The Transportation Security Agency has removed from its website an online system designed for travelers who have been told they are on a watchlist and inserted a statement that the agency takes information security seriously, following reporting by 27B (and others) that the site could put travelers at risk of identity theft and looked like online fraud.
A link on the TSA's "Our Travelers" page earlier this week directed people who wanted to get help from the Traveler Identity Verification program to a page that looked like the TSA website but was actually a subdomain hosted by a web design company with a P.O. Box for an address (see previous link for screenshot). The site, which was full of misspellings and nonsensical directions, asked travelers to provide sensitive personal information via an unencrypted page. A traveler in an airport using a wireless connection would be at risk of having their personal information stolen and used to commit identity fraud. TSA first responded on Wednesday by changing the link to a DHS subdomain and serving all the pages on the site through a secure https:// url.
Now travelers are directed, as they had been in the past, to download a Word document (proprietary, insecure format) and mail it in.
I still have questions about the legality of the information collection, since comments are still being taken on the project, and neither the Word document nor the earlier online form had OMB control numbers that are required any time the government collects information from citizens.
However, the TSA has not responded to multiple requests for comments on that issue, or to clarify whether or not their websites usage of cookies violates federal rules.
More:
http://blog.wired.com/27bstroke6/2007/02/tsa_removes_onl.html
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore
