Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

"Clear" Air-Travel Pass Data Stolen From SFO

timothy posted more than 6 years ago | from the is-kip-hawley-thetan-clear? dept.

Privacy 379

Kozar_The_Malignant writes "A laptop containing the unencrypted security data for 33,000 travelers using the Clear system was stolen at San Francisco International Airport on July 26, according to CBS5 Television. The Clear system allows travelers who register and pay a $100.00 annual fee to speed through airport security by using a smart card at special kiosks in some airports. TSA has suspended new registrations in the system, which is run by a private contractor, Verified Identity Pass, Inc., a subsidiary of GE. The laptop was apparently stolen from a locked office at SFO. The company has now decided that it might be a good idea to encrypt the data in their systems. They are in the process of notifying customers that all of their personal data, including name, address, SSi number, passport number, date of birth, etc. has been compromised."

cancel ×

379 comments

Sorry! There are no comments related to the filter you selected.

Security theatre (5, Interesting)

BWJones (18351) | more than 6 years ago | (#24481331)

To have a company intimately involved with *security* not apparently able to manage their own security in a manner that protects the country and their customers is a joke. Fine... having a laptop stolen is common enough and I don't fault them, but having unencrypted data of 33,000 of your customers on that laptop is a crime.

  I never liked the idea of handing over private information in the security theatre that our nation has become, but events like this where private companies motivated by the lowest common denominator really get under ones skin. Why the data was stored in unencrypted formats is inexcusable. I don't know what the penalty should be for something like this, but it should be commensurate with the potential damage it could cause.

The whole point of outsourcing information and jobs like this to the private sector is to get the job done better and more efficiently. When the government then has to police these private companies like the TSA is apparently having to now do, the concept is made moot. So.... our options are to continue to live the security theatre with private companies like this or turn the job back over to the government (who's job it to ensure safety of travel and should not have been in the business of verifying identity for air travel anyway).

Or... we could go back to the way things were when I could carry pocket knives on planes. (I also remember when you could carry long guns on planes back in the late 80's/early 90's.)

Re:Security theatre (5, Insightful)

boaworm (180781) | more than 6 years ago | (#24481465)

Yea, and this also brings some interesting light to the issue with "If you have nothing to hide, why don't you want to provide us with your [biometrics|passport|id|*]" argument.

Refusing to give away address, email, phones, SSID along with fingerprints is almost considered a crime in itself right now, since if you are not planning on terrorist activities, you don't have anything to hide, have you!?

But here, perfectly innocent people suddenly have all their personal information spread to criminal groups or whoever end up being the buyer of this information.

Scary stuff...

Re:Security theatre (3, Insightful)

BWJones (18351) | more than 6 years ago | (#24481611)

Yeah.... You have nothing to fear except fear itself..... and incompetence. So, just hand your data over to us and we'll verify that you are who you are which really does nothing for national security anyway because there is nothing that prevents someone from getting "cleared", then carrying out a crime later.

Re:Security theatre (4, Funny)

Devil's BSD (562630) | more than 6 years ago | (#24482223)

Refusing to give away address, email, phones, SSID along with fingerprints is almost considered a crime in itself right now

I have no problem giving you my SSID, it's the WPA2 key that I have a problem giving out ;)

Re:Security theatre (0, Redundant)

xeniast (575383) | more than 6 years ago | (#24481521)

well duh !

Re:Security theatre (5, Insightful)

Cruciform (42896) | more than 6 years ago | (#24481579)

The whole point of outsourcing information and jobs like this to the private sector is to get the job done better and more efficiently.

That might be the point for you, but for the government officials there are other points to consider:

1) Who bid the lowest.
2) Will the company chosen contribute enough money to my/our campaign in the future.
3) Is there a way I can profit from my choice of contractor.

The idea that someone would believe a company is chosen for its actual merits is ludicrous.

Re:Security theatre (5, Insightful)

Anonymous Coward | more than 6 years ago | (#24481761)

The idea that someone would believe a company is chosen for its actual merits is ludicrous.

Well, choosing a company based on something abstract like merits is illegal because it's often used to hide #2 and #3. Price is the only consideration you are allowed. Yes, it's stupid, but it's the way the taxpayer demands it be done.

Honestly, do you think larger corporations are any different? Deals are always given to good old boy friends who will give you something later. It's not even illegal, like it is in government.

Re:Security theatre (4, Interesting)

samkass (174571) | more than 6 years ago | (#24482229)

That's only true in the very last stage of bidding on government contracts. The key is to have the requirements written "properly". I put the last word in quotes because every contractor wants their special value-add to be made a requirement of all bid requests-- that way they're always cheapest and win the final bid. By the time the final wording is written into any request for proposals, the winner is usually no surprise.

Mod Parent Informative (0, Redundant)

mpapet (761907) | more than 6 years ago | (#24481807)

Concise, well written.

Current Consumer Reports Magazine (4, Informative)

BitterOldGUy (1330491) | more than 6 years ago | (#24481863)

disagrees with you (Sept 2008) Government is by far the worst offender for IS leaks.

See page 32.

Re:Current Consumer Reports Magazine (4, Interesting)

cmat (152027) | more than 6 years ago | (#24482261)

I wonder how that number is affected when one considers that the government is more likely to be required to report these types of crimes whereas a private company is not (for the most part).

