Introduction
On March 17th 2009, the Transport Security Administration (TSA) inadvertently posted on a Federal government website, sensitive security document outlining airport screening procedures. The online release made key security procedures available to members of the public. It wasn’t until Dec 7th 2009 that the 93 pages document was removed after TSA, with the help of bloggers realized the blunder. Although TSA posted the document in a federal procurement website, specifically FedBizOpps.gov, the document was, and still is, available online in many websites including Scribd.com and Cryptome.com. Variety of other sites, including major news outlet have provided link to the document. As of December 10th 2009, Lawmakers has come forward asking the Department of Homeland Security (DHS), who oversees TSA, to take legal action to bar or institute criminal penalties against websites that continue to repost the document.
The Document
A closer look at document and its contents at this early stage would be of great help in understanding the whole scenario. The document, titled “Screening procedures: Standard Operating Procedure” provides standard procedures for TSA screening personnel in US airports (airsafe.com, 2009). According to Transport Security Administration, the document was outdated, unclassified and was not “the everyday screening manual used by TSA officers at airport checkpoints” (Transport Security Administration, 2009). The document contained a broad range of information, with the sensitive information blacked-out through electronic reduction by TSA. The problem was, bloggers and everyday computer user could easily go around the reduction and have a full copy of the document.
Electronic reduction: Laid out Procedures
A closer look at the source of the problem reveals a fundamental misunderstanding of how digital data work on the TSA personnel part. TSA personnel blacked out the original word document by putting black rectangle over sensitive information, before converting the document to PDF format. Anyone who has access to the redacted PDF document and some basic knowledge in computer can easily convert it to Word document by copying it to a word processor like Notepad or Microsoft Word, and thus have access to full copy.
In the past, US agencies including the White House, US Military and Department of justice has faced similar situation that TSA is facing, where sensitive document was improperly redacted and released to the public, only for the blacked-out sensitive information to be unearthed later. It is along this line that National Security Agency (NSA) came out with very specific step by step procedures for dealing with documents containing sensitive information. The procedures have been available to all US government agencies for several years. (National Security Agency, 2005)
The procedures are contained in a report titled “Redacting with Confidence: How to Safely Publish Sanitized Converted from Word to PDF” (National Security Agency, 2005). The document is available to both the US government agencies and the general public. That means that the current problem facing TSA could have been avoided had TSA staff involved bothered to check existing procedures.
Highlights of Redacted Section
To have a full understanding why the US congress is outraged with the continued reposting of the TSA Airport Screening manual, it’s important to have a closer look at the document, specifically at some of the ‘redacted’ information.
One of the key sensitive information contained in the 93 page manual is the explosive detection screening protocol. According to the manual, of all checked bags, 40 percent are screened using closed bag search, 40 percent using limited open bag search and 20 percent using full open bag search procedures. Transportation Security Officers are barred from handling any explosives or weapons found in checked luggage during the screening process.
Screening procedures for different categories of passengers and law enforcement officers is also part critical information that is now known to the public. The procedures exempt screening of TSA officials, special screening of foreign dignitaries escorted by CIA, and passengers exempted from closer scrutiny. Also posted in relation to ‘who is to be screened how’ is the sample graphics and photos of CIA employees, Federal Air Marshals, and Members of United States Congress. The manual also gives specific procedures to follow when checking the credentials of armed government employees and law enforcement officers.
In relation to criminal and suspect identification, the Transport Security Administration has issued guideline on how to handle passengers from different countries. Passengers who hold passports from twelve select countries are subject to extra screening unless exempted by the airline. These countries are North Korea, Somalia, Sudan, Cuba, Afghanistan, Yemen, Algeria, Lebanon, Iraq, Iran, Syria and Libya. The manuals also provide alternative procedures for checking travel documents.
Potential Impacts
According to Bernie Thompson, the US Congress Homeland Security Chairman, the release of sensitive document to the public “raises potential security concern across our transportation system”. Senator Susan Collins, the ranking member of Senate Homeland Security Committee also expressed outrage calling TSA action ‘reckless’. According to Collins, “This manual provides Road map to those who would do us harm”. Republican Sheila Jackson, democrat from Texas also expressed concern in a letter to the current TSA Administrator Gale Rossides, terming the TSA action as ‘shocking’.
