Tag: TSA

Didn’t mean to censor the TSA propaganda

Someone (Or, more likely, some script) claiming to be Bob from TSA Blog left a comment on this post. It was a totally useless press release talking about the ineffective things TSA is planning to do about the lost (now found) laptop. Despite the fact that it fits my definition of spam (It wasn’t a response to the post, which “Bob” clearly didn’t read, it was a monologue on the same subject with a link to the author’s blog), I published it. But due to a little snafu with the back button and not paying attention, I accidentally deleted it. So, sorry to censor your spam, TSA Bob. If you post again, I’ll publish it again. But note well that spamming blogs that call out your stupidity and/or incompetence is not going to do a bit of good, and you might be better off finding something more useful to do with your time. Edit to add: Here is the text of the propaganda, stolen from the original Boing Boing post’s comments.

The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination. TSA’s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Register Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport’s security plan. TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers’ information systems and data security processes to ensure compliance with security regulations. Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed. Current customers will not experience any disruption when using Registered Traveler. Bob TSA EoS Blog Team

The worst part about this is that TSA’s response to this seems to be a stern wag of the finger at the contractor. I feel safer already.

Speaking of IT security and idiots

It seems a TSA contractor has misplaced an unencrypted laptop full of people’s personal information

The Transportation Security Administration suspended Verified Identity Pass Inc., the company that operates the registered traveler program under the brand name Clear, from enrolling new applicants due to the alleged theft of the unencrypted laptop.

Link from Boing Boing, but they kind of dropped the ball by not mentioning the unencrypted status of the missing laptop. Luckily one of the comments mentioned it. Keep in mind this is entirely against TSA regulations (I worked there for 9 months). TSA is colossally stupid sometimes, like when they made me take my unencrypted (before the regulation went into effect) laptop home on the Metro every day for a week rather than leaving it in the secure facility where I worked. But I’m almost inclined to not blame them for the actions of a contractor.

TSA officials said the suspension will protect consumers waiting to enroll in the Clear program and allow the company to bring its procedures into compliance.

How about making them give back all the money due to breach of contract? There’s no accountability in government contracting.