Forgot your password?
typodupeerror
Privacy Transportation Your Rights Online

Out of Business, Clear May Sell Customer Data 77

Posted by kdawson
from the but-don't-worry-it's-perfectly-safe dept.
narramissic writes "Earlier this week, the Clear airport security screening service ceased operations, leaving many to wonder what would become of the personal information, including credit card numbers, fingerprints, and iris scans, of Clear's customers. And now we know. The information could be sold to the provider of a similar service. Until then, Clear has erased PC hard drives at its airport screening kiosks and is wiping employee computers, but the information is retained on its central databases (managed by Lockheed Martin). Clear customer David Maynor, who is CTO with Errata Security in Atlanta, wants Clear to delete his information but that isn't happening, the company said in a note posted to its Web site Thursday. 'They had your social security information, credit information, where you lived, employment history, fingerprint information,' said Maynor. 'They should be the only ones who have access to that information.'"
This discussion has been archived. No new comments can be posted.

Out of Business, Clear May Sell Customer Data

Comments Filter:
  • heh (Score:5, Insightful)

    by stoolpigeon (454276) * <bittercode@gmail> on Friday June 26, 2009 @11:45AM (#28483629) Homepage Journal

    As someone who stood in line and watched well off folks who could fork up the cash and fly by - rather than forcing the influential to face the stupidity that is the tsa so that maybe something could happen to change it - I can't say I feel too upset for them. I saw a guy sign up for it when I flew last month- people that just forked over the $200, lost their data and never really didn't get to use the service must really be mad.

    • by dkleinsc (563838)

      As someone who stood in line and watched well off folks who could fork up the cash

      ...and didn't mind sacrificing their identity information and privacy ...

    • As someone who stood in line and watched well off folks who could fork up the cash and fly by

      Oh yeah, they were so much better off that you, having the fantastic cash reserves to be able to afford a whole $99 a year ($199 at the end) to have shorter security lines for frequent trips!

      How much do you spend on your internet again? Oh but you say, I use that every day! Well what about people who had to fly every week...

      Your post is nothing more than a case of reverse elitism, proclaiming how much better a ma

      • so if that's "reverse elitist drivel" what do we call your response?

        • so if that's "reverse elitist drivel" what do we call your response?

          Very nice.

          To the GP: If the system is broken, then it needs to be fixed for everyone, not just those with lots of disposable income.

        • so if that's "reverse elitist drivel" what do we call your response?

          My response outlines how the world works, and the fact that anyone in reality could afford to pay for Clear (anyone flying anywhere anyway). I'm pointing out he's angry at the elite, when the program is not even *for* the elite - it's for everyone.

          So I tell you all how it actually works, and get modded down. That's Slashdot I guess, when reality doesn't fit the meme such as all privilege is arrogance and not optimization... Oh wait, I th

          • He wasn't being elitist or condemning "rich people" or whatever. He was pointing out that if the wealthy and powerful had to stand in the same lines as the proles, they'd use their influence to change things.

            Personally I doubt that -- Ted Kennedy didn't launch an investigation into the abuses of the no-fly list after he was caught up in it -- but his point wasn't what you thought it was.

      • No, it's crap (Score:2, Insightful)

        by zogger (617870)

        They SHOULD make everyone go through the same BS, even on PRIVATE PLANES, corporate jets, all of them. Let no one be "special". Everyone =politicians, cops, official government bureaucrats, military generals, rich fatcats, all of them, not just the plebes. Get on a plane and fly, you need to go through all the same routine.

        Like was said, we won't get rid of the stupid security theater until everyone is inconvenienced enough and complains enough to get changes forced through. That's just nons

        • They SHOULD make everyone go through the same BS, even on PRIVATE PLANES, corporate jets, all of them.

          As any kind of technical person, here is where you should be ashamed of yourself. You are proposing an insane level of restriction on a persons own property (for those with private planes), in order to achieve an end that you arbitrarily demand is correct. It's like saying anyone to get a drivers license should be able to drive anything from a scooter to a hundred ton gravel truck.

