By Brad King TechNewsWorld Part of the ECT News Network
01/14/08 12:19 PM PT
"There are very specific guidelines for security," said Lee McKnight, an associate professor of information studies at Syracuse University. "They are common sense, and anyone should be embarrassed if they aren't following these guidelines." Perhaps the easiest way to keep information secure is to delete data that is no longer used.
How Much is 'Free' Costing You? Learn how DaveRamsey.com saw a 567% uplift in ROI with Omniture. This complimentary guide and webinar cover the most important factors in selecting an analytics solution. Download Now.
A government Web site meant to aid travelers in removing their names from the Do Not Fly list inadvertently exposed thousands of personal data files to malicious hackers, according to a congressional report released on Friday.
The House Committee on Oversight and Government Reform released a
report on Friday that detailed serious flaws in the architecture -- and development -- of the
Transportation Security Administration's site. Virginia-based
Desyne Web Services was given a no-bid contract to build the site in part because the TSA official in charge of the project was a former Desyne employee, the report states.
Lack of Common Sense
While the committee takes the TSA to task for failing to comply with government guidelines, the inability to implement basic security measures is more alarming, according to Lee McKnight, an associate professor of information studies at Syracuse University.
"You don't leave databases of personally identifiable information where they are easy to access," McKnight told TechNewsWorld. "This should be Fort Knox. That information needs to be locked far away."
The Organization for Economic Co-operation and Development (OECD), an international group with more than 100 member countries, has been working on
security guidelines for two decades. It has a working security document, including nine steps to ensure data privacy, that should be used by every group setting up a network, according to McKnight.
"There are very specific guidelines for security," he emphasized. "They are common sense, and anyone should be embarrassed if they aren't following these guidelines."
Exposed by Student's Blog
The guidelines were developed to help organizations ensure security, but the easiest way to keep information secure is to delete data that is no longer used, McKnight suggested. Data is oftentimes used for a specific one-time purpose. However, organizations will continue to store that information, creating a target for malicious hackers.
Even had these guidelines been followed, though, there was little follow-up on the site, the report points out. In fact, the TSA never discovered the flaws in its system.
The original site was launched in October 2006. Thousands of people submitted personal data, the report notes. However, nobody -- including the TSA officials -- realized that the security holes existed until Christopher Soghoian, a graduate student at
Indiana University's School of Informatics,
blogged about the flaws. It was his blog that eventually led to the investigation.
Neither Desyne nor the official in charge of the project has been sanctioned, and Desyne still hosts two major TSA Web sites, according to the report.
Is Google the Stay Puft Marshmallow Man? January 07, 2008
There's a fair amount of grumbling that Google's already too big -- too powerful to actually trust. To some critics, it threatens to stomp through the tech world like the Stay Puft Marshmallow Man in "Ghostbusters" -- a force once harmless and friendly ballooning into a monster more dangerous than imaginable.
Related Stories
TSA Tests Security Scanner That Makes You Look Naked October 11, 2007
The Transportation Security Administration is testing a new type imaging scanner at the airport in Phoenix that uses electromagnetic waves to search for contraband. Privacy advocates at the Electronic Privacy Information Center, however, say the scanners can store the images they take, which are very detailed and amount to "naked pictures."
TSA Loses Track of Data-Packed Drive May 08, 2007
An external hard drive containing personal info on about 100,000 TSA current and former employees "was discovered missing from a controlled area at the TSA Headquarters Office of Human Capital," the agency said. The Transportation Security Administration has promised to give a measure of free credit monitoring and ID theft insurance to those whose records were contained in the drive.
More by Brad King
Amazon Tells NY Tax Man to Take a Hike May 05, 2008
Amazon believes New York's Internet Sale Tax Collection law is unconstitutional, and it's taking its argument to court. The law requires e-commerce vendors with any presence whatsoever in New York to pay sales tax on all purchases made by New York residents. Amazon says the law considers independently operating, New York-based sites that post links to Amazon products as engaging in active solicitation.
Sun Suffers a Reversal of Fortunes May 02, 2008
Sun Microsystems saw its quarterly results drop from a profit of $67 million a year ago to a loss of $34 million in the company's fiscal third quarter. The company said it will cut thousands of jobs and expects difficult times ahead due to the mortgage fallout and general economic malaise.
Will a $199 Price Tag Debase the iPhone? April 30, 2008
The latest Apple rumor to circulate has AT&T offering a subsidy on a 3G iPhone when it's released in June, bringing the price into the same neighborhood as all the other commoner phones. Will Apple stoop so low as to allow such a thing to happen?
Headline Feeds
Talkback: 
