Security Bullet In
Communiques from the security front, sir
Wednesday 16 January 2008, 5:19 PM
TSA exposes travelers to ID theft threat
Oops! Here's quite a darkly amusing article from the Seattle Post-Intelligencer. Apparently the US Transporatation Security Administration (TSA) put people at risk who were applying to have their names taken off the US 'no-fly' list.
The TSA set up a website in October 2006 that people could log into to try to get themselves taken off the list. According to the Seattle P-I:
"The site wasn't hosted by a government domain. The home page where people logged on wasn't encrypted. One of the data submission pages wasn't encrypted and the ones that were weren't properly certified. All of this went unnoticed for four months, even as TSA Administrator Kip Hawley testified before Congress that the agency had assured "the privacy of users and the security of the system" before its launch."
Governments using inadequate security procedures to safeguard citizen data -- now where have I heard that before..? Governments insisting that security procedures for hare-brained IT schemes were robust -- now where have I heard that before..?
The TSA set up a website in October 2006 that people could log into to try to get themselves taken off the list. According to the Seattle P-I:
"The site wasn't hosted by a government domain. The home page where people logged on wasn't encrypted. One of the data submission pages wasn't encrypted and the ones that were weren't properly certified. All of this went unnoticed for four months, even as TSA Administrator Kip Hawley testified before Congress that the agency had assured "the privacy of users and the security of the system" before its launch."
Governments using inadequate security procedures to safeguard citizen data -- now where have I heard that before..? Governments insisting that security procedures for hare-brained IT schemes were robust -- now where have I heard that before..?
Previous
