WWW.TECHNOLOGYREVIEW.COM
Inside Clears ambitions to manage your identity beyond the airport
If youve ever been through a large US airport, youre probably at least vaguely aware of Clear. Maybe your interest (or irritation) has been piqued by the pods before the security checkpoints, the attendants in navy blue Its position in airports has made Clear Secure, with its roughly $3.75 billion market cap, the most visible biometric identity company in the United States. Over the past two decades, Clear has put more than 100 lanes in 58 airports across the US, and in the past decade it has entered 17 sports arenas and stadiums, from San Jose to Denver to Atlanta. Now you can also use its identity verification platform to rent tools at Home Depot, put your profile in front of recruiters on LinkedIn, and, as of this month, verify your identity as a rider on Uber. And soon enough, if Clear has its way, it may also be in your favorite retailer, bank, and even doctors officeor anywhere else that you currently have to pull out a wallet (or, of course, wait in line). The company that has helped millions of vetted members skip airport security lines is now working to expand its frictionless, face-first line-cutting service from the airport to just about everywhere, online and off, by promising to verify that you are who you say you are and you are where you are supposed to be. In doing so, CEO Caryn Seidman Becker told investors in an earnings call earlier this year, it has designs on being no less than the identity layer of the internet, as well as the universal identity platform of the physical world. All you have to do is show upand show your face. This is enabled by biometric technology, but Clear is far more than just a biometrics company. As Seidman Becker has told investors, biometrics arent the product they are a feature. Or, as she put it in a 2022 podcast interview, Clear is ultimately a platform company no different than Amazon or Applewith dreams, she added, of making experiences safer and easier, of giving people back their time, of giving people control, of using technology for frictionless experiences. (Clear did not make Seidman Becker available for an interview.) While the company has been building toward this sweeping vision for years, it now seems the time has finally come. A confluence of factors is currently accelerating the adoption ofeven necessity foridentity verification technologies: increasingly sophisticated fraud, supercharged by artificial intelligence that is making it harder to distinguish who or what is real; data breaches that seem to occur on a near daily basis; consumers who are more concerned about data privacy and security; and the lingering effects of the pandemics push toward contactless experiences. All of this is creating a new urgency around ways to verify information, especially our identitiesand, in turn, generating a massive opportunity for Clear. For years, Seidman Becker has been predicting that biometrics will go mainstream. But now that biometrics have, arguably, gone mainstream, whatand whobears the cost? Because convenience, even if chosen by only some of us, leaves all of us wrestling with the effects. Some critics warn that not everyone will benefit from a world where identity is routed through Clearmaybe because its too expensive, maybe because biometric technologies are often less effective at identifying people of color, people with disabilities, or those whose gender identity may not match what official documents say. Whats more, says Kaliya Young, an identity expert who has advised the US government, having a single private company disintermediating our biometric dataespecially facial datais the wrong architecture to manage identity. It seems they are trying to create a system like login with Google, but for everything in real life, Young warns. While the single sign-on option that Google (or Facebook or Apple) provides for websites and apps may make life easy, it also poses greater security and privacy risks by putting both our personal data and the keys to it in the hands of a single profit-driven entity: Were basically selling our identity soul to a private company, whos then going to be the gatekeeper everywhere one goes. Though Clear remains far less well known than Google, more than 27 million people have already helped it become that very gatekeeperand one of the largest private repositories of identities on the planet, as Nicholas Peddy, Clears chief technology officer, put it in an interview with MIT Technology Review this summer. With Clear well on the way to realizing its plan for a frictionless future, its time to try to understand both how we got here and what we have (been) signed up for. A new frontier in identity management Imagine this: On a Friday morning in the near future, you are rushing to get through your to-do list before a weekend trip to New York. In the morning, you apply for a new job on LinkedIn. During lunch, assured that recruiters are seeing your professional profile because its been verified by Clear, you pop out to Home Depot, confirm your identity with a selfie, and rent a power drill for a quick bathroom repair. Then, in the midafternoon, you drive to your doctors office; having already verified your identityprompted by a text message sent a few days earlieryou confirm your arrival with a selfie at a Clear kiosk.Before you go to bed, you plan