TSA suspends Registered Traveler enrollments

The Transportation Security Administration has suspended new enrollments for the largest vendor in the Registered Traveler program following the company's loss of a laptop PC that contained unencrypted personal information on 33,000 participants in the program.

The TSA said the vendor, Verified Identity Pass Inc., was found to be “not in compliance” with the agency’s requirement to encrypt sensitive personal information submitted by applicants and enrollees, according to TSA spokeswoman Ann Davis. Although the agency has authority to suspend the program overall and impose civil penalties, Davis said today neither additional action is now being considered.
 
The laptop was stolen from a locked office at San Francisco International Airport, Verified Identity Pass said in a statement. The personal information the laptop contained is protected by two levels of password protection and does not include Social Security numbers, biometric data or credit card information, the company said. The individuals affected were mostly new applicants along with a few members seeking re-enrollment.
 
“We don’t believe the security or privacy of these would-be members will be
compromised in any way,” Steven Brill, chief executive of the company, said in a statement.
 
The Registered Traveler program operates as a partnership between TSA, private vendors, and airport authorities. The enrollees pay a fee, supply personal information and undergo a background check, and then receive expedited service through security checkpoints at 17 participating airports. The enrollees verify their identities at airports through use of a biometric identification card. Verified Identity Pass said it has about 200,000 enrollees in the program.

The TSA said it started the suspension following the loss of the computer on July 26. The agency said it has instructed Verified Identity Pass to notify all the individuals whose data was stored in the computer, and to cease use of unencrypted computers until encryption can be installed. The agency also notified airport authorities to ensure their cooperation.
 
The company will be required to submit an independent audit showing that encryption is in place, and TSA will check the audits, before enrollment can resume. The actions do not affect current operations or current enrollees of Registered Traveler, TSA officials said.

The information on the missing laptop includes applicants’ names, addresses, birth dates and, for some applicants, driver’s license number, passport numbers or alien registration card numbers, the company said. The company said it provides identity theft warranty protection to cover damages from the loss of data.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.