          Secondarily, you should

          • it already is insane, I'm totally against all the security theater big brother BS surrounding the dubious cliams of the government's fairy tale version of the events of 9-11 2001 and the resultant crap patriot act and homeland security and flying on airliners nonsense pseudo security and etc. And now we have people demanding "VIP" treatment as long as they pay more or are rich enough to own their own planes or something else. I call shenanigans on that. If it is such a threat, then everyone needs to go thro

    • Being poor doesn't make you superior to somebody who is rich. It doesn't make you inferior either, except when you gloat over somebody's misfortune just because they have more money than you. Try to get over your envy, you'll be a happier person.
      • I think you've made a bit of a leap - but you're not the only one so maybe it comes across that way - but it's not as much as I'm envious as unhappy with the current system that makes air travel much more unpleasant than need be and then tries to build an out for anyone in a position to do anything about it. I don't say well off to place myself in opposition due to some judgment of value but simply because I understand the fact that in this country it is money that talks. Allowing this bypass kept that mo

    • The whole business that Clear is in is basically extorting bribes from travelers. They're not providing any actual added security by collecting the information, but the TSA folks let them wait in shorter lines and treat them more politely while still randomly searching baggage. The TSA's not even extorting the bribes directly - they're making a wholesale sweetheart deal with a political supporter who gets to extort the bribes retail. Brill, by the way, is one of the founders of CourtTV (aka lots of cop

      • The whole business that Clear is in is basically extorting bribes from travelers.

        Agree! This whole thing of adding the TSA stupidity, and then saying, "We're making you this GREAT offer that for only $$ you can go back to the way things should be!" I was one of those who stood in line while others whizzed through the Clear-Prepaid line. I can't say I blame those Clear'd people, though --for some, it might well be worth it to pay to get rid of stupidity, although it doesn't mean that they like or agree wi

    • its an IQ test. those that bought into this service, are now marked as 'below average IQ'. in other words, they ARE safe in the eyes of the state. the state likes 'em dumb. (why do you think states tolerate organized religion?)

      I'm reminded of the simpsons episode where homer drives a bunch of his clones out to a junkyard and asks if anyone remembers the way back. those that stood up got shot; until the last smart one ID'd himself.

      well, this is in reverse. only idiots happily give away their private in

  • Oh the irony (Score:5, Insightful)

    by wjousts (1529427) on Friday June 26, 2009 @11:46AM (#28483643)

    Clear customer David Maynor, who is CTO with Errata Security in Atlanta, wants Clear to delete his information but that isn't happening

    Shouldn't the CTO of what I assume is a company involved in security know better? Should he have read the fine print before signing up?

    • Clear customer David Maynor, who is CTO with Errata Security in Atlanta, wants Clear to delete his information but that isn't happening

      Shouldn't the CTO of what I assume is a company involved in security know better? Should he have read the fine print before signing up?

      You may be missing the greater irony. Errata Security? A list of errors, which have now been corrected.

    • Re:Oh the irony (Score:5, Insightful)

      by immakiku (777365) on Friday June 26, 2009 @12:04PM (#28483951)

      Yea in a perfect world he would've. The reality is that people don't have enough time to read all the fine print for everything ever. As long as there's a reasonable expectation of a decent privacy policy, most of us just go with it because the time and effort spent looking for a possible alternative is not worth it. Who's to say that he was even provided with a fine print? The article is not very clear that Clear is in the legal "right" here.

      This is also why it's so important to raise alarm at these issues, because short of forcing privacy standards or laws, that's all the majority of us can reasonably be expected to do.

      • by otopico (32364)

        Just because you are too 'busy' to read the contract doesn't mean you are safe to assume what that contract contained.

        You should be able to assume that the state isn't watching you walk to work, or who your friends are. But, when you sit down and sign a contract, it is YOUR responsibility to make sure you know what you are signing, and if you don't agree to the letter of it, don't sign.

        It is important to 'raise the alarm', but if a person can't be bothered to do their part in a contact signing, as in readin

        • by idontgno (624372)

          And, in fact, the underlying (and retroactively useless) moral lesson is this: no one is looking out for your best interests but you. If you "tl;dr" a contract, don't be surprised if you agreed to something just short of legally unconscionable. And don't be surprised if that agreement is enforced.

          (This is the bitter voice of experience speaking.)

          "OMG I didn't agree to that!"