your morning trip to the airport and set an alarmbut not too early, because you know that with Clear, you can quickly drop your bags and breeze through security. Once youre in New York, you head to Barclays Center, where youll be seeing your favorite singer; you skip the long queue out front to hop in the fast-track Clear line. Its late when the show is over, so you grab an Uber home and barely need to wait for a driver, who feels more comfortable thanks to your verified rider profile. At no point did you pull out your drivers license or fill out repetitive paperwork. All that was already on file. Everything was easy; everything was frictionless. More than 27 million people have already helped Clear become one of the largest private repositories of identities on the planet. This, at least, is the world that Clear is actively building toward. Part of Clears power, Seidman Becker often says, is that it can wholly replace our wallets: our credit cards, drivers licenses, health insurance cards, perhaps even building key fobs. But you cant just suddenly be all the cards you carry. For Clear to link your digital identity to your real-world self, you must first give up a bit of personal dataspecifically, your biometric data. Biometrics refers to the unique physical and behavioral characteristicsfaces, fingerprints, irises, voices, and gaits, among othersthat identify each of us as individuals. For better or worse, they typically remain stable during our lifetimes. Relying on biometrics for identification can be convenient, since people are apt to misplace a wallet or forget the answer to a security question. But on the other hand, if someone manages to compromise a database of biometric information, that convenience can become dangerous: We cannot easily change our face or fingerprint to secure our data again, the way we could change a compromised password. On a practical level, there are generally two ways that biometrics are used to identify individuals. The first, generally referred to one-to-many or one-to-n matching, compares one persons biometric identifier with a database full of them. This is sometimes associated with a stereotypical idea of dystopian surveillance in which real-time facial recognition from live video could allow authorities to identify anyone walking down the street. The other, one-to-one matching, is the basis for Clear; it compares a biometric identifier (like the face of a live person standing before an airport agent) with a previously recorded biometric template (such as a passport photo) to verify that they match. This is usually done with the individuals knowledge and consent, and it arguably poses a lower privacy risk. Often, one-to-one matching includes a layer of document verification, like checking that your passport is legitimate and matches a photograph you used to register with the system. The US Congress urgently saw the need for better identity management following the September 11 terrorist attacks; 18 of the 19 hijackers used fake identity documents to board their flights. In the aftermath, the newly created Transportation Security Administration (TSA) implemented security processes that slowed down air travel significantly. Part of the problem was that everybody was just treated the same at airports, recalls the serial media entrepreneur Steven Brillincluding, famously, former vice president Al Gore. It sounded awfully democratic but in terms of basic risk management and allocation of resources, it just didnt make any sense. Congress agreed, authorizing the TSA to create a program that would allow people who passed background checks to be recognized as trusted travelers and skip some of the scrutiny at the airport. In 2007, San Francisco's then-mayor, Gavin Newsom, had his irises scanned by Clear at the San Francisco International Airport.DAVID PAUL MORRIS/GETTY In 2003, Brill teamed up with Ajay Amlani, a technology entrepreneur and former adviser to the Department of Homeland Security, and founded a company called Verified Identity Pass (VIP) to provide biometric identity verification in the TSAs new program. The vision, says Amlani, was a unified fast lanesimilar to a toll lane. It appeared to be a win-win solution. The TSA had a private-sector partner for its registered-traveler program; VIP had a revenue stream from user fees; airports got a cut of the fees in exchange for leasing VIP space; By 2005, VIP had launched in its first airport, Orlando International in Florida. Membersinitially paying $80received Clear cards that contained a cryptographic representation of their fingerprint, iris scans, and a photo of their face taken at enrollment. They could use those cards at the airport to be escorted to the front of the security lines. The defense contracting giant Lockheed Martin, which already provided biometric capabilities to the US Department of Defense and the FBI, was responsible for deploying and providing technology for VIPs system, with additional technical expertise from Oracle and others. This left VIP to focus on marketing, pricing, branding, customer service, and consumer privacy policies," as the president of Lockheed Transportation and Security Solutions, Don Antonucci, said at the time. By 2009, nearly 200,000 people had joined. The company had received $116 million in investments and signed contracts with about 20 airports. It all seemed so promisingif VIP had not