Joho the Blog » FlyClear flies clean

FlyClear flies clean

I got this from FlyClear.com, a quick-pass, iris-scan lane system at some airports. I don’t recall ever applying for membership. For one thing, there’s no FlyClear lane at my local airport. So, this big hunka hunka of steamin’ disclosure is disquieting:

Dear David Weinberger,

We take the protection of your privacy extremely seriously at Clear. That’s why we announced on Tuesday that a laptop from our office at the San Francisco Airport containing a small part of some applicants’ pre-enrollment information (but not Social Security numbers or credit card information) recently went missing. None of your information was in any way implicated. However, we were prepared to send those applicants and members who were affected the appropriate notice on Tuesday detailing that situation.

Before we could send out that notice, the laptop was recovered. And, we have determined from a preliminary investigation that no one logged into the computer from the time it went missing in the office until the time it was found. Therefore, no unauthorized person has obtained any personal information.

Again, none of your personal information was on the computer in any form, but we nonetheless wanted to give you details of the incident that could have affected others applying for Clear memberships because the incident involves Clear’s privacy and security practices and policies.

We are sorry that this theft of a computer containing a limited amount of applicant information occurred, and we apologize for the concern that the publicity surrounding our public announcement might have caused. But in an abundance of caution, both we and the Transportation Security Administration treated this unaccounted-for laptop as a serious potential breach. We have learned from this incident, and we have suspended enrollment processes temporarily until all pre-enrollment information is encrypted for further protection. The personal information on the enrollment system was protected by two separate passwords, but Clear is in the process of completing a software fix – and other security enhancements – to encrypt the data, which is what we should have done all along, just the way we encrypt all of the other data submitted by applicants. Clear now expects that the fix will be in place within days. Meantime, all airport Clear lane operations continue as normal.

As you may know, our Privacy Policy states that we will notify you of any compromise of your personal information regardless of whether any state statute requires it. This letter is a good example of our policy: no law requires that we notify you of this incident because our investigation of the recovered laptop revealed no breach and because in any event none of your own information was affected. But we think it’s good practice to err on the side of good communication with all Clear members, especially when, in this case, we did make a mistake by not making sure that limited portion of information was encrypted.

Please call us toll-free with any questions at (866) 848-2415. Again, we apologize for the confusion.

Sincerely,
Steven Brill
Clear CEO

P.S. A reminder: One of Clears unique privacy features is that all members and applicants are given an identity theft protection warranty which provides that, in the unlikely event you become a victim of identity theft as a result of any unauthorized dissemination of your private information by – or theft from – Clear or its subcontractors, we will reimburse you for any otherwise unreimbursable monetary costs directly resulting from the identity theft. In addition, Clear will, at its own expense, offer you assistance in restoring the integrity of your financial or other accounts. So had there been any actual compromise of your personal information, you would have been additionally protected.

If this is intended to counteract the bad publicity the breech has engendered, well, Google News only has one hit reporting the breech in the first place. If it’s not – if FlyClear’s policy is to broadcast every near miss – then, well, I guess it’s admirable for its candor.

It’s also pretty scary example of putting all your irises in one basket. [Tags: ]

8 Responses to “FlyClear flies clean”

  1. “Therefore, no unauthorized person has obtained any personal information.”

    Unless, they booted from a flash drive or bootable CD and copied the hard drive contents or pulled out and replicated the hard drive that is.

  2. […] has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they’re just informing people at random now. Or someone else applied in Weinberger’s […]

  3. […] has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they’re just informing people at random now. Or someone else applied in Weinberger’s […]

  4. […] has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they’re just informing people at random now. Or someone else applied in Weinberger’s […]

  5. […] has sent out emails to applicants for Clear. But, it appears that at least something is amiss as David Weinberger received one of the emails despite never having applied for the program. So apparently they’re just informing people at random now. Or someone else applied in […]

  6. Hi and thanks for posting this blog about FlyClear. I have no idea what was on their lap top in terms of numbers/passwords, but my application included EVERYTHING… all 10 finger prints, retina prints – everything. FlyClear lost all this data at their Oakland Airport.

    I’ve been sitting patiently to receive my FlyClear card… for nearly two months and now I find out about this.

    Am I fucked or what? Anyone else have this happen?

  7. Dabezterez, FlyClear says no info was compromised, so apparently you are not fucked.

  8. I was hesitant about the Clear Pass program but after using it several times at different airports I realized that it is a great time saver. I avoided long lines the last few times I flew – and was well treated by the Fly Clear staff who whisked me to the front of the line. They were courteous and expedited my security clearances. I am now a huge fan and if you want to join and go to the fly clear web site – if you enter this referral code: SCA20888 you and I will both get a free month!

Leave a Reply


Web Joho only

Comments (RSS).  RSS icon