Source: Tom's Guide | Keywords: TSA, Stolen, Laptop | Themes: Laptops and Notebooks, Business, Business Notebooks
At the beginning of the week, the TSA announced that a laptop containing the personal information of passengers enrolled in its fast track screening program had been stolen. However, in what appears to be a case of “Where did you have it last?” the laptop has been found in the office it was apparently stolen from.
The laptop went missing over a week ago from an office in San Francisco International Airport,
however TSA officials claim they weren’t notified until Sunday. The computer contained names, addresses, birth dates and some driver’s license numbers and passport numbers for some 33,000 people enrolled in the Clear program. Clear is a system that allows passenger access to special fast-track security lines in the airport, avoiding some of the longer queues.
When the laptop was stolen a lot of people asked the same question, was the information encrypted? No, apparently it wasn’t. The information was encrypted on the server, however the laptop was protected only by a two level password system.
So, how did it get back into the office from which it was stolen? Allison Beer, Senior VP of corporate development at Clear said the laptop was stolen from a locked office. Although it turned up in the same office, it was not in the same location it was in when it went missing. Beer told the San Francisco Chronicle that if someone was returning the laptop, they would need a key to do so. So that leaves us with two options, either someone who worked there pinched it/brought it home by accident or they didn’t look hard enough when they found out it was missing.
The TSA is passing the buck to Verify Identity, the company in charge of the Clear program. The Administration says the information should have been encrypted and the program has been suspended pending an audit.
While the TSA is no doubt glad to have the machine back what most people are asking is who stole it and why there wasn’t any surveillance cameras monitoring an office that warranted being locked all of the time? Instead of breathing a sigh of relief that the unencrypted laptop has returned, they should probably be taking a look into where it went. Perhaps Homeland Security just took it for a walk?
-
Previous News Article
No Linux for U.S. Lenovo Netbook... -
Next News Article
John Carmack Explains Why...
21 photos
16 photos
17 photos
18 photos
Ah this is priceless. TSA should write comedy sketches.
They did it for the Lulz
A lot of data that is unaccounted for, for a lot of hours.
I get confused sometimes... having a TSA is supposed to make us (in the US, anyway) feel *MORE* secure, right?
LoL. My last encounter with the TSA almost left me stuck in Puerto Rico where they can't read drivers licenses. I had to convince the guy my license wasn't expired cause he read the ISS (issued) as EXP or expires and didn't believe me at first when I said my license was totally valid. Which almost resulted in an Airport Terminal freak out.
TSA is almost totally useless - they are rude, inefficient and slow, at least that is my experiences with them at LAX.
I think every European country has better Airport Staff+Security than the US.
When you don't pay a decent wage, you won't get good people.
I second what rgsaunders said. At 14-15 dollars an hour this is what you get.
TSA is a damn joke. They're being run by rude people. if you pussy out, they treat u like shit. but when u stand against them, they backed out mad fast. Especially when u ask to see the highest guy in the airport, make sure you SAY IT OUT LOUD, if they dare to touch you, take a picture with ur phone's camera and u can sue their ass.
^Good idea! *sarcasm*
I prefer not to be put on the no fly list.
Ummmmm Jane....If you're going to write syndicated articles for the World Wide Web, maybe you could take into consideration that readers from countries other than your own may not know what the abbreviations in the article mean. Had to Google TSA to find out what the hell you were talking about. lol
From now on, when I hear that x number of laptops have been stolen, I'm not going to be so worried as I once was. They probably just left x amount of laptops in a warehouse somewhere exactly where they should be.
So they basically have the same info/data on a server. Why does the laptop have to have a copy again?
Should it really be necessary to have a copy on the laptop, why not add another layer of security (aside from the usual-but-rarely followed ones)? Remove all unique info/data from the copy on the laptop and replace them w/ one identifiable data/key/ID that can be tied to specific info/data on the server? If all they need are names, just store the names plus an, ID for each name, on the laptop. For added security, the ID on the laptop is not the same as that stored on the main database but is different and is stored on a separate database that stores a combination of ID from both the laptop and the server. This way, even the ID on the laptop can not be used against the main database. Another benefit of this is that each laptop can isolated, and should it be compromised, the database containing the IDs from both laptop and main database can just be cleared (archived and removed from normal access). Ofcourse, it'll be more effective the less unique info stored on the laptop.
I'm no security expert but at least its better than having a complete record on a laptop.
The Transportation Security Administration (TSA) continues to investigate the circumstances surrounding the loss of a Clear®- owned laptop computer on July 26 that contained unencrypted data of approximately 33,000 customers. TSA has verified that a laptop was discovered by Clear® officials yesterday at San Francisco International Airport (SFO). It was voluntarily surrendered to TSA officials for forensic examination.
TSA?s regulatory role in this matter is as follows: Every commercial airport is required to have an approved airport security plan. So Register Traveler is part of that comprehensive plan at the airports where it operates. Under the airport security plan, the sponsoring entity, (SFO in this case) is required to assure its vendors have an approved information security program. Because the computer at SFO was not encrypted it is in violation of the airport?s security plan.
TSA also has the ability to go directly to vendors when the plan is not being adhered to so TSA is conducting a broad review of all Registered Traveler providers? information systems and data security processes to ensure compliance with security regulations.
Clear® needs to meet the information security requirements that they agreed to as part of the Register Traveler program before their enrollment privileges will be reinstated. Encryption is the wider issue as opposed to one incident with one laptop. So for now, Clear® enrollments remain curtailed.
Current customers will not experience any disruption when using Registered Traveler.
TSA EoS Blog Team
Wow. This is pretty ironic and funny. You know its not very hard to encrypt a laptop! Or just run command line Linux
.Most of the average Joe hackers don't know hard core Linux.
ya and most TSA agent dont know hard core linux either let alone basic linux
This one perplexes me: "Most of the average Joe hackers don't know hard core Linux."
Sorry I went off-topic there.
Script kiddies aside, I think most Joe hackers do know 'hard core' linux. Of course, they were all at BlackHat in Las Vegas until today.