Slashdot Mirror
TSA's Sloppy Redacting Reveals All
A travel blog breaks the story of a poor job of redacting by the TSA: they posted a PDF of airport screening policies, with certain sections blacked out — not realizing that simply laying a black rectangle over the text is hardly sufficient. Cryptome has posted a copy with the redaction removed (ZIP).
http://cryptome.org/tsa-screening.zip The actual link.
If i had one dollar for every brain you dont have, i would have $1.
ctrl-a is a bitch, huh?
is here:
http://cryptome.org/tsa-screening.zip
"Prefiero morir de pie que vivir siempre arrodillado!"
I know people who work in the US government. As I understand it, when releasing material that is partially blacked out, in most departments the procedure is to simply black it out on a hard copy and then photocopy the hard copy or scan it if it is to go online. This removes any chance of clever ways of getting the data if there's something about the file format or such that is strange. I don't see why the TSA wouldn't do the same thing. Moreover, isn't the fact that you can do this with PDFs well known? I've even seen it used as a way of covering up spoilers. What were they thinking?
Hey TSA dudes, do your bit for the environment and use ^H like we do on slashdot.
These posts express my own personal views, not those of my employer
but must admit that this strikes a blow to their reputation for competence and effectiveness.
ttp:cryptomeorgtsa-screeningzip
The cryptome URL has been redacted. Nothing to see here, move along.
Sincerely,
TSA
using System.Awesome;
CIA Badges look pretty easy to fake......
zosxavius photography
Idiots. They should have changed the text color to white for the stuff they wanted to hide.
Better known as 318230.
How do you know this isn't some kind of trap, a honeypot to track down all of you nosy busybodies?
So is kdawson on drugs? Is s/he not on drugs but should be? Does s/he even know what the intertubes are? Can we find peace in our time? Or, horny as we are, can we even find a piece in our time? If we found a piece would we find peace?
So many questions ....
Dammit. The mirrored files have the highlighting taken out so I don't know where the juicy bits are in the document.
Can someone mirror it with the highlighting left in?
Insanity: voting in the same two parties over and over again and expecting different results
Why so little context in the description of this article?
From a quick google around.. it seems that the TSA referred to here is a US government agency of some sort - Transport Security Administration.
Perhaps it's assumed around here that almost every TLA from the USA is of global significance and widely understood.
photographing EDS or ETD monitor screens or emitted images is not permitted. [...] Whenever possible, x-ray machine images must not be visible to the public or press. When physical constraints prevent x-ray images from being fully protected from public viewing, TSOs must ensure no member of the public or press is in a position to observe an x-ray monitor for an extended period of time. Passengers and other unauthorized individuals must not be allowed to view EDS or ETD monitors and screens.
Huh. Now...why would that be?
First guess, they don't want the "terrorists" to see how good/bad the x-ray devices are.
Second more cynical guess: Xray machines are mostly useless and the TSA doesn't want the public to realize it's a bunch of voodoo?
Please help metamoderate.
How stupid are these people?! Adobe even has a feature to redact (not draw black boxes) text from documents
Reminds me of the story about CIA Redactions--that in reality they use black highlighers for the important stuff.
Keep Doing Good.
Sloppy Slashdot editors...
From what I can tell, some of the information which was poorly blacked out could be helpful to people who want to get things/persons past security.
However, that is under the assumption that the information is accurate. Perhaps this information is just misleading and the file was poorly blacked out so that people would crack it and assume that it is accurate.
Maybe one way to find out: Does anyone can fired or demoted for this? If not...maybe because it was intentional after all.
Here are typical examples of redacted paragraphs:
On what planet is it necessary to keep facts like these secret?
Why is the fact that their redacting technique is as useful and effective as their screening techniques surprising to anyone?
TSA, bringing you the best in security theatre since 2001!
This wasn't blacked out or anything, but I had to laugh a bit if you look under 'Hazardous Materials Reference Document'
"Ammunition, small arms Small arms ammunition (up to 50-caliber cartridges
or 8-gauge shells) for personal use may be carried in checked baggage if securely
packed in boxes or packaging specifically designed for carrying ammunition. No
loaded firearms permitted in checked baggage"
I had to re-read that and was like err.. wait a minute... 50-caliber? Wow, that's allowed? Yet will freak out over a bottle of shampoo, huh? rofl ...
Just wait until they try their hand at Healthcare.
This clearly comes from the people who thought up my favourite piece of brain dead "security" from the TSA
When you enter the line to the security gate a TSA numpty checks your boarding pass to make sure you are allowed to join the line. Everyone joining the line has their boarding pass checked, this is a piece of paper often printed on a computer that says what flight you are on, its just about the easiest thing to fake in the history of fakery.
Then you lob everything into the x-ray machine, clearly needing to separate your laptop out as clearly its impossible to see stuff through that. Shoes of course, belts, internal organs...
Then as you step through the body scanner some TSA numpty says "boarding pass please". Pointing out that you've just put all your crap through the machine and that your boarding pass is with your passport and your wallet is of course pointless. The answer... wait until it comes out of the machine and then show the numpty. you are of course also checked at the gate with both passport (hard to fake) and boarding pass (trivial to fake).
So in otherwords the TSA check TWICE a piece of easy to fake information and NEVER check your ruddy passport.
So how did the TSA redact this PDF. Well simple they had the same process. The first person pasted on the black squares. This was then printed out.
The first checker then looked at the printed out copy and said "looks fine to me"
This document was then scanned in and then printed again to be checked by a second checker who said "yup all okay"
And then they put the ORIGINIAL electronic copy on line with the pasting over the top.
The TSA is to security what Micheal Vick is to Pet Care
An Eye for an Eye will make the whole world blind - Gandhi
Perhaps it a privacy concern between whomever owns the bag being scanned and other members of the public.
If that were the case, it wouldn't make sense to have redacted that section.
Another interesting redacted section talks about how governors, lt. governors, immediate family, and two staff members...all appear to be eligible for "specialized screening", which probably consists of nothing more than a "have a nice flight, sir."
Same goes for the airplane's crew; they apparently don't want us to know that they're also exempt from any screening. As are: FEMA employees, US Military, US Senators and Representatives, holders of US diplomatic passports, holders of foreign diplomatic passwports with a little "yes, they're OK" card from the US gov't, Forest fighters (wtf?), and FAA inspectors.
Please help metamoderate.
The redacted portion of section 3.1.2 references a "Fig. J", yet this figure is not in the document... I would loooove to see what figure J is all about.
Also, the non-redacted section about Diplomatic Pouches (4.1) is interesting. Specifically point E.3:
If they accidentally screen a diplomatic pouch and it tests positive for something, the bag isn't allowed into the secured area... but it's returned to the courier un-investigated. And they'll just be able to bring it on another flight where it won't get screened this time. I get the concept behind diplomatic pouches, but once the veil is pierced I don't think it makes sense to just ignore what you saw, especially once you know something's wrong. What if the courier opened the pouch themselves and showed the screener a ticking bomb and then closed it up again? The screener was never supposed to see that, so what then? Just go about your business?
We always knew Comcast was corrupt, here's the proof: http://tech.slashdot.org/comments.pl?sid=1909890&cid=34545432
Comment removed based on user account deletion
I used to manage an E-discovery group at a
lawfirm. We would receive stuff like this from
opposing council all the time.
People really are that stupid.
Now, that is a bloody travesty! It turns a neat, easy to read (scalable fonts!) document with nicely searchable contents into a bitmap... It ought to be possible to properly black-out information, that does not want to be free, without turning the rest of the text into a picture.
Departments doing it as you describe are wasting my money — I want a refund!
In Soviet Washington the swamp drains you.
iv. If the individual’s photo ID is a passport issued by the Government of Cuba, Iran, North Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen, or Algeria, refer the individual for selectee screening unless the individual has been exempted from selectee screening by the FSD or aircraft operator. really?
From what I've read, the intent is to limit how large of a *container* you can bring on board. Yes 5 people can bring on 5x the amount of explosive precursors. But they'll have to mix it up in 5 batches, which will take multiple trips to the restroom, careful coordination, etc, etc.
They're not worried about someone bringing actual liquid explosives on board. They have equipment that will detect those compounds reliably.
Apparently, this didn't make it through the screener at the Document Security Administration ("DSA").
The exact same thing has happened before, and was even covered on slashdot, many many times.
http://entertainment.slashdot.org/story/08/05/20/0228229/FBI-Wiretapping-Audit-Secrets-Uncovered-Via-CtrlC
http://it.slashdot.org/article.pl?sid=06/06/22/138210
http://yro.slashdot.org/story/03/11/01/1729257/Memory-Hole-Un-Redacts-Redacted-DOJ-Memo
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
No, pilots DO need to be screened, because the chance of ONE cockpit crew member going bad and wanting to take the plane out is much better tha the chance of ALL the cockpit crew members wanting that.
