And Now, The Latest In TSA In-Security
If this weren't so
serious, we'd have to chuckle at the irony. Hundreds of Americans
who appealed to the Transportation Security Administration to have
their names removed from the homeland security 'watch list' have a
new problem to contend with, besides extra hassles at the airport.
They may also find the personal information they submitted to TSA
has been compromised.
Information Week reports the House Oversight and Government
Reform committee found the TSA's Redress Management System website
-- which was in operation from October 6, 2006 through February 13,
2007 -- was not secure... and "[a]t least 247 travelers submitted
their personal information through the unsecured 'file your
application online' link."
It gets worse. The committee's report -- prepared at the request
of Chairman Henry Waxman (D-CA) -- also found the company hired to
design the RMS site, Desyne Web Services in Virginia, was awarded a
"no-bid" contract... AND, the TSA official in charge of the site
was once an employee at Desyne.
We probably shouldn't be surprised, then, that TSA failed to
notice the security issues on the RMS site for months. The site was
taken down when the agency finally noticed the problem... but
Desyne remains a TSA contractor to this day, and hasn't been
redressed itself for the problem.
TSA spokesman Christopher White says the issues in the report
are in the past. "Each issue that the Committee has raised has been
thoroughly addressed by TSA many months ago," he said, adding
there's no reason to believe anyone who submitted their information
through RMS has been a victim of identity theft.
White also asserts none of the over 17,000 people who have used
the successor to RMS, the Department of Homeland Security's
Traveler Redress Inquiry Program (DHS TRIP), should be concerned
about identity theft... saying, in essence, the agency got it right
the second time. DHS TRIP launched February 20, 2007, one week
after RMS was taken down.
A full 43 percent of the names on the watch list -- formally
known as the Terrorist Screening Center database -- are false
positives, according to a September 2007 report by the US
Department of Justice. In addition to such people as former airline captain Robert
Campbell, "well-known false positives include Senator
Ted Kennedy, whose name was close to the name of a suspected
terrorist, and Catherine Stevens, the wife of Senator Ted Stevens,
whose name was similar to 'Cat' Stevens, the former name of the
singer Yusuf Islam," according to the House report.