Slashdot Mirror
Lax TSA Website Exposed Travelers' Information
sjbe sends in an old story with a poetic justice ending. Almost a year ago Chris Soghoian blogged about multiple security holes exposing visitors to a TSA site to possible identity theft. Wired and others picked up the story and the TSA took down the insecure site and fixed the problems. On Friday the US House of Representatives Committee on Oversight and Government Reform released a report (PDF; HTML summary) finding that the TSA contractor, Desyne Web Services, had received a no-bid contract for the faulty site from a former employee who was then a TSA project manager. TSA has taken no action to sanction the responsible parties for the vulnerabilities. The poetic justice is that Soghoian had been investigated for 6 months by the FBI and TSA because he pointed out a vulnerability in the US air transport system; no charges were ever filed.
Even as we are faced with incident after incident of our government failing to safeguard information, we do nothing as they collect more of it claiming they can be trusted to safeguard it.
Real ID is going to be a nightmare.
Patriot - A fan of expanding government power and spending while not wanting to pay higher taxes.
Real ID is going to be a nightmare.
... we may be in for the long haul.
If that's what it takes. Remember the FBI under Hoover? Did all kinds of abusive stuff, until it finally reached the point where Congress had to rein them in and enact strict controls on their behavior, mainly because Congress itself was threatened by Hoover's activities. Hell, the bastard had dirt on all of them. However, many of those restrictions on law enforcement were undone with the Patriot Act, CALEA and other poorly-designed laws designed to strip civil liberties from us. I have the feeling that we're going to have to suffer through yet another cycle of government abuse (worse this time) until the pendulum swings back and some controls get put back in place.
If we're that lucky. I have my doubts about this go 'round
The higher the technology, the sharper that two-edged sword.
So the entire US government and all of it's agencies are fired, what exactly is that going to fix :P
... there'll be no-one left to take them.
Well, at least we won't have to worry about the encroaching loss of civil liberties
Of course, it would be a good idea for everyone to have a few guns and plenty of ammo: anarchy can be unpleasant.
The higher the technology, the sharper that two-edged sword.
Fairly basic psychology actually. By going to an outside agency to complain about your own organization you are betraying it. Your motives may be pure, and the outcome may be a public good (or even a good for your organization), but you can't expect to be *liked* for it.
Nobody likes a snitch. Expecting anything else is willful ignorance.
Because extremely expensive, no bid, just plain dishonest contracts to incompetents is how a great deal of the US government has work done.
If private sector employees acted like this, they'd be fired for incompetence, the relationship with the incompetent 3rd party would be terminated fairly quickly, pressure would be put on the local district attorney to file fraud and conspiracy criminal charges if there was collusion and a whole lot less money would be spent before it all went away.
In the case of government employees, it's just status quo. Move alone, nothing to see here.
1q2w3e4r5t6y7u8i9o0pqawsedrftgthyjukilo;p'azsxdcf
Previous poster (parent) has a point though .. and I think it is .... unless you're absolutely confident of your 'anonymity' in reporting, then you are highly likely to become suspect. Your story is at least going to be checked out. If it's not on, then someone may sick their lawyer on you for slander/libel.
I sat down at a courtesy kiosk at an auto dealer once to find a guy still logged into his Yahoo mail had walked away. I sent him a mail from himself and did not put my name in it, suggesting he ensure that he had logged out before walking away. No worries there.
However, anyone reports anything on my network/sites, I am going to triple-check their story and their activity (if I can relate it to them). Some people won't do that, they'll just call the person into suspicion right away. We had a guy interview for a job and make a comment about how something on our web site was insecure. Not so bad, except he gave no specifics or suggestions. Only made himself suspect and guaranteed he would not get a job with us. This is different from being helpful, but honestly ... even if he gave some details, I'd still be checking up on the veracity of it all and looking for attempts.
That all said, I would seek to be the good samaritan and report it. I would also be sure to document my steps/actions and have witnesses where possible. The more you do alone, the less credible you become in this sort of instance.
Que Deus te de em dobro o que me desejas
[May God give you double that which you wish for me]
Why did the terrorists succeed on September 11, 2001? Conventional wisdom says the terrorists exploited a weakness in airport security by smuggling aboard box-cutters. What they actually exploited was a weakness in our mindset -- Crews were for years trained in the concept of "passive resistance." Everyone acted calm, and the crisis resolved with no loss of life. All of that changed when the first plane hit the north tower. What weapons the 19 men possessed mattered little, but it would never work again: Anyone pulling out a box cuter today would be dragged down by passengers.
