by Daryl Plummer | November 25, 2009 | Comments Off on Fly “Clear” through the Cloud and Learn a Lesson about Fear
Lots of questions are starting to come in about whether or not information in the cloud will be safe. We all worry from time to time about some level of privacy of our information. But here is a real-world non-cloud example that illustrates exactly the nightmare scenario of fear and what has been done about it. Anyone FlyClear?
Here is the scenario. Clear opens business promising to speed you through airport security in seconds or minutes without the hassle of long lines. This is like a Cloud service provider who says – give me your information and I will use it to get you great deals! For frequent travelers it was a godsend (And besides, getting to watch the faces of all those people as you were whisked to the front of the line was decadent but a little fun – admit it!). But unlike true godsends, it was not without risk. All you had to do to get it was to pay the devil to take your soul. In this case, the soul is represented by some pretty sensitive personal information. Your finger prints (all of them), social security number, some financial information, even a retina scan! We paid them two to four hundred dollars per year and gave the keys for our personal lockbox to a company none of us had ever heard of a year prior to its existence. But it was worth it – just to watch those faces – oh, and to get to your fourth flight in two days before they gave away your seats (I still think frequent flyers and casual flyers should have separate terminals – or better yet, separate airports!).
But what happens when the devil calls in your marker? What happens when, all of a sudden, Clear ceases operations? All that sensitive information is now floating around who knows where and us smug Clear customers are left standing around tasting egg on our faces? I mean, they actually charged some people their renewal fees the day before the announced that they would close their lanes!
Well, when this all happens, privacy questions begin to become a little bit more than just an academic exercise. But, fear not, for fear is the true enemy – the only enemy. I subscribe to Scott McNealy’s comment “you have no privacy – get over it!” (James Freeman had some interesting thoughts on this back in 1999), but in case you can’t go out on that limb with us, consider what Clear did to protect that extremely sensitive personal information. If they can do it, why not cloud service providers? Below is what you will find at flyclear.com. It illustrates that a service provider can and often will go to great lengths to make sure that large groups of customers do not rise up and throttle whatever legal entities are left after the cloud comes crashing to the ground. Read on…
Clear Lanes Are No Longer Available.
At 11:00 p.m. PST on June 22, 2009, Clear ceased operations. Clear’s parent company, Verified Identity Pass, Inc., was unable to negotiate an agreement with its senior creditor to continue operations. Verified Identity Pass regrets that Clear will not be able to continue operations.
How is Clear securing personal information?
Clear stands by our commitment to protect our customer’s personally identifiable information – including fingerprints, iris images, photos, names, addresses, credit card numbers and other personal information provided to us – and to keep the privacy promises that we have made. Information is secured in accordance with the Transportation Security Administration’s Security, Privacy and Compliance Standards.
How is Clear securing any information at the airports?
Each hard disk at the airport, including the enrollment and verification kiosks, has now been wiped clean of all data and software. The triple wipe process we used automatically and completely overwrites the contents of the entire disk, including the operating system, the data and the file structure. This process also prevents or thoroughly hinders all known techniques of hard disk forensic analysis.
How is Clear securing any information in central databases and corporate systems?
Lockheed Martin is the lead systems integrator for Clear, and is currently working with Verified Identity Pass, Inc. to ensure an orderly shutdown as the program closes. As Verified Identity Pass, Inc. and the Transportation Security Administration work through this process, Lockheed Martin remains committed to protecting the privacy of individuals’ personal information provided for the Clear Registered Traveler program. Lockheed’s work will also remain consistent with the Transportation Security Administration’s federal requirements and the enhanced security and privacy requirements of Verified Identity Pass, Inc.
The computers that Verified Identity Pass, Inc. assigned to its former corporate employees are being wiped using the same process described for computers at the airports.
Will personally identifiable information be sold?
The personally identifiable information that customers provided to Clear may not be used for any purpose other than a Registered Traveler program operated by a Transportation Security Administration authorized service provider. Any new service provider would need to maintain personally identifiable information in accordance with the Transportation Security Administration’s privacy and security requirements for Registered Traveler programs. If the information is not used for a Registered Traveler program, it will be deleted.
How will members be notified when information is deleted?
Clear intends to notify members in a final email message when the information is deleted.
Who is monitoring this process?
Clear is communicating with TSA, airport and airline sponsors, and subcontractors, to ensure that the security of the information and systems is maintained throughout the closure process. Clear thanks these partners for their continuing cooperation and diligence.
How can I contact Clear?
Please visit our website, www.flyclear.com, for the latest updates. Clear’s call center and customer support email service are no longer available.
Will I receive a refund for membership in Clear?
At the present time, Verified Identity Pass, Inc. cannot issue refunds due to the company’s financial condition.
Has Verified Identity Pass, Inc. filed for bankruptcy?
At the present time, Verified Identity Pass has not commenced any proceedings under the United States Bankruptcy Code.
So, even the nightmare scenario can work out – so far. Who knows what will happen next year?
Category: bpm business-process-management cloud emerging-phenomena emerging-trends google service-orientation soa social-computing social-networking social-sites
Tags: cloud-computing cloud-services private-cloud
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.