TSA Publishes Standard Operating Procedures
BoingBoing is pretty snarky:
The TSA has published a “redacted” version of their s00per s33kr1t screening procedure guidelines (Want to know whether to frisk a CIA operative at the checkpoint? Now you can!). Unfortunately, the security geniuses at the DHS don’t know that drawing black blocks over the words you want to eliminate from your PDF doesn’t actually make the words go away, and can be defeated by nefarious al Qaeda operatives through a complex technique known as ctrl-a/ctrl-c/ctrl-v. Thankfully, only the most elite terrorists would be capable of matching wits with the technology brilliance on display at the agency charged with defending our nation’s skies by ensuring that imaginary hair-gel bombs are kept off of airplanes.
TSA is launching a “full review” to determine how this could have happened. I’ll save them the effort: someone screwed up.
In a statement Tuesday night, the TSA sought to minimize the impact of the unintentional release—calling the document “outdated,” “unclassified” and unimplemented—while saying that it took the incident “very seriously,” and “took swift action” when it was discovered.
Yeah, right.
The original link to the document is dead, but here’s the unredacted document.
I’ve skimmed it, and haven’t found anything terribly interesting. Here’s what Wired.com noticed:
One of the redacted sections, for example, indicates that an armed law enforcement officer in or out of uniform may pass beyond the checkpoint without screening after providing a U.S. government-issued photo ID and “Notice of LEO Flying Armed Document.”
Some commercial airline pilots receive training by the U.S. Marshals Service and are allowed to carry TSA-issued firearms on planes. They can pass through without screening only after presenting “bonafide credentials and aircraft operator photo ID,” the document says.
Foreign dignitaries equivalent to cabinet rank and above, accompanying a spouse, their children under the age of 12, and a State Department escort are exempt from screening.
There are also references to a CIA program called WOMAP, the Worldwide Operational Meet and Assist Program. As part of WOMAP, foreign dignitaries and their escorts—authorized CIA representatives—are exempt from screening, provided they’re approved in advance by TSA’s Office of Intelligence.
Passengers carrying passports from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen or Algeria are to be designated for selective screening.
Although only a few portions of the document were redacted, the manual contains other tidbits that weren’t redacted, such as a thorough description of diplomatic pouches that are exempt from screening.
I’m a little bit saddened when we all make a big deal about how dumb people are at redacting digital documents. We’ve had a steady stream of these badly redacted documents, and I don’t want to lose that. I also don’t want agencies deciding not to release documents at all, rather than risk this sort of embarrassment.
EDITED TO ADD (12/10): News:
Five Transportation Security Administration employees have been placed on administrative leave after a sensitive airport security manual was posted on the Internet, the agency announced Wednesday.
EDITED TO ADD (12/12): Did the TSA compromise an intelligence program?
BF Skinner • December 10, 2009 6:59 AM
Been waiting for your comment on this since they said “critics of TSA will use this to further critizise us.” I could almost hear them whisper ‘…Schneier, Schneier’
Information disclosures happen because humans are human and they make mistakes. In the 90s my average for responding to classified information released on unclassified circuits was about 1 every 3 years. In the oughts it was about every 1 every 18 months with the distribution being much broader. These were carefully marked documents (such as the handbook).
In our highly networked world with pressure to use multilevel information on the same infrastructure I’d be interested in seeing what the real figures of Practice Dangerous to Security are.