Saturday, January 12, 2008

TSA's no-bid, data-leaking website was a complete screw-up: House Oversight Committee

Source: http://feeds.feedburner.com/~r/boingboing/iBag/~3/215191929/tsas-nobid-dataleaki.html

The TSA's Traveler Redress Website was created by a no-bid crony contractor, leaked giant amount of personal information from hundreds of travellers (who had already been screwed over by the agency and were writing in for justice) and exposed them to identity theft. The House Oversight Committee concluded that the TSA totally, absolutely screwed up.

They sure do a bang up job at stopping you from bringing water through the checkpoint though.

That's gotta count for something.

* TSA awarded the website contract without competition. TSA gave a small, Virginia-based contractor called Desyne Web Services a no-bid contract to design and operate the redress website. According to an internal TSA investigation, the "Statement of Work" for the contract was "written such that Desyne Web was the only vendor that could meet program requirements."

* The TSA official in charge of the project was a former employee of the contractor. The TSA official who was the "Technical Lead" on the website project and acted as the point of contact with the contractor had an apparent conflict of interest. He was a former employee of Desyne Web Services and regularly socialized with Desyne's owner.

* TSA did not detect the website's security weaknesses for months. The redress website was launched on October 6, 2006, and was not taken down until after February 13, 2007, when an internet blogger exposed the security vulnerabilities. During this period, TSA Administrator Hawley testified before Congress that the agency had assured "the privacy of users and the security of the system" before its launch. Thousands of individuals used the insecure website, including at least 247 travelers who submitted large amounts of personal information through an insecure webpage.

Link (Thanks, Bill!)

Update: If you want to read the world's greatest "TSA have lied and cheated and lied and cheated" rant, check out our Teresa's post in the comment thread on the five year old whom the TSA thinks is a terr'ist.

No comments: