Congress: Big Brother Might Be Broke, But His Cronies Get Paid

« Justice Dept: Don't Sweat FISA: Big Brother's Broke Anyway | Main | MySpace Reaches Anti-Predator Accord With States »

January 11, 2008

Congress: Big Brother Might Be Broke, But His Cronies Get Paid

Have you ever been to a government security trade show? I have. There was one running next to Interop a few years ago, and I wandered in to see what I was missing. It was surreal.

My immediate impression was informed by the utter sobriety of the show floor. Interop and its ilk have a whole layer of participants who premise their entire booth's appeal on the widespread networking nerd delusion that booth babes might actually be, you know, available. The ones they can't hook with sex they rope in with a chance to win an iPod. Or a line conditioning UPS.

At that security show? No booth babes. No free stuff. Just unfriendly men with crew cuts and maroon jackets selling stuff like remote controlled submersible harbor cameras and bomb-sniffing dog training. Oh ... and an overwhelming vibe that, spoken or unspoken, every pitch begins with "In the post-9/11 world." The people manning the booths at that show are far too sober in bearing and mien to actually yell "Yahoo! Gold rush time!" but come on ... in the past six years The Security Industry has gotten a whole new lease on life, and the government's homeland security apparatus is its bread and butter.

Wired's Threat Level has some of the details on what appears to be cronyism at the Transportation Security Administration, centered around a Web site the organization developed in 2006:

"Trying to handle the thousands of paper requests from travelers being inconvenienced by the government's bloated watch lists (more than 800,000 names-long at last count) the TSA launched the website in October 2006 with the approval of its chief information security officer, who failed to notice blatant security holes.

"The TSA took the site down in February 2007, after security researcher Christopher Soghoian first noticed problems with the site and THREAT LEVEL detailed the 15 reasons the site looked like a phishing scam.

... "TSA denied there were any vulnerabilities -- saying it was "just a small glitch." But House Oversight Committee Chairman Henry Waxman (D-Ca.) decided to look into the matter and requested documents from the TSA."

According to Wired, in the end, they found nobody at the TSA had any idea the site had numerous vulnerabilities, that the site was built as the result of a no-bid contract awarded the former employer of a TSA employee who utterly failed to ensure the job was done right. Nobody was disciplined, the company that botched the work held on to another contract, and it even got another contract for the kind of work it bungled.

In the mean time, researchers who exposed problems with the TSA's security procedures found their homes being raided in the night. Christopher Soghoian was on the receiving end of one of those raids, and he's feeling justifiably vindicated.

Wired and Soghoian both contacted officials involved in this scandal, and the comments they got in return are reflective of the sort of unaccountable mindset you find deep in bureaucracies like the TSA.

Here's the thing: Our collective security depends not on private citizens or the government acting independently of each other, but both working as genuine partners. You can't create a bureaucracy that'll make everything safe and secure, and you can't turn vigilantes loose. You have to have a competent government initiative that earns trust and cooperation. The TSA has squandered most of the trust people gave it, both with things like this and the sheer ineptitude involved required for shenanigans like detaining five-year-old boys because their names are on no-fly lists.

Hopefully Congressional oversight will bring a little accountability to the TSA.