The TSA makes another stupid move

Posted by Seth on December 6, 2009 under Screening Management SOP, TSA | 46 Comments to Read

When the TSA make mistakes this egregious it really isn’t all that hard to pick on them.

The latest is that their Screening Management Standard Operating Procedure is published on the internet.  I actually like that.  I don’t think that security through obscurity is a good idea.  Of course the document is marked SSI and includes this footnote on every page:

SENSITIVE SECURITY INFORMATION
WARNING: THIS RECORD CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER 49 CFR PARTS 15 AND 1520. NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A “NEED TO KNOW,” AS DEFINED IN 49 CFR PARTS 15 AND 1520, EXCEPT WITH THE WRITTEN PERMISSION OF THE ADMINISTRATOR OF THE TRANSPORTATION SECURITY ADMINISTRATION OR THE SECRETARY OF TRANSPORTATION. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTIES OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC DISCLOSURE GOVERNED BY 5 U.S.C. 552 AND 49 CFR PARTS 15 AND 1520.

So the decision to publish it on the Internet is probably a questionable one.  On top of that, however, is where the real idiocy shines.  They chose to publish a redacted version of the document, hiding all the super-important stuff from the public.  But they apparently don’t understand how redaction works in the electronic document world.  See, rather than actually removing the offending text from the document they just drew a black box on top of it.  Turns out that PDF documents don’t really care about the black box like that and the actual content of the document is still in the file.

Yup, their crack legal staff managed to screw this one up pretty badly.  Want to know which twelve passports will instantly get you shunted over for secondary screening, simply by showing them to the ID-checking agent?  Check out Section 2A-2 (C) (1) (b) (iv).  Want to know the procedure for CIA-escorted passengers to be processed through the checkpoint?  That’s in the document, too.  Details on the calibration process of the metal detectors is in there.  So is the procedure for screening foreign dignitaries.

It is pretty pathetic that the folks supposedly responsible for administering this “security” program cannot even be bothered to do the simplest parts of their job correctly.  Then again, passing through the checkpoint every time I fly it is pretty clear that they do a lot of things incorrectly.  Just chalk this one up to more of the same idiocy.  More done badly.

Want to read it for yourself?  Grab a copy here.  Who knows how long they’ll keep it online.

Once you’ve downloaded the PDF you’ll see the black boxes.  Simply highlight the text (start above and drag down to below the redaction area) so that you’re selecting all of the stuff in the “redacted” area.  Copy the selection and paste it into the word processing client of your choice.

UPDATE: The original link to the document appears to be dead now but a mirror of the file can be found at www.cryptome.org with the un-redaction work already completed.

UPDATE 2 (1 JAN 2010): There has been another “redacted” document published on the internet.  This one has details of checked baggage screening processes.  Not good.

Tags: ,

  1. gavinmac said,

    I think they redacted the section with the 12 passports that get secondary screening. I'm going to guess:

    Libya, Iraq, Iran, Syria, North Korea, Sudan, Somalia, Afghanistan, Pakistan, Algeria, Lebanon, Palestine.

  2. gavinmac said,

    Oh sorry, missed what you said about the ineffective black box redaction. But it's enough to thwart me. I don't know how to see underneath it.

  3. dzlobnsky said,

    gavinmac, ctrl-a, and you'll see the entire document.

  4. Anonymous said,

    Did you notify the website so they'll fix this?

  5. Seth said,

    No, I haven't notified anyone at the FBO.gov site (no contact info listed on the site nor in WhoIs). I suppose I could call the TSA contact line in the morning but I doubt they're going to have much to offer. Maybe I'll try the press office. No matter what, no one is working tonight so not much of a reason for me to bother.

  6. Anonymous said,

    MIRROR ANYONE?

  7. Anonymous said,

    Here's your mirror
    http://cryptome.org

  8. Miq-Tak said,

    Gone now (10:18 AM EST)

  9. Anonymous said,

    Yet another fed screw up. I cannot imagine why anyone would think it a good idea to have the federal government reform healthcare (not something constitutionally charged to the federal government) when it cannot do a good job of protecting its citizens (which does happen to be something the federal government is supposed to do).