already inadvertently revealed the risks inherent in a system built on sensitive personal data. A lost laptop and a big opportunity From the beginning, there were concerns about the implications of VIPs Clear card for privacy, civil liberty, and equity, as well as questions about its effectiveness at actually stopping future terrorist attacks. Advocacy groups like the Electronic Privacy Information Center (EPIC) warned that the biometrics-based system would result in a surveillance infrastructure built on sensitive personal information, but data from the Pew Research Center shows that a majority of the public at the time felt that it was generally necessary to sacrifice some civil liberties in the name of safety. Then a security lapse sent the whole operation crumbling. In the summer of 2008, VIP reported that an unencrypted company laptop containing addresses, birthdays, and drivers license and passport numbers of 33,000 applicants had gone missing from an office at San Francisco International Airport (SFO)even though TSAs security protocol required it to encrypt all laptops holding personal data. NEIL WEBB The laptop was found about two weeks later and the company said no data was compromised. But it was still a mess for VIP. Months later, investors pushed Brill out, and associated costs led the company to declare bankruptcy and close the following year. Disgruntled users filed a class action lawsuit against VIP to recoup membership fees and punitive damages. Some users were upset they had recently renewed their subscriptions, and others worried about what would happen to their personal information. A judge temporarily prevented the company from selling user data, but the decision didnt hold. Seidman Becker and her longtime business partner Ken Cornick, both hedge fund managers, saw an opportunity. In 2010, they bought VIPand its user datain a bankruptcy sale for just under $6 million and registered a new company called Alclear. I was a big believer in biometrics, Seidman Becker told the tech journalists Kara Swisher and Lauren Goode in 2017. I wanted to build something that made the world a better place, and Clear was that platform. Initially, the new Clear followed closely in the footsteps of its predecessor: Lockheed Martin transferred the members information to the new company, which had acquired VIPs hardware and continued to use Clear cards to hold members biometrics. After the relaunch, Clear also started building partnerships with other companies in the travel industryincluding American Express, United Airlines, Alaska Airlines, Delta Airlines, and Hertz Rental Carsto bundle its service for free or at a discount. (Clear declined to specify how many of its users have such discounts, but in earnings calls the company has stressed its efforts to reduce the number of members paying reduced rates.) By 2014, improvements in internet latency and biometric processing speeds allowed Clear to eliminate the cards and migrate to a server-based systemwithout compromising data security, the company says. Clear emphasizes that it meets industry standards for keeping data secure, with methods including encryption, firewalls, and regular penetration testing by both internal and external teams. The company says it also maintains locked boxes around data relating to air travelers. Still, the reality is that every database of this kind is ultimately a target, and almost every day theres a massive breach or hack, says Chris Gilliard, a privacy and surveillance researcher who was recently named co-director of the Critical Internet Studies Institute. Over the years, even apparently well-protected biometric information has been compromised. Last year, for instance, a data breach at the genetic testing company 23andMe exposed sensitive informationincluding geographic locations, birth years, family trees, and user-uploaded photosfrom nearly 7 million customers. This is what Young, who helped facilitate the creation of the open-source identity management standards Open ID Connect and OAuth, means when she says that Clear has the wrong architecture for managing digital identity; its too much of a risk to keep our digital identities in a central database, cryptographically protected or not. She and many other identity and privacy experts believe that the most privacy-protecting way to manage digital identity is to use credentials, like a mobile drivers license, stored on peoples devices in digital wallets, she says. These digital credentials can have biometrics, but the biometrics in a central database are not being pinged for day to day use. But its not just data thats potentially vulnerable. In 2022 and 2023, Clear faced three high-profile security incidents in airports, including one in which a passenger successfully got through the companys checks using a boarding pass found in the trash. In another, a traveler in Alabama used someone elses ID to register for Clear and, later, to successfully pass initial security checks; he was discovered only when he tried to bring ammunition through a subsequent checkpoint. This spurred an investigation by the TSA, which turned up more alarming information: Nearly 50,000 photos used by Clear to enroll customers were flagged as non-matches by the companys facial recognition software. Some photos didnt even contain full faces, according to Bloomberg. (In a press release after the incident, the company refuted