That means that with zero screening the "bad pilot" could bring on board a weapon (gun, grenade, knife, flammable liquid, acid, whatever) to either take out the rest of the cockpit crew or the controls.
If the "bad pilot" is unable to get something more dangerous than normal on board, he has less chance to destroy the plane - and the others have a better chance to get him "under control."
There is no reason to allow anyone past the security chokepoint without being screened, but ESPECIALLY those who will be out of view in the cockpit and able to kill of the rest of the crew or damage the aircraft beyond being flyable.
Gotta think these things through, people.
--Tomas (Ex-USAF)
Distributing FOIA documents in electronic forma bears the consequence of leaving employee and Word/Acrobat metadata. They should should just dump the file into a plain text and then run it through a .txt to PDF converter.
Instead of drawing over words or phrases with black marker as is common, it should be acceptable to redact words, sentences or paragraphs with ", ". If its need to know, you won't get the information anyways so it isn't relevant to know how much information is redacted, I can't see how this would contribute to openness. It also avoids the games people have played in the past with being able to guess what the redacted word(s) or a sentence by judging the spacing of characters and type of font used missing from the text.
I never realised that the Tourette Syndrome Association had such power. Who the f*** gave them that? ********!
c. WOMAP Escort Officer cell phone number
Slow learners after the Milan incident? Maybe someone should call 703-601-3200 and send a friendly reminder? Just remember to leave a note stating whether you'd prefer to accidentally fall off a bridge or lose control on a road corner :P
iv. If the individual's photo ID is a passport issued by the Government of Cuba, Iran, North
Korea, Libya, Syria, Sudan, Afghanistan, Lebanon, Somalia, Iraq, Yemen, or Algeria, refer
the individual for selectee screening unless the individual has been exempted from selectee
screening by the FSD or aircraft operator.
This section proves that the US Government and the TSA DO target certain groups (in this case people from certain countries) for extra screening (regardless of the individuals who may be members of these groups)
Are people with a Lebanese or Algerian passport more of a risk than other people? Or is it that these passports are easier for the bad guys to legitimately obtain than any other one?
I couldn't find a Member of Congress of that name. So if she's fictitious, why did they feel the need to doubly redact her name on page 4-26?
What do you mean?
I must say I was bemused to see the sort of items that are allowed into the cargo hold (i.e. via checked-in luggage, though I'm guessing you have to declare most or all of these):
Live ammunition, firearms, stun guns, cattle prods, martial arts weapons (yes, including numchucks), axes, meat cleavers, knives of *any* length, bows and arrows, swords and throwing stars.
Enough weapons to start a small war there - I wonder if there's a limit (other than total baggage weight) on how many of each of these items you can put in your luggage?
They really just marked all the important parts for us with one of those colourful marker pens. And black is their idea of colouful.
Swedish plasma phys. PhD student; MSc EE; knows maths, programming, electronics; finance interest; seeks opportunities
Well just saying "Frist Post" is redundant if it really IS the first post, isn't it. It's obvious. If it isn't first post then rather being redundant, it's just wrong and there's no mod for that.
You've got that 180 degrees backwards. It's not to make people feel secure; it's to make people feel scared. Fear is a more powerful emotion than the feelings of peace and security. With enough fear you can justify policies you'd never get away with in a thousand years if The People felt secure. Fear is power.
Of course that's not saying the TSA does a good job of it. Most any frequent traveler thinks by now that it's pointless and absurd -- but bear in mind that competence has never been a hallmark of the TSA.
Of course over time the charade will devolve, if it has not already, to simple bureaucratic inertia and butt covering, so that when something very bad does someday happen to an airplane, no one will end up pilloried for dismantling the useless "security" theatre thereby "allowing" the bad thing to happen.
It's often a lot easier to start doing something dumb than to stop.
Most people would not call the attacks of Germany and Britain on each others civilian populations during WWII "terrorism", even though the blanket targeting of civilian populations did occur (ie. the bombing of civilians was not an accident, or "collateral damage", it was a deliberate act designed to kill and undermine moral).
Why was the bombing of civilian cities (those with no or little military infrastructure) during WWII considered valid, and yet now is considered "terrorism"?
Well from a purely theoretical point of view, these bombings (and also the nuclear bombs on Hiroshima and Nagasaki) were *indeed* perfect example of the definition of terrorism (killing civilian target for the sole purpose of undermining the moral), even if they were done by government instead of some rebel groups.
But now you see, with wars done by governments, the small difference is that the winners get to write the history books. And if they choose to call their deeds as "glorious acts of democratic resistance against the evil empire of dumb-stupid nazis" instead of "acts of terror to break the enemy's morale", so be it.
And that's how some doctrine like "Shock and awe" are born.
In an alternate reality where the American economy had collapsed, giving a chance to Afghanistan to actually win the war, you know how the books where going to describe this conflict.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Unfortunately, we (the gov't with our tax dollars) are spending so much to enhance the illusion, that could be better spent elsewhere.
Yup, indeed.
If the government really wanted to protect the civil population from certain death, it would immediately sue car manufacturer and fast-food stores.
You see, given current statistics in our modern societies, we can pretty easily predict that the largest proportion of people who read this post, and the largest proportion of the people afraid of terrorism that the government is trying to reassure, are all probably going to die :
- either in a car accident
- or from a heart attack with their arteries clogged by cholesterol
That, ladies and gentlemen, is the biggest killers in our modern societies that we have to fear. Be afraid of your car, be afraid of your TV dinner. Be very very afraid.
But you know, people normally aren't afraid of everyday things, they are used to them no matter how much dangerous they are. Instead they are afraid of things that they don't understand. Of all that extremely rare and improbable but spectacular events. And they ask for some governmental action. And thus the government gives what the masses are asking for : running after some so improbable event that it's almost indistinguishable from random noise.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
The document appears to have been discovered by user OnTheAsile on the flyertalk.com forums in this post:
http://www.flyertalk.com/forum/travel-safety-security/1024103-foia-request-rules-tsa-requires-passengers-follow-airport-checkpoint-advice.html#post12931726
Several posts later, FlyerTalk members discovered that the blacked out information has not been removed.
Securitytheatre
Shoes for Industry. Shoes for the Dead.
Prior to 1/1/2002, what percentage of people who flew were killed by terrorists. Tell you what, let's add in everyone killed on the ground as a result of the plane crashes on 9/11/01. Now what's the percentage. What percentage of people who drive cars are killed every year prior to mandatory seatbelts? And after?
Now compare the percentage reduction in each to the total annual cost of each. I think you'll find the TSA screening to be horribly cost ineffective.
Besides, how many passenger groups are likely to be passive during a hijacking post-9/11? You saw the reaction of the passengers of the third plane; TSA is actually doing very little.
Is it just my observation, or are there way too many stupid people in the world?
My dad works at a newspaper that once received a document from the Sheriff's office that included a list of juvenile offenders. Since juvenile offenders' identities are kept private, the Sheriff's office redacted them.
By striking them out, on the submitted photocopy, with a black marker.
A quick trip to the light table, and up came the names.
In the USA we pride ourselves in throwing off parasitic royalty and that everyone is equal. To become a naturalized citizen you have to renounce your titles. So why do sundry "dignitaries" get exemption from screening? If I have to take off my shoes to enter the portals of transportation, then so should everyone, from the President down. What is so special about a lieutenant-governor's wife, anyway?
Prove anything by multiplying Huge Number times Tiny Number
It looks to me like Appligent is going to gain another customer for Redax. If you're gonna black it out, do it right.
"Who controls the past controls the future. Who controls the present controls the past." -- George Orwell
TSA is actually doing very little.
Well, that's not entirely true. They are employing a sizable workforce of high school dropouts and McDonald's rejects.
So the bombing of Pearl Harbor was an act of terrorism, not war?
Well, uh, no. Pearl Harbor is a *naval base*. It's navy. It's not mainly a civilian harbour.
Civilian did die during that bombing. But nonetheless the purpose was to attack an American naval base.
Whereas, with the bombings mentioned above, the target were clearly civilian.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Anyone consider the possibility that this WAS a competent clerk?
But that he was also one of us?
Technoli
Terrorism is: "the calculated use of unlawful violence or threat of unlawful violence to inculcate fear; intended to coerce or to intimidate governments or societies in the pursuit of goals that are generally political, religious, or ideological."
Attacks on the military can be considered terrorism.
Attacks by crack pots who have no agenda of social change, regardless of the horror, are not terrorism.
For instance:
Bombing of the USS Cole = Terrorism.
Ft Hood shootings = Premeditated murder by a mentally unhinged man.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
What, you don't recognize transport transport protocol when you see it?
No, no, it's text transport protocol... It's a special protocol that they came up with for exchanging ordinary text over the internet.
Bow-ties are cool.
every attack in war is designed to "injure, maim, kill or destroy the target specifically for the intense emotional reaction that such an act would cause in anyone with a vested interest in the target." That's the strategic goal of war. To remove the enemy's will to fight.
No. Not every attack.
- Injuring/maiming/killing civilian to instil fear is *one* possible strategy.
- You can target military structure/units with the intent to (also instil fear) and reduce mainly the available fighting power of the adversary
- You can precisely target critical infrastructure with the intent to (also instil fear) and mainly restrict the resources available to the adversary for fighting while generating to lowest amount of damage. (So called surgical strikes). Civilians will die too, though.
When killing random civilians for the sake of killing them, your main intent is to instil fear.
When killing specific other target, your main intent is to reduce the capacity of the adversary to fight (by cutting supplies, resources, or diminishing the number of available able fighters). Fear is just an added bonus which happens to come in the same package.
That's the difference between an act of war (Let's bomb a base. Or a critical factory. Or a power plant) and an act of terrorism (Let's level a whole city, or some culturally important monument, etc.).
Of course that are absolute theoretical example. The reality is usually more complex.
Nonetheless, my point was to prove that, when at war, killing civilian just to instil fear is *not* the only single strategy available for any attack.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Okay; I used to work for the feds, so I'm going to try to explain to everyone how things work in Foggy Bottom, aka Washington, D.C.:
When a new bureaucracy is created in Foggy Bottom, immediately there is a great rumbling sound as huge swarms of Homo Bureaucratus Vulgaris begin to migrate. Although numerous, these specimens are actually culls from the vastly-larger main herds, unable to advance within their previous pecking-order, or more typically, so incompetent that they are actually in danger being dismissed and being forced to survive as mere citizens. Slow starvation is the usual result.
Upon arriving at the domain of the new bureaucracy, each of the creatures quickly move to occupy just as much of the available resources as is possible, with vast expenditures going toward silk plants and high-tech office chairs. Territorial disputes are inevitable, with vast battles breaking-out over departmental head-counts, convenient parking spaces, and corner offices.
After several years of bloody struggle, however, a new pecking-order is established, and, after much prodding by other, bigger, meaner bureaucratic entities, the creatures reluctantly begin to produce a minimal amount of output. Many of the migrant Homo Bureaucratus Vulgaris, however, find themselves in precisely the same situation as before, as their shortcomings typically survive the sojourn. Thus the groundwork for the next mass migration is laid.
Regards;
Trigger takedown notice to Cryptome in 3...2...1...
Adobe Acrobat specifically has a Redaction feature that was included for this exact reason.
If you use it properly, you hilight the sections of text or images that you want to be redacted and pick the colour you want the covering rectangle to be. Once you apply the redactions, Acrobat removes the text from the page, removes any indexed text that refers to the redacted text (eg in a TOC link) and also offers to remove just about all the metadata in the PDF as well. Once redacted, the text is simply not in the PDF any more, it's gone. You can delete the rectangle but the text is not underneath it. You can't search for the text and you can't find it hidden in the metadata in the PDF either. It is completely gone.
This is an incredibly easy way to achieve what you want to do as you just hilight the text and click Redact. No drawing fiddly rectangles or anything like that. You can delete the rectangle object but there's nothing underneath it, it's simply there for visual appeal.
Specialist Mac support for creative pros, Melbourne
At the time of the bombing of Pearl Harbor we had not declared war on Germany or Japan.
Well, that's basically a diplomatic fuck-up. Somehow the declaration of war got stuck and was delivered late.
Nonetheless, I stand on the original etymological definition : "Terrorism" is about causing "Terror" in the population.
To repeat the statement done by Uberbah a couple of level above : "If they aren't targeting civilians, they aren't terrorists"
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Agree to disagree?
Yes, why not.
If only all opinion conflict could be resolved in such a civilised manner...
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
How stupid are these people?!
Could be. Or maybe somebody inside TSA wanted this to be public but has plausible deniability about leaking it.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
broken in half, wielded as a razor sharp weapon?
Ask Me About... The 80's!
Call me paranoid, but faking a poor redaction can also be an effective method of spreading misinformation.
...but I wanna see the ULTIMATE, the holiest of the holy, the Big Kahuna of top-secret files: The No-Fly List.
You can post this security theater stuff all day, and they're only going to whinge and make the occasional farting noise over it.
Post the No-Fly List if you really want to impress people. And watch cryptome and wikileaks go offline like a light switch.
[End Of Line]