<![CDATA[Consumerist: no-fly list]]> http://cache.gawker.com/assets/base/img/thumbs140x140/consumerist.com.png <![CDATA[Consumerist: no-fly list]]> http://consumerist.com/tag/no-fly list http://consumerist.com/tag/no-fly list <![CDATA[ TSA Traveler Website Exposed Private Citizens To Risk Of ID Theft ]]> TSA Employee of the Month The Transportation Security Administration's traveler redress website—which was launched to give travelers a way to get their names removed from the government's toddler-centric no fly list—operated for months without proper security in place, leaving citizens who submitted detailed personal information to it wide open to identity theft. Gee, we're this close to thinking that the TSA is run by a bunch of grotesquely incompetent, slug-like bureaucrats.

From Ars Technica:

The web site was hosted on a commercial domain by a contractor and did not use SSL encryption for submission forms that transmit sensitive identification information. The few pages of the site that did use SSL used an expired certificate that had been self-signed by the contractor.
The problems with the site and its development were made public on Friday in a report published by the House Oversight and Government Reform Committee, which said,
the TSA was completely unaware of the security issues while the site was in operation. During that time, thousands of travelers submitted personal information through the website and a TSA administrator claimed in congressional testimony that the agency had assured "the privacy of users and the security of the system."
Even worse, the site was awarded through a no-bid contract to Desyne, a web marketing firm in Virginia run by a high-school buddy of the TSA employee in charge of the site.

As of now, fortunately, there's no indication that any data was stolen during the four-month-long gap in security.

"TSA security flaws exposed users to risk of identity theft" [Ars Technica]

RELATED
"Howto: Get Your Name Off The No-Fly List"
(Photo: Getty)

]]> Mon, 14 Jan 2008 21:22:52 EST Chris Walters http://consumerist.com/index.php?op=postcommentfeed&postId=344817&view=rss&microfeed=true <![CDATA[ Howto: Get Your Name Off The No-Fly List ]]> old-tsa-agent.jpgThe Department of Homeland Security has finally woken up, and now admits that the No-Fly List has its problems.

The list (a mishmash of multiple lists, actually) has plenty of bugs. Perhaps most famously, Massachusetts senator Ted Kennedy was kept off of airplanes, because someone with the same name was a suspected terrorist.

Getting your name removed from the list has, until now, been a painstaking and thankless task, with no guarantee of success. That's supposed to improve now, via a simplified online "redress procedure," which naturally comes with a government-ese acronym. It's the DHS Traveler Redress Inquiry Program (DHS TRIP). Get it? "Trip"? Alright then.

If you're on the list, you can visit the DHS TRIP site and get the ball rolling. It's unclear how long it takes to see real action, but in theory you should hear back within days, rather than the months it used to take. MARK ASHLEY

DHS Traveler Redress Inquiry Program [Department of Homeland Security]
(Photo: RussellReno)

]]> Thu, 22 Feb 2007 18:28:56 EST consumerintern http://consumerist.com/index.php?op=postcommentfeed&postId=238994&view=rss&microfeed=true