Legal Reference

TSA Homeland Security rules on who gets searched at airports

Interesting the TSA Homeland Security goons accidently put a document online that tells who gets searched at airports and who doesn't get searched. This article says the document is still being circulated on line. It says some people like government rulers are SPECIAL and don't get searched. Check out Wandering Aramean blog for more info.


TSA places employees on leave over online posting

Posted 12/9/2009 12:09 PM ET

By Eileen Sullivan, Associated Press Writer

WASHINGTON — Some Transportation Security Administration employees have been placed on administrative leave since it was discovered that sensitive guidelines about airport passenger screening were posted on the Internet. The move was disclosed as senators questioned administration officials Wednesday about the second embarassing security flap at the Homeland Security Department in as many weeks. The Secret Service, also part of the sprawling department, is investigating how a couple of would-be reality TV stars were able to get into a White House state dinner without an invitation.

Assistant Homeland Security secretary David Heyman told senators Wednesday that a full investigation into the Internet security lapse is under way and the TSA employees have been taken off duty pending the results of that probe. He did not say how many employees were put on leave.

The Homeland Security Department has also stopped posting documents with security information either in full or in part on the Internet until the TSA review is complete, Heyman told the Senate Homeland Security and Governmental Affairs committee.

The passenger screening document was improperly on the Internet in a way that could offer insight into how to sidestep security.

The TSA removed the document from the Internet on Sunday after the lapse was reported on a blog.

Among many sensitive sections, the document outlines who is exempt from certain additional screening measures, including members of the U.S. armed forces, governors and lieutenant governors, the mayor of Washington, D.C., and their immediate families.

It also offers examples of identification documents that screeners accept, including congressional, federal air marshal and CIA ID cards; and it explains that diplomatic pouches and certain foreign dignitaries with law enforcement escorts are not subjected to any screening at all. It said certain methods of verifying identification documents aren't used on all travelers during peak travel crushes.

TSA said the document is now outdated. It was posted in March by TSA on the Federal Business Opportunity site. The posting was improper because sensitive information was not properly protected, TSA spokeswoman Kristin Lee said.

As a result, some Web sites, using widely available software, were able to uncover the original text of sections that had been blacked out for security reasons. On Sunday, the Wandering Aramean blog pointed out the document in a posting titled "The TSA makes another stupid move."

According to the blog, TSA posted a redacted version of the document but did not delete the sensitive information from the file. Instead of removing the text, the government covered it up with a black box. But the text was still embedded in the document and could be uncovered.

TSA had the document removed from the Federal Business Opportunity site on Dec. 6 but copies -- with the redacted portions exposed -- circulated on the Internet and remain posted on other Web sites not controlled by the government.

Noting that the transportation agency uses multiple layers of security, Lee said, "TSA is confident that screening procedures currently in place remain strong."

The document also describes these screening protocols:

_Individuals with a passport from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen, or Algeria, should be given additional screening unless there are specific instructions not to.

_Aircraft flight crew members in uniform with valid IDs are not subject to restrictions on liquid, gel, aerosol and footwear.

Former TSA Administrator Kip Hawley said the document is not something a security agency would want to inadvertently post online, but he said it's not a road map for terrorists. "Hyperventilating that this is a breach of security that's going to endanger the public is flat wrong," Hawley said.

House Homeland Security Committee Chairman Bennie G. Thompson, D-Miss., was more concerned.

"Undoubtedly, this raises potential security concerns across our transportation system," Thompson wrote the agency Tuesday in a letter recommending that an independent federal agency review the incident. The chairwoman of the panel's transportation security subcommittee, Rep. Sheila Jackson-Lee, D-Texas, also signed the letter.


Here to read about the TSA Screening Management SOP? Click here to read all the posts about this debacle!

Wednesday, December 09, 2009

Watching the TSA SOP document leak story grow

I suppose that it was inevitable that the TSA would eventually fall on their face and do something like this. “Secure” documents have a habit of slipping out every now and then and the TSA has been around long enough at this point that the odds were no longer in their favor. What is interesting to me is how this particular action actually blossomed into a full-blown media event. A TSO shows up to work with a gun in his pocket and the media eventually gets bored and walks away. But this is a juicy one. It has “secrets” in it and who doesn’t like discovering a secret?

Watching the story grow through web statistics has been interesting for me over the past couple days. This isn’t the first time I’ve posted about the TSA doing something stupid but it is most certainly the first time it has grown legs. So just exactly how did it happen? Here’s the timeline as best as I can recreate it.

Around 3pm on Saturday, December 5th a link was posted on to the FBO.GOV website where there were details of a contract for screening services in Montana that had been out for bid (the FBO link is dead now; there is a cached copy here). In that bid package there were a number of attachments including two different “redacted” copies of the TSA’s Screening Management SOP. The copies were actually slightly different but the general content was substantially the same. That post was out there for almost 24 hours before I stumbled upon it and decided to see what was in the document. Three clicks later I was reading a “redacted” copy of the SOP, something that the TSA meant to put online. About 10 minutes and a couple more clicks later, however, I was one of a couple folks who realized just what we were looking at and what the situation was. It took me another hour to get a blog post together and at 4:16pm EST on Sunday afternoon the post went online.

My blog doesn’t have all that many readers regularly so I’m honestly not really sure how it went from there. What I do know is that someone thought it was worthy enough to put a link up on, a self-described “Hacker News” social media site. From there the story made it to the Wired Threat Level blog as well as (two sites that I really enjoy, FWIW) and Jaunted. On Monday The Register in the UK picked up the story as well, noting how foolish security through obscurity generally is in the process. Chris Elliott, a syndicated travel writer also picked up on it during a chat on Monday afternoon and posted a blurb about it on his blog. US News & World Reports had a piece as well.

At that point the story probably could have died. But it didn’t. Tuesday saw the story picked up by SlashDot in the morning and Gothamist in the afternoon. Fortunately the site is hosted by systems that can handle the resulting SlashDot effect and the blog has stayed online.

And then, it went mainstream. The Cleveland Plain-Dealer had an article out on the story on Tuesday afternoon. ABC’s World News Tonight led off their broadcast with the story (and some really bad computer stock images). The Washington Post followed up on the story as well. That story was published late Tuesday evening online and is on the front page, below the fold, of today’s print edition. The Associated Press put together a piece that was been picked up by a number of outlets on Tuesday evening, including USAToday, Yahoo! and MSNBC.

Overnight Tuesday night/Wednesday morning the BBC got into the game and USAToday had an original piece in their Today in the Sky blog. It was on page A22 of the dead tree edition of the NY Times, running the AP wire piece as well.

Yeah, to say that this one has legs is a bit of an understatement.

I’m sure I’ve missed a number of the sources covering the story at this point. The good news is that this is out there. Hopefully the correct questions are asked as a result of the leak and hopefully we can move towards a system that actually represents security rather than security theatre. I’m not holding my breath. Oh, and I’m still waiting to hear back from the TSA on a number of open questions about this issue. Conversations with elected officials will be my next step as hopefully they can actually compel the TSA to answer the questions that they seem likely to brush me off on.