          "Yes you did. Here's the contract, here's the clause, [page flip, page flip], here's your signature."

          "OMG You are trying to rip me off!

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          "Too busy"?! I think not. These huge documents are written be legal experts hell bent on making it incomprehensible to all but their own. This is the reason why people don't bother, it's not written in plain language. Not only do you pretend to be a legal expert, I supposed you're an expert in all things atomically based, plus a god in chemical engineering and pharmaceutical processing? The law is an ass, private data should remain so. It's only the US that thinks companies can do what they fsck they like,

      • by wjousts (1529427)

        Yea in a perfect world he would've. The reality is that people don't have enough time to read all the fine print for everything ever.

        And for 99% of Clear's customers, I'd agree with you and sympathize with them. But this is the CTO of a security company. He should have known better that to hand out a bunch of data without any idea what would happen to it.

      • by TubeSteak (669689)

        The article is not very clear that Clear is in the legal "right" here.

        Clear's database is considered an asset.
        And I mean that in the most literal accounting way.
        It's as much an asset to be sold off as any chair or office desk.
        You need to support your assertion that there is confusion over Clear's legal rights.

        At least they said that if the (soon to be) sold data isn't used for traveler
        verification, it'll be deleted, which is likely the most that any law would require.

    • This is the guy who said he found a way to hack a MacBook's wireless card in under a minute. He canceled his demo at Toorcon and never did disclose enough information at the 2007 Black Hat to verify the sensational claim. He left his job after the incident and started what I assume is a two-man operation. (1 CEO and 1 CTO)

      Here's David's Pwnie Award: http://pwnie-awards.org/2007/winners.html#overhypedbug [pwnie-awards.org]

      I'm sure there's a lot more to the story, but let's not assume we're dealing with someone who would normal

  • This was a bad idea from the start and people should be doubly wary of handing over so much personal information in the future to any organization that has no good reason to exist.
  • Big Surprise (Score:4, Insightful)

    by JCSoRocks (1142053) on Friday June 26, 2009 @11:46AM (#28483649)
    Only the sort of people that would hand over their information to a company like this would be surprised to find out that they're going to sell it.
  • Suckers! (Score:3, Insightful)

    by Dr_Ken (1163339) on Friday June 26, 2009 @11:46AM (#28483653) Journal
    For those folks who trust private enterprises more than governments. WTF did you expect?
    • by _32nHz (1572893)
      Surly if the government was any more trustworthy this would be illegal?
      • Re: (Score:2, Insightful)

        by Dr_Ken (1163339)
        In my enthusiasm to post I didn't expand on what I meant to imply. Lots of us out here view the government with a very jaundiced eyed. I know I do. But to think just because some function is performed by a private enterprise rather than govt. makes it all good is just wrong. Scandals, malfeasance and corruption are just as prevalent in the so-called private sector esp. when they are acting as contractors (Haliburton, Blackwater,) or quasi-govt. functionaries (Clear). As always caveat emptor, eh?
        • Re: (Score:3, Insightful)

          In short, don't trust anyone - private or public sector - with data that you really care about. The private sector will mine the data and sell it to the top bidder. The public sector will make a push to permanently store that data for future use. In both cases, the data will sometimes mysteriously disappear and reappear on eBay or some black market in a 3rd world country.

          Neither party, public or private, is on the side of the citizen.

  • Switch (Score:3, Insightful)

    by Divebus (860563) on Friday June 26, 2009 @11:46AM (#28483659)

    "They should be the only ones who have access to that information"

    Only if they're going to do what they said with that information - make it faster to clear airport security. If they don't, I want my identity back.

    • Re: (Score:2, Insightful)

      by tehtrex (1582049)

      "They should be the only ones who have access to that information"

      Only if they're going to do what they said with that information - make it faster to clear airport security. If they don't, I want my identity back.

      Maybe you've voluntarily limited your right to dictate what is done with that information. What are the terms of the contracts that the customers signed? Are they being honored by the company's actions? If not, I'd say it's class action time. Personally, I think this program was an experiment by the Government to see what kind of carrot they would need to provide in order to get people to voluntarily give up any sort of privacy. No tin foil hat necessary for this one.

    • by Minwee (522556)

      f they don't, I want my identity back.

