A report on the security of TSA operational IT and communications systems released last month by the DHS Office of the Inspector General (OIG) is prefaced with a scathing critique of the redactions demanded by the TSA in the censored public version of the report.
The OIG report found a pervasive lack of basic security measures and consciousness at TSA airport facilities: doors propped open or with locks taped off, unmonitored entrances, lack of logs of physical access to communication nodes and servers, lack of redundancy, etc.
But the TSA tried to keep the OIG from reporting on even those problems that at already been publicly reported, after TSA review and permission, in earlier OIG reports or other pages of the same report. The real point of the TSA’s censorship is not security but avoidance of public and Congressional debate and oversight.
Here’s what the DHS’s own internal auditor reported:
I must lodge an objection regarding the way that TSA has handled information in the report it considered Sensitive Security Information (SSI). Specifically, we issued the draft report, Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports, to the Department on September 16, 2016.
[W]e asked for agency comments, including a sensitivity review, within 30 days of receipt of the draft. On October 7, 2016, the Chief of the SSI Program provided the results of its sensitivity review, marking as SSI various passages in the report. The redactions are unjustifiable and redact information that had been publicly disclosed in previous Office of Inspector General (OIG) reports. I am challenging TSA’s proposed redactions to our summary report….
I can only conclude that TSA is abusing its stewardship of the SSI program. None of these redactions will make us safer and simply highlight the inconsistent and arbitrary nature of decisions that TSA makes regarding SSI information. This episode is more evidence that TSA cannot be trusted to administer the program in a reasonable manner.
This problem is well-documented. In addition to my previous objection to the handling of one of our reports, the House Committee on Oversight and Government Reform in 2014 issued a bipartisan staff report finding that TSA had engaged in a pattern of improperly designating certain information as SSI in order to avoid its public release because of agency embarrassment and hostility to Congressional oversight.