Yet today the DHS and TSA are still focused on the box cuters. Patrick Smith of the New York Times points out just how pointless the TSA searches have become. Why for example do they confiscate tubes of toothpaste or shampoo bottles potentially containing explosive materials, only to throw them out in the trash unchecked? Why do cleaners and garbage workers handle these supposedly dangerous contraband unprotected? The ban on fluids itself flies in the face of scientific opinion: "The notion that deadly explosives can be cooked up in an airplane lavatory is pure fiction."
http://jetlagged.blogs.nytimes.com/2007/12/28/the-airport-security-follies/index.html
Well, yes and no. Yes, the cynical me says lots of government contracts probably do get done this way even though they aren't supposed to. But at least the government has policies and laws that say they aren't supposed to work this way, and I bet the *majority* is still done honestly (I hope).
But private companies are under no obligation to be fair in who they buy from. There are no laws that say a company must buy from the best, or cheapest, or whatever. They just pick who they feel like working with and that's it. If they want to buy work from their buddy then they do it. That's not fraud or conspiracy or collusion. It's not even secret or embarrassing. That's what business is all about, they just call it "networking" whereas in the government they call it "cronyism".
Public companies at least have some obligation to shareholders to be fiscally responsible, but for the most part dealing with this kind of issue doesn't get raised to the level of the board of directors unless it dramatically affects the quarterly results, so the management is free to do whatever it wants anyway. CEOs in the private sector are cowboys and apparently as a country we like it that way, evidenced by the fact that so many people these days balk at regulation.
So, no, this would not be better in the private sector. In fact, it is the status quo in the private sector which is why it is rarely news. It is not status quo in the government, or at least it shouldn't be, which is why we get so upset when it happens there. We expect the government to serve the people, and we want it to. We don't expect the private sector to serve the people we expect it to serve the company owners, and it does.
The real story here is that cronyism has spread like a cancer into many areas of government, and this item in particular shows how the very forces that are claiming to enhance our national security are actually sabotaging it. The answer isn't to leave it to the private sector and let the cancer win, the answer is to kill the cancer before it kills us.
I think you *precisely* correct in referring to the whole system as a pendulum.
As an engineer, upon further reflection I think that a more apt description would be "running open loop". If you look at the U.S. Constitution, you'll realize that the so-called "checks-and-balances" put in place by the Founders, indeed the underpinnings of our entire Republic, are nothing but a series of carefully crafted negative feedback loops. The intent of those mechanisms was, of course, to prevent the government from going too far in one direction. The most basic of those is the fact that we can elect our leaders: the governments actions are processed by the population and fed back to the input as votes. Another loop was the original tariff system. It is complicated, but it worked for a long, long time, and had our elected leaders not fiddled with it continuously, would still be working now.
The problem is that Congress, with its fundamental incompetence and endless quest for votes, has opened most of those loops and the proper amount of negative feedback is no longer being applied to the system inputs. In fact, there's generally no negative feedback whatsoever: it's all going the other way. That's placed us in a swell of uncontrolled positive feedback which will eventually reach the maximum tolerance of the system.
In electronic terms, that usually means your output is locked to within a few millivolts of your positive supply voltage. In civil terms, it means a revolution is about to start.
The higher the technology, the sharper that two-edged sword.
DHS and the TSA were never meant to actually prevent harm to any citizen, but rather as a transfer of power from the citizen to the government. In that context, the ineptitude, mismanagement, harassment, failures, and the 'kill the messenger' attitude, begin to make a kind of sense. Much as any despotic entity throughout history, exposure of any kind is met with intimidation or violence, and a monolithic facade is presented.
At least until control is absolute, then it no longer matters. Read the sig.
Power tends to corrupt, and absolute power corrupts absolutely.
Complain to your elected representatives with a short, politely worded letter. That's the most likely to get these practices stopped.
while i don't disagree that our government leadership is incompetent, i think that the blame isn't solely on politicians. we did at one point live in a free and democratic society. a large part of the blame therefor rests on the the public. we have developed a culture of apathy, and as such no revolution could ever take place.
the reason for public apathy is two folds. firstly, the bipartisan system that our democracy has evolved into is inherently broken. but more importantly the 4th estate has failed to uphold its duty to the public. the reason why freedom of press is so important to a free society is because the press plays a crucial role in the democratic process. democracy only works when the citizenry is well informed and educated. and when the press neglects its duty to report government/political corruption, voters can not make informed votes to provide the negative feedback you mentioned.
so unless the nature of our press changes fundamentally, i don't see any desperately needed widespread reforms taking place. perhaps the internet is the key. i don't know. but maybe one day we'll see direct participatory democracy being realized in the U.S. with the advent of the the internet and the information age, perhaps government records could be placed directly online so that the public can stay informed about government without the press. likewise, with internet access being near ubiquitous today, i don't see why we even need legislative representatives to pass legislation and form public policy. why couldn't we just conduct mass referendums over the web and bypass congress altogether?
i mean, if poor illiterate Venezuelans can draft their own constitution via referendum, why can't Americans pass legislation the same way? with today's communications technology, we don't have logistical problems getting in the way of direct democracy.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."