Clear story is cloudy

 - 
08/13/2008
I've been following this Registered Traveler initiative fairly closely, if only because I travel all the time and would love to get through security a tad quicker. I think $99 a year is a steal if the service is at most airports. I've lost hope that it would ever come to Portland, but I can always dream. So this story out of San Francisco International Airport has piqued my interest. Apparently, a laptop containing information on 33,000 registered travelers in the Clear/Verified Identity Pass program was stolen - or maybe it wasn't. The Washington Times has most of the story. Here's the nut: "We know that the laptop was stolen, and then it reappeared, so it just wasn't simply misplaced. This wasn't a magic act," said San Mateo County Sheriff's Lt. Ray Lunny. "So a criminal investigation is being conducted by the sheriff's office." I guess my question would be: How do you know it was stolen in the first place? My five-year-old daughter (an accusing alligator) often tells me her little brother has stolen her shoes, toys, favorite book, only to find later that she forgot she put it under her bed so that she wouldn't lose it. This woman sounds a little like my daughter: "We don't know what happened," said Allison Beer, VIP spokeswoman. "It is a suspected theft, but the investigation is ongoing." ... Asked whether any data in the computer had been accessed, Ms. Beer said, "none, there is no indication that it happened, but the TSA investigation is ongoing." Huh? So how come the Sheriff is sure the laptop was stolen (barring magical intervention), but the people who own the laptop are less sure? And how can we be sure that no information was accessed? Couldn't someone just have copied all the files onto a flash drive and returned the laptop? Or is there a way to tell a file has been copied? That's possible, I suppose. There's also this part: The computer went missing on July 26, but VIP failed to notify the TSA until Aug. 3, and the government suspended further registration into the program, which now numbers 180,000. That seems like a bad decision on somebody's part. Anyway, the information was apparently encrypted (although, these guys aren't exactly swimming in credibility at this point), and didn't contain credit card or biometric information, so I'm not sure what value it would have. Maybe a giant list of spammable email addresses would be valuable to someone. Maybe they'll all start getting naked pictures of Angelina Jolie?