TSA suspends Registered Traveler enrollments

The Transportation Security Administration has suspended new enrollments for the largest vendor in the Registered Traveler program following the company's loss of a laptop PC that contained unencrypted personal information on 33,000 participants in the program.

The TSA said the vendor, Verified Identity Pass Inc., was found to be “not in compliance” with the agency’s requirement to encrypt sensitive personal information submitted by applicants and enrollees, according to TSA spokeswoman Ann Davis. Although the agency has authority to suspend the program overall and impose civil penalties, Davis said today neither additional action is now being considered.
 
The laptop was stolen from a locked office at San Francisco International Airport, Verified Identity Pass said in a statement. The personal information the laptop contained is protected by two levels of password protection and does not include Social Security numbers, biometric data or credit card information, the company said. The individuals affected were mostly new applicants along with a few members seeking re-enrollment.
 
“We don’t believe the security or privacy of these would-be members will be
compromised in any way,” Steven Brill, chief executive of the company, said in a statement.
 
The Registered Traveler program operates as a partnership between TSA, private vendors, and airport authorities. The enrollees pay a fee, supply personal information and undergo a background check, and then receive expedited service through security checkpoints at 17 participating airports. The enrollees verify their identities at airports through use of a biometric identification card. Verified Identity Pass said it has about 200,000 enrollees in the program.

The TSA said it started the suspension following the loss of the computer on July 26. The agency said it has instructed Verified Identity Pass to notify all the individuals whose data was stored in the computer, and to cease use of unencrypted computers until encryption can be installed. The agency also notified airport authorities to ensure their cooperation.
 
The company will be required to submit an independent audit showing that encryption is in place, and TSA will check the audits, before enrollment can resume. The actions do not affect current operations or current enrollees of Registered Traveler, TSA officials said.

The information on the missing laptop includes applicants’ names, addresses, birth dates and, for some applicants, driver’s license number, passport numbers or alien registration card numbers, the company said. The company said it provides identity theft warranty protection to cover damages from the loss of data.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.