Massive TSA Security Breach As Agency Gives Away Its Secrets
By BRIAN ROSS and MATT HOSFORD
LINK

Photo: Massive TSA Security Breach As Agency Gives Away Its Secrets: On-line Posting Reveals a ?How To? for Terrorists to Get Through Airport Security
Online posting reveals a "how to" for terrorists to fool airport security.

In a massive security breach, the Transportation Security Administration (TSA) inadvertently posted online its airport screening procedures manual, including some of the most closely guarded secrets regarding special rules for diplomats and CIA and law enforcement officers.

The most sensitive parts of the 93-page Standard Operating Procedures were apparently redacted in a way that computer savvy individuals easily overcame.

The document shows sample CIA, Congressional and law enforcement credentials which experts say would make it easy for terrorists to duplicate.

The improperly redacted areas indicate that only 20 percent of checked bags are to be hand searched for explosives and reveal in detail the limitations of x-ray screening machines.

CLICK HERE TO READ THE SCREENING MANUAL and HERE TO SEE THE SAMPLE CIA CREDENTIAL

"This is an appalling and astounding breach of security that terrorists could easily exploit," said Clark Kent Ervin, the former inspector general at the Department of Homeland Security. "The TSA should immediately convene an internal investigation and discipline those responsible."

"This shocking breach undercuts the public's confidence in the security procedures at our airports," said Senator Susan Collins, R-Me., ranking Republican member of the Senate Homeland Security and Governmental Affairs Committee. "On the day before the Senate Homeland Security Committee's hearing on terrorist travel, it is alarming to learn that the Transportation Security Administration (TSA) inadvertently posted its own security manual on the Internet."

"This manual provides a road map to those who would do us harm," said Collins. "The detailed information could help terrorists evade airport security measures." Collins said she intended to ask the Department of Homeland Security how the breach happened, and "how it will remedy the damage that has already been done."

TSA Document Leaked Online

A TSA spokesperson says the document posted online is an outdated version "improperly posted by the agency to the Federal Business Opportunities Web site wherein redacted material was not properly protected."

The TSA requested the document be taken offline, but by then it had spread around the Internet and is still available today.

The document contains a list of items for which screening is not required including wheelchairs, footwear of disabled individuals, casts and orthopedic shoes.

The redacted portions also indicate which law enforcement personnel are specially screened or exempt from some screening procedures, and indicate what requirements they must meet to be eligible for special screening.

TSA screeners are also told to require extra screening for any passenger whose passport was issued by Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen or Algeria.

The document also reveals that during peak travel times, TSA screeners who check identification can reduce from 100 percent to 25 percent the times they use black lights to authenticate documents.

"Screening is like a big puzzle and this SOP gives you directions on putting the puzzle together," said Robert MacLean, a former Federal Air Marshal who was fired for revealing holes in TSA's security after the 9/11 attacks. MacLean added that TSA's assertion that the documents posted are old holds no merit. "How much in screening procedure changes in 17 months?" asked MacLean. "It's a one-dimensional process."

The TSA says it is taking the release of the sensitive information "seriously" and is conducting a full review.

"TSA has many layers of security to keep the traveling public safe and to constantly adapt to evolving threats," the agency said in a statement. "TSA is confident that screening procedures currently in place remain strong." The document also provides a glimpse of the special treatment available for governors, lieutenant governors and the mayor of Washington, D.C., as well as their spouses and family and staff.

TSA posts document on airport screening procedures online
Lawmakers call gaffe shocking, demand investigation
Jaikumar Vijayan
LINK

Click here to find out more!

December 8, 2009 (Computerworld) In a gaffe called "shocking" and "reckless" by some U.S. lawmakers, the Transportation Security Administration (TSA) inadvertently posted a 93-page document containing highly sensitive information on its airport screening procedures on a government Web site.

The aviation security manual included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports.

