Stolen laptop with 33,000 traveler IDs found

IN A CASE reminiscent of Jonathan Creek's TV mysteries, Edgar Allen Poe's early detective story "The Purloined Letter" -- or finding one's "lost" car keys hidden in plain sight on one's coffee table -- a laptop holding data on 33,000 US frequent flyers tipped up Tuesday... found in the same secured San Francisco airport office from which it supposedly had been stolen more than a week ago.

The machine belongs to Verified Identity Pass, the company that operates Clear, a service that speeds air passenger identification for registered travelers to let them bypass airport security lines and routine humiliation at the hands of Homeland Security goons. Verified Identity Pass offers its service, which costs the well-heeled frequent flyer $128 annually, at about 20 major airports.

The wayward laptop contained Clear programme applicants' full legal names, addresses and dates of birth, along with their driver's licence, passport and green card information.

That's more than enough private information one needs to steal a person's identity today.

Leaving off feeling under sofa cushions, the Transportation Security Administration (TSA), in a bewildered exercise of excess caution, has discontinued signups for the air travelers' fast-pass programme as its gumshoes scratch their heads for a while and, er... investigate.

The computer was reported missing to the SFO airport police and the local County Sheriff's office on July 26 and to the TSA two days later, according to Allison Beer, Verified Identity Pass SVP for corporate development of Clear. She also said that the company's preliminary investigation indicated that the data on the laptop had not been compromised, or in other words, stolen, although she didn't offer any explanation about how she or anyone else might possibly be able to know that with any degree of certainty.

The fact that the data is still there, and even if there's no evidence that the laptop was ever used while it was missing, doesn't mean that someone couldn't have copied the hard drive without leaving any traces whatsoever. Laptop hard drives are easy to remove, after all.

Beer said that an employee downloaded the data from a company server to the laptop, but she didn't explain why they might have needed to do that.

She claimed the information was encrypted on the server, but not on the laptop, although it should have been, she admitted. Beer said the data was protected on the laptop by two levels of passwords, however. Again, that wouldn't have protected the data from copying.

The computer was discovered Tuesday in the same airport office from which it had gone missing, but not in the same location, according to the sheriff's office. Beer said that the airport office is always locked, so if the laptop was removed, someone would have needed a key to return it. Or, as she failed to mention, the same key that they might have used to "borrow" it in the first place, or lock picking skills.

Keeping her brave face on while spinning faster, Ms Beer claimed that their computer that went walkabout contained no Social Security numbers, credit card numbers, fingerprints, facial images or other biometric information. As though that should make those travelers whose personal data was possibly taken in the company's security breach feel a bit better.

She reportedly said, "Yes, it was sensitive privacy information, but not the stuff that was most sensitive." Of course, applicants have only the company's representations about that.

They might reasonably assume that every piece of data they gave the company was stolen, take whatever precautions they might feel to be necessary in the circumstances, and then approach the company seeking reimbursement of the expenses they might incur to protect their identities, assets, and credit. After all, they paid that company that mislaid their data.

And, while they're dealing with their anxiety and inconveniences over the months that it'll likely take them to manage all those personal data security consequences, they might well reflect on their continuing support for the virtual police state that uses the unsubstantiated threats of so-called " terrorism" to throw its cronies billions while maintaining an unsworn paramilitary force of thousands at their airports, most of whom would be flipping burgers or stocking retail shelves if they weren't harassing law-abiding citizen travelers like themselves in their own nation, just as though they were a mere rabble of sullen, violence-prone serfs. µ

L'Inq
SF Gate