[Infowarrior] - DHS takes action in bungled posting of airport security secrets

[Richard Forno]

DHS takes action in bungled posting of airport security secrets
By Spencer S. Hsu and Carrie Johnson
Washington Post Staff Writer
Wednesday, December 9, 2009 2:53 PM

http://www.washingtonpost.com/wp-dyn/content/article/2009/12/09/AR2009120901883_pf.html
The Department of Homeland Security has initiated unspecified  
personnel actions against individuals involved in the bungled online  
posting this spring of a government document that revealed airport  
screening secrets, Homeland Security Secretary Janet Napolitano told  
senators Wednesday morning.

A contract employee was responsible for failing to properly redact a  
93-page Transportation Security Administration operating manual onto a  
government procurement Web site, allowing computer users to recover  
blacked-out information by copying and pasting them into other  
documents, Napolitano said. TSA supervisors were also involved,  
Napolitano said.

"The security of the traveling public has never been put at risk,"  
Napolitano assured the Senate Judiciary Committee at an oversight  
hearing, repeating earlier TSA statements that the document was out of  
date, never implemented and had been subjected to six revisions after  
the breach.

Napolitano said DHS Inspector General Richard Skinner is conducting an  
independent review of the incident, in addition to TSA's Office of  
Inspections.

"We have already initiated personnel action against the individuals  
involved in this," Napolitano told panel Chairman Patrick Leahy (D- 
Vt.), without elaborating. "We have already instituted an internal  
review to determine what else needs to be done to make sure this  
incident never recurs."

The TSA confirmed Tuesday that the document was posted online as part  
of a contract solicitation. The manual details procedures for  
screening passengers and checked baggage, such as technical settings  
used by X-ray machines and explosives detectors. It also includes  
pictures of credentials used by members of Congress, CIA employees and  
federal air marshals, and it identifies 12 countries whose passport  
holders are automatically subjected to added scrutiny.

TSA officials said that the manual was posted online in a redacted  
form on a federal procurement Web site, but that the digital  
redactions were inadequate. They allowed computer users to recover  
blacked-out passages by copying and pasting them into a new document  
or an e-mail.

Current and former security officials called the breach troubling,  
saying it exposed TSA practices that were implemented after the Sept.  
11, 2001, terrorist attacks and expanded after the August 2006  
disruption of a plot to down transatlantic airliners using liquid  
explosives. Checkpoint screening has been a fixture of the TSA's  
operations -- as well as a lightning rod for public criticism of the  
agency's practices.

Stewart A. Baker, a former assistant secretary at the Department of  
Homeland Security, said that the manual will become a textbook for  
those seeking to penetrate aviation security and that its leaking was  
serious.

"It increases the risk that terrorists will find a way through the  
defenses," Baker said. "The problem is there are so many different  
holes that while [the TSA] can fix any one of them by changing  
procedures and making adjustments in the process . . . they can't  
change everything about the way they operate."

Another former DHS official, however, called the loss a public  
relations blunder but not a major risk, because TSA manuals are shared  
widely with airlines and airports and are available in the aviation  
community.

"While it's certainly a type of document you would not want to be  
released . . . it's not something a determined expert couldn't find  
another way," the official said.

Even before Wednesday's oversight hearing, criticism from Congress was  
scathing. Sen. Susan M. Collins (Maine), the ranking Republican on the  
Senate homeland security committee, called the document's release  
"shocking and reckless."

"This manual provides a road map to those who would do us harm," she  
said.

Sen. Joseph I. Lieberman (I-Conn.), the panel's chairman, called the  
breach "an embarrassing mistake" that impugns the judgment of managers  
at the TSA, which is still without a permanent administrator 11 months  
into the Obama administration. Nominee Erroll Southers, a Los Angeles  
airports police executive, is awaiting a confirmation vote in the  
Senate.

House Homeland Security Committee Chairman Bennie G. Thompson (D- 
Miss.) and Rep. Sheila Jackson Lee (D-Tex.) also wrote acting TSA  
Administrator Gail Rossides, saying they are were "deeply concerned"  
about the disclosures and calling for an independent government  
investigation.

The document, dated May 28, 2008, is labeled "sensitive security  
information," and states that no part of it may be disclosed to people  
"without a need to know" under threat of legal penalties.

Seth Miller, 32, an information technology consultant in Manhattan,  
first publicized the manual's ineffectual redactions Sunday on his  
travel blog, WanderingAramean.com. He said he learned about the  
document while chatting with other fliers on an Internet bulletin  
board. Miller said it made him question TSA secrecy rules, saying the  
agency has withheld even mundane operational rules from public view  
rather than clarify its practices.

"After getting over the initial shock of how stupid it seemed they  
were for putting out a document like that," Miller said in a phone  
interview, "I think the most significant risk is that when . . . you  
see some of the things that are marked as security sensitive  
information, you have to sort of smack your hand on your forehead and  
say, 'What are they thinking?' "

The TSA learned of the failure that day , an official said. It has  
checked other procurement documents to correct similar vulnerabilities.

The original version of the manual is still available online,  
preserved by Web sites that monitor government secrecy and computer  
security.

"TSA takes this matter very seriously and took swift action when this  
was discovered. A full review is now underway," the agency said in a  
statement Tuesday. "TSA has many layers of security to keep the  
traveling public safe and to constantly adapt to evolving threats. TSA  
is confident that screening procedures currently in place remain  
strong."

The manual includes material both highly sensitive and mundane, from  
how TSA screening officers should handle diplomatic pouches to when  
they should dispose of their rubber gloves.

Among the most disturbing disclosures concern the settings used to  
test and operate metal detectors. For instance, officers are  
instructed to discontinue use of an X-ray system if it cannot detect  
24-gauge wire. The manual also describes when to allow certain  
firearms past the checkpoint, and when police, fire or emergency  
personnel may bypass screening.

The document identifies the minimum number of security officers who  
must be present at checkpoints, how often checked bags are to be hand- 
searched, and screening procedures for foreign dignitaries and CIA- 
escorted passengers.

It also says that passport-holders from Cuba, Iran, North Korea,  
Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen and  
Algeria should face additional screening.