Saturday, February 11, 2006


TSA Database Insecure; At Risk

Hospital files get cracked; credit card companies get cracked—and, now, there’s the potential for the airline passengers security database to get cracked. This means that the databases are not encrypted in a way that ensures non-entry. This system, flaws and all, cost $150 million. This shouldn’t come as a surprise, though: the entire government is so honey-combed with graft, on-the-cheap programs, good-ol’-boys, and stupidity it’s amazing it works at all. Of course, once something out of the ordinary happens—like a hurricane—it crashes like a bad computer program.

Nobody seems to notice, though, or care. It seems like what’s important is how well American Idol has-beens-that-never-were come out at the Grammys; or what the latest murder case is about. Maybe how the president got a new statue of himself put on display, or which lobbyist corrupted the most politicians. All of these things are flashes, little five-second blips that dazzle us; nothing lasts past tomorrow’s morning “news.” I guess it’s a sort of surrender to what’s perceived to be the inevitable; we’re powerless over our own government.

All we can do is hope that some benevolent hacker gets into the no-fly database and erases the whole system.

Passenger security check program scrapped
2/9/2006, 11:38 a.m. PT
The Associated Press
WASHINGTON (AP) — An ambitious program to check every domestic airline passenger's name against government terrorist watch lists may not be immune from hackers, a congressional investigator said Thursday.

And because of security concerns, the government is going back to the drawing board with the program called Secure Flight after spending nearly four years and $150 million on it, the Senate Commerce Committee was told.

Transportation Security Administration chief Kip Hawley did not say whether any security breaches had been discovered. An agency spokeswoman, Amy von Valter, told reporters, "We don't believe any passenger information has been compromised."

Cathleen Berrick, the investigator for the Government Accountability Office, said in written testimony that "TSA may not have proper controls in place to protect sensitive information."

Currently, airlines check the names of passengers against watch lists that the government gives them. Under Secure Flight the government would take over from the airlines the task of checking names against watch lists.

According to the GAO testimony, Secure Flight was given formal authority to go live in September, but a government team found that the system software and hardware had 82 security vulnerabilities.

Hawley told the committee that he has directed TSA's information technology staff to conduct a comprehensive audit of the program before developing it further.

"In view of our need to establish trust with all of our stakeholders on the security and privacy of our systems and data, my priority is to ensure that we do it right, not just that we do it quickly," Hawley said.

The audit began several weeks ago and there is no deadline for completion, von Walter said.

Secure Flight has been troubled from the start.

It is strongly opposed by civil libertarians who fear the program would grow into a massive domestic surveillance system in which the government tracks people whenever they travel.

Government auditors gave the project failing grades — twice — and rebuked its authors for secretly obtaining personal information about airline passengers.

Hawley said last month — and the GAO agreed in its testimony Thursday — that the agency hadn't yet determined precisely how Secure Flight would work.

Commerce Committee Chairman Ted Stevens, R-Alaska, told reporters he didn't think that Secure Flight should be held up by the GAO.

"I'm not really pleased," Stevens said. "They ought to stand back and give advice."

The Sept. 11 commission has urged the administration to expedite the development of the program because, it said, the watch lists currently used by airlines aren't complete.

But checking names against watch lists hasn't been as easy as it sounds, partly because airlines collect only limited information about passengers.

Also, the number of names on the watch lists increased into the tens of thousands since the Sept. 11 attacks. That problem has resulted in passengers from infants to Sen. Edward M. Kennedy being mistakenly told they couldn't fly because they have the same name as someone on the watch list.

The project has also drawn protests from privacy advocates and civil libertarians because its stated purpose has changed, often expanding.

Project managers once said that it would be used to track down violent criminals, and then backed down. They've also proposed using commercial data, such as that supplied by Choicepoint, to locate members of terrorist sleeper cells among people who buy airline tickets.

Bill Scannell, a privacy advocate who manages the Web site, welcomed Hawley's announcement.

"Once again the vampire's been driven back into its coffin," he said. "Whether the administration is willing to shoot it with a silver bullet is another question."


On the Net:

Transportation Security Administration:

Copyright 2006 Associated Press. All rights reserved.
This material may not be published, broadcast, rewritten, or redistributed.

Comments: Post a Comment

<< Home

This page is powered by Blogger. Isn't yours?