(Image is in the Public Domain)

A company who's trying to seel their solution to the TSA is out to prove that the no-fly list is bogus. By going to their site, you can enter a name and see if you have a good chance of being on the no-fly list yourself. Hopefully, enough people will try this and see what a stupid idea it was for the TSA to have done this based on names alone.

(Image used under: Creative Commons 2.0 [SRC])

Idaho has joined a growing trend of states that are flat out telling the federal government to jump off a cliff. The REAL ID act has been attacked by privacy organizations for being a national ID card which will have far reaching implications to personal freedom. Not only that, but implementation of the system is extremely expensive and each state is supposed to pay for it.

(Image used under: Creative Commons 2.0 [SRC])

Using some simple deduction, a security consultant discovered how to clone a passport as it's being mailed to its recipient, without ever opening the package.

Privacy.org points to an article explaining that the backscatter x-ray will be fielded in Phoenix. This X-ray device can penetrate clothes, but not skin making a pornographic video of them. Yes this allows the TSA to see if you're carrying bombs or guns, but it also removes your clothing.

No security, no accountability. TJ Maxx

(Image is in the Public Domain)

So today my wife received a letter from our bank saying that her card was included in the data breach. They were very pleasant and helpful (as credit unions tend to be), but one thing caught my attention:

If at any time you suspect you may be a victim of fraud or identity theft, you may place a fraud alert on your credit file with one of the three major credit-reporting [companies]. A fraud alert will require any company or creditor to contact you to authorize any new accounts or loans.

For the record, fraud alerts are required, but can be ignored. The problem is that it's the issuing company's responsibility to check for the fraud alert and act accordingly. Since it hurts their business to do so, it's far more likely that they will "miss" the flag (especially when they're on commission). That means that it may help and it may not.

The No-fly list needs to work or be gone

(Image is in the Public Domain)

Public Citizen reports one of their recent victories against American Airlines on behalf of John Cerqueira, who was denied the right to fly after airline authorities thought he might be "Arab, Middle Eastern or South Asian descent".

$400,000 dollars is a small price to pay for taking away an American's freedoms. I hope they eat lawsuit after lawsuit until they fix this issue.

Maybe someday a national id will make sense. Until then, it's best to opt out.

(Image is in the Public Domain)

As reported by Privacy.org:

The Maine House and Senate registered nearly unanimous opposition Thursday to the federal Real ID Act, which requires states to change their drivers' licenses into national IDs linked to a central database. The resolution is not binding on Congress, but says the Legislature refuses to implement the Real ID Act. It asks Congress to repeal the law.

Security theater is the term Bruce Schneier uses to describe a security measure that doesn’t actually improve security as much as it makes us feel more secure. While he disagrees with most uses, he allows that sometimes, feeling better is a good thing. For example, hospitals that put RFID bracelets on newborns that will trigger an alarm if they go through the wrong doors helps reassure new mothers when the babies are out of their sight.

Granted, this is only harmless because there’s no real security problem that is being covered up.

Too bad if you're innocent, you're not flying anyway.

(Image is in the Public Domain)

In a Washington Post article, they address the problem of false positives, where an innocent person is "wrongly detained" because their information is similar to someone's on the no fly list.

A specific example in the article is of Keiran O'Dwyer, a veteran American Airlines pilot who has been stopped and questioned over 80 times since 2003. They say that besides him, there are around 15,000 people, per week, that apply for redress for being mistakenly targetted due to TSA's screening systems.

An agency official said in an interview that the system, launched in February 2006, has eliminated about 17,500 detentions involving people entering the country at airports, seaports and at land borders. It is part of what the government says is an effort to prevent terrorism while not inconveniencing travelers or violating their privacy and civil liberties, though it is not yet applied to domestic flights.

It's almost like they don't even know what they're doing.

(Image is in the Public Domain)

Schneier reports that the government will begin encrypting all laptops. This is in response to case after case of stolen laptops leading to loss of personal data such as in the case with the Veterans Administration.

Considering that the typical response is to offer worthless credit monitoring services to make it look like they're doing something when they're actually not, this is a welcome change. Now if only they'll hold employees accountable for keeping the key/token/passwords in the same bag with the laptop…