      Well you can't have it. Your name is Sen now, and you'd better get back to cleaning that bathtub.

    • by ficuscr (1585141)
      Repeat after me, "I will not give my social security number to a private company.". That includes block buster, old navy, clear,... etc Unfortunately now days there are some exceptions to this - say if you want a cell phone. Still these exceptions are few.
      • by Divebus (860563)

        I should only ever need my SSAN for two reasons - to pay into my Social Security account and when I need to withdraw that money. The fact that it's legal for private organizations to use your SSAN willy nilly is mind blowing.

        Cell phone purchases I understand. The NSA needs to tie your SSAN to your EAN.

  • Cooperate... (Score:5, Insightful)

    by X86Daddy (446356) on Friday June 26, 2009 @11:47AM (#28483665) Journal

    Do extra, voluntary action to cooperate with the police state in legitimizing the "papers please" nonsense, and get exactly what you deserve.

    It started as a simple excuse to lock you into your ticket purchases. It still has that negative effect, and not a single positive. After all, matching ID to ticket had been done for decades leading to, and of course on, 9/11.

    • Do extra, voluntary action to cooperate with the police state in legitimizing the "papers please" nonsense, and get exactly what you deserve.

      Huh? Your papers are checked at the airport security anyway. Once you fly your details are in a database that can be accessed by the government anyway. As far as I understand this service, the idea was to speed up the process that was already happening.
      • by pluther (647209)

        From what I understood, it was a pre-screening. So they did a background check before you ever got to the airport, so you didn't have to wait in the long security lines as everyone else.

        With this program you, or anyone who looked vaguely like you and got a hold of your ID, could get right on the plane without ever having to have your shoes X-rayed.

        It was pure security theater, but for profit. (Not enough profit, I guess.)

  • by smooth wombat (796938) on Friday June 26, 2009 @11:50AM (#28483713) Homepage Journal

    If the CTO of a corporation didn't realize a private company, contracted by the government, would not delete his personal information at his request, he shouldn't be a CTO.

    ALL data, in whatever form, once in the hands of the government, its entities, subsidiaries and contractors, will exist essentially forever.

    Let the age of Total Information Awareness rock on!

    • Re: (Score:3, Informative)

      by The Moof (859402)

      didn't realize a private company [...] would not delete his personal information at his request

      Given that their policy [flyclear.com] states that they will (would?) delete it upon membership cancellation, this seems like they're not complying with their policies. Unless they consider these people are still somehow considered members.

      • Unless they consider these people are still somehow considered members.

        Of course they're* still members. You think just because a company goes bankrupt you're no longer part of their services? Oh no. It's like being part of AOL. Once you're in, you're in for life!

        *Attention lazy slobs. Note the correct usage of they're. Not their or there. If you think you're** being cute, stabbing at the man for having rules and regulations, or thinking you're on the cutting edge of a new language paradigm,
      • They claim they will do X f they fail. Fact of the matter, of they are in Bankruptsiy, they do what the judge allows and turinf of od deleting anything seen as an asset will never be allowed.

        Steam Claims they will open up the games if the go out of business, but in reality they won't be allowed to by the courts.

        This is true of any company claiming they will do something if they start to fail.
        In the real world, it's complete nonsense.

    • If the CTO of a corporation didn't realize a private company, contracted by the government, would not delete his personal information at his request, he shouldn't be a CTO.

      ALL data, in whatever form, once in the hands of the government, its entities, subsidiaries and contractors, will exist essentially forever.

      Oh no! The government now has his Social Security Number!

  • I'd be curious to know what exactly the contracts they had with them stipulate. My guess is it's something along the longs of we own your information once you pass it to us. Ooopppss - guess you really should read those things before signing. Anyone actually seen it?
  • by yuna49 (905461) on Friday June 26, 2009 @12:00PM (#28483885)

    According to the press release, and the statement on Clear's website, the information would only be sold to another company engaged in the same business as Clear and approved by the Transportation Safety Administration. I don't know whether that was a stipulation of Clear's contract with the TSA, though I doubt Clear would tie its hands this way just out of a sense of civic duty.

