The airport security fast-track company Clear, which closed abruptly Monday night, belatedly assured customers Tuesday that their data was safe, while the company’s main competitor dithered in the face of an opportunity to corner the market on getting people through airport security lines faster. Refunds of the $200 annual fee, the company also noted, were unlikely.
Clear, the most popular Registered Traveler company, shut down its airport lanes Monday night with just a few hours notice, stranding some 250,000 subscribers to its jump-to-the-front-of-the-airport security-line program and leaving them wondering Tuesday about refunds and the fate of the sensitive data they’d given the company.
Clear members’ concerns were real. Each of those travelers enrolled in Clear biometric identification program that let them enter the company’s dedicated security lanes in 20 of the nation’s busiest airports. That means that the company’s databases have digital images of their fingerprints, irises and faces — along with date of birth, Social Security number, place of birth, gender, address, phone numbers, e-mail addresses, employer, driver’s license number and height. Oh, and credit card numbers, too.
The company’s website Monday simply said it had run out of money.
On Tuesday, no one knew what would happen with the sensitive data.
Clear’s customer service line diverted to a message saying Clear is closed. The company’s founder and former CEO Steven Brill claimed he doesn’t know what happened to the company. The Transportation Security Administration, which licensed Clear, didn’t know. GE, which invested more than $16 million in the company, didn’t know either.
And the company’s acting CEO Jim Moroney knew, but did not return a message Wired.com left on his cell phone.
Finally, late in the afternoon Tuesday, someone at the company updated the website to say that Clear would delete the data.
Applicant and Member data is currently secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards. Verified Identity Pass, Inc. will continue to secure such information and will take appropriate steps to delete the information.
Clear’s privacy policy (.pdf) seems to bar the company from selling the data, but does not say what happens if the company is liquidated or bought by another company. Nothing in the privacy policy explicitly prohibits a data-collection company from purchasing Clear just for its data on what is likely a largely well-heeled clientele.
Marc Rotenberg, who heads the Electronic Privacy Information Center, took the opportunity to pun off Deep Throat’s Watergate mantra to follow the money.
“Follow the data! It’s typically the primary asset,” Rotenberg said. “And what makes this collapse particularly interesting is that the data is so detailed and was collected to promote national security. Now it could be heading for eBay.”
Ari Schwartz of the Center for Democracy and Technology wondered also about the fate of users’ data but seemed happy to have Clear cleared out of the nation’s airports.”
“All it really was was a lane for rich people to get on the plane faster,” Schwartz said. “It had nothing to do with security.”
Steven Brill, the company’s founder, said he had no idea what happened, because he got forced out in February.
“I can only speculate about the causes of the company’s demise,” Brill said, though clearly he knows much more than the rest of the world. “What I do know for sure, however, is that the need for intelligent risk management hasn’t diminished and that programs like Clear should have a role in our future.”
What about the Registered Traveler program generally?
Clear was the most popular and well-known of the vendors in TSA’s open Registered Traveler program, which required that all vendors’ systems had to interoperate — at least for a few years.
Now that Clear is gone, what does the No. 2 company FLO have to say? Is it ready to snap up new customers and take over Clear’s lanes?
It hardly sounds that way from the statement put out by FLO senior vice president Fred Fischer:
Flo is currently working with other participants in the industry as well as the Transportation Security Administration to analyze the implications of this announcement and to formulate a plan for the advancement of the program. We have no additional comment at this time but would expect to release further information pending additional discussions with the TSA.
What does the TSA make of Clear clearing out of the nation’s airports?
“TSA has no comment on Verified Identity Pass’s announcement,” spokesman Greg Soule said by e-mail. “The Clear program was a market-driven, private sector venture offered in partnership with airports and airlines in certain locations.”
TSA, not surprisingly, never liked the program, which it viewed as competition, and never allowed the program to actually let so-called Registered Travelers actually skip any of the security checks that other passengers faced. That meant the security background check was simply for show, and TSA eventually abandoned the requirement.
Then-head of TSA Kip Hawley accurately described the RT program in 2008 as nothing more than “a front-of-the-line program with a good biometric ID.”
Ayal Vogel, a vice president at the biometric company Identica disputed even that assertion, arguing that Clear’s reliance on iris and fingerprints raised privacy issues that creeped out potential customers. Instead, the company should have been using technology like his company’s. It uses blood vessels under the skin to verify a person. That captured biometric avoids privacy questions, since it can’t be used for other purposes the way fingerprints can.
Signs of trouble came in March, when founder Steven Brill stepped down due to pressure from investors who led a financing round last fall. Those investors are still unknown and are likely to be the ones with the strongest claims to Clear’s assets, including any undeleted user data.
At the same time, lines at TSA had gotten better in many cities — with a few standout exceptions — cutting into the necessity for the cards. Add to that the dramatic decline in travel and the cutback in spending by individuals and corporations, and you have a recipe for large cash-flow problems.
While 250,000 paying customers sounds good, it’s not really not enough, not when you are trying to staff 20 airports, some with multiple checkpoints, from 4 a.m. to 11 p.m. daily.
For its part, Clear had long pushed for its card to do more, because its members had been vetted by the Transportation Security Administration to make sure they weren’t terrorists.
They wanted travelers to be able to be able to avoid getting picked for extra screening by computer algorithms and to keep their shoes and coats on. TSA was never convinced, and security experts derided the idea since it would not be hard for a terrorist organization to find ‘clean’ hijacking candidates who could get the cards.
GODZILLA GOVERNMENT 