Computerworld - In a gaffe called "shocking" and "reckless" by some U.S. lawmakers, the Transportation Security Administration (TSA) inadvertently posted a 93-page document containing highly sensitive information on its airport screening procedures on a government Web site.
The aviation security manual included details on TSA procedures for screening passengers, special rules for handling the CIA, diplomats and law enforcement officials and the technical settings and tolerances used by metal and explosive detectors used at airports.
The document included information on the frequency with which checked bags are to be hand screened for explosives, the names of 12 countries whose citizens are automatically sent to secondary screening and a list of items for which screening is not always required. Also included were images of sample credentials used by members of Congress and the CIA which the TSA said could be easily imitated. Each page of the manual carries the admonition:"NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A 'NEED TO KNOW.'
The document, which was posted on the Federal Business Opportunities Web site was discovered on Sunday by The Wandering Aramean blog. The manual was posted as part of a TSA contract solicitation and was supposed to have been redacted.
But rather than removing the sensitive text from the document "they just drew a black box on top of it," the blog noted. "Turns out that PDF documents don't really care about the black box like that and the actual content of the document is still in the file."
The TSA document has since been removed from the federal Web site. But numerous copies of the documents have since become available around the Internet.
In a statement, a TSA spokesman said that the document was an "outdated, unclassified version of a Standard Operating Procedures. This version of the SOP was never implemented. Because TSA has to constantly adapt to address ever evolving threats, there have been 6 newer versions of the procedures since this version was drafted." The statement goes on to add that while the document demonstrates the "complexities of checkpoint security" it does not contain information related to the specifics of everyday screening. A full review is now under way into the incident, the TSA said.
The TSA's claim that the document was outdated has done little to quell the outrage expressed by some lawmakers.
In a statement today, Sen. Susan Collin (R-Maine), the ranking member of the Senate Homeland Security Committee blasted the TSA over its lapse. "This manual provides a road map to those who would do us harm," Collins said. "The detailed information could help terrorists evade airport security measures
The "shocking breach" will undercut the American's public's confidence in security measures at U.S. airports, she said. Collins said she intends to ask the Department of Homeland Security for a complete explanation of how the breach happened and what specific actions are being taken to prevent "this type of reckless dissemination" in future.
In a similar statement, Sen. Joseph Lieberman, (I-Conn.) called the release of the SOP manual an "embarrassing mistake."
"A security manual, redacted or not, is not the type of document we want to share with the world," Lieberman noted, adding that the improper redaction only compounds the error.
Read more about Security in Computerworld's Security Topic Center.
Free Insider Guide
Rising salaries boost IT optimism, though not everyone is feeling upbeat. Our survey of 4,000+ IT workers shows who's riding the wave and why. Use our interactive tool and compare your own paycheck. Read more...
Copyright © 1994 - 2013 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
