The AirSafe.com News

↑ Grab this Headline Animator

25 December 2009

Why TSA Cannot Order Sites to Take Down Sensitive Manual - with Notes and Commentary

The following 17 December 2009 article by Steven Aftergood of Secrecy News features some highlights from a 16 December 2009 hearing of the House Homeland Security Subcommittee on Transportation Security on the ongoing problems caused by an accidental release of very sensitive security information by the Transportation Security Administration (TSA). Based on these highlights, it would appear that several members of Congress do not understand the difficulty of getting web sites (including AirSafeNews.com partner AirSafe.com) to remove a sensitive TSA procedures manual form the Internet. Additional notes,links, and commentary were added by AirSafeNews.com

After a Transportation Security Administration manual containing “sensitive security information” was inadvertently disclosed on a government website (see earlier AirSafeNews.com article), it was reposted on several non-governmental websites where it remains freely available. Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so.

“Do the current regulations provide you a mechanism to keep individuals from reposting this information on other web sites?” asked Rep. Charles W. Dent (R-PA), at a December 16 hearing of the House Homeland Security Subcommittee on Transportation Security.

“No, sir, they do not,” Ms. Rossides replied. “We do not have any authority to ask non-government or non-DHS (Department of Homeland Security, which includes TSA) sites to take it down.”

“What action does TSA intend to take against those who are reposting this sensitive document that should not be in the public domain?” Rep. Dent persisted.

“Well, right now, there really isn’t any authoritative action we can take,” Ms. Rossides said. “Honestly, persons that have posted it, I would, you know, hope that out of their patriotic sense of duty to, you know, their fellow countrymen, they would take it down [1]. But honestly, I have no authority to direct them and order them to take it down.”

But Rep. Dent expressed his own indignation at the web sites that ignored the official control markings on the TSA manual. “To those who reposted this security information on the internet, you should share in the blame should security be breached as a result of this disclosure,” he said [2].

But the urgency of the need to restrict continued access to the leaked TSA manual seemed diminished by Ms. Rossides’ declared view that aviation security has not “been compromised or weakened because of this incident.” Furthermore, she said, that manual was now obsolete because “very significant changes” have been made to airline security policy since the manual was issued.

Ms. Rossides added that in order to prevent further inadvertent disclosures of the newest security measures, she was refusing to provide a hardcopy of the latest edition of the TSA security manual to Congress. “I just wanted to take the absolute measures to protect that information, and that’s why a hardcopy wouldn’t be presented,” she said [3].

Rep. Dent objected to this. “By refusing to give a document to this committee because of concern about a public disclosure, that’s implying that this subcommittee would disclose the document. And that’s what, I guess, troubles me the most.” He said he would press the issue.

Subcommittee chair Rep. Sheila Jackson-Lee (D-TX) said she would introduce legislation to bar contractors from access to “sensitive security information,” since contractors apparently were at fault in the inadvertent disclosure of the security manual. “It’ll be my legislative initiative to insist that contract employees not be used to handle sensitive security information, period,” she said [4].

Rep. James Himes (D-CT) asked whether TSA was examining who had downloaded the security manual.

“I believe that is part of what [the TSA Inspector General] is looking at,” Ms. Rossides said. “We do know — our CIO shop has done an initial review of who did download it and has it on their website — non-government, non-DHS websites. We do know that.” [5]

Resources
Listen to a brief description of the TSA document controversy
Full TSA report
Redacted TSA report
TSA prohibited and restricted Items
TSA Statement from December 9, 2009
Original AirSafeNews.com article on this topic
Follow-up article on how to safely redact an electronic document
Visitor feedback on the TSA data release
NSA procedures for redacting a document
Microsoft advice for minimizing metadata in Word documents
Tools for removing hidden data from Government Computer News

Notes
[1] The creator of AirSafeNews.com and AirSafe.com, Dr. Todd Curtis believes that in this particular situation, that threat to public safety made by making the document freely available to the public is minimal, and the the higher patriotic duty is to make the public aware of the situation, including making the document available through AirSafeNews.com and AirSafe.com.

[2] Dr. Curtis has stated that this attitude is complete nonsense. Security was breached when TSA accidentally released the document, and by now any attempts to erase a document that is already widely available online would be at best futile.

[3] If you wish to have a hardcopy of either the redacted or unredacted version of the document, please visit 2009.airsafe.org, download the appropriate PDF file, and print out your own hard copy edition. There are no legal limitations to printing this document, which is in the public domain. Any security classifications on the document must be followed only by those who are legally required to do so, which would likely include any US government employee or members of the US military.

[4] Dr. Curtis hastens to point out that any contractors would have been overseen by US government employees. This member of Congress implies that contractors are not fit to handle sensitive security information, but a reasonable extension of this argument is that government employees are also not fit to handle such information.

[5] The TSA Inspector General is invited to contact AirSafeNews.com for a list of all those associated with publication of this web site who have downloaded this document. AirSafeNews.com will also willingly supply information on the number of downloads made from the server at AirSafe.com that contains this manual. As of 24 December 2009, that number is just under 7,000. Unfortunately, AirSafe.com's privacy policy prevents that site from tracking the destination of these downloads, so we can only provide the US government with general guidance on just how daunting any search for copies of this document will be.

1 comment:

  1. So helpful to know exactly of whom that is not a picture.

    Having fun, are we?

    ReplyDelete