WASHINGTON, D.C. – Representative Edward J. Markey (D-MA), a senior member of the House Homeland Security Committee, along with Committee Chairman Bennie G. Thompson (D-MS) and Rep. Shelia Jackson-Lee (D-TX), wrote today to Homeland Security Secretary Michael Chertoff about recent data thefts reported at the Transportation Security Administration (TSA) and the TSA’s failure to secure the information collected through a Web site established to help travelers resolve watch list misidentification issues.
Rep. Markey said, “The apparent theft of a laptop with personal information belonging to thousands of TSA employees and the troubling lack of adequate security surrounding personal information entered by airline passengers through a TSA web site are simply unacceptable, particularly for an agency responsible for securing our nation. Unfortunately, these latest breaches are symptomatic of the Department’s dismal record of falling far short of adequate data privacy and security standards. It’s time for some answers.”
The lawmakers’ letter asks Homeland Security Secretary Chertoff to respond to detailed questions about the recent theft of a hard drive containing personal, payroll and bank information of 100,000 current and former TSA workers, security weaknesses on TSA’s watch list redress web site, and overall Department data security policies. The questions included:
· Was the information contained on the TSA laptop that is presumed stolen protected using encryption or alternative methodologies or technologies that render data in electronic form unreadable or indecipherable by unauthorized users? If not, why not?
· How long does TSA keep personal information belonging to employees who have left the organization?
· Does the Department utilize a policy that prescribes the frequency of audits for its Web sites to ensure their security and accuracy? Please provide a copy of this policy.
· How often are the Department’s Web sites monitored for security and accuracy, and how is such monitoring performed (e.g, by an automated tool, by individuals)?
· Over the past two years, how many instances have occurred in which electronic data containing personally identifiable information maintained by the Department was accessed by an unauthorized individual or individuals? For each instance, please provide the date of the breach and the actions taken by the Department to prevent a recurrence.
A copy of the full letter is available here.
CONTACT: Jessica Schafer
FOR IMMEDIATE RELEASE
May 10, 2007
202.225.2836