    • Re: (Score:3, Interesting)

      by rhsanborn (773855)
      Which opens Clear up to the ability to sell the data to a company who wants to perform the same function. It doesn't look like they can blindly sell it to anyone. It is still concerning that customers have no option or method to opt out of this. Maybe there are lawyers here who can confirm this, but I would suspect that any company buying this data would be bound by the same terms of the contract or would be forced to purge the data for all people on the list who did not agree to any new terms. This would l
    • Re: (Score:3, Insightful)

      by Herkum01 (592704)

      There is also, no implicit promise that the company that purchases the information will NOT sell it to others. Just that they are in the same business.

      • by hairyfeet (841228)

        Bingo! Or even that the company they sell it to has even the slightest idea of good security practices. For all the customers know they could sell it to "Bob's security hut" where everything is kept on old WinNt servers in the clear and half the IT staff is disgruntled.

        So while IANAL I just don't see exactly how they can sell this day to anyone without getting a massive lawsuit handed to them. Their customers agreed to their company and their security and business practices, not company B.

  • by Lead Butthead (321013) on Friday June 26, 2009 @12:00PM (#28483891) Journal

    When handing someone (or some company) your information, always keep in mind a shift in "company strategy" or PHB change can hurt you. Always judge by capability (what could happen if your information is sold,) and not intention, for intention can change quickly and without warning.

  • What's the contract say? If it says the company can do this, and you agreed to it, then where's the beef?

  • by nef919 (524838) on Friday June 26, 2009 @12:40PM (#28484501) Homepage

    You gave away information of the most sensitive kind about yourself. Information that even kids in primary school know enough not to give up. All just so you didn't have to stand in line. A few of you just so you could point and laugh at the mass of people dealing with the lines. Well I guess everyone else is laughing at you now. Dumbasses. Well hopefully this will be enough to open your eyes in the future. Makes me glad I'm on the no-fly list. Not that I would fly under the current circumstances. I just don't see myself paying to be treated like a criminal. The whole screening processes isn't too different from being admitted into prison. I can't believe people pay for that. Soon it will be extended in some manner to public transportation and for entry into malls.

  • by Teun (17872) on Friday June 26, 2009 @12:41PM (#28484541) Homepage
    This and other instances of how private data is being turned into merchandise make me very happy to live in a country where this sort of information remains the inalienable property of the person.

    Surely the US can enforce similar legislation, what is so private as fingerprints should have the strongest possible protection, regardless whether it's kept by government or private institutions.

  • by houghi (78078) on Friday June 26, 2009 @12:54PM (#28484799)

    What is much more worrying is that personal data can be sold at all. OK, so here people have given their details voluntarily. Often that is not a reasonable option, except for doing everything in cash.

    What should happen is that personal data can NEVER be sold.

    Obviously that can cause problems. What if the company is sold as a whole? What if the company is ripped apart by its new owner and they sell everything, except the data?
    I would think that if it is used to continue a service or contract I previously had, then you can use that. The moment you do not provide me any service, the personal data must be 'given back' or destroyed, so it is not longer usable by the company.

    Desrtuction of the data should be done in, say, one year, so the company can still try to convince you to re-start the service.

    This must be obviously regulated in some way, but the principal should be that the data belongs to the person, not to the company who stores that data. You can use that data for a specific reason and nothing else.

    In other words, privacy laws must become much more pointed towards the people and away from the companies.

  • I had a similar experience several years ago. I had built a personnel database for all of our call center workers. Held name, address, SSAN, when and why they quit, etc, etc.
    We quit that portion of the business, and sold the servers and sublet the office space to a new company. The personnel db was part of the deal, including all the data. *Most, but not all*, of our employees got hired with the new company.

    I was instructed to send the new company an install disk, and all of the data.

    I told our IT VP that
  • Are you ready for the census 2010? Are you proud you legally bought your firearm and are on the registered database? What will you do when mandatory vaccinations come next (hint: swine flu pandemic level 6 by the WHO [naturalnews.com]) and your on the list because of the census records and know to be armed because you registered your firearms? Extra credit for those who can tell us what happened last time the USA had mandatory vaccinations.

    Clear is a domestic enemy. Just like the DHS and all this other fucking bullshit.

  • Is anyone surprised at this? It seems like business as usual. I'm not sure why this exists as a news story.

You are in a maze of little twisting passages, all different.

Working...