the reporting, describing it as a single human errorhaving nothing to do with our technology and stating that the images in question were not relied upon during the secure, multi-layered enrollment process.) How do you get to be the one? When I spoke to Brill this spring, he told me hed always envisioned that Clear would expand far beyond the airport. The idea I had was that once you had a trusted identity, you would potentially be able to use it for a lot of different things, he said, but the trick is to get something that is universally accepted. And thats the battle that Clear and anybody else has to fight, which is: How do you get to be the one? Goode Intelligence, a market research firm that focuses on the booming identity space, estimates that by 2029, there will be 1.5 billion digital identity wallets around the worldwith use for travel leading the way and generating an estimated $4.6 billion in revenue. Clear is just one player, and certainly not the biggest. ID.me, for instance, provides similar face-based identity verification and has over 130 million users, dwarfing Clears roughly 27 million. Its also already in use by numerous US federal and state agencies, including the IRS. The reality is that every database of this kind is ultimately a target, and almost every day theres a massive breach or hack. But as Goode Intelligence CEO Alan Goode tells me, Clears early-mover advantage, particularly in the US, puts it in a good space within North America [to] be more pervasiveor to become what Brill called the one that is most closely stitched into peoples daily lives. Clear began growing beyond travel in 2015, when it started offering biometric fast-pass access to what was then AT&T Park in San Francisco. Stadiums across California, Colorado, and Washington, and in major cities in other states, soon followed. Then came the pandemic, hitting Clear (and the entire travel industry) hard. But the crisis for Clears primary business actually accelerated its move into new spaces with Health Pass, which allowed organizations to confirm the health status of employees, residents, students, and visitors who sought access to a physical space. Users could upload vaccination cards to the Health Pass section in the Clear mobile app; the program was adopted by nearly 70 partners in 110 unique locations, including NFL stadiums, the Mariners T-Mobile Park, and the 9/11 Memorial Museum. Demand for vaccine verification eventually slowed, and Health Pass shut down in March 2024. But as Jason Sherwin, Clears senior director of health-care business development, said in a podcast interview earlier this year, it was the companys first foray into health carethe business line that currently represents its primary focus across everything were doing outside of the airport. Today, Clear kiosks for patient sign-ins are being piloted at Georgias Wellstar Health Systems, in conjunction with one of the largest providers of electronic health records in the United States: Epic (which is unrelated to the privacy nonprofit). Whats more, Health Pass enabled Clear to expand at a time when the survival of travel-focused businesses wasnt guaranteed. In November 2020, Clear had roughly 5 million members; today, that number has grown fivefold. The company went public in 2021 and has experienced double-digit revenue growth annually. These doctors office sign-ins, in which the system verifies patient identity via a selfie, rely on whats called Clear Verified, a platform the company has rolled out over the past several years that allows partners (health-care systems, as well as brick-and-mortar retailers, hotels, and online platforms) to integrate Clears identity checks into their own user-verification processes. It again seems like a win-win situation: Clear gets more users and a fee from companies using the platform, while companies confirm customers identity and information, and customers, in theory, get that valuable frictionless experience. One high-profile partnership, with LinkedIn, was announced last year: We know authenticity matters and we want the people, companies and jobs you engage with everyday to be real and trusted," Oscar Rodriguez, LinkedIns head of trust and privacy, said in a press release. All this comes together to create the foundation for what is Clears biggest advantage today: its network. The companys executives often speak about its embedded users across various services and platforms, as well as its ecosystem, meaning the venues where it is used. As Peddy explains, the value proposition for Clear today is not necessarily any particular technology or biometric algorithm, but how it all comes togetherand can work universally. Clear would be wherever our consumers need us to be, he saysit would sort of just be this ubiquitous thing that everybody has. Clear CEO Caryn Seidman Becker (left) rings the bell at the New York Stock Exchange in 2021.NYSE VIA TWITTER A prospectus to investors from the companys IPO makes the pitch simple: We believe Clear enables our partners to capture not just a greater share of their customers wallet, but a greater share of their overall lives. The more Clear is able to reach into customers lives, the more valuable customer data it can collect. All user interactions and experiences can be tracked, the companys privacy policy explains. While the policy states that Clear will not sell data and will never share