Flight Times As if getting on a plane wasn’t hard enough, now you have to face the consumer support nightmare of their website. The current No Fly List isn’t perfect, and the process of disputing it is even more ridiculous. Concerns over the TSA’s customer support website were first brought up last February by a blogger Christopher Soghoian.

The biggest privacy concern was the website was used to transmit highly personal data through non-encrypted pages. The simplicity of the matter is best described in his quote, “This begs the question: Who are these guys, why don’t they know how to use SSL and how were they awarded this sweet contract?” which also begs the question, “Why can’t TSA do a simple form submission themselves?”

Simply put the contract was awarded to a single company due to the requirements eliminating every other competitor. The recipient of the $48,816 contracted went to a long time friend of the owner of Desyne Web Services. It’s a little more that a coincidence that the contract was a “no-bid”, so its not surprising the specifications set by management for the contract back in 2006 are still not met to this day.

A report released by the House of Representatives Committee on Oversight and Government Reform found, “This redress Web site had multiple security vulnerabilities: It was not hosted on a government domain; its homepage was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified.”

It’s one thing to make mistakes, but this seems like a blatant kickback at the expense of taxpayer dollars. Not only does the personal information transmitted through the website flow in plain text, they require an Oversight Committee (more taxpayer dollars), and two years without any improvement to force them to do anything to correct the situation.

source doc: pcworld

Related Links

Our Random Articles