  10. Anonymous said,

    Any Americans killed by terrorism lately, Anonymous? Hint: no. The TSA's not for protection, it's performance art.

  11. Anonymous said,

    Here's another mirror: MIRROR

    http://freetard.com/stuff/tsa-screening.pdf

  12. Anonymous said,

    Another mirror

    http://www.mediafire.com/?zeyi1kiik2x

    if you can't get from

    http://cryptome.org/tsa-screening.zip

  13. Paul said,

    "Yet another fed screw up. I cannot imagine why anyone would think it a good idea to have the federal government reform healthcare (not something constitutionally charged to the federal government) when it cannot do a good job of protecting its citizens (which does happen to be something the federal government is supposed to do)"
    you MUST subscribe to all of FOX NEWS "talking points" without much understanding, like most Hannity/Beck/etc viewers. There are many many things the federal government is not "constitutionally charged with", you could fill a few pages of services and agencies that have arisen over the years since the constitution, Think SEC, TSA, Homeland Security, Medicaid, CPA, Public Transportation, ETC. Stepping in to reform a broken system is frankly, a bold effort. We only have to wait and see how it all plays out. Beck himself last year stated we have the worst healthcare system in the world. Sitting back and doing nothing about it is about as bad as it gets.
    NOW, back to the story of the incompetence of TSA.
    to Anonymous, if you want something intelligible to discuss, then look into how 1st & 2nd BUSH created all of the different agencies that do not have to answer to either the President or Congress thereby creating 4th and 5th branches of government immune to balance of power. There is a case in the supreme court right now challenging Sarbanes-Oxley for this very reason. Whenever you create an institution free from public scrutiny there is the real threat of heading towards an oppressive /military state. There are plenty of examples of TSA officers (see underqualified, low paid, high school drop-outs) abusing their authority without repercussion unless there is a blatant example that hits the media. before you speak…
    1)Learn the basic values the Constitution promotes.
    2) Do a search for unitary Executive branch of government.
    3) Realize that the same arguments coming from the left are exactly the same arguments coming from the left 40 years ago when Medicaid was being signed into law. The same issues also came up then… Cost, government run healthcare, lack of choice, poor quality, etc. Damn, this isn't even the forum for this…but anyway.

  14. Anonymous said,

    I still feel that the best method is to print out the document, cover the "secret" sections with foil, scan the updated document into a PDF and then post.

  15. jib said,

    @Anonymous:

    No, that would be an inefficient use of time, require unnecessary equipment, and result in a larger PDF with lower quality. The best way would be to use software that can properly redact text.

  16. Anonymous said,

    Wow, I seem to recall reading a document meant for all departments of the federal government specifically stating that this (covering up text with black boxes in PDFs or DOCs) should never be done

  17. Anonymous said,

    Wikileaks has it now.
    http://www.wikileaks.com/wiki/US_Transportation_Security_Administration:_Screening_Procedures_Standard_Operating_Procedures%2C_1_May_2008

  18. Carter said,

    its called flattening the document… learn to use your pdf software…

  19. Anonymous said,

    Let's try that again with a proper link…

    Wikileaks has it now.

  20. Anonymous said,

    Reported^^

  21. Anonymous said,

    Let me tell you something, I am Lebanese myself and I can assure you that:

    - All Lebanese knew that there was always an unwritten (and now we know it's written) rule of checking Lebanese people further in ANY country (not only the states).
    - The Lebanese passport is the WORST passport in the world. Even worse than any of the other 11 countries. I's only good to travel to a handful of countries without a visa.

