And Now, The Latest In TSA In-Security

If this weren't so serious, we'd have to chuckle at the irony. Hundreds of Americans who appealed to the Transportation Security Administration to have their names removed from the homeland security 'watch list' have a new problem to contend with, besides extra hassles at the airport. They may also find the personal information they submitted to TSA has been compromised.

Information Week reports the House Oversight and Government Reform committee found the TSA's Redress Management System website -- which was in operation from October 6, 2006 through February 13, 2007 -- was not secure... and "[a]t least 247 travelers submitted their personal information through the unsecured 'file your application online' link."

It gets worse. The committee's report -- prepared at the request of Chairman Henry Waxman (D-CA) -- also found the company hired to design the RMS site, Desyne Web Services in Virginia, was awarded a "no-bid" contract... AND, the TSA official in charge of the site was once an employee at Desyne.

We probably shouldn't be surprised, then, that TSA failed to notice the security issues on the RMS site for months. The site was taken down when the agency finally noticed the problem... but Desyne remains a TSA contractor to this day, and hasn't been redressed itself for the problem.

TSA spokesman Christopher White says the issues in the report are in the past. "Each issue that the Committee has raised has been thoroughly addressed by TSA many months ago," he said, adding there's no reason to believe anyone who submitted their information through RMS has been a victim of identity theft.

White also asserts none of the over 17,000 people who have used the successor to RMS, the Department of Homeland Security's Traveler Redress Inquiry Program (DHS TRIP), should be concerned about identity theft... saying, in essence, the agency got it right the second time. DHS TRIP launched February 20, 2007, one week after RMS was taken down.

A full 43 percent of the names on the watch list -- formally known as the Terrorist Screening Center database -- are false positives, according to a September 2007 report by the US Department of Justice. In addition to such people as former airline captain Robert Campbell, "well-known false positives include Senator Ted Kennedy, whose name was close to the name of a suspected terrorist, and Catherine Stevens, the wife of Senator Ted Stevens, whose name was similar to 'Cat' Stevens, the former name of the singer Yusuf Islam," according to the House report.

FMI: www.tsa.gov, www.house.gov/waxman