The Transportation Security Administration is promising a “full review” after the release of an unredacted version of its Screening Management Standard Operating Procedures over the weekend.
The existence of the document, first reported Sunday on the blog Wandering Aramean, was a brief sensation in the travel blogosphere — until people read the manual. Not only was it boring. It was also obsolete.
What gave this story more than its 15 seconds of Internet fame? Probably the fact that TSA had meant to redact certain portions, but because of an apparent lack of computer skills, it failed to effectively do so.
This afternoon, TSA released the following statement on the manual:
The Transportation Security Administration (TSA) has become aware that a outdated version of a Standard Operating Procedures document was improperly posted by the agency to the Federal Business Opportunities Web site wherein redacted material was not properly protected.
TSA takes this matter very seriously and took swift action when this was discovered. A full review is now underway.
TSA has many layers of security to keep the traveling public safe and to constantly adapt to evolving threats. TSA has appropriate measures in place to effectively screen passengers at airport security checkpoints nationwide.
Wandering Aramean had harsh words for the agency charged with protecting air travelers:
It is pretty pathetic that the folks supposedly responsible for administering this “security” program cannot even be bothered to do the simplest parts of their job correctly. Then again, passing through the checkpoint every time I fly it is pretty clear that they do a lot of things incorrectly. Just chalk this one up to more of the same idiocy. More done badly.
I’m told that this version of the Standard Operating Procedures was actually never implemented. So although this document gives us a good idea of TSA’s current procedures, it should in no way be considered up-to-date, or even accurate. My source says it’s been revised six times since the release. (Why release something that was never implemented? It’s a mystery.)
I spoke with a person who is familiar with redaction boo-boos. Her take?
The elementary error they made in redaction using Microsoft Word is a fairly common piece of stupidity. Word jockeys and technical writers laugh or cry every time this happens. It’s truly idiotic.
That said, as a former government consultant I can say that the document is probably born of compromise, not followed in practice, and written by a team of consultants trying to mediate the various views of various stakeholders.
As if people on the front lines are going to read all that!
It’s a mistake nobody makes more than once.
This is by no means the first time someone has redacted without redacting. A few years ago it led to this interesting story. Maybe TSA should have read this handy redaction how-to from the NSA before releasing this into the wild.
What do you think? Have you read the TSA SOP? Anything interesting in there that we haven’t noticed yet?
(Photo: goldberg/Flickr Creative Commons)
{ 1 trackback }
{ 7 comments… read them below or add one }
I dont know if they know this but if you get the one they have released and just select all and paste into note book you can read everything…..nice job guys.
Another easy way to see it all – open with Adobe reader, and File, Save as Text. Open the TXT file with your word processor, Notepad, or WordPad.
Anything interesting? Yes.
Attachment 4-4 contains images of various federal credentials.
Uh-oh.
(I leave it to the reader to figure out how to see them. I am not going to say how I did it.)
These are the same folks who routinely “wand” my white-headed 76 year-old 80-pound sister every trip we take. Also the same ones who confiscated my expensive gel-filled prescription orthotics without which I can hardly walk. They are “careful” to the extent of absurdity when exercising their power over individual travelers but criminally foolish in their lack of care in revealing a document that gives potential terrorists much inside information about how to get around TSA procedures.
Of course TSA is going to back off and say it’s out of date and has been revised. The fact is that there is information in there that should never be made public.
Now they have to have a full security review of their procedures and documents. If there are images of federal credentials as DrBob suggests above or forms that should be secret, they now have to go to the trouble and expense of revising credentials, documents, revise their procedures.
It’s truly unbelievable.
Hey being a frequent flyer, i’ve seen a whole load of worse things that the TSA has done.
For example: in April I found that I had been travelling with a folding box cutter forgotten in my carry on bag for 4 months.
(No one caught that one. US TSA, Canadian CATSA, Swiss and Dannish Airport Security) and that included manual searches of the bag.
(i’m kinda glad I was the one who found it, cause had it been found while at the airport i’m sure I would have had a bad time of it)
All in all accidentaly posting a training manual online doesn’t seem all that bad. (of course i’m sure there are sensitive portions of the file that shouldn’t have been released)
I figure that if enough people read this then maybe the general public will know what the heck to do once they get to a security screening point so they can stop wasting time for everyone who does know the procedure.
-Jeff in Canada
IT Consultant and Frequent Flyer
Yet another entry on the list of TSA screwups. Yet another reason to seriously doubt whether we’re getting anything useful for what the TSA is costing us in inconvenience, lost liberty, lost privacy, and of course too many dollars.
And of course, the TSA’s spin-meisters react by telling us to pay no attention to the breach because the document is out of date. And any harm that does come from the mistake is entirely the fault of the bloggers and media who trumpeted it to the public, not the TSA! I don’t believe that any more than I believe anything else that comes from the TSA’s PR department. But it probably doesn’t damage security very much. Whatever the actual rules are, by the time they’re inconsistently flowed down to the screeners for inconsistent implementation, it’s all pretty much up to the whims of the screeners. If, as the TSA continually insists, complete unpredictability and inconsistency at checkpoints is what provides highly effective protection from the terrorist threat, aviation is just as safe as it was before the latest embarrassment.
I can only hope this latest TSA “incident” finally goads Congress into imposing oversight and accountability on an agency that for too long has been allowed to run unconstrained behind a shroud of secrecy. But I’m not holding my breath on that.