounds reasonable, but it would leave us all less safe.

Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.

And the hilariously prescient part:

And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.

Reportedly, FlyClear has managed to lose a laptop with 33,000 records containing information on registered members of the program.  Thanks for the story, BreakItDown (although, note a minor criticism, references in your blog stories are a good idea).  As a result, new memberships in the program are currently suspended.  Very well done, Verified Identity Pass, Inc., nothing boosts your credibility more in the security marketplace than losing your customer’s data in an unencrypted format.

From the Tribune link:

“The vulnerabilities came to light after an unencrypted VIP laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26,” the TSA said. “The computer contained pre-enrollment records of approximately 33,000 customers.”

The Clear program, which is operated by Verified Identity Pass, Inc., a private company based in New York City, checks credentials and issues “Clear” identity cards to frequent travelers, who pay an initial fee of $128 a year. The cards allow travelers to scan their cards and move quickly through security.

The TSA, in a statement, said it has asked the company to stop enrolling new customers until it stops using unencrypted computers. “VIP will be required to submit an independent audit, verifying that the required security measures are in place. TSA will verify the audits before enrollment procedures can resume,” the TSA said.

[Edited to add] – Bruce’s direct commentary on this story.

Advertisements

Posted August 5, 2008 by padraic2112 in news, security

One response to “Whoops

Subscribe to comments with RSS.

  1. Yeah, that’s the end of that company. I like your new look.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: