But a little-noticed passage in the Homeland Security Act of 2002 expanded the scope of SSIs to prohibit disclosure of information that "would be detrimental to the security of transportation." This change in wording ushered in an expansive new interpretation of SSI. A May 2004 Federal Register notice spelled out 16 categories of information that may now be designated as SSI. These include not only airport security plans (as before) and threat assessments, but also records of security inspections and investigations, names of security personnel, and training materials. More problematically, "security directives" such as the one that Chenoweth-Hage requested are exempt. And for good measure, the 16th category is a catch-all exemption for "other information" that TSA may at its discretion determine should be withheld.
"By removing any reference to persons or passengers, Congress has significantly broadened the scope of the SSI authority," wrote Congressional Research Service analyst Todd B. Tatelman in a new report. "As a result, it appears that the authority to classify information as SSI now encompasses all transportation-related activities including air and maritime cargo, trucking and freight transport, and pipelines." This latent authority could be used to expand the current secrecy regime into other areas of transportation and national infrastructure. Already, "the number and scope of [security directives]" designated as SSI "has markedly increased" since Sept. 11, 2001, as noted by an internal TSA memo.
The TSA, which is now part of the Department of Homeland Security, has deployed its new secrecy authority with gusto. The TSA signed a security agreement with the Des Moines, Iowa, police department last year as a condition for the city receiving federal financial assistance for airport security.
"If I hadn't seen this contract I wouldn't have believed it could happen in America," Police Chief William McCarthy told the Des Moines Register. Its non-disclosure requirements were so stringent that it might have prevented officers from "reporting the arrest of a drunk at the airport" without first consulting TSA, he said. Similar agreements have been signed with police departments in other cities around the country.
Following the intervention of Sen. Chuck Grassley, R-Iowa, and Tom Harkin, D-Iowa, TSA Administrator James Loy reportedly "clarified" that the agreement was merely intended to ensure that the federal government was directly notified of security incidents at airports "rather than learning of events through the press." Although police initially believed that the agreement itself was secret, TSA eventually advised that only an appendix on airport security needed to be withheld.
Meanwhile, say some internal critics, SSI authority has already been used as a cudgel to impose security discipline and rein in dissent.
After MSNBC reported last year the TSA's decision to remove federal air marshals from certain long-distance flights to economize, TSA launched a probe to identify who had revealed such sensitive security information to the media. A new Department of Homeland Security inspector general report noted that "air marshals from two locations said that they were threatened with arrest and prosecution if they were found to have released sensitive security information (SSI), even though release of SSI is not a prosecutable offense."
Software designer John Gilmore ran afoul of another SSI directive in 2002 after refusing to present a photo identification before boarding a flight. Gilmore has challenged the constitutionality of this practice with a lawsuit. Citing security concerns, the government says the case cannot be argued in open court. In his suit, he claims he was told that there were "security directives that mandated the showing of ID, but that he couldn't see them." The directives, he learned, "are revised as often as weekly, and are transmitted orally rather than in writing. To make things even more confusing, these orally transmitted secret rules change depending on the airport."
Responding to a different lawsuit brought by the ACLU of Northern California contesting the administration of the so-called "no fly" list, U.S. District Judge Charles R. Breyer agreed that some SSIs go too far.
"The Court's preliminary review of the voluminous material demonstrates that in many instances the government has not come close to meeting its burden [to justify withholding], and, in some instances, has made frivolous claims of exemption," Breyer wrote in a June 2004 opinion. "General statements that, for example, the information is sensitive security information, are inadequate to satisfy the government's burden."
Although some of the contested material in that proceeding has now been disclosed, the government seeks dismissal of the larger case.