biometric or health information without express consent, it also lays out the non-health and non-biometric data that it collects and can use for consumer research and marketing. This includes members demographic details, a record of every use of Clears various products, and even digital images and videos of the user. Documents obtained by OneZero offer some further detail into what Clear has at least considered doing with customer data: David Gershgorn writes about a 2015 presentation to representatives from Los Angeles International Airport, titled Identity DashboardValuable Marketing Data, which showed off what the company had collected, including the number of sports games users had attended and with whom, which credit cards they had, their favorite airlines and top destinations, and how often they flew first class or economy. Clear representatives emphasized to MIT Technology Review that the company does not share or sell information without consent, though they had nothing to add in response to a question about whether Clear can or does aggregate data to derive its own marketing insights, a business model popularized by Facebook. At Clear, privacy and security are job one, spokesperson Ricardo Quinto wrote in an email. We are opt-in. We never sell or share our members information and utilize a multilayered, best-in-class infosec system that meets the highest standards and compliance requirements. Nevertheless, this influx of customer data is not just good for business; its risky for customers. It creates another attack surface, Gilliard warns. This makes us less safe, not more, as a consistent identifier across your entire public and private life is the dream of every hacker, bad actor, and authoritarian. A face-based future for some Today, Clear is in the middle of another major change: replacing its use of iris scans and fingerprints with facial verification in airportspart of a TSA-required upgrade in identity verification, a TSA spokesperson wrote in an email to MIT Technology Review. For a long time, facial recognition technology for the highest security purposes was not ready for prime time, Seidman Becker told Swisher and Goode back in 2017. It wasnt operating with five nines, she addedthat is, 99.999% from a matching and an accuracy perspective. But today, facial recognition has significantly improved and the company has invested in enhancing image quality through improved capture, focus, and illumination, according to Quinto. The move is part of a broader shift toward facial recognition technology in US travel, bringing the country in line with practices at many international airports. The TSA began expanding facial identification from a few pilot programs this year, while airlines including Delta and United are also introducing face-based boarding, baggage drops, and even lounge access. And the International Air Transport Association, a trade group for the airline industry, is rolling out a contactless travel process that will allow passengers to check in, drop off their bags, and board their flightsall without showing either passports or tickets, just their faces. NEIL WEBB Privacy experts worry that relying on faces for identity verification is even riskier than other biometric methods. After all, its a lot easier to scan peoples faces passively than it is to scan irises or takefingerprints, Senator Jeff Merkley of Oregon, an outspoken critic of government surveillance and of the TSAs plans to employ facial verification at airports, said in an email. The point is that once a database of faces is built, it is potentially far more useful for surveillance purposes than, say, fingerprints. Everyone who values privacy, freedom, and civil rights should be concerned about the increasing, unchecked use of facial recognition technology by corporations and the federal government, Merkley wrote. Even if Clear is not in the business of surveillance today, it could, theoretically, pivot or go bankrupt and (again) sell off its parts, including user data. Jeramie Scott, senior counsel and director of the Project on Surveillance Oversight at EPIC, says that ultimately, the lack of federal [privacy] regulation means that were just taking the promises of companies like Clear at face value: Whatever they say about how they implement facial recognition today does not mean that thats how they'll be implementing facial recognition tomorrow. Making this particular scenario potentially more concerning is that the images stored by this private company are generally going to be much higher quality than those collected by scraping the internetwhich Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project (STOP), says would make its data far more useful for surveillance than that held by more controversial facial recognition companies like Clearview AI. Even a far less pessimistic read of Clears data collection reveals the challenges of using facial identification systems, whichas a 2019 report from the National Institute for Standards and Technology revealedhave been shown to work less effectively in certain populations, particularly people of African and East Asian descent, women, and elderly and very young people. NIST has also not tested identification accuracy for individuals who are transgender, but Gilliard says he expects the algorithms would fall short. More recent testing shows that some algorithms have improved, NIST