Editing Transportation Security Administration (section)

====Unsecured website====

In 2007, [[Christopher Soghoian]], a blogger and security researcher, said that a TSA website was collecting private passenger information in an unsecured manner, exposing passengers to [[identity theft]].<ref>{{cite web |url=http://paranoia.dubfire.net/2007/02/tsa-has-outsourced-tsa-traveler.html |title=TSA has outsourced the TSA Traveler Identity Verification Program? |access-date=June 16, 2007 |last=Soghoian |first=Christopher |date=February 13, 2007 |work=Slight paranoia }}</ref> The website allowed passengers to dispute their inclusion on the [[No Fly List]]. The TSA fixed the website several days after the press picked up the story.<ref>{{cite news |url=http://blog.wired.com/27bstroke6/2007/02/homeland_securi.html |title=Homeland Security Website Hacked by Phishers? 15 Signs Say Yes |access-date=June 16, 2007 |last=Singel |first=Ryan |date=February 14, 2007 |work=Threat Level – Wired News |url-status=dead |archive-url=https://web.archive.org/web/20070429123014/http://blog.wired.com/27bstroke6/2007/02/homeland_securi.html |archive-date=April 29, 2007 }}</ref> The U.S. House [[Committee on Oversight and Government Reform]] investigated the matter,<ref>{{cite web |url=http://oversight.house.gov/Documents/20070223122534-10589.pdf |title=Letter Requesting Documents from TSA: Oversight Committee Requests Information on TSA Traveler Identity Verification Website |access-date=June 16, 2007 |last=Waxman |first=Henry |date=February 23, 2007 |work=House Committee on Oversight and Government Reform |archive-url = https://web.archive.org/web/20070328233646/http://oversight.house.gov/Documents/20070223122534-10589.pdf <!-- Bot retrieved archive --> |archive-date = March 28, 2007}}</ref> and said the website had operated insecurely for more than four months, during which more than 247 people had submitted personal information.<ref>{{cite web |url=http://www.tsa.dhs.gov/press/happenings/tsa_site.shtm |title=Background on Committee Report Regarding TSA's Redress Web Site |access-date=March 5, 2008 |date=January 11, 2008 |publisher=Transportation Security Administration |url-status=dead |archive-url=https://web.archive.org/web/20080219111732/http://www.tsa.dhs.gov/press/happenings/tsa_site.shtm |archive-date=February 19, 2008 }}</ref> The report said the TSA manager who awarded the contract for creating the website was a high-school friend and former employee of the owner of the firm that received the contract.<ref>{{cite news |url=http://blog.wired.com/27bstroke6/2008/01/cronyism-led-to.html |title=Vulnerable TSA Website Exposed by Threat Level Leads to Cronyism Charge |access-date=March 5, 2008 |last=Singel |first=Ryan |date=January 11, 2008 |work=Wired News}}</ref> It noted:<blockquote> Neither Desyne nor the Technical Lead on the traveler redress website have been sanctioned by TSA for their roles in the deployment of an insecure website. TSA continues to pay Desyne to host and maintain two major web-based information systems. TSA has taken no steps to discipline the Technical Lead, who still holds a senior program management position at TSA.<ref>{{cite web |url=http://oversight.house.gov/story.asp?ID=1680 |title=Chairman Waxman Releases Report on Information Security Breach at TSA's Traveler Redress Website |access-date=March 5, 2008 |date=January 11, 2008 |publisher=[[United States House Committee on Oversight and Government Reform]] |archive-url = https://web.archive.org/web/20080131042333/http://oversight.house.gov/story.asp?ID=1680 <!-- Bot retrieved archive --> |archive-date = January 31, 2008}}</ref></blockquote>

In December 2009, someone within the TSA posted a sensitive manual titled "Screening Management [[Standard Operating Procedures|SOP]]" on secret airport screening guidelines to an obscure URL on the FedBizOpps website. The manual was taken down quickly, but the breach raised questions about whether security practices had been compromised.<ref>{{cite news
 |title       = House to hold hearings on breach of TSA screening guidelines
 |author      = Eric Zimmermann
 |url         = https://thehill.com/homenews/ap/ap-entertainment/news-executive-richard-wald-who-helped-build-abc-news-dies/ <!-- http://thehill.com//blogs/blog-briefing-room/news/71443-house-to-hold-hearings-on-tsa-breach -->
 |work        = [[The Hill (newspaper)|The Hill]]
 |publisher   = <!-- Capitol Hill Publishing Corp. -->
 |location    = Washington, DC
 |date        = December 11, 2009
 |url-status     = live
 |archive-url  = https://web.archive.org/web/20101031082514/http://thehill.com/blogs/blog-briefing-room/news/71443
 |archive-date = October 31, 2010
}}</ref> Five TSA employees were placed on [[administrative leave]] over the manual's publication, which, while [[wikt:redact|redacted]], had its [[Sanitization (classified information)|redaction]] easily removed.<ref>{{cite news
| title = TSA puts 5 on leave after security manual hits Internet
| url = http://www.cnn.com/2009/TRAVEL/12/09/tsa.training.manual
| work = CNN Travel
| date = December 10, 2009
}}</ref>