Re:Security theatre (1)

nasor (690345) | more than 6 years ago | (#24481743)

That was my first thought as well. When some random company that sells carpet or bulldozers or hamburgers makes stupid decisions about data security and customer information is stolen, yeah, it's idiotic. But these guys are supposed to be a security company.

That's okay... (2, Funny)

Anonymous Coward | more than 6 years ago | (#24481755)

Our company was being audited for security, and the auditors lost their papers with information on logins, etc. As a result, we had to change all of our passwords.

Re:That's okay... (4, Informative)

jacquesm (154384) | more than 6 years ago | (#24481903)

a security audit does not require you to give up your logins / passwords, if it does you're likely being social engineered.

Re:Security theatre (4, Insightful)

rk (6314) | more than 6 years ago | (#24481825)

The whole point of outsourcing information and jobs like this to the private sector is to get the job done better and more efficiently.

That's the ostensible reason, the one they use to sell it to those who distrust government spending like libertarians, fiscal conservatives and some old-school Republicans.

The real reason is usually to privatize the profit centers, while continuing to keep the cost centers public, so the old boy network can continue to get slopped at the public trough.

Re:Security theatre (3, Interesting)

Profane MuthaFucka (574406) | more than 6 years ago | (#24481937)

Corporate Death Penalty! It's an option that is seldom used, but should be used more and more.

When corporations break the law and are found guilty, their existence as corporations should be ENDED.

Re:Security theatre (1, Interesting)

Anonymous Coward | more than 6 years ago | (#24481963)

When a company makes others vulnerable to identity theft by not securing our most personal data, I've always thought that the appropriate punishment would be to allow each person affected to walk into any office of the company and take any one item from the company. This would give the company a very similar risk for the loss of this data as we have by making them suffer a potential loss of unknowable size which is exactly the same risk you have when your identity is stolen. When the risks are not equalized, the company has no real benefit from protecting the data of the customer because the company suffers very little when the data is compromised.

Oh Please (5, Informative)

mpapet (761907) | more than 6 years ago | (#24482069)

Having worked the contractor side of Identity projects, I promise you the story as provided in the summary is the working norm.

Unsecured computers in the field with live identity information? Check.

Multiple copies of identity information floating around? Check.

Many **totally** unaware employees in the field with private data? Check.

Many **totally** unaware employees at the contractor's office passing private data? Check.

It boggles my mind anyone would believe it's better than that. The contractor suffers no consequences and the burden falls on the individual.

Which, is why the rules, regs, and standards for handling private information is ***perfectly*** designed in the U.S. Not that any of you would get off your collective asses and do anything to change it.

Re:Security theatre (1)

QuietLagoon (813062) | more than 6 years ago | (#24482105)

To have a company intimately involved with *security* not apparently able to manage their own security in a manner that protects the country and their customers is a joke.
.

Does the phrase lowest bidder mean anything? :(

What? (1)

snl2587 (1177409) | more than 6 years ago | (#24481335)

The company has now decided that it might be a good idea to encrypt the data in their systems.

Then they've clearly hired the wrong people for the job. But since when is news like this anything new?

Re:What? (2, Funny)

omeomi (675045) | more than 6 years ago | (#24481453)

Then they've clearly hired the wrong people for the job. But since when is news like this anything new?

But they were the ones who bought enough congressmen and senators to get the job...surely you're not suggesting there's a better way to choose government contractors?

Let me just say. (0)

Anonymous Coward | more than 6 years ago | (#24481339)

HAH!

Does nobody use disk encryption? (1)

jandrese (485) | more than 6 years ago | (#24481355)

If you have customer (or business!) data on a laptop, there is really no reason at all to not have full disk encryption on it. Laptops are stolen all of the time and this is the sort of publicity your company does not need.

Re:Does nobody use disk encryption? (4, Insightful)

AJWM (19027) | more than 6 years ago | (#24481483)

WTF was data like this doing on something nice and portable like a laptop anyway? I bet it was in an Excel spreadsheet (the database of choice for PHBs everywhere) too.

(And yes, it should have been encrypted.)

Re:Does nobody use disk encryption? (3, Insightful)

xgr3gx (1068984) | more than 6 years ago | (#24481719)

I know really. It's always laptops with critical data.
A laptop should be nothing more than a client to the critical data. (Obviously with proper login and security to connect to whatever hosts the critical data)
Bah! So dumb!

Re:Does nobody use disk encryption? (1)

jandrese (485) | more than 6 years ago | (#24481821)

In my experiance, that works great until you have to go somewhere with crappy connectivity. Sometimes real life will make a mockery of your best laid plans.

Re:Does nobody use disk encryption? (2, Insightful)

cream wobbly (1102689) | more than 6 years ago | (#24481965)

Screw disk encryption. The data should not have been on the laptop in the first place. It should have been in a secure location, reached by secure connections.

Then if the laptop is stolen, the most the thief will get is the method by which the data is reached, and possibly the IP of the server. Because nobody saves usernames and passwords, right?

Right?

