In response to a Freedom Of Information Act (FOIA) request for documentation regarding the Information (Data) Quality Act, the Transportation Security Administration (TSA) stated that it doesn't even have the required administrative guidelines on how to implement such a policy. This is in violation of both the law passed by Congress and Office of Management and Budget (OMB) mandate.

Many, if not most federal agencies have such a policy publicly available on their websites, whereas TSA does not have one at all. And as for the report that is supposed to go to OMB every year? They haven't created one of those, ever.

Public Law 106-554, Section 515, passed in December of 2000, states that Executive Branch Agencies shall:

(A) issue guidelines ensuring and maximizing the quality, objectivity, utility, and integrity of information (including statistical information) disseminated by the agency, by not later than 1 year after the date of issuance of the guidelines...

(B) establish administrative mechanisms allowing affected persons to seek and obtain correction of information maintained and disseminated by the agency that does not comply with the guidelines...

(C) report periodically to the Director--(i) the number and nature of complaints received by the agency regarding the accuracy of information disseminated by the agency; and (ii) how such complaints were handled by the agency.

As far as I can determine, TSA has never done any of these.

And an interesting note for anyone that has not tried submitting a FOIA request before, I received a letter postmarked on December 22 letting me know that my email was received on December 15. I sent the email the night of December 9. First, that means it took them nearly one week to acknowledge that they received my email. Note that this did not include processing of any kind besides giving me a tracking number. Second, this means it took them an entire week to get the letter from the FOIA office and into the mail. The entire process, from start to finish, took nearly two months, just to tell me that they did not actually have any records for me. I can't imagine how long an actual document would take to get out of them.

[UPDATE 02-22-2009] OMB Guidelines require that each agency publish their Information Quality Guidelines on their website and also a notice in the Federal Register.

Since November, the city of San Diego has activated 7 red light cameras. The city's website also has descriptions of which directions are being targeted. Intersections include:

10th Avenue at "A" Street
10th Avenue at "F" Street
Aero Drive at Murphy Canyon Road
Camino Del Rio North at Mission Center Road
Camino De La Reina / Camino Del Rio North at Qualcomm Way
Clairemont Mesa Boulevard at Convoy Street
Cleveland Avenue at Washington Street
Del Mar Heights Road at El Camino Real
Grape Street at North Harbor Drive
Mira Mesa Boulevard at Scranton Road
Mission Bay Drive at Garnet Avenue

Using my own DNS Check tool I noticed that the .gov is now signed using DNSSEC. This means that the government has actually met its schedule on this one. But there are a few issues:

1. Who actually signs it? NIST? DHS? Some other agency? This is important for answering #2.

2. How do we validate this key? How do we know this isn't a hacker's key? The agency that maintains the key should distribute a hash of the public key so that we know its the real deal.

I'm hoping in the near future all of this information will come out, but until it does, .gov isn't really any better off than it was before.

UPDATE [2-18-2009]: Apparently GSA is responsible for .gov and DNSSEC. It is still considered in experimental stages and keys may change, therefore no final key information is available for validation yet.

UPDATE [3-1-2009]: GSA has posted the .gov public key on their website.

Freedom of Information Act Results (PDF)

Northwest airlines has begun issuing eboarding passes for select flights from Detroit, Indianapolis, and Minneapolis. The way it works is by following the usual online checkin procedure, but you are given an additional option to use an eboarding pass. You are then asked for an email address or phone number (text message) to send the url for your eboarding pass. If you choose to use your phone, you will be asked for the carrier along with your phone make and model. This is presumably to ensure that the boarding pass is provided in a format that is compatible with your phone. My phone (Motorola Z9) wasn't listed, but I chose a RAZR instead as they use very similar screen sizes and software and I didn't have any problems.

Upon checking in I was able to bring up my boarding pass on a third party website without a need for any further authentication. It consists of a WML format page with a gif image of an aztec 2D barcode at the top followed by standard boarding pass text. The barcode appears to include the standard boarding pass information without any type of digital signature.

When I got to the airport security checkpoint I never had to actually hand my phone over or even show my eboarding pass to another person. The eboarding pass scanner took about 15 seconds to boot up and I simply placed the barcode against the scanner and it displayed my name and other information for the security agent. There was an issue getting it to scan because the backlight on my phone was not on at first. He then checked my ID and I proceeded through security as normal. Next I walked through the metal detector and was asked for my boarding pass by the security officer. I simply stated that I used an eboarding pass and was allowed to continue. Therefore I question the effectiveness for only checking print boarding passes at this point.

Finally, boarding the plane was simple. I simply placed my phone against the scanner at the gate and was cleared to board.