TSA Traveler Website Exposed Private Citizens To Risk Of ID Theft

The Transportation Security Administration’s traveler redress website—which was launched to give travelers a way to get their names removed from the government’s toddler-centric no fly list—operated for months without proper security in place, leaving citizens who submitted detailed personal information to it wide open to identity theft. Gee, we’re this close to thinking that the TSA is run by a bunch of grotesquely incompetent, slug-like bureaucrats.

From Ars Technica:

The web site was hosted on a commercial domain by a contractor and did not use SSL encryption for submission forms that transmit sensitive identification information. The few pages of the site that did use SSL used an expired certificate that had been self-signed by the contractor.

The problems with the site and its development were made public on Friday in a report published by the House Oversight and Government Reform Committee, which said,

the TSA was completely unaware of the security issues while the site was in operation. During that time, thousands of travelers submitted personal information through the website and a TSA administrator claimed in congressional testimony that the agency had assured “the privacy of users and the security of the system.”

Even worse, the site was awarded through a no-bid contract to Desyne, a web marketing firm in Virginia run by a high-school buddy of the TSA employee in charge of the site.

As of now, fortunately, there’s no indication that any data was stolen during the four-month-long gap in security.

“TSA security flaws exposed users to risk of identity theft” [Ars Technica]

“Howto: Get Your Name Off The No-Fly List”
(Photo: Getty)


Edit Your Comment

  1. zimzombie says:

    The Vogons?

  2. President Beeblebrox says:

    Hey, I know those Vogons, and their poetry is better than anything the TSA could put together.

  3. Half Beast says:

    No-bid contracts strike again…albeit in a much less lucrative fashion…

  4. FLConsumer says:

    Just yet another reason why we need to abolish the TSA/DHS and get REAL security for this country.

  5. Michael Belisle says:

    Maybe the TSA was a inside joke at the federal departments when it was created, as though the FBI (and the 20 or so other entities) decided to transfer all of the incompetent agents into it.

  6. doctor_cos wants you to remain calm says:

    Good job, Brownie!!!

  7. mac-phisto says:

    & in other news…tsa traveler website used as pilot program for national id initiative. yay!

  8. misstic says:

    Meanwhile, Pelosi is busy re-doing the cafeteria. Man, I feel so safe!!! Our govt is so wonderful!

  9. Curiosity says:

    I hate to make the comment, but I still do not get why:

    1. The identity of the passenger correlates to the actual safety of the airplane. I would think that terrorists, out of all people, would have access to false identities. This seems like a false precaution for other purposes, which basically creates closed borders within the country, a negative thing [www.alibris.com]

    2. Why safety cannot be incorporated by actual safeguards. McDonald’s can make a profit without linking information to personal actions [www.churchofthecustomer.com], they provide a relatively safe product [www.organicconsumers.org], and despite criticism try to inform the public of the risks [www.mcdonalds.com] . Airlines could do the same by providing a safe environment rather than just depending on screening the passengers.

    3. Why the airplanes aren’t actually safe either through ensuring the actual safety of its cargo or people by anonymous confidential inspection, actually making the planes safe, or giving the majority of the people upon the plane the ability for safe self protection and trusting that the majority of the people will be good. I stress anonymity and confidentiality b/c people are less likely to want to fly or be inspected if privacy is not maintained.

    Perhaps there should be the realization that the toleration of minor offenses rather than the potential crack down will lead to greater efficacy in the greater social problems due to allocation of resources.

    4. This was not done during the 80’s or 90’s [query.nytimes.com]

    Just my thoughts.

  10. Sidecutter says:

    @Z.Beeblebrox: RE: Vogons

    There’s a company that is actually named that. Vogon International, IIRC, or somesuch. I’ve received a couple random mailings from them, I think they’re supposed to be investments. It always cracks me up.