TSA reinstates enrollments for vendor

The Transportation Security Administration has lifted a ban that lasted several days on new enrollments by the largest operator of the agency's Registered Traveler program.

Because Verified Identity Pass recovered a missing laptop PC and improved encryption standards, the company could resume enrolling members in TSA’s Registered Traveler program as of Aug. 11. The company now meets the program’s encryption standards, the agency said in a news release.
 
TSA, private vendors and airport authorities work as partners to operate the Registered Traveler program. Enrolled travelers pay a fee, supply personal information and undergo a background check. In exchange, they receive expedited service through security checkpoints at 17 airports. Verified Identity Pass said it has enrolled about 200,000 people in the program.

TSA imposed the ban on new enrollments by Verified Identity Pass Aug. 4 after the company reported to authorities of the apparent theft of a laptop from its offices at San Francisco International Airport.

The missing laptop contained unencrypted data on approximately 33,000 Registered Traveler applicants. The information included applicants’ names, addresses, birth dates and, for some applicants, driver’s license numbers, passport numbers or alien registration card numbers, the company said.

Verified Identity Pass officials said Aug. 5 that the company had recovered the missing computer and turned it over to TSA. The company also said it appeared the data had not been touched. TSA officials said this week that they are forensically examining the computer to determine if anyone accessed the data.

TSA officials also said previously that Verified Identity Pass was not in compliance with requirements to encrypt sensitive personal information on applicants and enrollees. Verified Identity Pass recently took steps to encrypt all enrollment computers and provide a third-party audit.
 
“TSA has accepted the audit and provided authorization to the sponsoring entities (airports/airlines) to resume enrollment,” the agency said.

The agency said it intends to conduct random audits and conduct a broad review of all Registered Traveler data systems and security to ensure continued compliance.