How many times does this need to happen (3, Insightful)

Gat0r30y (957941) | more than 6 years ago | (#24481369)

Before they require hardware based encryption for drives containing this sort of data? It seems completely ridiculous to me that they would keep sensitive data like this on an unencrypted drive.
One word of this: Incompetent.

waiting for the Big One: IRS loses taxpayer data (1)

peter303 (12292) | more than 6 years ago | (#24481675)

I think the only thing saving the IRS is that operates with COBOL software and nine-track tape and not many hackers can do those these days.

I forgot the exact country, but one of the major western European countries had a significant chunk of taxpayer ids stolen last year.

Re:How many times does this need to happen (4, Insightful)

nasor (690345) | more than 6 years ago | (#24481959)

The ridiculous thing, in my option, isn't that people aren't careful with "personal information" - it's that banks, credit card companies, etc. all like to pretend that knowing a social security number magically proves that you are who you claim to be. I shouldn't have to keep my information secret just because it makes things convenient for some company that wants to give credit cards/loans/whatever worth thousands of dollars to people that they have never met, via the mail. That's an idiotic business plan, and it shouldn't be my problem that people try to scam them.

Re:How many times does this need to happen (1)

Jasin Natael (14968) | more than 6 years ago | (#24482019)

I KNOW! I won't even store my own SSN / Passwords, etc. on my personal computer on my desk at home, much less on a laptop or cellphone. And yet these people are in possession of what amounts to an "identity brief" for tens of thousands of their paying customers, and leave it all conveniently accessible in a single unencrypted file on an unencrypted drive in an unsecured laptop?

Here's hoping it's just a disgruntled employee trying to call attention to the insecurity, rather than actual criminals who will use this to persecute the victims.

Re:How many times does this need to happen (2, Interesting)

zappepcs (820751) | more than 6 years ago | (#24482183)

Well, not only that, but shouldn't that laptop have a tracing program on it? One of those services that helps you find the stolen laptop?

A new security industry created by the government's drive to snoop in all our lives has proven exactly why no one is to be trusted with your ID info. period. Makes you wonder who the real terrorists are? Bin Laden must be laughing his last lung out.

The weakest link in your security is always a human and since humans work for the NSA, DHS et al, there is NO reason to trust them with anyone's data never mind your own.

Before 9/11 this would not have happened because this business would not have existed. There is no justification for it's existence that makes any logical sense at all.

Re:How many times does this need to happen (1)

zappepcs (820751) | more than 6 years ago | (#24482267)

Not only that, but WTF is it with laptops with totally confidential material doing disappearing from LOCKED offices at a business that is arguably supposed to be one of the safest places in the USA? All of our security efforts aimed at making air travel secure and people can walk in and steal valuable computer assets from locked spaces? Yeah right!

I'm starting to have doubts about this story, big time.

locked doors... (2, Funny)

halfEvilTech (1171369) | more than 6 years ago | (#24481393)

"The company has now decided that it might be a good idea to encrypt the data in their systems"

because apparently before locked doors was good enough

Directed to the Systems Administrator of VIP, inc. (4, Insightful)

gcnaddict (841664) | more than 6 years ago | (#24481403)

You've got social security numbers of thousands of people on company laptops and you didn't make it a policy to encrypt everything?

Seriously?

Re:Directed to the Systems Administrator of VIP, i (0)

Anonymous Coward | more than 6 years ago | (#24481605)

He got the contract and I bet he is paid really well. Why would he do more?

Re:Directed to the Systems Administrator of VIP, i (4, Insightful)

Aliencow (653119) | more than 6 years ago | (#24482215)

Like the sysadmin really had a say in this. He probably asked for that a thousand times.

$128, not $100 (2, Funny)

langelgjm (860756) | more than 6 years ago | (#24481407)

From the "Clear" link: "Clear's first year price is $128."

I'd say that's a bargain to have your identity stolen!

Re:$128, not $100 (4, Funny)

krbvroc1 (725200) | more than 6 years ago | (#24481477)

The extra $28 was added to include a year of credit monitoring I think.

Re:$128, not $100 (5, Funny)

seanonymous (964897) | more than 6 years ago | (#24481563)

They charge a one-time fee of $28 to encode your data with an encryption algorithm known as 'plain text.'

Re:$128, not $100 (0)

Anonymous Coward | more than 6 years ago | (#24481967)

The $28 fee is a one time (at least one time as long as your sub is maintained) fee for TSA to do a background check on you. The annual fee is $100. You only pay 128 the first year.

If you really went to the Clear website...you wouldve read that. But then you probably didnt read the TFA either so its all balances out in /. terms.

Wrong (1)

langelgjm (860756) | more than 6 years ago | (#24482121)

The annual fee is $100. You only pay 128 the first year. If you really went to the Clear website...you wouldve read that.

Oh, really? Once again, from the Clear website:

How much does it cost to become a Clear member?

Clear is available for $100 plus a $28 TSA vetting fee, for a total of $128 per year. Lock in these prices by purchasing a two-year membership for $256 or a three-year membership for $384.

You will also provide a credit card number, but you will not be charged the annual fee of $128 until you are approved for membership.

Looks like $128 to me.

Re:$128, not $100 (1)

oyenstikker (536040) | more than 6 years ago | (#24482241)

It is also a bargain for terrorists to bypass security.

