Friday, January 31, 2014

TSA Leaks Sensitive Airport Screening Manual

TSA Leaks Sensitive Airport Screening Manual

cia_id
Who needs anonymous sources when the government is perfectly capable of leaking its own secrets?
Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures badly bungled their redaction of the .pdf file. Result: The full text of a document considered “sensitive security information” was inadvertently leaked.
Anyone who’s interested can read about which passengers are more likely to be targeted for secondary screening, who is exempt from screening, TSA procedures for screening foreign dignitaries and CIA-escorted passengers, and extensive instructions for calibrating Siemens walk-through metal detectors.
The 93-page document also includes sample images of DHS, CIA (see above) and congressional identification cards, with instructions on what to look for to verify an authentic pass.
The manual, titled Screening Management Standard Operating Procedure, is dated May 28, 2008. It contains this warning: “NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A ‘NEED TO KNOW.’”
Notwithstanding that disclaimer, the document appeared on FedBizOpps, a government clearinghouse that lists federal contracting opportunities for vendors. It has since been removed from the site, but not before someone grabbed it and submitted it to the whistleblower site Cryptome, where the formerly-redacted portions are highlighted in red boxes. The discovery was first made by a blogger at Wandering Aramean.
TSA spokeswoman Sterling Payne told Threat Level that the document was an “outdated version” of its operating procedures, and that the administration “took swift action when this was discovered.” She said “a full review” is underway to discover why the redacted material was not properly protected.
“TSA has many layers of security to keep the traveling public safe and to constantly adapt to evolving threats,” added Payne in an e-mail. “TSA has appropriate measures in place to effectively screen passengers at airport security checkpoints nationwide.”
The manual was posted as a redacted .pdf document, with sensitive sections blacked out. But the government apparently hasn’t learned from past redaction flubs and merely overlaid black rectangles on the sensitive text in the .pdf, instead of cutting the text itself. Anyone can uncover the hidden text by simply copying and pasting the blacked out portions into another document.
One of the redacted sections, for example, indicates that an armed law enforcement officer in or out of uniform may pass beyond the checkpoint without screening after providing a U.S. government-issued photo ID and “Notice of LEO Flying Armed Document.”
Some commercial airline pilots receive training by the U.S. Marshals Service and are allowed to carry TSA-issued firearms on planes. They can pass through without screening only after presenting “bonafide credentials and aircraft operator photo ID,” the document says.
Foreign dignitaries equivalent to cabinet rank and above, accompanying a spouse, their children under the age of 12, and a State Department escort are exempt from screening.
There are also references to a CIA program called WOMAP, the Worldwide Operational Meet and Assist Program. As part of WOMAP, foreign dignitaries and their escorts — authorized CIA representatives — are exempt from screening, provided they’re approved in advance by TSA’s Office of Intelligence.
Passengers carrying passports from Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen or Algeria are to be designated for selective screening.
Although only a few portions of the document were redacted, the manual contains other tidbits that weren’t redacted, such as a thorough description of diplomatic pouches that are exempt from screening.
A. Diplomatic pouches are exempt from any form of screening. A diplomatic pouch can be a bag, pouch, or container holding diplomatic correspondence, documents, or articles. Although an individual transporting a diplomatic pouch may have diplomatic immunity, that individual and his or her nondiplomatic accessible property and checked baggage must undergo screening and all alarms must be resolved.
B. The diplomatic pouch must have visible external markings in English that state “Diplomatic Pouch” or “Diplomatic Bag”. The pouch must bear an official seal of the sending government or international organization. For example, a seal could be a lead seal attached to a tie that closes the pouch, a printed seal on the fabric of the pouch, or an ink seal impressed on a detachable tag. The pouch must be addressed to an office of the government or international organization whose seal the pouch bears. For unaccompanied pouches tendered as checked baggage, a detachable certificate will be affixed to the outside of the pouch that describes the pouch and certifies the contents as diplomatic materials. The Department of State (DOS) encourages diplomatic couriers to notify the aircraft operator that they are carrying a diplomatic pouch.
C. When a diplomatic pouch is presented by a diplomatic courier to TSA at a screening checkpoint or screening location, the STSO must check that the diplomatic courier is carrying an official or diplomatic passport and a courier document or letter on their person for identification. A courier letter must be on appropriate letterhead stationary and must bear a seal of the sending state, embassy, consulate, or international organization. The courier letter must be signed by the relevant Ambassador or Chief of Mission serving in the United States. The courier document must clearly identify the bearer and his or her status as a diplomatic courier and must contain information sufficient to identify the pouch(es), to include the number of pouches being escorted.
This is not the first time that redacted documents have leaked sensitive data.
AT&T lawyers defending their company in a spying suit made the same mistake three years ago in a redacted court filing. Confidential details discussed during a closed-door settlement hearing in a lawsuit against Facebook were revealed earlier this year when parts of the hearing transcript were insufficiently redacted. Federal prosecutors also made redaction errors in court documents they filed against two San Francisco reporters who covered the BALCO steroids story.
In 2003, the Justice Department botched the redaction of a controversial workplace diversity report, and in 2000 the New York Times inadvertently leaked the names of CIA collaborators when it published an improperly redacted CIA file on its website that documented American and British officials’ engineering of the 1953 Iranian coup.
Adobe provides extensive guidelines for properly redacting (.pdf) information in .pdfs.
Updated 5:15 p.m with comments from TSA.

No comments:

Post a Comment