Homeland Security Secretary Chertoff often seems mystified that the public doesn't want to be protected as much as he wants to protect them. Maybe a look at the record of the protectors will provide some clue. Protectors like the Transporation Security Administration (TSA), the lovable airport screeners that have done so much to make air travel a tiring and tiresome pain in the ass.
TSA makes mistakes. Quite often, it appears. Some of those mistakes can be pretty onerous. If your name gets on a no-fly list you are in for a heap of inconvenience -- or worse. But, as we were assured by TSA after the recent case of a five year old detained, searched and kept from the comforting embrace of his mother because his name, Sam Adams, was the same as someone immigration wanted to nab, all you have to do is apply to get your name off the list (admittedly the original Sam Adams was a rabble rousing revolutionary, but he's dead now). TSA even makes it easier to get your name off the list by providing a website for the purpose. As you might expect from this crony infested and corrupt administration, the resulting product is worse than a complete cock up. They should have called it the "Cheers" website, as in the place where "everybody knows your name":
In October 2006, the Transportation Security Administration launched a website to help travelers whose names were erroneously listed on airline watch lists. This redress website had multiple security vulnerabilities: it was not hosted on a government domain; its homepage was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified. These deficiencies exposed thousands of American travelers to potential identity theft. (House Oversight Committee statement; hat tip Boingboing)
The piss poor security design was identified by a blogger and the site has since been moved to a more secure host. But how could this have happened? Some findings of the congressional investigation:
TSA awarded the website contract without competition. TSA gave a small, Virginia-based contractor called Desyne Web Services a no-bid contract to design and operate the redress website. According to an internal TSA investigation, the "Statement of Work" for the contract was "written such that Desyne Web was the only vendor that could meet program requirements."
The TSA official in charge of the project was a former employee of the contractor. The TSA official who was the "Technical Lead" on the website project and acted as the point of contact with the contractor had an apparent conflict of interest. He was a former employee of Desyne Web Services and regularly socialized with Desyne's owner.
During this period, TSA Administrator Hawley testified before Congress that the agency had assured "the privacy of users and the security of the system" before its launch. Thousands of individuals used the insecure website, including at least 247 travelers who submitted large amounts of personal information through an insecure webpage.
Desyne's punishment? Nothing. In fact the firm is still used by TSA on other projects involving "treaveler redress." TSA Technical Lead's consequences? None. Still in senior management. Accountability? None.
So it's the same old Bush administration story. National security is a cover for personal gain; screw-ups that hurt people go unpunished; absolutely no accountability or consequences for massive incompetence. They don't care, of course. It's not really about security. If it were, they would take it more seriously.
At the moment I am keyboarding this, these losers will be in office for just 375 days, 15 hours, 42 minutes and 26 seconds longer. I'm sure they will have stopped working long before that as they sally forth to secure some lucrative lobbying job even as they draw a paycheck paid for by moi.
On balance I don't mind about that. Because every second they are driving the car the rest of us are at risk of reckless endangerment.
And now we have the super-duper driving license that all people under 50 years will have to get. What's next? Shades of 1984.
My husband works in the airline industry--you wouldn't believe just how many "mistakes" TSA makes. If even half of what I've heard is true, a good number of TSA workers are little more than petty thieves.
Further evidence that H. Sapiens has split into two species. The new specie, tentatively named H. Brownosians, can be identified by a novel survival strategy that allows them to grow and reproduce with a minimum of cerebral effort. This is accomplished by a pathological reliance on "inside" relationships, shady deal making and a compulsive resistance to telling the truth about them.
They are frequently observed engaged in their typical herd behavior of browsing the public trough in formation. This formation involves each one placing his nose in the butt of the one in front while simultaneously presenting their own butt to the one following. A chief drawback of this behavior would seem to be the restricted field of view of the herd members. Their ability to overcome this problem is now the subject of intense study. Breakthroughs in this new field of inquiry are routinely alluded to but, curiously, not followed up. Funding for further study is recommended.
Everybody oughta read slashdot.com every day. I don't, but I should. This particular article applied directly:
This short of it is this:
Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft.... TSA has taken no action to sanction the responsible parties for the vulnerabilities.... Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.
Yep, those are the folks out to protect us from the bad guys.
MoM: This is the same story I linked to from Boingbiong, above. I keep an eye on \. via my RSS reader.
I don't know if this was on the TRIP website before, but it's there now:
"TSA takes the security of personal information very seriously. The personal information TSA collects is protected by the highest set of security protocol standards established by the federal government.
TSA regularly assesses and updates our cyber security protocols and programs to ensure the protection of both public and private data sources. Passengers seeking redress should feel confident that their personal data will be protected and used only for its intended purpose."
I am not reassured in the slightest.... What an amateur mistake! Any newbie system analyst would have known the data should have been safeguarded...