Responding to a new Department of Homeland Security report on the protection of information used in frequent travelers programs, Homeland Security and Governmental Affairs Committee Ranking Member Joe Lieberman, D-Conn., said Friday the Department is lagging in an area in which it should be leading. In a report released Friday, the DHS Inspector General found that the Department has inadequate policies and procedures to protect information voluntarily provided by Americans enrolled in DHS’s trusted traveler programs. Lieberman called on DHS to improve the information security of these programs.
“Major data thefts in the past few years have taught us the critical importance of information security,” Lieberman said. “The significant information security weaknesses unveiled in this report suggest that the Department of Homeland Security is lagging far behind in an area in which it should be leading. Americans who voluntarily provide the federal government with their personal information expect that information will be safe and free from tampering.” The trusted traveler programs were created to speed travel across land borders for pre-approved, low risk commercial travelers and commuters. The programs include Sentri for commuters on the Southern border; Nexus for commuters on the Northern border; and FAST for commercial travelers on both borders. Using a technology called Radio Frequency Identification (RFID), the Customs and Border Protection agency within DHS identifies trusted travelers so they can bypass traditional border crossing checks, thus speeding motor traffic across land borders. To enroll in the program, participants must provide certain personal information to get special ID cards which are embedded with RFID tags. The DHS Inspector General determined that DHS has not developed adequate policies and procedures to protect information collected for the trusted traveler systems. In particular: Access to travelers’ personal data was granted to DHS personnel who did not need it to perform their jobs. Policies were not in place to protect systems using RFID technologies. DHS lacked effective user account and password management controls. DHS failed to inform travelers that their personal data might be shared with other agencies, and that the programs use RFID technology. “The trusted travelers program is innovative and can greatly speed border crossings, but Americans will not participate if they fear their personal information is subject to abuse or inappropriate disclosure,” Lieberman said. “DHS must respond quickly to this report and improve security to restore trust in this program.”