That will teach people not to give out information (2, Insightful)

Anonymous Coward | more than 6 years ago | (#24481439)

Who am I kidding. No, it won't.

This doesn't surprise me very much... (2, Interesting)

gparent (1242548) | more than 6 years ago | (#24481443)

... especially since at my workplace, they are starting to think about encryption laptop hard drives, that contain personal information about government related investigations related to people working without permits and that kind of deal.

The thing is, though, they're only encrypting the new tablet PCs we just bought, not the older Thinkpads we used - And the database is imported from the web, which means the unencrypted laptops contain the same data the encrypted ones do...

I have a feeling we'll see even more of these in the near future.

liars & touts & shills, oh my (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#24481471)

fear is unprecedented evile's primary weapon. that, along with deception & coercion, helps most of us remain (unwittingly?) dependent on its' greed/fear/ego based hired goons' agenda. Most of yOUR dwindling resources are being squandered on the 'war', & continuation of the billionerrors stock markup FraUD/pyramid scheme.nobody ever mentions the real long term costs of those debacles in both life & the notion of prosperity, not to mention the abuse of the consciences of those of us who still have one. see you on the other side of it. the lights are coming up all over now. conspiracy theorists are being vindicated. some might choose a tin umbrella to go with their hats. the fairytail is winding down now. let your conscience be yOUR guide. you can be more helpful than you might have imagined. there are still some choices. if they do not suit you, consider the likely results of continuing to follow the corepirate nazi hypenosys story LIEn, whereas anything of relevance is replaced almost instantly with pr ?firm? scriptdead mindphuking propaganda or 'celebrity' trivia 'foam'. meanwhile; don't forget to get a little more oxygen on yOUR brain, & look up in the sky from time to time, starting early in the day. there's lots going on up there.

http://news.google.com/?ncl=1216734813&hl=en&topic=n
http://www.nytimes.com/2007/12/31/opinion/31mon1.html?em&ex=1199336400&en=c4b5414371631707&ei=5087%0A
http://www.nytimes.com/2008/05/29/world/29amnesty.html?hp
http://www.cnn.com/2008/US/06/02/nasa.global.warming.ap/index.html
http://www.cnn.com/2008/US/weather/06/05/severe.weather.ap/index.html
http://www.cnn.com/2008/US/weather/06/02/honore.preparedness/index.html
http://www.nytimes.com/2008/06/01/opinion/01dowd.html?em&ex=1212638400&en=744b7cebc86723e5&ei=5087%0A
http://www.cnn.com/2008/POLITICS/06/05/senate.iraq/index.html
http://www.nytimes.com/2008/06/17/washington/17contractor.html?hp
http://www.nytimes.com/2008/07/03/world/middleeast/03kurdistan.html?_r=1&hp&oref=slogin
http://biz.yahoo.com/ap/080708/cheney_climate.html
http://news.yahoo.com/s/politico/20080805/pl_politico/12308;_ylt=A0wNcxTPdJhILAYAVQms0NUE

is it time to get real yet? A LOT of energy is being squandered in attempts to keep US in the dark. in the end (give or take a few 1000 years), the creators will prevail (world without end, etc...), as it has always been. the process of gaining yOUR release from the current hostage situation may not be what you might think it is. butt of course, most of US don't know, or care what a precarious/fatal situation we're in. for example; the insidious attempts by the felonious corepirate nazi execrable to block the suns' light, interfering with a requirement (sunlight) for us to stay healthy/alive. it's likely not good for yOUR health/memories 'else they'd be bragging about it? we're intending for the whoreabully deceptive (they'll do ANYTHING for a bit more monIE/power) felons to give up/fail even further, in attempting to control the 'weather', as well as a # of other things/events.

http://www.google.com/search?hl=en&q=weather+manipulation&btnG=Search
http://video.google.com/videosearch?hl=en&q=video+cloud+spraying

dictator style micro management has never worked (for very long). it's an illness. tie that with life0cidal aggression & softwar gangster style bullying, & what do we have? a greed/fear/ego based recipe for disaster. meanwhile, you can help to stop the bleeding (loss of life & limb);

http://www.cnn.com/2007/POLITICS/12/28/vermont.banning.bush.ap/index.html

the bleeding must be stopped before any healing can begin. jailing a couple of corepirate nazi hired goons would send a clear message to the rest of the world from US. any truthful look at the 'scorecard' would reveal that we are a society in decline/deep doo-doo, despite all of the scriptdead pr ?firm? generated drum beating & flag waving propaganda that we are constantly bombarded with. is it time to get real yet? please consider carefully ALL of yOUR other 'options'. the creators will prevail. as it has always been.

