Mar 28 2005

Didn’t have to wait long

Published by Martin at 7:45 am under Security Advisories

Schneier on Security: TSA Lied About Protecting Passenger Data

The Transportation Security Administration (TSA) lied about how much information they had, how they controlled it, who had access to it, and how it was being used. From the very start, they’ve lied to the American public. This from the agency that’s supposed to be protecting us. There is no way that could not be construed as a purposeful obfuscation of comprimises the information they hold.

Most people I talk to seem to be under the mistaken assumption that there is some sort of mechanism in place to keep this sort of data exploitation from happening. But unless we demand that the people who control our data be held responsible, only the most minimal efforts will be spend on protection.

While I expect it’s still impossible to find out if you are on this list or not, I wonder if anyone affected by these abuses live’s in California. If they do, how could SB1386 and similar legislations affect the TSA and disclosure? It would be nice to see one of these bills used to pry further information about what’s been going on out of the TSA. Like that’s really going to happen given the current administration.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

2 Responses to “Didn’t have to wait long”

  1. # Axelon 28 Mar 2005 at 11:02 pm

    First of all, you’d need an encompassing legal framework for privacy and data protection instead of the several regulatory approaches like HIPAA, FISMA, etc. As long as there’s nothing like that in the US you’ll always lose.

    Are you sure SB1386 is valid for government agencies, too? Or does it cover only public companies?

  2. # Martinon 29 Mar 2005 at 6:43 am

    Axel,

    No, I’m almost certain SB1386 specifically exempts both state and federal agencies. I read it about this time last year, and I’m to lazy to look it up on the Internet, but I do remember several passages specifically providing loopholes for the government. Besides, on issues concerning data, I think federal rights trump state rights, meaning even if SB1386 did apply, the feds would just say no and fight it in court. This fight will have to come from the ACLU or similar body.