The kiosk program raises key issues about data protection and ownership when the data-using firm goes out of business or even just modifies its business. There is also the semantic issue of the privacy value of wiping data in two places if it also exists in a third.
Citing a financial problem, Verified Identity Pass shut-down its "Clear Lane" airport security-screening kiosks in June. The express screening kiosks were in about 20 U.S. airports and about a quarter-million people had paid as much as $199 per year to use them (and they won't be getting refunds).
The devices used retina scans and fingerprints to verify the identities of plane passengers whose information was kept on a Verified Identity Pass database. In a statement announcing the kiosk closures, Verified Identity Pass went to great lengths to ensure its former customers that their highly-personal information, "including fingerprints, iris images, photos, names, addresses, credit card numbers and other personal information" would be completely erased from the kiosks and any PCs in use by company employees.
The company pledged "to keep the privacy promises" it made and noted the private info would be secured "in accordance with the Transportation Security Administration’s security, privacy and compliance standards." More precisely, each hard disk at the airport kiosks "has now been wiped clean" of all data. "The triple wipe process we used automatically and completely overwrites the contents of the entire disk, including the operating system, the data and the file structure," vowed Verified Identity Pass. "This process also prevents or thoroughly hinders all known techniques of hard disk forensic analysis."
Meanwhile, back at the company's office, Lockheed Martin is on hand as the lead systems integrator "to ensure an orderly shutdown as the program closes," said the statement. Note the careful wording here: "As Verified Identity Pass, Inc. and the Transportation Security Administration work through this process, Lockheed Martin remains committed to protecting the privacy of individuals' personal information provided for the Clear Registered Traveler program."
"Protecting" data isn't the same as erasing it. That's because, toward the end of the initially comforting statement, Verified Identity Pass indicates that the personally identifiable information might not be nuked after all. In fact, the company said it might try selling it.
Customers might, or might not, be consoled by Verified's vow that only trustworthy buyers will get their information. "The personally identifiable information that customers provided to Clear may not be used for any purpose other than a Registered Traveler program operated by a Transportation Security Administration authorized service provider," said the statement. "Any new service provider would need to maintain personally identifiable information in accordance with the Transportation Security Administration’s privacy and security requirements for Registered Traveler programs. If the information is not used for a Registered Traveler program, it will be deleted."
As others have noted, what happens to the data after it's transferred to this other traveler program? Could that company sell it to anyone when it's through? And what about the government agency behind all of this, the Transportation Security Administation? Can they use the data for any purpose?
Verified's statement says the company, unable to stay afloat, has yet to file for bankruptcy. Will any money it makes off the sale of its customers' information end up being refunded? The only thing being promised to customers by Verified is an intention "to notify members in a final E-mail message when the information is deleted." Will the customers get even a portion of the revenue made from reselling their information? It looks like the only thing those customers will get from Verified is angina.