/ Cory Doctorow / 10:17 pm Sun Dec 6, 2009

TSA can't redact documents properly, releases s00per s33kr1t operations manual


The TSA has published a "redacted" version of their s00per s33kr1t screening procedure guidelines (Want to know whether to frisk a CIA operative at the checkpoint? Now you can!). Unfortunately, the security geniuses at the DHS don't know that drawing black blocks over the words you want to eliminate from your PDF doesn't actually make the words go away, and can be defeated by nefarious al Qaeda operatives through a complex technique known as ctrl-a/ctrl-c/ctrl-v. Thankfully, only the most elite terrorists would be capable of matching wits with the technology brilliance on display at the agency charged with defending our nation's skies by ensuring that imaginary hair-gel bombs are kept off of airplanes.

The TSA makes another stupid move

Mirror of TSA screening doc (redactions removed)

Previously:

31

  1. You know, there was a not-so-distant time when something like this would make us recoil in shock that the people watching out for our transportation security could be so foolish. Now it is expected. :(

  2. The abbreviations/definitions section is hilarious.

    DVD: Digital Video Disk
    FAQ: Frequently Asked Questions.
    ID: Identification
    RSS: Rich Site Summery

  3. The redacted information includes pictures of what various forms of ID (member of the Senate or House of Representatives; ATF, CIA, etc) look like. That’s amusing (though there’s not enough detail to make good counterfeits).

  4. Pardon me for prying, Cory, but here (as in the past) you refer to the U.S. as “our nation”. If I’m not mistaken, you’re a Canadian-born Canadian national, residing in the UK. Who’s “us”? When you’ve posted about other countries, I haven’t noticed first-person pronouns.

  5. As an American taxpayer, an American visa-holder, the co-owner of an American business, and a frequent traveller to the US, I qualify as “us.”

  6. Ahh the TSA. By morons, for everyone… has anyone found a link to the original ‘redacted’ version? I would like to show this to people that still believe the TSA are useful in some kind of way.

  7. @Cory: you might have been “us”until now. But after this, I bet you are one of “them” to the TSA. ;-)
    Since all their procedures now are out, they have to make up new ones, to be “safe”. In the new one, there’s probably a new section: “this is how to identify a Cory Doctorow and other internet fiends”.

    1. > “this is how to identify a Cory Doctorow and other internet fiends”.

      Red cape and goggles. Easy :-).

  8. So, imagine that you download this document onto your notebook. You read it, laugh a bit, and then forget about it.

    Then, you have to take an international trip. Not heeding the advice of professional paranoids, you take your trusty laptop with you . At some point, however, some customs officer finds this unredacted document on the laptop’s drive. . How might they react? How large might the resulting legal bills be?

  9. And so it goes, even knowing all of this stuff doesn’t prevent any of it from having an effect. As stupid as it may be, as embarrassing as it probably will never be, we are all still subject to the idiocy. It doesn’t matter whether they’re good at redacting or not, it changes nothing.

  10. @ Joe:

    Actually – not to be a douche, but I think that’s a pretty good reason NOT to publish the redacted version here. Do you think GOOD counterfeits of these documents would be needed to fool the the TSA?

    I’m travelling to the US tomorrow – where’s that secure delete button on my laptop…

  11. Hey, check this part out…

    2.7. PHOTOGRAPHING, VIDEOTAPING, AND FILMING SCREENING LOCATIONS

    A. TSA does not prohibit the public, passengers, or press from photographing, videotaping, or filming
    screening locations unless the activity interferes with a TSO’s ability to perform his or her duties or
    prevents the orderly flow of individuals through the screening location. Requests by commercial entities
    to photograph an airport screening location must be forwarded to TSA’s Office of Strategic
    Communications and Public Affairs. Photographing EDS or ETD monitor screens or emitted images is
    not permitted.

    B. TSA must not confiscate or destroy the photographic equipment or film of any person photographing the
    screening location.

    Well that’s very cool. If I read it correctly, we can take photos while going through airport security.

    1. “2.7. PHOTOGRAPHING, VIDEOTAPING, AND FILMING SCREENING LOCATIONS

      A. TSA does not prohibit the public, passengers, or press from photographing, videotaping, or filming
      screening locations unless the activity interferes with a TSO’s ability to perform his or her duties or
      prevents the orderly flow of individuals through the screening location. Requests by commercial entities
      to photograph an airport screening location must be forwarded to TSA’s Office of Strategic
      Communications and Public Affairs. Photographing EDS or ETD monitor screens or emitted images is
      not permitted.

      B. TSA must not confiscate or destroy the photographic equipment or film of any person photographing the
      screening location.”

      If I had a drink beside me, I would have sprayed it all over my monitor.

      I flew through Las Vegas earlier this year and saw several large signs saying that photographs were explicitly prohibited and that cameras in use would be confiscated. They even had the TSA seal emblazoned on them.

      Clearly there is a major disconnect between whoever makes the procedures and everybody else.

    2. Last Spring, TSA blogged about airport photography, stating that they do not restrict photography at their airport checkpoints as long as the photography does not interfere with their duties, and that photography of their computer monitors is discouraged. Bob Burns, TSA’s lead blogger, suggested that interested parties contact airports directly to find out if any local policies applied. In the comments section for that post, Mr. Burns later stated that photography of the computer monitors was prohibited, not simply discouraged. Despite numerous requests for him to do so, he did not state whether this was a legal requirement or simply one of the criteria by which TSA staff decide if someone will be allowed past their barricade or not.

      I took Blogger Bob’s advice and contacted 50 major U.S. airports using TSA’s “Got Feedback?” form. About half of them responded. I documented every response, along with my follow-up questions and follow-up responses, on FlyerTalk Forums. I created an index of some of the responses that I found to be particularly troubling.

      Evidently, some TSA staff are unaware that TSA does not prohibit photography at their checkpoints. See FlyerTalk threads: “TSA Agent order me to stop filming” (November 28, 2009) and “Flyer `Processed’ (Arrested?) in NM After Declining to Show ID” (November 16, 2009).


      Phil
      Arrested at ABQ airport TSA checkpoint November 2009
      No comment at this time. Fight back: donate to my legal defense fund

  12. “The abbreviations/definitions section is hilarious.

    DVD: Digital Video Disk”

    Also not even correct. DVD hasn’t stood for “Digital Video Disc” since the very early days (possibly even pre-release, I don’t remember off the top of my head.) At some point, the planners decided that the name should also reflect use for computer data, so the acronym was adjusted to mean “Digital Versatile Disc.” Then it was changed once again so that DVD doesn’t officially stand for anything (like when they tried to rename Kentucky Fried Chicken as “KFC.”

  14. What I find especially funny about this is I found a pdf two years ago, put together by the NSA, that tells you how to correctly redact all sorts of different types of documents and file formats. The instruction guide specifically warns against this method.

    Ah the things you can find by googling “NSA secret documents.”

  15. Playing devil’s advocate, I think it’s a bit unfair to call the TSA stupid. In fact, I’d argue you’re missing the point of the TSA.

    The TSA is essentially a glorified marketing and theatrical campaign with a few added powers to deny legal immigrants entry to the US, and the firepower to threaten people into doing as they say.

    Most of the things they do “for our own protection” are based upon famous media cases that everyone knows about. The point of taking off our shoes is not to protect us from another shoe bomber, but to make the average American traveller feel like someone’s invading their privacy for their own good.

    Most of the reason for this is simply cost. Just like it’s cheaper to put a sticker on a car window saying “protected by death-loc security(tm)” than it is to buy a high-tech security system, it’s much cheaper to hassle a few random hippies and foreigners than it is to upgrade domestic airline security to be able to combat the latest in clandestine espionage or information-based terrorism.

    Therefore, calling the TSA stupid is a bit like critisizing your local 7-Eleven clerk for not being able to work all the special functions on his cash register. Give a wage slave a break!

    1. Technically your mixing the TSA up with immigration. That’s understandable though, the TSA seems equally confused about its role.

      Slightly OT: One of these days, I’m going to refuse to enter the melanin room at the airport, or at least refuse to answer any questions. I’ll invoke my fifth amendment right against self-incrimination when they start asking me questions and see what they do about it. I’ve simply had it with the excessive pointless questioning. Let them do the legwork and find out whether or not I’m up to something.

      I’m a born US citizen, what are they gonna do? Deny me entry?

      1. your

        *Sigh*

        I keep doing this despite knowing better since the second grade. I meant, “you’re”.

  16. So that’s why I always see short buses at the airport. It’s just the TSA employees huffing up the windows on the sweet pickle buss.

  17. Now I’m beginning to wonder if using “strikethrough” text on the secret sections of my online documents is an adequate security measure. Better to go the safe route and implement the trusty Zapf Dingbats encryption software.

  18. I begin to think that this “mistakes” are not mistakes.

    Despite what many people here like to snicker and feel superior, many people deep in the bowls of government are not stupid, and are frustrated with stupid policies as well.

    This “mistake” in redaction, may be a “mistake”, not a mistake.

  19. Ah… this makes it even better.
    After downloading and inspecting this document it’s not even locked for editing. Using Adobe Acrobat you can simply click the boxes with the object select tool and click delete.

    Tada! Now you have a red box outlining the text you shouldn’t have been able to read. The black box is all gone.

  20. Great stuff. Gives me ammunition to handle them. I have the unfortunate opportunity, as a pilot, of having to “interact” with the TSA, which I have always assumed was the Terrorist Support Agency.
    Some of them are human and deserve a break but many “luv” the uniform and power, beats a 7-11 outfit.

  21. “RSS: Rich Site Summery”

    Have to give someone at TSA a few points for using that Netscape-era acronym, except that they spelled summary wrong.

  22. > ctrl-a/ctrl-c/ctrl-v

    That’s horrible. Ctrl-insert, shift-insert makes more sense and works much better than ctrl-c/ctrl-v. Numerous studies have shown this>

Comments are closed.