corepirate nazi execrable costs outweigh benefits
(Score:-)mynuts won, the king is a fink)
by ourselves on everyday 24/7

as there are no benefits, just more&more death/debt & disruption. fortunately there's an 'army' of light bringers, coming yOUR way. the little ones/innocents must/will be protected. after the big flash, ALL of yOUR imaginary 'borders' may blur a bit? for each of the creators' innocents harmed in any way, there is a debt that must/will be repaid by you/us, as the perpetrators/minions of unprecedented evile, will not be available. 'vote' with (what's left in) yOUR wallet, & by your behaviors. help bring an end to unprecedented evile's manifestation through yOUR owned felonious corepirate nazi glowbull warmongering execrable. some of US should consider ourselves somewhat fortunate to be among those scheduled to survive after the big flash/implementation of the creators' wwwildly popular planet/population rescue initiative/mandate. it's right in the manual, 'world without end', etc.... as we all ?know?, change is inevitable, & denying/ignoring gravity, logic, morality, etc..., is only possible, on a temporary basis. concern about the course of events that will occur should the life0cidal execrable fail to be intervened upon is in order. 'do not be dismayed' (also from the manual). however, it's ok/recommended, to not attempt to live under/accept, fauxking nazi felon greed/fear/ego based pr ?firm? scriptdead mindphuking hypenosys.

consult with/trust in yOUR creators. providing more than enough of everything for everyone (without any distracting/spiritdead personal gain motives), whilst badtolling unprecedented evile, using an unlimited supply of newclear power, since/until forever. see you there?

"If my people, which are called by my name, shall humble themselves, and pray, and seek my face, and turn from their wicked ways; then will I hear from heaven, and will forgive their sin, and will heal their land."

meanwhile, the life0cidal philistines continue on their path of death, debt, & disruption for most of US. gov. bush denies health care for the little ones;

http://www.cnn.com/2007/POLITICS/10/03/bush.veto/index.html

whilst demanding/extorting billions to paint more targets on the bigger kids;

http://www.cnn.com/2007/POLITICS/12/12/bush.war.funding/index.html

& pretending that it isn't happening here;

http://www.timesonline.co.uk/tol/news/world/us_and_americas/article3086937.ece
all is not lost/forgotten/forgiven

(yOUR elected) president al gore (deciding not to wait for the much anticipated 'lonesome al answers yOUR questions' interview here on /.) continues to attempt to shed some light on yOUR foibles. talk about reverse polarity;

http://www.timesonline.co.uk/tol/news/environment/article3046116.ece

Jailtime (0, Flamebait)

Dog-Cow (21281) | more than 6 years ago | (#24481489)

The CIO of this company and everyone involved in the IT policy with regard to security should be in jail forever. There is absolutely no excuse for this at all. SS and Passport information? This can cause headaches that never end for the poor victims.

Just further proof that this Administration only cares to ruin lives.

Re:Jailtime (3, Interesting)

Anonymous Coward | more than 6 years ago | (#24481845)

The CIO of this company and everyone involved in the IT policy with regard to security should be in jail forever.

Back up there. For all you know, there were people within the company who were calling for proper security controls but were ignored. That's certainly what happened at my last job: our IT team continually raised the subject of full-disc encryption on laptops and we were continually ignored, right up until a laptop with a demo version of our software was stolen from a trade show. Apparently that was high-profile enough that the board of directors finally woke up and ordered full-disc encryption for every laptop, although of course by then it was too late.

Re:Jailtime (0)

Anonymous Coward | more than 6 years ago | (#24482227)

GE actually started pushing out full-disc encryption to their laptops over a year ago. However, I believe it was up to the individual business to decide exactly when it is pushed out.

Re:Jailtime (1)

Tsunayoshi (789351) | more than 6 years ago | (#24482027)

Um, get past the identity theft victims...now the thief has the ability to fake credentials for 33K people who get to go through much reduced security at airports.

To pull the terrorism card: how much would a terrorist organization pay to have the ability to bypass almost all security checkpoints at the airports that participate in the program?

The smart thing to do (from an airport security standpoint) would be to remove all 33K people from the program and make them go through normal security again like everyone else.

It has to be said (2, Funny)

areReady (1186871) | more than 6 years ago | (#24481503)

All aboard the FailPlane!

With Pic! [flickr.com]

Step 1: Encryption (3, Insightful)

Spy der Mann (805235) | more than 6 years ago | (#24481505)

A laptop containing the unencrypted -

NEXT!!!

How does this system improve security, anyway? (4, Interesting)

Reality Master 201 (578873) | more than 6 years ago | (#24481509)

Assuming this system allows them to reliably identify a person, so what? Do they do extensive background checks and continuous monitoring to ensure that the people aren't involved in terrorism? Or if I have no obvious problems in my background and enough money to pay for it, can I get treated differently too?

Does it basically come down to people paying to not have to stand in line with the rest of humanity at the airport?

Re:How does this system improve security, anyway? (3, Funny)

oldspewey (1303305) | more than 6 years ago | (#24481619)

Does it basically come down to people paying to not have to stand in line with the rest of humanity at the airport?

Ding ding ding!

Re:How does this system improve security, anyway? (1)

Kadin2048 (468275) | more than 6 years ago | (#24481861)

Does it basically come down to people paying to not have to stand in line with the rest of humanity at the airport?

Yes.

It's precisely the same idea as the "jump the line" passes available at Disney and most other big theme parks. Waiting in line is for plebeians.

Re:How does this system improve security, anyway? (1)

jchawk (127686) | more than 6 years ago | (#24481885)

You must be new here. But welcome. You absolutely get treated better when you have more money. You can't be surprised by this?

Re:How does this system improve security, anyway? (1)

metlin (258108) | more than 6 years ago | (#24482039)

Does it basically come down to people paying to not have to stand in line with the rest of humanity at the airport?