    Here's some personal stories:

    - Everytime I approach the border security when entering a country, the man (or the woman) at the border smiles at me, and then his/her face changes completely once I present my passport with the nice cedar logo.
    - I once went to Cuba (which is on this list, and it really shouldn't be), and I got held in passport check and customs for 2 hours, and the reason was that because of my Lebanese passport they thought I was an American spy (can you believe that?). Americans sending a Lebanese to spy on Cubans, how novel!
    - I travel with shorts and flip flops just to avoid the hassle.
    - I can't think of any single instance when I traveled and didn't have a problem.

  22. Anonymous said,

    It is what it is now, the information is out there for anyone wanting to get past security at the airport. They HAVE to reissue all of the ids and reissue this security document with the updated ids to truly eliminate the threat… let's see if they do. -Jim Bickerstaff

  23. Anonymous said,

    I tried several times to join Border Patrol, Customs, TSA, always being turned down for stupid reasons, and I was never given the opportunity to appeal the process, which I believe is a violation of my constitutional rights as a US Citizen. But now I know why. I was way too intelligent. Thank God I didn't become one of them. Idiots beyond belief. Our government is being run by stupid people, pure and simple.

  24. Jayrutz said,

    This problem of poorly redacted PDFs has been know for years. Commercial products like Workshare Protect fix this by policy enforcement. Why doesn't the goverment own a product like this, thats the real shame here…

  25. Anonymous said,

    The TSA worries more about an airport employee like me bringing a cup of pudding in for my lunch than focusing on the real issues. Just look at all of those that are exempt and what those exemptions can bring through a checkpoint.

    What a joke

  26. Randy said,

    In cases like this I hate the media! Reporters need to understand that they can report a security lapse with out actually divulging what the lapses are. Thanks for giving our enemies all the information they need to breech our security and actually attack us or someone else again. Reporters are freaking idiots! Stop giving these people ammunition to use against us. Think before you report you dumb, stupid and a bunch of bad words I can't say in public. By the way, I don't think reporters belong in COMBAT ZONES either!!!!!!!!

  27. Anonymous said,

    Of course there are going to be exemptions for the people flying the planes and not the workers inside the airport. What many people fail to realize is that the pilot can bring his 'explosive' pudding onto the plane if he wants because it doesn't really matter if he wants to create another tragedy and kill a lot of people they don't need a bomb for that. All they have to do is fly into another large building or whatever to accomplish that.

  28. Anonymous said,

    Seth… congrats on getting linked in an article from the front page of yahoo!

    … and yes, another stupid move by the TSA.

    thezipper

  29. Anonymous said,

    And the file is STILL available on the fbo.gov website! Just do a google search for: screening management, and limit it to fbo.gov. Click on the cached link. On the right there is a link next to "Amendment 2" to download the ZIP file. The redacted (rediculous) file is still in the ZIP!

    Geez! Talk about morons!

  30. Anonymous said,

    Do you really think the "bad guys" don't know basic crap like this. It's common sense…. I'm a convicted felon, and based on my charge I expect, and always seem to get pulled to the side… I'm far from shocked, and just prepare to make all searches faster, and easier on everyone. I deserve it I'm a freakin felon… Hmm. Do you think I needed to read a document, or have to figure out why I am targeted? Nope… I'd be shocked if I wasn't…… It was a very minor offense, but still makes me a greater risk….Common sense ….Those that think they are getting a covert look into "secret ops" and how they are done, need to lay off watching Burn Notice, and other fiction based on very old, and outdated material…. Get a grip…. I don't want to know, and unless you have some evil plans, you don't want to know either….. This is silly……

  31. ToM said,

    @Anonymous from Lebanon

    Cubans suspect you are spy because your passport is so easy to counterfeit. It's well know that intelligence organizations counterfeit passports of foreign nations specially ones that have poor quality.

  32. Anonymous said,

    I'm a bit surprised at this late date, nearly 3 days later, not a soul has suggested this file was left out on purpose. It is either

    a)A legitimate leak. Somebody in the ranks of TSA mistakenly thought the doc was no longer a strictly classified doc "need to know" basis or actually meant to leak this dated, and from the references in the discussion here, no longer applicable document. Maybe heads are gonna roll over this.

    b) Somebody at TSA thought it would be fun to sit back and watch the broad spectrum of privacy advocates squeak and scream about the contents of a fake document. Lots of heads will be nodding and giggling like schoolgirls over this.

    c) Somebody at TSA still thinks the black blocks actually redact binary data files that contain text equivalents within them? How very odd. And suspect. I was under the impression, since this fallacy is long known, that "black block redacting pdf files" is comparable to an urban legend.

