WASHINGTON (AP) -- A revised system that measures each air passenger's potential as a security threat will protect privacy while making travel easier and safer, the transportation security chief says. Critics still worry about the potential for snooping.

A new GAO report faults OMB for a lack of leadership on the issue

[ ... ]

At the same time, the GAO found that in 29% of the cases, agencies did not have adequate safeguards in place to ensure that individual data was accurate, relevant or timely before releasing it to nonfederal authorities. Similarly, only 17 of the 25 agencies surveyed had written policies, as required by the Privacy Act, to determine whether all information collected on individuals is really needed.

In addition, of the 730 information systems containing personal information, 83 were not subjected at all to Privacy Act compliance, the GAO found.

The GAO report said that although each agency bears primary responsibility for compliance, a lack of leadership on the part of the Office of Management and Budget (OMB) is also to blame. "Specifically, OMB has not responded either to longstanding agency requests or to our recommendations for improved guidance," the report said. "In addition, agencies believe that OMB has not provided enough assistance in dealing with challenges such as the low priority generally accorded to the Privacy Act and the lack of appropriate training."

The Transportation Security Administration is about to test a new airline passenger screening system, one that bears close scrutiny by Congress and privacy advocates.

For the first time, the government will be doing background investigations of citizens who haven't done anything but buy an airline ticket.

" CAPPS II - for computer-assisted passenger prescreening system - will take the ticket purchaser's name, address, phone number and date of birth and run the information through government and commercial databases.

[ ... ]

And passengers will be able to see and challenge the information CAPPS II turns up. But some parts of the system remain murky. Passengers could be detained because of a "potential for violence," whatever that means.

Inevitably, too, there will be attempts to expand CAPPS II beyond simple passenger safety to who knows what: arrest warrants, missing persons, deadbeat dads, unpaid taxes, default judgments. For the record, these are all bad ideas that should be beaten back every time they are suggested.

What should school officials do when a teenager wants medical attention but doesn't want his or her parents to know?

That essentially is the question trustees of the Roseville Joint Union High School District are scheduled to answer Tuesday night. They will weigh their lawyers' advice -- which is to follow the attorneys' interpretation of state law and allow teenage students medical privacy -- against what trustee Dean Forman calls "natural law," the notion that parents have ultimate authority over their children.

In heated debates over the past several months, school board members have discussed a policy concerning "confidential medical appointments" -- those related to reproductive health, mental health and substance abuse.

School nurses have said that most of the confidential medical appointments they allow students to attend are for pregnancy tests or for treatment of sexually transmitted diseases.

Trustees Forman and Kelly Lafferty say schools should permit students to leave campus for medical appointments only after informing their parents.

Trustee Jim Joiner, however, says that in certain cases, the law requires schools to release students without telling their parents.

According to most of the legal opinions the district has received, state law mandates that schools release seventh-through 12th-grade students for confidential medical appointments without notifying their parents. Roseville, like almost every district in the state, has a policy that reflects this interpretation of the law.

Other lawyers, most of whom work for anti-abortion organizations, say the district can require school officials to notify parents before releasing teenagers for medical care, and they point to a district in Orange County with such a regulation as an example.

A recent report that showed touch-screen voting machines could be vulnerable to hackers spurred the National Association of Secretaries of State, a majority of whose members are in charge of their states' elections, to consider whether the standards for the machines should be beefed up to prevent tampering.

Voting machine standards weren't on the agenda at the association's annual meeting, held in late July in Portland, Maine. But after the study by Johns Hopkins University researchers was publicly released, the group discussed asking the National Institute of Standards and Technology, or NIST, the government's standards-setting organization, to prepare a white paper on security standards for the new generation of computerized voting machines.

[ ... ]

Computer scientists have raised concerns about the security of computerized voting machines for the past few years, but they haven't been able to gather much support from election officials, who remain confident that the systems are basically secure from tampering and breakdowns. The Johns Hopkins study is the first piece of evidence that current touch-screen technology could be seriously flawed.

While stressing that more studies will have to be conducted to find out just how vulnerable these are, "there is a sense that in the past (critics of computerized machines) were part of the black box crowd and conspiracy theorists," Albowicz said. "No one is saying that now."

[ ... ]

Jacobsen confirmed that the source code Rubin's team examined was last used in November 2002 general elections in Georgia, Maryland and in counties in California and Kansas.

Within a half-hour of examining the code, Rubin's team found its first red flag. The password was embedded in the source code. "You learn (not to do) that in security 101," said Tadayoshi Kohno, one of the report's co-authors. "The designers didn't follow standard engineering processes."

Other "stunning flaws" Rubin said the team found in Diebold's source code included voter smart cards that could be manipulated to cast more than one vote, software that could be reconfigured by malicious company workers or election officials to alter voters' ballot choices without their knowledge and machines that could be electronically broken into through remote access.

"The people who wrote this code didn't have very good security training," Rubin said. "They didn't use encryption."

[ ... ]

Some computer scientists say HAVA's deadline should be extended to give the government more time to establish better standards for new computerized voting machines. Rebecca Mercuri, a research fellow at Harvard University's John F. Kennedy School of Government and president of Notable Software, a consulting firm in Lawrenceville, New Jersey, says that in the absence of new standards, the Institute of Electrical and Electronics Engineers, of which she is a member, has formed a committee to create standards for the machines. One of the committee's concerns is a voter-verified audit trail.

Rep. Rush Holt (D-N.J.) introduced a bill, H.R. 2239, in May to amend HAVA to require computerized voting machines to provide voter-verified audit trails. So far, his bill has 26 sponsors and it's unlikely to get out of the Committee on House Administration.

"As the computer scientists at Johns Hopkins recently reported, these new machines are vulnerable to massive fraud," Holt said in a statement. "Unless Congress acts to pass legislation that would make sure that all computer voting machines have a paper record that voters can verify when they cast their ballots, voters and election officials will have no way of knowing whether the computers are counting votes properly."

When freelance Web developer Joe Stump first installed the e-mail filtering program SpamAssassin, he and a friend started a competition. Each day, the two would look through their junk e-mail and try to find the missive that SpamAssassin had assigned the highest score.

"It was always a little contest between the two of us," says Stump. "We were always trying to tweak and modify the settings to get it just right. I finally won the contest when I got a spam with a score of 43."