Pretty much.

And that's a big bonus for business travelers. I fly at least twice a week, and on some weeks, it could be way more than that. So, I spend a lot of time standing in lines at the airport and spending time with idiot passengers who do not know how to pack. Before I get in line, I have my wallet, phone and everything else in my bag, I usually carry no liquids (buy 'em where I go or leave 'em at the client site), I wear a belt and a watch that can go through the metal detector with no problem and all I need to take off are my shoes and my laptop.

Some airports have various lanes for experienced and regular flyers, families, etc. But unfortunately, it is not based on your frequent flyer status, but rather you as a passenger are allowed to choose on your own. This is a big problem because Joe Idiot who flies twice a year thinks he is as "experienced" as your business traveler who flies several times a week and can breeze through. Of course, some airports have status-based lines, which are awesome (Gold, Platinum etc).

So, something like Clear is extremely useful - in fact, a lot of companies will let you charge that in as an expense (the way you can expense your membership to various airline clubs). If you are a frequent flier, the usefulness of not having to stand in line and breeze through is tremendous.

It also means half hour more that I can spend sleeping in on those early mornings that I have to fly out. Especially when you have a 6 AM flight (which I do, on every Monday) and have to get up at 4 AM. Or if I am just spending 2 days with a client, I want to make full use of my time there, and not waste it standing in line with idiots. That goes a long way for some of us.

Re:How does this system improve security, anyway? (2, Insightful)

nasor (690345) | more than 6 years ago | (#24482137)

That was my first thought as well. How do they know that a terrorist wouldn't just add himself to the list? Or, if that's not possible, simply impersonate someone who is on the list? Since apparently the list of all 33k people is now floating around, they would have plenty of choices of people to impersonate.

hundred bucks (3, Funny)

seanonymous (964897) | more than 6 years ago | (#24481525)

So it's the same price as mobileMe, and it provides users with the same level of frustration. Who says government contractors can't compete?

Lack of proper management (5, Insightful)

ds_job (896062) | more than 6 years ago | (#24481531)

Please tell me that there is going to either be prison time or a huge *personal* fine for the CEO of the tinpot company who thought that a lock and key was enough security. I'n not talking about firing the person who left it there or proped the door open to do the vacuuming, but the person at the top who says "Yes, this is cost effective and proper." We need to have people at board level think twice about storing our data so shockingly badly.

Re:Lack of proper management (4, Insightful)

oyenstikker (536040) | more than 6 years ago | (#24482265)

CORPORATION, n. An ingenious device for obtaining individual profit without individual responsibility.
- The Devil's Dictionary

Skeptical (5, Interesting)

PPH (736903) | more than 6 years ago | (#24481539)

I'm becoming quite skeptical about this whole 'stolen laptop' B.S. After the first few big news stories, I'd expect most corporations to have strict guidelines in place to prevent this sort of thing. And a policy of coming down hard, very hard, on violators.

I wonder how much one can get per personnal record for selling this sort of data to organized crime. And cover your ass by reporting a stolen laptop.

Re:Skeptical (1)

oldspewey (1303305) | more than 6 years ago | (#24481683)

Strict guidelines are all well and fine, but when you have hundreds or thousands of employees running around with corporate laptops there is simply no way to guarantee that everyone will comply.

When people are running around at the airport, hopping in and out of cabs, running from meeting to meeting, and generally trying to keep ahead of their workload, they get sloppy.

Re:Skeptical (1)

Anonymous Coward | more than 6 years ago | (#24481851)

They can do a bit better by having the person to pay for the lost laptop. All of a sudden, everyone would be extra careful as it would come out of their pay cheques.

Re:Skeptical (1)

oldspewey (1303305) | more than 6 years ago | (#24482043)

Not too sure that idea is going to fly with 99% of IT workers out there.

Boss: "Here's a laptop we expect you to carry all over the country. Make sure you work at least 14 hours a day, and check your email compulsively between the hours of 7AM and midnight. Oh, and by the way if you lose the laptop it's coming out of your paycheque."

Me: "I have a better idea. I'll just come in and use a desktop machine in the office from 9 to 5 every day."

Re:Skeptical (0)

Anonymous Coward | more than 6 years ago | (#24481917)

Why did they need information fo 33000 people on the laptop?

That just makes absolutely no sense.

Re:Skeptical (2, Funny)

lathama (639499) | more than 6 years ago | (#24481731)

Sad to say but I think that you are on to something. I get several emails offering to buy and sell contact lists on email all the time. I wonder exactly what the product line looks like for these groups that buy and sell lists? "For an extra $500 you get matching SSN"!!! "Need us to sort the data, we will stop by and pick up your laptop with cash payment and completed police report."

Re:Skeptical (1)

Volante3192 (953645) | more than 6 years ago | (#24481957)

It's because everyone else is of the "Well, it won't happen to me, it only happens to the other guys" mentality.

What those execs fail to realize is they ARE the 'other guys' to everyone else.

If I proposed something like this to the companies I help support, I guarentee the first question I'd get would be "How much would it cost to impliment?"

Re:Skeptical (1)

nasor (690345) | more than 6 years ago | (#24482085)

I wonder how much one can get per personnal record for selling this sort of data to organized crime. And cover your ass by reporting a stolen laptop.

