Friday, December 11, 2009

The Transportation (in)Security Administration

The Transportation Security Administration (TSA) is the agency in charge of airport security nationwide. It seems that they posted their procedure manual online by accident. The document was redacted, but despite the many previous incidents involving supposedly redacted* documents, the manual was poorly redacted - the redactor just drew boxes over the sensitive data instead of selecting and deleting it. It was only a matter of hours before the un-redacted document was available online.

According to the TSA the information in that was posted is old and the manual was never even made available to TSA staff. But there was a lot of sensitive information in that document. From the easily duplicated ID cards for various agencies (Including CIA) to information on the x-ray machines that could be used to find a way to fool them, there is plenty there to put anyone on their guard.

The TSA seems to be poo-pooing the incident. That's understandable, if annoying. You can't reveal any more about how weak your defences are than the bad guys already have. But this is a serious breach of national security. Using this document it is possible that another group of terrorists could come into the US using fake documents that would wisk them through airport security with little or no security checks. It might make it possible for weapons to be smuggled onto planes in carry-on luggage. It may not be the worst threat to national security we've ever seen, but it's not a good one. Fortunately this breach has caught the attention of congressional leaders and others, so whatever error caused the manual to be posted may be found and cleared, and steps put in place to find and prevent similar errors in the future.

*redacted - sensitive information removed prior to release

[edited @ 9:56am because there's no reason for most people to know what 'redacted' means - Bert]