Verified Identity Pass & Clear Vanish : Why & What Happens Now?
Web: www.thetravelstrategist.com — E-Mail: fish@flyingwithfish.com
24/06/2009 – Verified Identity Pass & Clear Vanish : Why & What Happens Now?
The departure of the Registered Traveler “Clear Program” isn’t all that clear. What is clear is that on the morning of Monday June 22nd Clear sent out an easy to overlook, rather unclear, e-mail to its users informing them that Clear would cease to exist at 11:00pm PST.
While many airline industry observes are focusing on what caused Verified Identity Pass’ ‘”Clear” to abruptly close, the root causes of Clear’s demise is quite clear to me.
Clear, formerly the largest Registered Traveler program provider, failed to meet the majority of its objectives as originally promised to its members and misjudged its value to frequent flyers
Below are four simple reasons clear failed and has jeopardized the Registered Traveler program:
1) Clear was only available at 22 of the roughly 600 airports in the U.S. certified to operate commercial airline flights. Of the 10 busiest airports in the U.S. by passenger traffic, Clear was only available at 3.5 of them (3.5 of them because Clear was only available in limited terminals at JFK Airport). Of the top five busiest airports in the U.S. Clear was only available at two of them, on of which has a high transfer traffic, rather than origin traffic whom would be the primary benefactors of Clear.
2) Those who used the Clear program were required to remove their shoes, remove their jackets, remove their laptops, proceed through standard TSA check points, subject to “SSSS” on boarding passes and subject to secondary screening.The Registered Traveler program was supposed to simplify this process.
3) Clear was never embraced by the Transportation Security Administration (TSA) or many airlines. The TSA largely felt as if clear was forced upon them and was potentially a competitor. Many airlines viewed Clear’s ‘cut the line’ perk as a competitor to their established ‘elite access lines.
Aside from the four simple reasons clear failed, Verified Identity Pass (VIP) was also unable to prove its ability to secure the sensitive data its members entrusted it with. While VIP operated under the authority of the Department of Homeland Security (DHS) their practices of not encrypting data is quite shocking.
In May of 2008 a laptop containing the complete personal information of 33,000 Clear users and applicants was found to be missing from an unsecured Clear office at San Francisco International Airport. It was mysteriously found 10 days later exactly in the spot it went missing from. The missing laptop with names, dates of birth, passport numbers, credit card information and biometric data for 33,000 Clear users and applicants was not encrypted. The laptop did require two passwords, however two passwords can be fairly easy to bypass by a hacker. Once the laptop was found it was determined that it was ‘intact’ with no investigation of whether or not the hard drive had been cloned before the laptop was returned.
You can read what I had written regarding this incident in detail here:
5/08/2008 – ‘Clear’ Registered Traveler User Information Stolen
9/08/2008 – Stolen ‘Registered Traveler’ Laptop Found, But Is The Data Safe?
Given VIP’s lack of security surrounding the sensitive data provided by Clear users, what happens to this data now? The company is bankrupt, its phones are off and it’s out of money.
VIP claims that they will comply with the TSA and delete all the files. Formatting all the hard drives is time intensive and expensive, who will cover the costs of a supervised and secure removal of all the sensitive data? With VIP having secure date stored on non-encrypted hardware what security measures are in place to ensure that the data will not be pirated?
Currently VIP is in possession of the personal data for more than 260,000 individuals (it is probably closer to 300,000 individuals). This data includes not only full-names, dates of birth, addresses, passport numbers and credit card numbers, but also individual biometric information including retinal scan and finger prints. Access to this range of information creates countless security risks.
While some are down playing the security risks posed by the access to VIP’s user data I see a risk far beyond bank fraud and credit theft.
While it is widely accepted that the majority of Clear’s users included a range of business travellers and some leisure travellers, there are quite a few ‘higher profile’ users that create a significant security risk. Some of the ‘high profile’ users of Clear include government officials, high level scientists, politicians, security and defense experts, financial executives and others who would be of ‘significant interest.’ Who are these users a ‘significant interest’ to? Probably not terrorists, but more likely for identity theft, corporate espionage, national security breaches, information theft, extortion and other not so nice things.