    Thanx for reading. Hope I didn't bore you. I find the case for disinfo as likely as the case for unintended leak.

    Full Disclosure: I learned of this story at the time of this post. BBC refers to this blog specifically in it's story datelined "Page last updated at 00:21 GMT, Wednesday, 9 December 2009" _US airport security screening processes posted online _
    Google being a long acquaintance of mine quickly directed me here.
    I have not seen the original or any purported mirrors of the PDF in question. I merely comment on the event and what limited discussion I've seen here.

  33. Anonymous said,

    It's time to buy futures in the stock of companies that make hospital gowns.

  34. Anonymous said,

    gavinmac, great guess, take out Palestine (not a country officially) and Pakistan and add in Cuba and Yeman.

  35. Anonymous said,

    TAKE IT DOWN AND ALL LINKS TO IT!!!!!! It should NOT be public

  36. Anonymous said,

    What about adding additional screening for Saudi nationals, 15 of the 19 9/11 hijackers were Saudis!

  37. Stephanie T said,

    Randy – I really doubt it's the "freaking idiot" reporters' problem that this document made its way out in the first place. Unless you're that scared that someone's gonna get you, blame should probably be directed elsewhere.

  38. The Greenroom » Forum Archive » The Danger of Distraction said,

    [...] of American civilian courts. They can read Screening Management Standard Operating Procedures published online. They understand that both ideology and desire make Obama eager to turn away from security issues [...]

  39. Daily Pundit » But We’ve Made All Our Procedures Better…. said,

    [...] of American civilian courts. They can read Screening Management Standard Operating Procedures published online. They understand that both ideology and desire make Obama eager to turn away from security issues [...]

  40. OminousOmen said,

    This could be useful information for the men that helped Christmas Terrorist board a plane without a passport, e.g. the CIA and other Government ID cards.

  41. Wandering Aramean said,

    @OminousOmen: Get your head out of your arse. Those images were so awful that you’d be hard pressed to get anything close to a decent fake ID from them. And the passenger in question boarded in Amsterdam where these rules don’t apply anyways.

    Brains, people. Use ‘em if you’ve got ‘em. Shut up if you don’t.

  42. Special Agents from Homeland Security/TSA question and serve subpoenas on blog authors : Mix3 Travel Blog said,

    [...] may have motivation beyond plugging a leak within their DHS/TSA organization.  Recently a blogger discovered that the TSA had published a poorly redacted version of their Screening Management Standard [...]

  43. The chilling effect: TSA tries to plug a leak by slapping travel bloggers with subpoenas | Upgrade: Travel Better said,

    [...] I understand that TSA is concerned that they’re not following protocol, given the debacle of the improperly-redacted documents. But is this the way to do [...]

  44. bou said,

    i am lebanese too but i am proud of who i am and i do not care if for political reason we r on the LIST. In fact they look at me and search me anytime i step in any airport in the world but not because of me but becuase of a certain group that gave them the wrong idea about my country. But they are still doing their job and i am not afraid cause i am a good cistizen and i am so happy with my nationality.

  45. The Danger of Distraction « Doctor Zero said,

    [...] of American civilian courts. They can read Screening Management Standard Operating Procedures published online. They understand that both ideology and desire make Obama eager to turn away from security issues [...]

  46. NotPdfExpertBut said,

    Why didn’t they just copy and paste a black rectangle in any basic photo/pdf editor and re-save as pdf? If the end goal is to not have the viewer see it- who cares if it is technically on the document but “redacted?” also like Microsoft’s Paint program has an eraser function as well. All viable options.

    47. Add A Comment

home top