The Secrets of Flight
Why Transportation Security Administration guards don't have to tell you what they won't tell you.
"Before the Law stands a doorkeeper" begins Franz Kafka's famous parable, which tells of a man who seeks "admittance to the Law" but who is denied access by the doorkeeper—something he did not expect.
The Law, he thinks, "should surely be accessible at all times and to everyone."
Former Rep. Helen Chenoweth-Hage, R-Idaho, experienced the existential horror of being governed by secret laws last month while attempting to board a United Airlines flight from Boise to Reno. When pulled aside by security guards from the Transportation Security Administration for additional screening, including a physical pat-down, Chenoweth-Hage requested a copy of the federal regulation authorizing such searches. Her request was denied.
"She said she wanted to see the regulation that required the additional procedure for secondary screening and she was told she couldn't see it," local TSA Security Director Julian Gonzales told the Idaho Statesman.
Chenoweth-Hage said that if she couldn't see the regulation, she wouldn't submit to the pat-down. If you don't allow us to search you, you can't fly, they responded. And so she didn't, getting into her car and driving to Reno instead.
A case can be made that airline security would suffer if the criteria used for screening passengers were to be revealed. Such a disclosure would make it easier to circumvent passenger screenings. But Chenoweth-Hage wasn't asking for such details, only for the legal authorization for pat-downs. Why couldn't they at least let her see that? asked Statesman correspondent Dan Popkey.
"Because we don't have to," replied TSA doorkeeper Gonzales.
"That is called 'sensitive security information.' She's not allowed to see it, nor is anyone else," he said.
How did we come to such a pass?
Unlike most forms of classified national security information, which are based in executive order, the concept of "sensitive security information" originated in a 1974 statute, the Air Transportation Safety Act. The intent of SSI was to prohibit disclosure of several categories of information, including information "detrimental to the safety of persons traveling in air transportation." As initially implemented, SSI was applied rather narrowly to the nuts and bolts of airport and airline security programs. Theoretically, an unlimited number of SSIs can be promulgated—as long as they fit the broad definition set down by law. As official secrets go, SSIs are fairly tame. Several government employees have been fired or forced to resign for making unauthorized disclosures of SSIs, but it's not a crime.
But a little-noticed passage in the Homeland Security Act of 2002 expanded the scope of SSIs to prohibit disclosure of information that "would be detrimental to the security of transportation." This change in wording ushered in an expansive new interpretation of SSI. A May 2004 Federal Register notice spelled out 16 categories of information that may now be designated as SSI. These include not only airport security plans (as before) and threat assessments, but also records of security inspections and investigations, names of security personnel, and training materials. More problematically, "security directives" such as the one that Chenoweth-Hage requested are exempt. And for good measure, the 16th category is a catch-all exemption for "other information" that TSA may at its discretion determine should be withheld.
"By removing any reference to persons or passengers, Congress has significantly broadened the scope of the SSI authority," wrote Congressional Research Service analyst Todd B. Tatelman in a new report. "As a result, it appears that the authority to classify information as SSI now encompasses all transportation-related activities including air and maritime cargo, trucking and freight transport, and pipelines." This latent authority could be used to expand the current secrecy regime into other areas of transportation and national infrastructure. Already, "the number and scope of [security directives]" designated as SSI "has markedly increased" since Sept. 11, 2001, as noted by an internal TSA memo.
The TSA, which is now part of the Department of Homeland Security, has deployed its new secrecy authority with gusto. The TSA signed a security agreement with the Des Moines, Iowa, police department last year as a condition for the city receiving federal financial assistance for airport security.
"If I hadn't seen this contract I wouldn't have believed it could happen in America," Police Chief William McCarthy told the Des Moines Register. Its non-disclosure requirements were so stringent that it might have prevented officers from "reporting the arrest of a drunk at the airport" without first consulting TSA, he said. Similar agreements have been signed with police departments in other cities around the country.
Following the intervention of Sen. Chuck Grassley, R-Iowa, and Tom Harkin, D-Iowa, TSA Administrator James Loy reportedly "clarified" that the agreement was merely intended to ensure that the federal government was directly notified of security incidents at airports "rather than learning of events through the press." Although police initially believed that the agreement itself was secret, TSA eventually advised that only an appendix on airport security needed to be withheld.
Meanwhile, say some internal critics, SSI authority has already been used as a cudgel to impose security discipline and rein in dissent.
After MSNBC reported last year the TSA's decision to remove federal air marshals from certain long-distance flights to economize, TSA launched a probe to identify who had revealed such sensitive security information to the media. A new Department of Homeland Security inspector general report noted that "air marshals from two locations said that they were threatened with arrest and prosecution if they were found to have released sensitive security information (SSI), even though release of SSI is not a prosecutable offense."
Software designer John Gilmore ran afoul of another SSI directive in 2002 after refusing to present a photo identification before boarding a flight. Gilmore has challenged the constitutionality of this practice with a lawsuit. Citing security concerns, the government says the case cannot be argued in open court. In his suit, he claims he was told that there were "security directives that mandated the showing of ID, but that he couldn't see them." The directives, he learned, "are revised as often as weekly, and are transmitted orally rather than in writing. To make things even more confusing, these orally transmitted secret rules change depending on the airport."
Responding to a different lawsuit brought by the ACLU of Northern California contesting the administration of the so-called "no fly" list, U.S. District Judge Charles R. Breyer agreed that some SSIs go too far.
"The Court's preliminary review of the voluminous material demonstrates that in many instances the government has not come close to meeting its burden [to justify withholding], and, in some instances, has made frivolous claims of exemption," Breyer wrote in a June 2004 opinion. "General statements that, for example, the information is sensitive security information, are inadequate to satisfy the government's burden."
Although some of the contested material in that proceeding has now been disclosed, the government seeks dismissal of the larger case.
Despite some hopeful signs of resistance from feisty individuals and the occasional judge, the challenges posed by SSI are likely to continue and to grow. The root of the problem lies in the very definition of the term. Instead of articulating reviewable criteria for designating information as "sensitive," Congress said in effect that SSI is whatever the TSA says it is. This momentous transfer of authority to the executive branch won't be remedied until Congress recovers its appetite for oversight and accountability.
Steven Aftergood writes the Federation of American Scientists newsletterSecrecy News.