The document included information on the frequency with which checked bags are to be hand screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required. Also included were images of sample credentials used by members of Congress and the CIA which the TSA said could be easily imitated. Each page of the manual carries the admonition:"NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A 'NEED TO KNOW.'

The document, which was posted on the Federal Business Opportunities Web site was discovered on Sunday by The Wandering Aramean blog(see below - Editor). The manual was posted as part of a TSA contract solicitation and was supposed to have been redacted.

But rather than removing the sensitive text from the document "they just drew a black box on top of it," the blog noted. "Turns out that PDF documents don't really care about the black box like that and the actual content of the document is still in the file."

The TSA document has since been removed from the federal Web site. But numerous copies of the documents have since become available around the Internet.

In a statement, a TSA spokesman said that the document was an "outdated, unclassified version of a Standard Operating Procedures. This version of the SOP was never implemented. Because TSA has to constantly adapt to address ever evolving threats, there have been 6 newer versions of the procedures since this version was drafted." The statement goes on to add that while the document demonstrates the "complexities of checkpoint security" it does not contain information related to the specifics of everyday screening. A full review is now under way into the incident, the TSA said.

The TSA's claim that the document was outdated has done little to quell the outrage expressed by some lawmakers.

In a statement today, Sen. Susan Collin (R-Maine), the ranking member of the Senate Homeland Security Committee blasted the TSA over its lapse. "This manual provides a road map to those who would do us harm," Collins said. "The detailed information could help terrorists evade airport security measures

The "shocking breach" will undercut the American's public's confidence in security measures at U.S. airports, she said. Collins said she intends to ask the Department of Homeland Security for a complete explanation of how the breach happened and what specific actions are being taken to prevent "this type of reckless dissemination" in future.

In a similar statement, Sen. Joseph Lieberman, (I-Conn.) called the release of the SOP manual an "embarrassing mistake."

"A security manual, redacted or not, is not the type of document we want to share with the world," Lieberman noted, adding that the improper redaction only compounds the error.

Felonious or just stupid? Time for the TSA to pick one.

Sunday, December 06, 2009
The TSA makes another stupid move

When the TSA make mistakes this egregious it really isn’t all that hard to pick on them.

The latest is that their Screening Management Standard Operating Procedure is published on the internet. I actually like that. I don’t think that security through obscurity is a good idea. Of course the document is marked SSI and includes this footnote on every page:

SENSITIVE SECURITY INFORMATION
WARNING: THIS RECORD CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER 49 CFR PARTS 15 AND 1520. NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A “NEED TO KNOW,” AS DEFINED IN 49 CFR PARTS 15 AND 1520, EXCEPT WITH THE WRITTEN PERMISSION OF THE ADMINISTRATOR OF THE TRANSPORTATION SECURITY ADMINISTRATION OR THE SECRETARY OF TRANSPORTATION. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTIES OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC DISCLOSURE GOVERNED BY 5 U.S.C. 552 AND 49 CFR PARTS 15 AND 1520.

So the decision to publish it on the Internet is probably a questionable one. On top of that, however, is where the real idiocy shines. They chose to publish a redacted version of the document, hiding all the super-important stuff from the public. But they apparently don’t understand how redaction works in the electronic document world. See, rather than actually removing the offending text from the document they just drew a black box on top of it. Turns out that PDF documents don’t really care about the black box like that and the actual content of the document is still in the file.

Yup, their crack legal staff managed to screw this one up pretty badly. Want to know which twelve passports will instantly get you shunted over for secondary screening, simply by showing them to the ID-checking agent? Check out Section 2A-2 (C) (1) (b) (iv). Want to know the procedure for CIA-escorted passengers to be processed through the checkpoint? That’s in the document, too. Details on the calibration process of the metal detectors is in there. So is the procedure for screening foreign dignitaries.

It is pretty pathetic that the folks supposedly responsible for administering this “security” program cannot even be bothered to do the simplest parts of their job correctly. Then again, passing through the checkpoint every time I fly it is pretty clear that they do a lot of things incorrectly. Just chalk this one up to more of the same idiocy. More done badly.

Want to read it for yourself? Grab a copy here. Who knows how long they’ll keep it online.

Once you’ve downloaded the PDF you’ll see the black boxes. Simply highlight the text (start above and drag down to below the redaction area) so that you’re selecting all of the stuff in the “redacted” area. Copy the selection and paste it into the word processing client of your choice.

UPDATE: The original link to the document appears to be dead now but a mirror of the file can be found at www.cryptome.org with the un-redaction work already completed.

WHISTLEBLOWING AIRLINE EMPLOYEES ASSOCIATION

“Patriotism and Freedom of Speech in Action”

Press Release

December 8, 2009 9 pm EDT

Atlanta - The national media reported today that the Transportation Security Administration (TSA) inadvertently released online a highly-classified document, which specifically delineates some of the most sensitive security procedures to be followed by TSA supervisors in the screening of airline passengers and government employees.

The entire membership of the ‘Whistleblowing Airline Employees Association’ share our collective outrage with our special interests, the millions who travel by commercial air and those dedicated safety professionals who serve them daily, the many airline aircrew and employees, the federal air marshal service, FAA employees, and others.

This egregious act of negligence by those in the upper-echelons of the Department of Homeland Security and the Transportation Security Administration must be held accountable for the most blatant breach of security since 9/11. This irresponsible act is inexcusable for an agency responsible for the security of the homeland citizens.

While President Obama expresses concern for collateral damage and death to citizens in global combat areas, it is incumbent upon his good office to ensure the same for the millions who travel by commercial air each day in this country. We must call upon our president to launch an intensive investigation concerning this national security breach.

Given President Obama’s campaign rhetoric concerning a greater openness of government, and in light of the enormity of this breach of public trust concerning aviation security, it is hoped that congress will launch an investigation into this matter immediately.

Additionally, in light of his campaign promise regarding enhanced protection for federal whistleblowers, coupled with the airline captains, federal air marshals and other commercial aviation safety and security personnel who were terminated the past several years for attempting to expose frailties in the present security systems, it is hoped that these individual cases will be publicly reviewed since these aviation safety and security professionals were attempting to protect these same passengers by their revelations.

****************************

Contact: Captain Dan Hanley, a former United Airlines B-777 Captain federal whistleblower, serves as public spokesperson for the ‘Whistleblowing Airline Employees Association’. He may be reached at 678-463-4390 or danielhanley@bellsouth.net.

Association Website: http://www.airline-whistleblowers.org

Whistleblowing Airline Employees Association

The Whistleblowing Airline Employees Association is a national grassroots coalition of airline employees from all U.S. airlines whose safety and security goals are commensurate with those of the Department of Transportation, Department of Homeland Security, and the Federal Aviation Administration mission statements as prescribed on their websites.

Affiliates

In support of our mission, the association has affiliated with numerous individuals and U.S./international safety, security, and whistleblowing organizations as listed below:

Tom Devine – Legal Director, Government Accountability Project

Gabe Bruno – Representative, FAA Whistleblowers Alliance

Federal Air Marshals/TSA Employee Whistleblowers

Kate Hanni – Executive Director, PassengerRights.org

Dr. Janet Parker – Executive Director, Medical Whistleblower

Kirsten Stevens – Executive Director, SafeSkies.ca (Canada)

John Hutton – Executive Director, Federal Accountability Initiative for Reform (Canada)

Captain Tristan Lorraine – Co-Chair, Global Cabin Air Quality Executive (UK)

Susan Michaelis –Head of Research, Global Cabin Air Quality Executive (UK)

Judith Murawski – Industrial Hygienist, Global Cabin Air Quality Executive (US)

John Hoyte – Executive Director, Aerotoxic Association (UK)

Susan Dale – Executive Director, ToxicFreeAirlines.com (UK)

Project on Government Oversight

National Whistleblower Center

EXCLUSIVE: FAA Tapes Reveal Drama of Obama Jet Incident