Security lines at US airports just got longer.
According to news reports like this one in the Washington Post, the U.S. Transportation Security Administration's (TSA) classified operating manual was accidentally posted online during a contract solicitation. The manual tells what can go undetected during security searches, as well as what is likely not to be searched.
As noted by the Post,
"The TSA operating manual, which went online in March, includes information about whom screeners target for special scrutiny and the technical settings used by metal and explosives detection equipment at airports.... the manual also describes procedures used for foreign dignitaries and CIA-escorted passengers, calibration standards and technical limits of detection equipment, and the frequency with which checked bags are to be hand-searched. "
The operating manual was heavily digitally redacted, but the redaction was incorrectly done. Bloggers were able to strip away the redactions, and the manual was open for everyone to see.
A recent blog post here by a lawyer outlines some other recent redaction goofs. Here is how to do it properly, courtesy of the US District Court of Northern California.
The Post says that the TSA claimed, "...the posted manual, dated May 2008, was outdated and was never implemented. Six more recent versions have been issued since that one, a TSA official said."
The TSA, of course, didn't say what percentage of the 93-page operating manual actually has been changed in the latest version; my guess, not too much.
The TSA says it takes this matter seriously.
I'll let you decide about that as you stand waiting in your airport screening line this holiday season..
Robert N. Charette is a Contributing Editor to IEEE Spectrum and an acknowledged international authority on information technology and systems risk management. A self-described “risk ecologist,” he is interested in the intersections of business, political, technological, and societal risks. Charette is an award-winning author of multiple books and numerous articles on the subjects of risk management, project and program management, innovation, and entrepreneurship. A Life Senior Member of the IEEE, Charette was a recipient of the IEEE Computer Society’s Golden Core Award in 2008.