Wednesday, December 09, 2009

Shooting Ourself in the Foot

Newsmax:

TSA Accidentally Posts Secrets Online
Tuesday, December 8, 2009 5:21 PM

WASHINGTON -- The federal government improperly posted an internal guide to its airport passenger screening procedures on the Internet in a way that could offer insight into how to sidestep security.

The document outlines who is exempt from certain additional screening measures, including members of the U.S. armed forces, governors and lieutenant governors, the mayor of Washington, D.C., and their spouses and immediate family.

It offers examples of identification documents that screeners accept, including congressional, federal air marshal and CIA ID cards; and it explains that diplomatic pouches and certain foreign dignitaries with law enforcement escorts are not subjected to any screening at all. It said certain methods of verifying identification documents aren't used on all travelers during peak travel crushes.

The Transportation Security Administration, which oversees airport security, said the document is outdated. It was posted in March by TSA on the Federal Business Opportunity site. The posting was improper because sensitive information was not properly protected, TSA spokeswoman Kristin Lee said.

As a result, some Web sites, using widely available software, were able to uncover the original text of sections that had been blacked out for security reasons. On Sunday, the Wandering Aramean blog pointed out the document in a posting titled "The TSA makes another stupid move."

According to the blog, TSA posted a redacted version of the document but did not delete the sensitive information from the file. Instead of removing the text, the government covered it up with a black box. But the text was still embedded in the document and could be uncovered.

TSA asked that the document be removed from the Federal Business Opportunity site on Dec. 6 after the security lapse was reported in a blog. But copies of the document, with the redacted portions exposed, circulated on the Internet and remain posted on other Web sites not controlled by the government.

Lee said TSA takes the incident seriously and a review is under way.

Noting that the transportation agency uses multiple layers of security, Lee said, "TSA is confident that screening procedures currently in place remain strong."

The document, marked "sensitive security information," includes instructions on how it should be stored to avoid compromising security: Electronic copies should be password-protected; hard copies should be in separate binders and stored in cabinets or desk drawers; and missing copies should be immediately reported.

The document also describes these screening protocols:

Individuals with a passport from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen, or Algeria, should be given additional screening unless there are specific instructions not to.

Aircraft flight crew members in uniform with valid IDs are not subject to liquid, gel, aerosol and footwear restrictions.

Wheelchair and scooter cushions, disabled people's footwear that can't be removed, prosthetic devices, casts, braces and orthopedic shoes at certain times may be exempt from screening for explosives.

Intelligence officials have warned of prosthetic devices and wheelchairs being used to conceal weapons and other contraband.

"Some of these devices may have been used to exploit a perception that security and law enforcement officers offer disabled or pregnant individuals a more relaxed inspection," said an August 2007 TSA intelligence note marked "for official use only" and obtained by The Associated Press.

Former TSA Administrator Kip Hawley said the document is not something a security agency would want to inadvertently post online, but he said it's not a roadmap for terrorists.

"Hyperventilating that this is a breach of security that's going to endanger the public is flat wrong," Hawley said.

No comments: