TSA accidentally reveals airport security
By Spencer S. Hsu and Carrie
Washington Post Staff Writer
December 9, 2009
The Transportation Security Administration
inadvertently revealed closely guarded secrets related
to airport passenger screening practices when it
posted online this spring a document as part of a
contract solicitation, the agency confirmed Tuesday.
The 93-page TSA operating manual details procedures
for screening passengers and checked baggage, such as
technical settings used by X-ray machines and
explosives detectors. It also includes pictures of
credentials used by members of Congress, CIA employees
and federal air marshals, and it identifies 12
countries whose passport holders are automatically
subjected to added scrutiny.
TSA officials said that the manual was posted
online in a redacted form on a federal procurement Web
site, but that the digital redactions were inadequate.
They allowed computer users to recover blacked-out
passages by copying and pasting them into a new
document or an e-mail.
Current and former security officials called the
breach troubling, saying it exposed TSA practices that
were implemented after the Sept. 11, 2001, terrorist
attacks and expanded after the August 2006 disruption
of a plot to down transatlantic airliners using liquid
explosives. Checkpoint screening has been a fixture of
the TSA's operations -- as well as a lightning rod for
public criticism of the agency's practices.
Stewart A. Baker, a former assistant secretary at
the Department of Homeland Security, said that the
manual will become a textbook for those seeking to
penetrate aviation security and that its leaking was
"It increases the risk that terrorists will find a
way through the defenses," Baker said. "The problem is
there are so many different holes that while can fix
any one of them by changing procedures and making
adjustments in the process . . . they can't change
everything about the way they operate."
Another former DHS official, however, called
the loss a public relations blunder but not a major
risk, because TSA manuals are shared widely with
airlines and airports and are available in the
"While it's certainly a type of document you would
not want to be released . . . it's not something a
determined expert couldn't find another way," the
Criticism from Congress was scathing. Sen. Susan M.
Collins (Maine), the ranking Republican on the Senate
homeland security committee, called the document's
release "shocking and reckless."
"This manual provides a road map to those who would
do us harm," she said.
Sen. Joseph I. Lieberman (I-Conn.), the panel's
chairman, called the breach "an embarrassing mistake"
that impugns the judgment of managers at the TSA,
which is still without a permanent administrator 11
months into the Obama administration. Nominee Erroll
Southers, a Los Angeles airports police executive, is
awaiting a confirmation vote in the Senate.
House Homeland Security Committee Chairman Bennie
G. Thompson (D-Miss.) and Rep. Sheila Jackson Lee
(D-Tex.) also wrote acting TSA Administrator Gail
Rossides, saying they are were "deeply concerned"
about the disclosures and calling for an independent
The document, dated May 28, 2008, is labeled
"sensitive security information," and states that no
part of it may be disclosed to people "without a need
to know" under threat of legal penalties.
Seth Miller, 32, an information technology
consultant in Manhattan, first publicized the manual's
ineffectual redactions Sunday on his travel blog,
WanderingAramean.com. He said he learned about the
document while chatting with other fliers on an
Internet bulletin board. Miller said it made him
question TSA secrecy rules, saying the agency has
withheld even mundane operational rules from public
view rather than clarify its practices.
"After getting over the initial shock of how stupid
it seemed they were for putting out a document like
that," Miller said in a phone interview, "I think the
most significant risk is that when . . . you see some
of the things that are marked as security sensitive
information, you have to sort of smack your hand on
your forehead and say, 'What are they thinking?' "
The TSA learned of the failure that day and has
begun an internal review by its Office of Inspection,
an official said. It also checked other procurement
documents to correct similar vulnerabilities.
The original version of the manual is still
available online, preserved by Web sites that monitor
government secrecy and computer security.
The agency said the posted manual was outdated and
was never implemented. Six more recent versions have
been issued since that one, a TSA official said.
"TSA takes this matter very seriously and took
swift action when this was discovered. A full review
is now underway," the agency said in a statement. "TSA
has many layers of security to keep the traveling
public safe and to constantly adapt to evolving
threats. TSA is confident that screening procedures
currently in place remain strong."
The manual includes material both highly sensitive
and mundane, from how TSA screening officers should
handle diplomatic pouches to when they should dispose
of their rubber gloves.
Among the most disturbing disclosures concern the
settings used to test and operate metal detectors. For
instance, officers are instructed to discontinue use
of an X-ray system if it cannot detect 24-gauge wire.
The manual also describes when to allow certain
firearms past the checkpoint, and when police, fire or
emergency personnel may bypass screening.
The document identifies the minimum number of
security officers who must be present at checkpoints,
how often checked bags are to be hand-searched, and
screening procedures for foreign dignitaries and
It also says that passport-holders from Cuba, Iran,
North Korea, Libya, Syria, Sudan, Afghanistan,
Lebanon, Somalia, Iraq, Yemen and Algeria should face