Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Clear" Air-Travel Pass Data Stolen From SFO

Posted by timothy on from the is-kip-hawley-thetan-clear? dept.

Kozar_The_Malignant writes "A laptop containing the unencrypted security data for 33,000 travelers using the Clear system was stolen at San Francisco International Airport on July 26, according to CBS5 Television. The Clear system allows travelers who register and pay a $100.00 annual fee to speed through airport security by using a smart card at special kiosks in some airports. TSA has suspended new registrations in the system, which is run by a private contractor, Verified Identity Pass, Inc., a subsidiary of GE. The laptop was apparently stolen from a locked office at SFO. The company has now decided that it might be a good idea to encrypt the data in their systems. They are in the process of notifying customers that all of their personal data, including name, address, SSi number, passport number, date of birth, etc. has been compromised."

6 of 379 comments (clear)

  1. Security theatre by BWJones · · Score: 5, Interesting

    To have a company intimately involved with *security* not apparently able to manage their own security in a manner that protects the country and their customers is a joke. Fine... having a laptop stolen is common enough and I don't fault them, but having unencrypted data of 33,000 of your customers on that laptop is a crime.

      I never liked the idea of handing over private information in the security theatre that our nation has become, but events like this where private companies motivated by the lowest common denominator really get under ones skin. Why the data was stored in unencrypted formats is inexcusable. I don't know what the penalty should be for something like this, but it should be commensurate with the potential damage it could cause.

    The whole point of outsourcing information and jobs like this to the private sector is to get the job done better and more efficiently. When the government then has to police these private companies like the TSA is apparently having to now do, the concept is made moot. So.... our options are to continue to live the security theatre with private companies like this or turn the job back over to the government (who's job it to ensure safety of travel and should not have been in the business of verifying identity for air travel anyway).

    Or... we could go back to the way things were when I could carry pocket knives on planes. (I also remember when you could carry long guns on planes back in the late 80's/early 90's.)

    --
    Visit Jonesblog and say hello.
    1. Re:Security theatre by greedyturtle · · Score: 5, Interesting

      This is a brilliant paper that sums it all up. It was posted on ./ a few years back, couldn't find the ./ story but I did find the paper:

      I've Got Nothing to Hide and Other Misunderstandings of Privacy

    2. Re:Security theatre by samkass · · Score: 4, Interesting

      That's only true in the very last stage of bidding on government contracts. The key is to have the requirements written "properly". I put the last word in quotes because every contractor wants their special value-add to be made a requirement of all bid requests-- that way they're always cheapest and win the final bid. By the time the final wording is written into any request for proposals, the winner is usually no surprise.

      --
      E pluribus unum
  2. How does this system improve security, anyway? by Reality+Master+201 · · Score: 4, Interesting

    Assuming this system allows them to reliably identify a person, so what? Do they do extensive background checks and continuous monitoring to ensure that the people aren't involved in terrorism? Or if I have no obvious problems in my background and enough money to pay for it, can I get treated differently too?

    Does it basically come down to people paying to not have to stand in line with the rest of humanity at the airport?

  3. Skeptical by PPH · · Score: 5, Interesting

    I'm becoming quite skeptical about this whole 'stolen laptop' B.S. After the first few big news stories, I'd expect most corporations to have strict guidelines in place to prevent this sort of thing. And a policy of coming down hard, very hard, on violators.

    I wonder how much one can get per personnal record for selling this sort of data to organized crime. And cover your ass by reporting a stolen laptop.

    --
    Have gnu, will travel.
  4. Re:Current Consumer Reports Magazine by cmat · · Score: 4, Interesting

    I wonder how that number is affected when one considers that the government is more likely to be required to report these types of crimes whereas a private company is not (for the most part).

    --
    -- Humans, because the hardware IS the software.