An unsecure laptop containing personal information of 33,000 travelers applying for a fast-pass plan was never switched on during its apparent weeklong absence from San Francisco International Airport, though the incident has forced a federal agency to shut down its nationwide security program.
Officials from Verified Identity Pass, the firm under contract with the federal Transportation Security Administration to run the Clear program, said it was impossible that any information about passengers could have been released.
Company spokeswoman Allison Beer said it still wasn’t clear whether the laptop was stolen, misplaced or simply overlooked. An investigation by was conducted by the San Mateo County Sheriff’s Office, the Transportation Security Administration and consultants hired by the company. Beer said most of the applicants involved are Bay Area residents. All of the information, investigators revealed, was not encrypted.
The laptop was found inside the company’s locked office at SFO on Thursday morning — a week after being reported missing to police and five days after being reported to the TSA.
The laptop contained the names, addresses and birth dates of applicants in the Clear program, which allows registered travelers a “fast pass” through airport security lines. It also contained passport, driver’s license and green card information for some of the passengers. SFO was one of the first airports to use the Clear program.
The missing laptop, which was used as part of an enrollment kiosk taken to sites around the Bay Area, caused a national incident as the TSA clamped down on all Clear enrollments nationwide. TSA spokesman Nico Melendez said officials at SFO and all other airlines using Clear have been ordered to ensure that Verified Identity Pass suspends enrollment and ceases use of any unencrypted computers. Current users will be unaffected.
Beer acknowledged that the information on the laptop was not encrypted and said the fiasco has been a learning experience for the company.
“Ultimately, it was our mistake,” she said. “All information will be encrypted moving forward.”
Flying from SFO to Toronto on Tuesday, San Francisco resident Tom Flak said he believes the incident was an isolated one and would still consider using the Clear service.
“I don’t believe it is a problem specific to Clear, but rather it is a general problem now with technology,” Flak said. “There are too many company employees running around with sensitive information on their laptops. Back in the day, sensitive data was filed in a drawer in an office. I like to think that Clear’s accidental data loss could have happened at any level from corporate on down to security.”
TSA officials made no predictions as to when the Clear program would be up and running again, but Beer said she expected it would resume “within days.”
A letter to everyone affected by the incident will go out today.
Airports using the Clear program:
- Albany (N.Y.) International
- Cincinnati/Northern Kentucky International
- Indianapolis International
- Little Rock (Ark.) National Airport
- Newark (N.J.) Liberty International
- John F. Kennedy International (New York City)
- LaGuardia (New York City)
- Orlando (Fla.) International
- Reno-Tahoe International (Reno, Nev.)
- San Jose International
- San Francisco International
- Westchester County (Harrison, N.Y.)
How it works:
- Present biometric card to security officer
- Use thumbprint or iris scan to verify identity via machine
- Put carry-on belongings in bin to be scanned
- Walk through metal scanner
Source: Verified Identity Pass