Nov 212009 brings us news of a court opinion that Transportation Security Administration (TSA) employees engaged in an unreasonable search of a passenger’s luggage and that the child pornography they uncovered should be suppressed. In United States v. McCarty, the court held:

Despite the testimony indicating that the TSA employees searched the photographs solely to determine if any children were in harm’s way, the government argues that the search was nonetheless proper because Andrade was required to inspect the photographs for sheet explosives. Pl.’s Nov. 3 Suppl. Opp’n 2-6. The court readily accepts that a packet of photographs may cause a dense item alarm and TSA protocol requires the TSA employee to ensure that the photographs do not include any sheet explosives. The testimony, however, does not establish that Andrade and Moniz examined the photographs for sheet explosives — rather, after they noticed the photographs that were initially visible, they inspected the content of additional photographs for the purpose of determining their criminal nature.


Oct 152009

Alice Lipowicz reports:

The Homeland Security Department has agreed to replace its existing information technology support for the Traveler Redress Inquiry Program (TRIP) with a more effective system, according to a new report from DHS Inspector General Richard Skinner.

The support system is an existing system of the Transportation Security Administration. The system was expanded and modified to form the backbone of the multiagency TRIP created in 2007 to deal with travelers’ complaints about errors in watch list databases, document information and other problems.

However, the redress program still needs improvement in security, privacy, reliability, timeliness, transparency and performance management, Skinner said in the report made available Oct. 13.

Read more on FCW.

From the report:

Email Submissions of Personal Information May Expose Redress-Seekers to Avoidable Risks

TRIP offers redress-seekers three options for submitting travel inquiries and supporting identifying information: its secure online portal, conventional mail, and email. However, TRIP redressseekers who initiate requests online can submit copies of identifying documents, such as passports and drivers’ licenses, only by mail or email.

The TRIP website assures the public that the program takes precautions to protect redress-seekers’ personally identifiable information. For example, TSA has established system security features and protocols to protect the TRIP website and the information in its case management system. However, one of the program’s options for gathering information from redressseekers— email—potentially exposes the information to risk of interception by third parties.

Continue reading »

Oct 072009 notes:

The Transportation Security Administration (TSA) has plans to greatly expand its use of whole body imaging machines at airports around the country. The x-ray machines, which each cost over $100,000, capture detailed, graphic images of passengers’ naked bodies. In June, the House of Representatives overwhelmingly passed a measure that would restrict TSA’s use of these machines. The measure is pending in the Senate. The Privacy Coalition has urged the Department of Homeland Security to suspend the program until privacy and security risks can be fully evaluated. EPIC has also filed Freedom of Information Act requests for the contracts with the vendor Rapiscan.

Also affecting airport travelers: Scott Powers reports in the Chicago Tribune that three companies are bidding to take over the Clear Registered Travel program.

But now at least three companies, including FLO Corp., which ran a separate registered traveler program in Reno, Nev., are bidding to buy Clear’s customer lists and re-establish the service. Orlando International, which was the first Clear airport in 2005 and hosted the most registered travelers, may be the location the companies want most.

“It’s the plum,” FLO managing partner Fred Fischer said. “It’s the peach.”

FLO, a Delaware corporation; Henry Inc. of California; and at least one other bidder that has not been publicly identified have made formal pitches to Morgan Stanley, which gained control of the assets after Clear’s parent company, Verified Identity Pass, shut down June 22.

Sep 212009

Alice Lipowicz reports:

The Transportation Security Administration should deploy automated tools to test and monitor the effectiveness of privacy safeguards in its programs, according to a new report from Homeland Security Inspector General Richard Skinner.

In a report issued Sept. 18, Skinner recommended that TSA’s Office of the Chief Information Officer implement such tools, and the agency’s officials agreed with the recommendation.

Read more in Federal Computer Week.

Aug 142009

Airlines this week will begin requiring some people making reservations for domestic flights to submit their dates of birth and genders as part of a screening process aimed at keeping boarding passes out of the hands of suspected terrorists, the Transportation Security Administration said.

The agency said the screening would all play out behind the scenes, meaning there should be no additional delays for passengers at airport terminals. The change will be phased in starting Saturday. Not all airlines are fully participating yet and might not request the data.

Read more of this WSJ story in the Chicago Tribune.

Jul 092009

Clear registered traveler programFred Aun of StorefrontBacktalk discusses what happens now to all of the confidential information the Clear registered traveler program compiled on customers. Since June 22, when the company first ceased operations, consumers have not been able to get a clear (no pun intended) and full explanation of the company’s intentions with respect to their personal data. Previous news stories covered on this site indicate the extent to which the public — and Congress — are not sure what happens next. Aun writes:

…. The company pledged “to keep the privacy promises” it made and noted the private info would be secured “in accordance with the Transportation Security Administration’s security, privacy and compliance standards.” More precisely, each hard disk at the airport kiosks “has now been wiped clean” of all data. “The triple wipe process we used automatically and completely overwrites the contents of the entire disk, including the operating system, the data and the file structure,” vowed Verified Identity Pass. “This process also prevents or thoroughly hinders all known techniques of hard disk forensic analysis.”

Meanwhile, back at the company’s office, Lockheed Martin is on hand as the lead systems integrator “to ensure an orderly shutdown as the program closes,” said the statement. Note the careful wording here: “As Verified Identity Pass, Inc. and the Transportation Security Administration work through this process, Lockheed Martin remains committed to protecting the privacy of individuals’ personal information provided for the Clear Registered Traveler program.”

“Protecting” data isn’t the same as erasing it. That’s because, toward the end of the initially comforting statement, Verified Identity Pass indicates that the personally identifiable information might not be nuked after all. In fact, the company said it might try selling it.

Read more on StorefrontBacktalk.

Jul 082009

Former Libertarian presidential candidate Bob Barr comments:

The Transportation Security Administration (TSA) has become increasingly aggressive in expanding its responsibility from simply searching passengers to ensure no weapons or explosives are brought on board commercial aircraft.  The agency, housed in the federal Department of Homeland Security, has moved in recent years to assume for itself the role of “behavioral cops,” by training and allowing its employees to spot “suspicious behavior” on the part of passengers and then subjecting those so tagged to additional scrutiny and questioning.

In some instances of such “behavioral searches,” in which the government then finds contraband on the persons thus singled out for searches, or outstanding warrants for matters completely unrelated to aircraft or airport security, people are arrested and prosecuted.

Now, as such cases are working their way through the court system, the TSA is running into difficulty in sustaining its self-appointed power to search people for anything it finds that is “suspicious.”  In fact, the TSA should be having problems in continuing what it has been doing.

Read more on The Barr Code.   Scott McCartney also covers the court cases on The Wall Street Journal in more detail and with quotes.