A provider of the Transportation Security Administration’s Registered Traveler (RT) program has been suspended from enrolling new applicants after TSA learned “an unencrypted [Verified Identity Pass] laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.”
Verified Identity Pass operated Registered Traveler under the name “Clear.” The program is supposed to improve air travel security by creating “trusted” individuals who could go through security more quickly because their identities would have been confirmed as “clean” through the program. However, experts have explained that this just creates incentive for criminals to figure out a way to get into the “trusted” group – whether by creating fake identities that can withstand the program’s check or by using individuals who have no previously found connection to terrorists or other criminals.
According to a Washington Post report, “The laptop had the names, addresses and driver’s license or passport numbers of mostly online applicants to the Registered Travel program.” However, Clear records can contain more than that, such as: credit card data, biometric data (fingerprints and iris scans), and previous home addresses for the past five years.
Ironically, this news comes days after TSA announced that it would start expanding the Registered Traveler program beyond the 20 airports contained in the pilot program. A TSA official recently testified before Congress about the trusted traveler program, stating, “We continue to encourage private-sector investment and innovation to improve the passenger experience without sacrificing security.”
This latest security breach illustrates again the dangers inherent in consolidating personal information through the process of conducting the inherently flawed identification-based domestic aviation security program.