"Report: TSA Site Exposed Travelers To ID Theft
A House of Representatives panel yesterday released a damning report about a Transportation Security Administration Web site built to address grievances from travelers errantly flagged by the government's no-fly list. It conluded that cronyism and a lack of oversight exposed thousands of site visitors to identity theft.
The House Committee on Oversight and Government Reform began its investigation into security lapses at the TSA's Traveler Redress Web site last year, after Security Fix and other media outlets pointed out that the site accepted Social Security numbers and other sensitive information from travelers without encrypting the data, potentially allowing hackers to intercept the data. Wired.com noted in its coverage that the site was so laden in spelling errors that it resembled a phishing Web site, the sort typically set up by scammers to lure people into giving away personal and financial data.
The report, which liberally cites content and reader comments from Security Fix and Wired.com, found that the TSA awarded the contract without competition to Boston, Va based Desyne Web Services, and that the guy in charge of awarding the contract had previously worked at Desyne and was good friends with the owner. To date, Desyne has been awarded more than half a million taxpayer dollars worth of no-bid contracts by the TSA, according to the report.
The site's security weaknesses remained undetected by the TSA for more than four months, despite congressional testimony from TSA Administrator Kip Hawley that the agency had assured "the privacy of users and the security of the system" before its launch, the report notes. "Thousands of individuals used the insecure website, including at least 247 travelers who submitted large amounts of personal information through an insecure webpage."
-----
From WashingtonPost.com January 12, 2008: 
FEED
TOTAL411 PODCAST
SELECTED VIDEO ]