Or perhaps more likely, simply losing the laptop (or accidentally ruining it by spilling your soda on it, or whatever) and trying to cover your ass by reporting it stolen.

Good write up (3, Insightful)

Faux_Pseudo (141152) | more than 6 years ago | (#24481573)

This might be the best summery I have seen in some time. It has far more usefull informtaion than the linked news story. I want to personally thank the poster for that and suggest we could use a 'goodsummery' tag to balance the 'badsummery' tag that we so often see.

Re:Good write up (2, Informative)

jmcbain (1233044) | more than 6 years ago | (#24481949)

How about we use the tags 'goodsummary' and 'badsummary' instead?

Re:Good write up (1)

uqbar (102695) | more than 6 years ago | (#24482123)

Ya might wanna get a spell check before you start tagging...

Re:Good write up (NOT!) (0)

Anonymous Coward | more than 6 years ago | (#24482259)

This must be sarcasm... I guess...

That 'summery' was the only place I saw any reference to 'SSi number' being compromised. I saw one report on tv that specifically said that social security numbers were not on the pc. And here is another reference that says the same thing: http://www.ktvu.com/news/17098410/detail.html [ktvu.com]

Kind of a coincidence (2, Interesting)

oodaloop (1229816) | more than 6 years ago | (#24481601)

I was just thinking earlier today of signing up for that. I do a lot of travel and thought the cost might be worth it to cut down on wait time. Guess not.

Re:Kind of a coincidence (1)

ptbarnett (159784) | more than 6 years ago | (#24482061)

I was just thinking earlier today of signing up for that. I do a lot of travel and thought the cost might be worth it to cut down on wait time.

I did sign up for it. It has saved me quite a bit of time. But now, I obviously regret it.

I just sent a nasty message to the "Chief Privacy Officer", but I'll be surprised if I get a response. I'm not sure I'll be satisfied with any response other than "I just got fired."

It shouldn't matter, but it does (4, Funny)

sakdoctor (1087155) | more than 6 years ago | (#24481641)

Names, SSi number, date of birth .. we need to stop using all of these as ID right now.

My suggestion is this. At some appropriate age, say 16-18 where most countries seem to issue ID, we each choose and commit to memory a graph G, such that the chance of a collision in all earth population is close to zero. Then whenever we need to prove our ID for air-travel or whatever we just need to go though several rounds of identify proof where we generate an isomorphic graph H, and show EITHER isomorphism between H and G, or a Hamiltonian cycle in H. After a sufficient number of rounds your identity would be certain to the required probability and you could be on your way.

The technique to do this mentally could be taught in schools. It's THAT SIMPLE!

Re:It shouldn't matter, but it does (1)

spud603 (832173) | more than 6 years ago | (#24482103)

It's THAT SIMPLE!

You've never studied public policy, have you?

Re:It shouldn't matter, but it does (2, Funny)

amn108 (1231606) | more than 6 years ago | (#24482149)

The technique may be simple, but I did not understand what you wrote at all.

The system's name says it all (4, Funny)

copperconductor (1325789) | more than 6 years ago | (#24481653)

Dude, it's called "Clear" for a reason.

AHEM...... (-1, Redundant)

SoundGuyNoise (864550) | more than 6 years ago | (#24481695)

Ha ha!

Misuse of privacy information (1)

pan0k (580784) | more than 6 years ago | (#24481697)

Well, somebody better start suing. That's what I hate about all these companies and government agencies that have access to all our private information. They are giving out our private information for free and the only thing that they do to help or protect us is giving away free credit monitoring for a year or 2 instead of a person life time.

What was that info doing on a laptop? (5, Informative)

Animats (122034) | more than 6 years ago | (#24481737)

What was that info doing on a laptop? That in itself is very suspicious. Nobody should have a full list of the "approved people" outside of an database where each access is logged. That's info a terrorist group would want. It gives them a list of people who won't be searched. Those are the ones to exploit to get something past security.

The laptop disappeared from a locked room at an airport. This wasn't an ordinary laptop theft. TSA has to assume that the database is now in hostile hands. So now everyone with a "Clear" card should be subjected to extra searches.

Let's check out the "Clear" privacy policy [flyclear.com] . "Clear and its subcontractors, pursuant to legal agreements, have a comprehensive information security program to ensure the privacy of Clear applicants and members as well as the integrity of our systems. We apply ID's and passwords to insure that access to systems and data is only on a need-to-know basis. We use encryption (a strong data coding process) for all program sensitive data communications." ... "In the highly unlikely event that a member is the victim of identity theft (defined as the taking of a member's personal information so that fraudulent transactions are made in the member's name) that is the result of any unauthorized dissemination by Clear or its subcontractors, or theft from Clear or its subcontractors, of the member's personal data collected by Clear, we will reimburse the member for any otherwise unreimbursable monetary costs directly resulting from such Identity Theft. In addition, Clear will, at its own expense, offer any such member assistance in restoring the integrity of the member's financial or other accounts." ... "Clear has appointed an independent, outside Privacy Ombudsman, Law Professor Paul Schwartz [paulschwartz.net] , noted privacy expert and advocate. He will be identified to members as the person to contact if a member has a privacy complaint or privacy problem with administration of the Clear system or fidelity to our published Privacy Policies. The Independent Privacy Ombudsman is empowered to investigate all privacy complaints, gather the facts, and respond to members, as well as to post responses publicly and prominently on our website."