Both former and current security official has also added their voice saying the breach was troubling to. It is important to realize that most of the practices and procedure set out in the screening manual were established and implemented after the September 11, 2002 terrorist attacks. They were later expanded in 2006 when security officials in Britain disrupted terrorist attempt to blow a transatlantic airliner using liquid explosives. Besides the procedures of how TSA officials screen passengers, and rules applied when handling CIA staffs, diplomats, members of Congress and Law enforcement officials, the manual also outlined technical tolerance and settings of explosives and metal detectors used in commercial airports in the United States.
The reason why both the law makers and security officials are alarmed by this breach is because most of the sensitive information was not known outside the TSA circle before the posting of the document. Terrorists who may want to harm the United States Air Transportation System are likely to use the information to attempt pass prohibited items through TSA security system or fraudulent entry into secure airport terminal and airliners.
The Department of Homeland Security has come out to address the concern saying the manual that was posted was outdated, and that it was never implemented, with of the document done six times. The DHS failed to elaborate on the specific sections that were revised. According to TSA “while the documents do demonstrate the complexities of checkpoint security, it does not contain information related to the specifics of everyday checkpoints screening procedures”(Department of Homeland Security,2009) Former assistant secretary for DHS, Stewart Baker seems to refute DHS claim saying that “the manual would become a textbook for those seeking to penetrate Aviation security, and its loss was serious”, Baker expressed that fact that there are so many different holes in relation to aviation security and that while TSA can fix any one of them by changing procedures and making adjustments in the process, “they can’t change everything about the way they operate”(Johnson, 2009).
The TSA is likely to make major overhaul of security procedures and/or introduce new technology system to avert any danger posed by the information already released to the public. And because security details related to Aviation industry are never released to the general public, no one outside Transport Security Administration likely gets to know if any changes will ever be made.
Legal Implications
In the wake of the security breach, five employee of TSA have been sent on administrative leave, that’s according to the Homeland Security Secretary Janet Napolitano (Transport Security Administration, 09). While the action on the staff DHS part can have a legal dimension, this is not the legal implication that I would like to address in this paper. My concern is the recent letter sent by republican law makers to Secretary Janet Napolitano. In the letter, Peter King, US House of Representative wants the Department of Homeland Security to show how it was addressing the continued reposting of the sensitive security manual by other websites, long after TSA has removed the document in question online. In the letter, King sought to know “what legal actions, if any, could be taken to compel its removal” (airsafe.com, 2009).
To have a better comprehension of what the lawmakers are asking DHS secretary to do, let first look at the extent toward which the public have access the document. Currently the document is hosted on websites of major Media organization, document sharing organization like scribd.com and sites that specialize in releasing restricted and secret corporate and government documents like Cryptome.com. Quick searches on major search engine give many links to the document. In one site alone, airsafe.com, the document was downloaded over 4,000 times in two days alone. (airsafe.com). This means that even if all online copies were to vanish from the web overnight, the document is already in the hand of millions of people around the world.
No single entity or nation has power to control the internet, or eliminate access to documents that have already been posted online. Once downloaded, it is very hard to control what the general public can do with it once they have it in their procession. The DHS and law makers may have a genuine concern but using legal means to attempt to remove the TSA security document from the internet is likely to bear no fruits.
Conclusion
The Transport Security Administration (TSA) mistake of posting sensitive security document outlining airport screening procedures may affect aviation security negatively. The online release has exposed key security procedures to the public. The document which was posted in a government websites was removed by TSA after the mistake was detected, but it is still available online through private and major news outlets websites. Department of Homeland Security and lawmakers attempts to force website to remove the document from internet may bear no fruit because of the nature of the internet.
Works Cited
airsafe.com. (2009). TSA Releases Extremely Sensitive security Information Online.
Johnson, C. (2009). Security fears after airport screening manual was released online.
National Security Agency. (2005). Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF. FT. Meade: Information Assurance Directorate.
Transport Security Administration. (2009). TSA Statement on Posting of Operations Document.