From here the company assets will be sold off, but what happens to the data if it is not cleared off all the hardware? What if another company wants to purchase the assets including all the customer data? Possibly a competitor or an upstart Registered Traveler provider?
VIP has failed to maintained security standard throughout its short history. It is not often I suggest that the Department of Homeland Security (DHS) get involved in anything, however the potentially best outcome is that the DHS step in, seize the hardware and directly oversee the destruction of all of VIP’s Clear files prior to the liquidation and sale of Verified Identity Pass and Clear’s assets.
Happy Flying!
My take on the failure of Clear is that the program was not optimally marketed. First, as a frequent flyer myself, the only time I saw the program “advertised” was seeing the Clear contraption at those 18 airports (these 18 airports were not the best selections as it were). I’m not sure if the program was directly advertised to large businesses that could benefit from saving their executives time. If it wasn’t, the program should have. Second, the price was too low. Assuming there are 3 million business travelers (out of 35+mm in U.S.), that fly at least twice a month, that save 15 minutes of time with Clear, and that make $100k per year. Then $200 per year is a great deal from a time value/cost perspective. (6hr time saving X $50/hr = $300 time value is greater than the $200 cost). Further on price, the target users (or should have been) of Clear, the road warrior executive business folks, are not as price elastic as less frequent travelers/leisure travelers. Hence, Clear, in my estimate, could have gotten $500 to $750 per TARGETED user. If Clear would of charged this price, gone after the top 25 airports (2/3rds of all airport volume), and advertised to corporations/business travel magazines, Clear might still be around.
While much of the data is a concern, I think you misunderstand the biometric aspects. Take fingerprints as an example. When you scan your fingerprint for the first time, the biometric data used is called minutiae and it is not a complete image of your fingerprint. Instead, it creates dots at the spots on your fingerprint where lines separate or converge. The biometric system stores these maps, but that minutiae cannot re-create the full image of your fingerprint.
Essentially, it’s just a template used to match against an original scan of the fingerprint. The scanned image gets discarded after the match. This technique is faster than trying to match a full image scan, requires far less data storage, and eliminates the possibility of someone using a stored image to obtain an authentication. The security risks you mention from biometric scans only exist in the paranoid minds of those who do not understand how the systems work.
William,
The biometrics are not my concern for those who would be a target risk. Gaining access to secure rooms, building, labs, etc, requires multiple layers of security including being in direct possession of a key-card and/or other device that must be with the person.
What worries is me is the other information information that can lead to access to higher level identity theft for higher risk Clear users. Finding a full name, address, date of birth is easy . Finding someone’s social security number isn’t as had as it should be, but getting access to passport numbers and credit card numbers for Clear users creates the ‘whole package’ for identity theft.
That worries me. The scans are less of a worry, but they still do pose a security risk , but not nearly as devastating as someone’s completed security background check, as carried out to the standards of the Dept of Homeland Security. The DHS may have flaws, but their background checks tend to be pretty thorough.
Happy Flying!
– Fish
Given that Clear had degenerated to just a quick line through security, the $199 was actually too much to pay. If they had implemented some of the orginally suggested features, keeping shoes on, leaving laptop in (normal) briefcase, it might have worked. Obviously, the $199 rate is not enough to support Clear, but I would have balked at anything above that. Of course now, I am stuck with indeterminate waits at my home airport, as they do not have an elite line there. Maybe it disappeared because of Clear, so hopefully it may return.
My hometown airport is Tampa Int’l and they never embraced this concept. They usually get it right, so I shouldn’t be surprised that they did this time as well. They instead spent a lot of money on adding security lanes and automating checked-luggage scanning to get more TSA agents top-side to handle the throngs.
TIA has also embraced this more democratic approach:
http://www.tsa.gov/approach/black_diamond.shtm
You may have already seen this information, but here’s something from one of our local news columnists about the sensitive information on the Clear computers.
http://blogs.orlandosentinel.com/business_thebottomline/2009/06/clear-in-process-of-destroying-customer-data.html