TSA to Conduct Full Review After Sensitive Information Leak
Improperly redacted PDF allowed access to secret TSA information
TSA officials say that a "full review" is underway to determine how a 2008 copy of its standard operating procedures for all airport security checkpoints was released in its entirety on the Internet. The document was "improperly redacted," according to TSA officials, meaning that with a few keystrokes what was once secret spilled out into the public domain.
The document itself details screening procedures at metal detectors, explosive residue testers, and other elements of airport security. It outlines procedures for escorting certain travelers around security checkpoints, including air marshals, diplomats, and CIA officers. An annex to the document gives several examples of official credentials for agencies including the CIA,
Another redacted section of the document reveals that travelers are selected for screening if their passports are issued by any one of 12 specific countries.
The TSA document, dated
Agency officials promised swift action.
"TSA takes this matter very seriously and took swift action when this was discovered. A full review is now underway. TSA has many layers of security to keep the traveling public safe and to constantly adapt to evolving threats. TSA has appropriate measures in place to effectively screen passengers at airport security checkpoints nationwide."
Several bloggers who focus on national security issues first discovered this particular slip-up, but it is an all-too-common problem for government officials trying to keep information secret in the digital age, experts say. "It is a pervasive problem that needs to be addressed," says
To redact the TSA document for public release, officials apparently used a computer program to blacken particularly sensitive parts of the handbook, including which types of travelers are exempt from various kinds of random and required screening, the procedure for CIA officers escorting foreign dignitaries and others through checkpoints, the minimum gauge of wire used to calibrate X-ray machines, and the types of chemicals used for cleaning explosive residue scanners.
The document was then published online as a PDF, a common file format used widely by the government. To redact it, officials obscured text using a program which successfully obscures the text as viewed on a computer monitor. But the information wasn't deleted. Highlighting the text of the PDF page and then using the copy and paste functions on a computer easily revealed the hidden information.
It's not the first time that digital redactions have gone awry. In June, the
Sometimes the redacted information is seemingly harmless. Aftergood pointed to another case in 2004, where the
But the insufficient redaction problem has become so pervasive across the government that in 2005 the
"The key concept for understanding the issues that lead to the inadvertent exposure is that information hidden or covered in a computer document can almost always be recovered," the report warned. "The way to avoid exposure is to ensure that sensitive information is not just visually hidden or made illegible, but is actually removed from the original document."
Internet Slip Leads to Trouble for TSA
The TSA placed five employees on administrative leave and launched a full review to determine how an improperly redacted copy of the agency's manual for airport security screening was published on a publicly accessible website for government contractors.
- Journalism: Desperate Metaphors, Revenue Models and the Need for Better Journalism
- Senate Report Revisits Osama bin Laden's Great Escape
- Assigning Blame in the White House Crasher Scandal
- 'The Great Global Security Underwriter' Will Pay a High Price
- Obama's Surge in Afghanistan Hardly a Surprise
- U.S. May Take New Look at 'War on Drugs'
TSA to Conduct Full Review After Sensitive Information Leak | Alex Kingsbury
(c) 2009 U.S. News & World Report