Verified Identity Pass Inc. (VIP) announced on Sunday that it was ceasing its Clear service, which was designed to help air travelers get through airport security checks faster. The service had been available at 21 major airports, including New York's JFK and La Guardia, Boston's Logan and Atlanta's Hartsfield-Jackson airports
The company signed up more than 260,000 travelers since its 2005 inception and processed more than 2.5 million fliers through its Clear lanes.
In a brief note posted on its Web site, VIP said that it had been unable to "negotiate a settlement" with its main creditor and therefore had to shut down. In an update this morning, the company, which is one of seven approved by the Transportation Security Administration (TSA) to operate a registered traveler program, assured its 260,000 customers that their personal data was and is being protected in compliance with TSA's privacy and security standards.
The statement said VIP would "take appropriate steps" to delete the information collected for the Clear service. But it offered no details on what those steps were or when they would be taken.
The statement also added that because of the company's current financial situation, no refunds would be available to customers who had signed up for the $199 per year service.
The Clear program was designed to help frequent fliers get through airport security lines quicker by vetting their identities in advance. To sign up, customers had to submit to background checks and provide identifying information including Social Security and credit card numbers, current home address, date and place of birth, phone numbers and driver's license numbers, as well as having their fingerprints taken, iris images scanned, and digital images of their faces taken.
According to the Clear program's privacy notice, the company takes extensive measures to protect the data, including encryption of all personal information while it is in transit or storage. But VIP's abrupt discontinuance of Clear just days after it had been promoting the service as an ideal father's day gift and trying to get longer-term subscriptions for it, appears to have sparked considerable concern among customers.
Peggy Duncan, a personal productivity consultant and professional speaker based in Atlanta, said she learned about the company's demise via a brief e-mail sent to her in the early hours on Monday morning. Despite having only positive experiences with the service so far, she said today she is very worried about her personally identifiable data held by Clear.
"They have everything. They have all my fingerprints, they have [data on] the iris of my eyes," Duncan said. She signed up for the service at Atlanta airport and didn't mind handing over all of the personal information because "I figured they'd have had to go through a lot of vetting to be even connected with a service that allows people to get on a plane."
At this point, all she wants is for the data to be destroyed, now that the Clear program has become defunct, she said. "I would like to understand their process for destroying all of the personal data they collected and have someone from a government agency verify that they have done that," Duncan said.
Alexander Hernaez, an attorney with Fox Rothschild LLP in San Francisco, and a Clear customer, said he was personally upset by the decision to shut the service down because it had made flying out of the city much easier.
About two months ago he signed up for a two-year Clear membership after being convinced by the company to do so, he said. "It did make sense to me that they would try to lock in people for longer terms," Hernaez said.
Hernaez said he hopes that the operators of Clear "will follow their obligations and safeguard personal data especially the biometrics data." Hernaez said that while he is not overly concerned about the data being misused, he would like to see it protected all the same.
"I wish there was some communication by the company," about its plans beforehand, he said. "If anything left a bad taste, it was the nocturnal notice [from Verified Identity announcing the closure,]" he said.
Another customer, Jason Mendelson, co-founder of a Boulder, Colo.-based venture capital firm called the Foundry Group, told by e-mail that at this point he would like Verified identity "to assure me" that all personal identity information will be destroyed. "That's really the only reasonable outcome in my opinion," Mendelson said.
Similar concerns were posted in numerous blogs by customers worried about their personal identity and angry at the prospect of not getting any refund for their now defunct memberships.
No contact number was immediately available for a Clear representative. A toll-free number for customer service played an automated message that repeated the company's statement on its Web site, but offered no other details.
The incident highlights what some security analysts say is a sometimes overlooked security and privacy issue when companies go under: The proper disposal of all the personal and financial data that a company would have collected while it was in business.
While some companies might have formal processes for handling data destruction, if they go out of business others may not, analysts have noted. A company in financial trouble or in bankruptcy for instance often has little control over its assets, including its data, which could be sold off to third-parties by creditors looking to recover whatever they can.
This is not the first time that privacy concerns related to Verified Identity have surfaced. Last year, , prompting the TSA to temporarily stop it from registering new customers for Clear.