Critical Releases in Homeland Security: January 16, 2008

"Crime data collected through the Uniform Crime Reports (UCR), the National Incident-Based Reporting System (NIBRS), and the National Crime Victimization Survey (NCVS) are used by Congress to inform policy decisions and allocate federal criminal justice funding to states. As such, it is important to understand how each program collects and reports crime data, and the limitations associated with the data. This report reviews the history of the UCR, the NIBRS, and the NCVS; the methods each program uses to collect crime data; and the limitations of the data collected by each program. The report then compares the similarities and differences of UCR and NCVS data. It concludes by reviewing issues related to the NIBRS and the NCVS. The UCR represents the first effort to create a national, standardized measure of the incidence of crime. It was conceived as a way to measure the effectiveness of local law enforcement and to provide law enforcement with data that could be used to help fight crime. UCR data are now used extensively by researchers, government officials, and the media for research, policy, and planning purposes. The UCR also provides some of the most commonly cited crime statistics in the United States. The UCR reports offense and arrest data for 8 different Part I offenses and arrest data for 21 different Part II offenses. The NIBRS was developed by the Federal Bureau of Investigation to respond to the law enforcement community's belief that the UCR needed to be updated to provide more in-depth data to meet the needs of law enforcement into the 21st century."

"In October 2006, the Transportation Security Administration launched a website to help travelers whose names were erroneously listed on airline watch lists. This redress website had multiple security vulnerabilities: it was not hosted on a government domain; its homepage was not encrypted; one of its data submission pages was not encrypted; and its encrypted pages were not properly certified. These deficiencies exposed thousands of American travelers to potential identity theft. After an internet blogger identified these security vulnerabilities in February 2007, the website was taken offline and replaced by a website hosted on a Department of Homeland Security domain. At the request of Chairman Henry Waxman, Committee staff have been investigating how TSA could have launched a website that violated basic operating standards of web security and failed to protect travelers' sensitive personal information. As this report describes, these security breaches can be traced to TSA's poor acquisition practices, conflicts of interest, and inadequate oversight." The report finds the following: 1. TSA awarded the website contract without competition. 2. The TSA official in charge of the project was a former employee of the contractor. 3. TSA did not detect the website's security weaknesses for months. 4. TSA did not provide sufficient oversight of the website and the contractor.