Verified Identity Pass Goes Kaput - Where is the Data Now? - CA on Security Management

This Blog

Home
Contact

Syndication

Verified Identity Pass Goes Kaput - Where is the Data Now?

Published: June 24 2009, 12:15 PM
by Merritt Maxim

On Monday, Verified Identity Pass announced that it will cease operation of its Clear program at 18 airports throughout the U.S. To the estimated 250,000 frequent fliers who had signed up for Clear Pass program and shelled out $200 annually for the privilege, this news was sudden and unexpected.

The Clear program was one of three registered traveler programs that enabled travelers to obtain priority at airport security. In light of the extra waits often encountered at airport security following the new post-9/11 rules, these registered programs seemed attractive. With Verified Identity Pass' announcement, the viability of such services is now in doubt.

The initial news on getting refunds back is not promising. Disregarding the financial impact of not getting a refund, there is a much more important identity question to ask, "What happens to the biometric data of the registered travelers?"

Biometrics are the one credential that cannot be revoked. Passwords can be changed, users can be removed from directories, smart cards can be locked, and certificates can expire, but your fingers, eyes and face are with you. And while most biometric systems only store a digital interpretation of this data, the point is that Clear possesses some unique data about 250,000 people and the future of that data is in some doubt. The FlyClear website has this short statement

"Applicant and Member data is currently secured in accordance with the Transportation Security Administration's Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will continue to secure such information and will take appropriate steps to delete the information."

On the surface, this sounds good, but given that the company is having financial difficulties, what assurances do we have that their systems are safe from attack and that personal data will not be compromised now? If the data is going to be deleted, what assurances are there that the data will be destroyed completely?

I don't mean to be an alarmist and all data may be handled correctly, but this business failure raises some important policy questions about ownership and protection of personal biometric data by third parties.

This will be an interesting case to monitor going forward.

Share this post: Email

Tags: IAM Trends, TSA, Privacy, Security, DLP, data loss prevention, Identity Management, FlyClear, biometrics

By: Merritt Maxim
Merritt Maxim has 15 years of product management and product marketing experience in the information security industry, including stints at RSA Security, Netegrity and CA Technologies. In his current role at CA Technologies, Merritt handles product marketing for CA's identity management and cloud...
Read More..

Comments:

No Comments

* An asterisk indicates a required field

* Name:

Website:

* Comment:

Remember Me?

Submit

CA Community

Verified Identity Pass Goes Kaput - Where is the Data Now?

Leave a comment

Leave a Comment