spokesperson Chad Boutin tells MIT Technology Reviewthough accuracy is still short of the five nines that Seidman Becker once said Clear was aiming for. (Quinto, the Clear representative, maintains that Clears recent upgrades, combined with the fact that the companys testing involves comparing member photos to smaller galleries, rather than the millions used in NIST scenarios, means its technology remains accurate and suitable for secure environments like airports.) Even a very small error rate in a system that is deployed hundreds of thousands of times a day could still leave a lot of people at risk of misidentification, explains Hannah Quay-de La Vallee, a technologist at the Center for Democracy & Technology, a nonprofit based in Washington, DC. All this could make Clears services inaccessible to someeven if they can afford it, which is less likely given the recent increase in the subscription fee for travelers to $199 a year. The free Clear Verified Platform is already giving rise to access problems in at least one partnership, with LinkedIn. The professional networking site encourages users to verify their identities either with an employer email address or with Clear, which marketing materials say will yield more engagement. But some LinkedIn users have expressed concerns, claiming that even after uploading a selfie, they were unable to verify their identities with Clear if they were subscribed to a smaller phone company or if they had simply not had their phone number for enough time. As one Reddit user emphasized, Getting verified is a huge deal when getting a job. LinkedIn said it does not enable recruiters to filter, rank, or sort by whether a candidate has a verification badge, but also said that verified information does help people make more informed decisions as they build their network or apply for a job. Clear only said it works with our partners to provide them with the level of identity assurance that they require for their customers and referred us back to LinkedIn. An opt-in future that may not really be optional Maybe whats worse than waiting in line, or even being cut in front of, is finding yourself stuck in what turns out to be the wrong lineperhaps one that you never want to be in. That may be how it feels if you dont use Clear and similar biometric technologies. When I look at companies stuffing these technologies into vending machines, fast-food restaurants, schools, hospitals, and stadiums, what I see is resignation rather than acceptancepeople often dont have a choice, says Gilliard, the privacy and surveillance scholar. The life cycle of these things is that even when it is optional, oftentimes it is difficult to opt out. And while the stakes may seem relatively lowClear is, after all, a voluntary membership programthey will likely grow as the system is deployed more widely. As Seidman Becker said on Clears latest earnings call in early November, The lines between physical and digital interactions continue to blur. A verified identity isnt just a check mark. Its the foundation for everything we do in a high-stakes digital world. Consider a job ad posted by Clear earlier this year, seeking to hire a vice president for business development; it noted that the company has its eye on a number of additional sectors, including financial services, e-commerce, P2P networking, online trust, gaming, government, and more. Increasingly, companies and the government are making the submission of your biometrics a barrier to participation in society, Gilliard says. This will be particularly true at the airport, with the increasing ubiquity of facial recognition across all security checks and boarding processes, and where time-crunched travelers could be particularly vulnerable to Clears sales pitch. Airports have even privately expressed concerns about these scenarios to Clear. Correspondence from early 2022 between the company and staff at SFO, released in response to a public records request, reveals that the airport received a number of complaints about Clear staff improperly and deceitfully soliciting approaching passengers in the security checkpoint lanes outside of its premises, with an airport employee calling it completely unacceptable and aggressive and deceptive behavior. Of course, this isnt to say everyone with a Clear membership was coerced into signing up. Many people love it; the company told MIT Technology Review that it had a nearly 84% retention rate earlier this year. Still, for some experts, its worrisome to think that what Clear users are comfortable with ends up setting the ground rules for the rest of us. Were going to normalize potentially a bunch of biometric stuff but not have a sophisticated conversation about where and how were normalizing what, says Young. She worries this will empower actors who want to move toward a creepy surveillance state, or corporate surveillance capitalism on steroids. Without understanding what were building or how or where the guardrails are, she adds, I also worry that there could be major public backlash, and then legitimate uses [of biometric technology] are not understood and supported. But in the meantime, even superfans are grumbling about an uptick in wait times in the airports Clear lines. After all, if everyone decides to cut to the front of the line, that just creates a new long line of line-cutters.
0 Comentários
0 Compartilhamentos
35 Visualizações