Security Kiosk Company Vows To Wipe Personal Data. Or Not

Written by Fred J. Aun
July 8th, 2009

The company running an airport security kiosk program that folded in June effusively promised to completely erase all its customers’ personally-identifiable information from the units. As for the info kept on its main databases—which are apparently identical copies of that kiosk data—well, bring on the bids.

The kiosk program raises key issues about data protection and ownership when the data-using firm goes out of business or even just modifies its business. There is also the semantic issue of the privacy value of wiping data in two places if it also exists in a third.

Citing a financial problem, Verified Identity Pass shut-down its “Clear Lane” airport security-screening kiosks in June. The express screening kiosks were in about 20 U.S. airports and about a quarter-million people had paid as much as $199 per year to use them (and they won’t be getting refunds).

The devices used retina scans and fingerprints to verify the identities of plane passengers whose information was kept on a Verified Identity Pass database. In a statement announcing the kiosk closures, Verified Identity Pass went to great lengths to ensure its former customers that their highly-personal information, “including fingerprints, iris images, photos, names, addresses, credit card numbers and other personal information” would be completely erased from the kiosks and any PCs in use by company employees.

The company pledged “to keep the privacy promises” it made and noted the private info would be secured “in accordance with the Transportation Security Administration’s security, privacy and compliance standards.” More precisely, each hard disk at the airport kiosks “has now been wiped clean” of all data. “The triple wipe process we used automatically and completely overwrites the contents of the entire disk, including the operating system, the data and the file structure,” vowed Verified Identity Pass. “This process also prevents or thoroughly hinders all known techniques of hard disk forensic analysis.”

Meanwhile, back at the company’s office, Lockheed Martin is on hand as the lead systems integrator “to ensure an orderly shutdown as the program closes,” said the statement. Note the careful wording here: “As Verified Identity Pass, Inc. and the Transportation Security Administration work through this process, Lockheed Martin remains committed to protecting the privacy of individuals’ personal information provided for the Clear Registered Traveler program.”

“Protecting” data isn’t the same as erasing it. That’s because, toward the end of the initially comforting statement, Verified Identity Pass indicates that the personally identifiable information might not be nuked after all. In fact, the company said it might try selling it.

Customers might, or might not, be consoled by Verified’s vow that only trustworthy buyers will get their information. “The personally identifiable information that customers provided to Clear may not be used for any purpose other than a Registered Traveler program operated by a Transportation Security Administration authorized service provider,” said the statement. “Any new service provider would need to maintain personally identifiable information in accordance with the Transportation Security Administration’s privacy and security requirements for Registered Traveler programs. If the information is not used for a Registered Traveler program, it will be deleted.”

As others have noted, what happens to the data after it’s transferred to this other traveler program? Could that company sell it to anyone when it’s through? And what about the government agency behind all of this, the Transportation Security Administation? Can they use the data for any purpose?

Verified’s statement says the company, unable to stay afloat, has yet to file for bankruptcy. Will any money it makes off the sale of its customers’ information end up being refunded? The only thing being promised to customers by Verified is an intention “to notify members in a final E-mail message when the information is deleted.” Will the customers get even a portion of the revenue made from reselling their information? It looks like the only thing those customers will get from Verified is angina.


Comments are closed.


StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 60,000 retail IT leaders who subscribe to our free weekly email. Sign up today!

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.