TSA Cannot Order Sites to Take Down Sensitive Manual

After a Transportation Security Administration (TSA) manual containing “sensitive security information” was inadvertently disclosed on a government website, it was reposted on several non-governmental websites where it remains freely available.  Asked what TSA intends to do about that, Acting TSA Administrator Gale D. Rossides told Congress that her agency does not have the legal authority to compel members of the public to remove sensitive TSA documents from their websites, though she wished that they would do so.

“Do the current regulations provide you a mechanism to keep individuals from reposting this information on other web sites?” asked Rep. Charles W. Dent (R-PA), at a December 16 hearing of the House Homeland Security Subcommittee on Transportation Security.

“No, sir, they do not,” Ms. Rossides replied.  “We do not have any authority to ask non-government or non-DHS sites to take it down.”

“What action does TSA intend to take against those who are reposting this sensitive document that should not be in the public domain?” Rep. Dent persisted.

“Well, right now, there really isn’t any authoritative action we can take,” Ms. Rossides said.  “Honestly, persons that have posted it, I would, you know, hope that out of their patriotic sense of duty to, you know, their fellow countrymen, they would take it down.  But honestly, I have no authority to direct them and order them to take it down.”

But Rep. Dent expressed his own indignation at the web sites that ignored the official control markings on the TSA manual.  “To those who reposted this security information on the internet, you should share in the blame should security be breached as a result of this disclosure,” he said.

But the urgency of the need to restrict continued access to the leaked TSA manual seemed diminished by Ms. Rossides’ declared view that aviation security has not “been compromised or weakened because of this incident.”  Furthermore, she said, that manual was now obsolete because “very significant changes” have been made to airline security policy since the manual was issued.

Ms. Rossides added that in order to prevent further inadvertent disclosures of the newest security measures, she was refusing to provide a hardcopy of the latest edition of the TSA security manual to Congress.  “I just wanted to take the absolute measures to protect that information, and that’s why a hardcopy wouldn’t be presented,” she said.

Rep. Dent objected to this.  “By refusing to give a document to this committee because of concern about a public disclosure, that’s implying that this subcommittee would disclose the document.  And that’s what, I guess, troubles me the most.” He said he would press the issue.

Subcommittee chair Rep. Sheila Jackson-Lee (D-TX) said she would introduce legislation to bar contractors from access to “sensitive security information,” since contractors apparently were at fault in the inadvertent disclosure of the security manual.  “It’ll be my legislative initiative to insist that contract employees not be used to handle sensitive security information, period,” she said.

Rep. James Himes (D-CT) asked whether TSA was examining who had downloaded the security manual.

“I believe that is part of what [the TSA Inspector General] is looking at,” Ms. Rossides said.  “We do know — our CIO shop has done an initial review of who did download it and has it on their website — non-government, non-DHS websites.  We do know that.”