Yet there's no announcement of the security breach on the Clear web site.

Re:What was that info doing on a laptop? (1)

verbamour (1308787) | more than 6 years ago | (#24482113)

"Hello, Paul Schwartz' office, please hold..."

Re:What was that info doing on a laptop? (1, Interesting)

Anonymous Coward | more than 6 years ago | (#24482181)

Mod parent up.

Another thing - suppose this laptop is recovered, and someone has added some names and data to the DB - ones that can be later used as covers?

Oh NOW Encryption is a Good Idea? (1)

Greyfox (87712) | more than 6 years ago | (#24481773)

Why do these fucktards always seem to decide that it's a good idea to encrypt their data after a laptop, computer, hard disk or tape backup containing the personal information of hundreds of thousands of people gets lost? There need to be more legal penalties for these companies' shoddy IT practices! Perhaps a CEO/CTO should do some jail time to drive the point home...

Re:Oh NOW Encryption is a Good Idea? (1)

amn108 (1231606) | more than 6 years ago | (#24482053)

yepp.

NOW?... (2, Interesting)

whisper_jeff (680366) | more than 6 years ago | (#24481823)

The company has now decided that it might be a good idea to encrypt the data in their systems.

NOW? They're NOW deciding that it might be a good idea to encrypt the data? Ok, I don't work in the industry and all but even I, as an uneducated outsider, knows that it's a good idea to encrypt that sort of data. Jebus... That should have been one of the first priorities in developing their systems and procedures...

I don't get it (2, Insightful)

jjohnson (62583) | more than 6 years ago | (#24481881)

I don't understand why data like this was on a laptop in the first place. Encrypted or not, it seems problematic to have copies of databases floating around, flying with executives, packaged up neatly in a form that makes it easy to steal (i.e., a freakin' laptop).

What am I missing that I don't get why this database was allowed off the core server that hosts it? Simply from a data integrity standpoint it seems like a bad idea to let multiple copies move around.

It smells (1)

Carson Napier (1045596) | more than 6 years ago | (#24481905)

This whole thing stinks anyway. That pass is BS and nothing more than a scheme cooked up to get people through airports faster and easethe load on the TSA people. It is TOTALLY a compromise in airline security allowed by means of a $100 bill. Yes, encryption is a good idea, just like breathing is a good idea.

Re:It smells (1)

Overzeetop (214511) | more than 6 years ago | (#24482063)

You, apparently, are under the false impression that the TSA offers a heightened level of security for flying. If I flew much, I'd opt out of the theater for $100, too. Then again, so would most terrorists. If you only ever commit one act of terrorism, then die, there's not much non-profiling background to search.

Irony (2, Insightful)

FrankSchwab (675585) | more than 6 years ago | (#24481929)

I guess my question is....

Could a terrorist organization exploit this information to be able to get someone on a plane who wouldn't have been able to before? A fake passport/drivers license in the name of a trusted passenger who knows all the personal information he should. In any kind of rational security process, each and every one of the CLEAR passengers would now be on the TSA Watchlist, subject to extra scrutiny.

Talk about blowback! Talk about (Alanis Morissette be damned) irony! An intrusive system designed to help trusted passengers bypass an intrusive search for terrorists, allows those same terrorists to bypass the search.

Here's a social security number (1)

Profane MuthaFucka (574406) | more than 6 years ago | (#24481979)

393-43-5435

I see dollar signs (2, Funny)

amn108 (1231606) | more than 6 years ago | (#24482015)

Blame capitalism!

That shit never worked, man.

Collaborators... (2, Funny)

Anonymous Coward | more than 6 years ago | (#24482091)

Collaborators with the enemy get what they deserve.

In case you were wondering... (2, Insightful)

rickb928 (945187) | more than 6 years ago | (#24482101)

You can NOT make this shit up.

I wouldn't be fired if this happened to my laptop. I would be charged, sued, and ostracized, and find a new line of work. Probably with the phrase 'biggie-size' involved.

Almost as ludicrous as electonic voting...

The summary is very wrong... (1)

_14k4 (5085) | more than 6 years ago | (#24482139)


Important Notice

We are currently updating our software and are unable to process enrollments at this time. Click here to enter your email address so we can notify you once enrollment is available.

Clearly this is simply just a Java SDK upgrade or something.... :P

next time... (3, Insightful)

harvey the nerd (582806) | more than 6 years ago | (#24482243)

One can hear it already, "we encrypted it, it'll never happen again". Next time, "its okay, we encrypted all the records with 1024 bits" and then have to admit the key was on a sticky note over the screen of the stolen laptop or in an attached thumb drive. Clear's name is now Mudd but the whole "airport security" business is a dangerous hoax (constitutionally and economically, too).

It will be interesting to see the fallout from this episode of "Security Theatre".

The real question is... (0)

Anonymous Coward | more than 6 years ago | (#24482275)

Why was the data of 33.000 individuals recklessly carried around on a laptop at the airport? Internet and encryption, have they heard about it?

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>