Be INFORMED

Saturday, February 24, 2007

TSA's ' No-Fly List ' Problem Is Still A Problem

   As you know, many people has been refused seating on an airline flight because their name happened to come up on the Transportation Security Administrations (TSA) no-fly list. This has included members of congress such as Representative Don Young and Senator Edward Kennedy.

   This was supposed to have been fixed by the TSA with their newest webpage that citizens could go to so that they could prove that the names on the list were not the people who where denied flight seating.

   But as is usual with anything that this administration does, there are a few serious flaws with the program.

As soon as the site was launched, several web security experts alleged that this site lacked basic security measures to ensure that the submitted personal information would not end up in the hands of third parties. For example, these experts claimed that the site was not protected with a “secure sockets layer” (SSL), which would have ensured the secure transfer of the data to TSA. They also claimed that this failure to encrypt the data could have allowed a third party — including a terrorist — to obtain this sensitive personal information.

According to these experts, the site was not operating out of the TSA web domain, but instead was operating out of the following commercial domain: http://rms.desyne.com. This domain appears to belong to Desyne Web Services, Inc., a web design company whose mailing address is a post office box located in Boston, Virginia. In addition, security experts pointed out that the website text had numerous spelling errors and that the attached form did not have an OMB number, which all federal government forms are required to have. In fact, the overall appearance of the site was so poor that web experts first assumed it was a so-called “phishing” site, a site internet hackers had created to look like a TSA website page.

The site also appears to have been launched prematurely. A notice in the Federal Register on January 18, 2007, announced that, in compliance with the Privacy Act of 1974, the Department of Homeland Security would be creating a new system of records. This system, called the Traveler Redress Inquiry Program (TRIP) would support travelers’ ability to redress complaints that they have been incorrectly placed on no-fly lists. The comment submission period for this notice was open until February 20, 2007. If TSA’s traveler identity verification website is part of the TRIP system, it was launched while the comment period for this notice was still open.   Nancy Pelosi's Blog for more info.

 

 

Ads by AdGenta.com

0 Comments: