tiistai 8. joulukuuta 2009

The TSA makes another stupid move


When the TSA make mistakes this egregious it really isn’t all that hard to pick on them.
The latest is that their Screening Management Standard Operating Procedure is published on the internet.  I actually like that.  I don’t think that security through obscurity is a good idea.  Of course the document is marked SSI and includes this footnote on every page:


SENSITIVE SECURITY INFORMATION 
WARNING: THIS RECORD CONTAINS SENSITIVE SECURITY INFORMATION THAT IS CONTROLLED UNDER 49 CFR PARTS 15 AND 1520. NO PART OF THIS RECORD MAY BE DISCLOSED TO PERSONS WITHOUT A “NEED TO KNOW,” AS DEFINED IN 49 CFR PARTS 15 AND 1520, EXCEPT WITH THE WRITTEN PERMISSION OF THE ADMINISTRATOR OF THE TRANSPORTATION SECURITY ADMINISTRATION OR THE SECRETARY OF TRANSPORTATION. UNAUTHORIZED RELEASE MAY RESULT IN CIVIL PENALTIES OR OTHER ACTION. FOR U.S. GOVERNMENT AGENCIES, PUBLIC DISCLOSURE GOVERNED BY 5 U.S.C. 552 AND 49 CFR PARTS 15 AND 1520.

So the decision to publish it on the Internet is probably a questionable one.  On top of that, however, is where the real idiocy shines.  They chose to publish a redacted version of the document, hiding all the super-important stuff from the public.  But they apparently don’t understand how redaction works in the electronic document world.  See, rather than actually removing the offending text from the document they just drew a black box on top of it.  Turns out that PDF documents don’t really care about the black box like that and the actual content of the document is still in the file.
Yup, their crack legal staff managed to screw this one up pretty badly.  Want to know which twelve passports will instantly get you shunted over for secondary screening, simply by showing them to the ID-checking agent?  Check out Section 2A-2 (C) (1) (b) (iv).  Want to know the procedure for CIA-escorted passengers to be processed through the checkpoint?  That’s in the document, too.  Details on the calibration process of the metal detectors is in there.  So is the procedure for screening foreign dignitaries.
It is pretty pathetic that the folks supposedly responsible for administering this “security” program cannot even be bothered to do the simplest parts of their job correctly.  Then again, passing through the checkpoint every time I fly it is pretty clear that they do a lot of things incorrectly.  Just chalk this one up to more of the same idiocy.  More done badly.
Want to read it for yourself?  Grab a copy here.  Who knows how long they’ll keep it online.
Once you’ve downloaded the PDF you’ll see the black boxes.  Simply highlight the text (start above and drag down to below the redaction area) so that you’re selecting all of the stuff in the “redacted” area.  Copy the selection and paste it into the word processing client of your choice.

0 kommenttia: