Tuesday, December 15, 2009

TSA Document – The Rest of the Story

There have been a number of stories about how the TSA ‘inadvertently’ posted a sensitive document on the internet and ‘compromised’ the security of the airline passenger screening document. I have envisioned a number of different ways that such an 'accident' could have happened, but I never thought of the way it actually occurred. Thanks to Collin Bortner at HLSWatch.com for the rest of the story. Redacting Information According to Collin’s article: “A blogger [sic] discovered the pdf document, as well as the ability to undo the redaction of sensitive information. Users of Adobe Acrobat publishing software were able to remove the blacked-out paragraphs and read the text beneath.” Apparently the people posting the document did not realize that simply adding a black box over the ‘sensitive’ text did not destroy the underlying text; simply moving or erasing the box exposed the untouched text. For those of us who have had to redact printed classified documents before copying technology came along can sympathize with the problem. I’ll never forget the first time I had a security inspector wash off the ‘permanent ink’ that I had used to redact ‘sources and methods’ from an intelligence document. There was a special ‘permanent ink’ that we could use that would not wash off, but it wasn’t what I had used. It didn’t matter that the label on the marker I used said that it was ‘permanent ink’. Actually, now that copying/scanning technology is widely available, both of these inappropriate techniques can easily be made effective by printing or copying the poorly redacted documents and then scanning them into electronic format for internet posting. It is probably safest to destroy the ‘original redaction’ to avoid confusion. Root Cause In any case, answering my question at the end of yesterday’s blog, it looks like this was a legitimate case of ineptitude. The question becomes whose ineptitude? Bortner blames the error on the poor adaptation of the ‘paper metaphor’ to Adobe technology. But, as I noted earlier, the same problem was found in the paper process, so I think that that reasoning misses the root cause of the problem. As with any key requirement there must be detailed standards of how things are to be properly done. In this case investigators will have to determine if standards for redacting documents exist and if they are adequate to the task. If standards were not set by TSA, then the employees cannot be faulted for doing something ‘wrong’. If this redaction technique met ‘established’ TSA standards, then the people setting the standards did not know what they were doing. Finally, once adequate standards are developed, they must be communicated to the affected employees. This is called training. So, if there was an adequate redacting standard in place at TSA, investigators tracking down the cause of this incident need to look at the training the employees responsible for the inadequate redacting received on that process. That investigation requires answering some basic questions:
Were they just told in training what they were required to do or were they required to demonstrate proficiency at the task? Is this a task that they perform frequently or is there a significant amount of time between the times the either repeat the task or are trained on the task and then required to execute the task? If the task is performed frequently, how often is their on-the-job performance of the task evaluated, either formally or informally? If the task is performed infrequently, do employees have a written checklist to follow in the execution of the task?
Of course the question of how well the investigation is done will be determined in large part by how political the investigation becomes. The more it becomes about finding and punishing the person responsible that correcting the problem the less likely it will be that the real root cause of the problem will be found.


Anonymous said...

See the NSA redaction tutorial link at the bottom of http://www.fas.org/blog/secrecy/2009/12/leak_anxiety.html


PJCoyle said...

See my response to the comments by Anonymous at: http://chemical-facility-security-news.blogspot.com/2009/12/reader-comment-12-16-09-redacting.html

/* Use this with templates/template-twocol.html */