Waxman: Online 'no-fly' list endangers privacy
- By Alice Lipowicz
- Feb 26, 2007
The Transportation Security Administration's recent attempt to fix problems with its "no-fly" list may have put at risk of theft the Social Security numbers and other personal information provided by travelers, according to Rep. Henry Waxman, D-Calif., chairman of the House Committee on Oversight and Government Reform.
Many people have been detained at airports erroneously because they have names similar or identical to the names of suspected terrorists on the TSA's no-fly list. To correct the problems, TSA on Feb. 13 launched a new "Travel Verification Identity Program" Web site, linked to the TSA's Web site.
On the online verification site, travelers with complaints about the no-fly list were asked to submit Social Security numbers, dates of birth, height, weight and other personal information.
However, Web security experts immediately criticized the new verification site because they claim it lacks basic security measures, such as encryption, and as a result the information is vulnerable to hacking, Waxman wrote in a Feb. 23 letter to Edmund Hawley, assistant secretary of the TSA.
"I am writing concerning allegations that a TSA Web site designed to help travelers remove their names from the 'no-fly' list lacked basic measures to ensure the security and privacy of information submitted," Waxman wrote.
In addition, the new Web site was operating on a commercial domain, displayed numerous spelling errors and presented an overall "poor" appearance, Waxman wrote.
Waxman said he wants to investigate the allegations about the new Web site and to determine how many travelers may have been affected by a possible security breach. He asked for information to be provided to the committee by March 9.
A TSA spokesman was not immediately available for comment.
Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.