Dude, where’s my scan?

Apparently the CLEAR program is defunct. As with any identity effort this raises the question about what happens to the data, especially biometric data, if the service provider goes out of business.

Kevin Kampman wants to know what happens to his data:

I am not surprised by CLEAR’s failure, but it raises other serious questions: Who gets custody of the background data that’s been collected over the life of the program? Will that data be archived or destroyed? Will another company or agency take over? (CLEAR’s privacy policy doesn’t seem to directly address the issue of what a successor entity can and can’t do with the data that’s been collected). Finally, what are TSA’s plans for this contingency?  The TSA website currently doesn’t say anything about CLEAR’s termination.

Jackson Shaw wants to know what happened to his scans:

Now my question is: What happens to those digital fingerprints and retinal scans they took? Checking their privacy policy reveals this interesting tidbit:

…a copy of your biometric information (but not your name) is retained by the Transportation Security Clearinghouse to prevent fraudulent enrollments under alternate identities.

So, the TSA has my biometric information but not my name in order to prevent fraudulent enrollments under alternate identities? Hmmm, does that mean that the TSA has my biometric information but not my name but does have my social security number? Otherwise, how would they prevent fraudulent enrollments?

Yet one more reason not to use biometric authentication.


2 responses to “Dude, where’s my scan?

  1. Hi. Curious as to why biometric data is more concerning to leave behind than any other information. The form it is in is virtually unusable. You can’t take it and make a fake finger or eyeball. Its in a form that can’t be reverse engineered. But, name, address, SSN , which is left behind everywhere can lead to identity theft.

    The biometric authentication in this example was pretty necessary back when the TSA was going to use the program as a security program. The idea was if you went through a background check, paid for the service, you wouldn’t be subject to the same screening requirements others were subject to – no shoes, leave laptop in bag, no secondary screening, special lines, etc. The kicker being that you needed to prove you were the same person at the airport as the person who went through the background check when you were going to take advantage of the service. It was a good applicaiton of biometrics. It failed when TSA decided not to provide those reduced screening benefits and all it became was a special line which didn’t work or have enough value.

    Also, I wonder if Jackson would be more or less concerned if he knew the Transportation Security Clearinghouse isn’t really the TSA.

  2. Reading Jackson’s original post I am pretty sure he knew that TSA was not doing the actual system.

    I believe that you can’t use the biometric data to reverse engineer the finger print or eyeball. I am less convinced that it doesn’t have other deleterious uses.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s