Most travelers are by now aware of TSA’s abuse of the SSI classification when challenged about their erratic and often irresponsible procedures. While TSA has long been a target of bi-partisan criticism, it speaks volumes when both Darrell Issa and Elijah Cummings join to criticize TSA has been systematically harassing passengers and hiding behind unwarranted SSI claims.
Perhaps this belated recognition by Congress that TSA and its Administrator John Pistole are incompetent and corrupt will lead to further Congressional action to rein in the agency and remove Pistole after the fall elections.
I. Executive Summary
Under the Air Transportation Security Act of 1974, the Federal Aviation Administration (FAA) created a category of sensitive but unclassified information, frequently referred to as “Sensitive Security Information” (SSI), and issued regulations that prohibit the disclosure of any information that would be detrimental to transportation security.
These regulations restrict disclosure of SSI, exempting information properly marked as SSI from release under the Freedom of Information Act.
While the SSI designation can protect sensitive information, it is also vulnerable to misuse. Bipartisan concerns about the use of the SSI designation by the Transportation Security Administration (TSA), an agency of the Department of Homeland Security (DHS), have existed since the promulgation of the SSI regulations in 2004.
Through its investigation, the Committee obtained witness testimony and documents that show possible misuse of the SSI designation by TSA. Witnesses detailed instances in which TSA barred the release of SSI documents against the advice of TSA’s SSI Office. TSA also released SSI documents against the advice of career staff in the SSI Office. The Committee’s investigation revealed that coordination challenges exist among the TSA Administrator, TSA’s Office of Public Affairs (OPA), and TSA’s SSI Office.
Witnesses testified that many of the problems related to the SSI designation process emanate from the structure of the SSI regulation itself. TSA’s SSI Office is staffed with career employees tasked with assisting in the SSI designation process. The final authority on SSI designation, however, rests with the TSA Administrator. Pursuant to the regulation, the TSA Administrator must provide certain documentation supporting his SSI designations. Yet, witnesses interviewed by the Committee stated that there were multiple incidents in which the SSI Office was not consulted or where TSA took actions against the advice of SSI Office officials. Further, such actions occurred without the TSA Administrator providing required written documentation supporting the action.
Due to this contentious relationship and the failure to follow proper procedures, the SSI Office struggled to carry out its statutory obligations effectively. While the TSA Administrator has the final authority to determine whether information is SSI, he is also required under the regulations to submit written explanations of his decisions to the SSI Office in a timely fashion.
Unfortunately, the repeated failure to submit written determinations before taking actions on SSI caused a rift between senior TSA leadership and the SSI Office. This rift resulted in inconsistencies, which could be detrimental to the process for protecting sensitive information. This report explores issues related to the current TSA SSI designation process and recommends improvements to ensure that sensitive information is properly protected while non-sensitive information is properly released to the public. TSA’s use of SSI reveals a broader problem of pseudo-classification of information in federal departments and agencies. Limits on such labeling of information are needed to provide greater transparency and accountability to the public while promoting information security.
Problems with TSA’s application of the SSI designation date back to 2004, including inconsistent application of the designation. TSA improperly designated certain information as SSI in order to avoid its public release. TSA repeatedly released information to the public against the advice of the SSI office and without having produced suitable documentation to explain the decision.
The structure and position of the SSI office within TSA has contributed to the difficulties the office has encountered in carrying out its mission. TSA has moved the office within the agency’s organizational structure several times. One official stated the office moves have effectively relegated it a “throwaway office.”
TSA made significant improvements to its SSI designation process following the Committee’s investigation.
The TSA Administrator should provide documentation and an explanation for his or her decision to override a previous SSI determination in writing to the SSI office before the release is made in order to provide the SSI office with an explanation of the Administrator’s justification and promote consistent treatment of future SSI designations.
The Department should undertake an evaluation of the SSI Office’s position within TSA’s organizational structure, to ensure that the office has the support it requires to carry out its mission.
Executive Branch departments and agencies must curtail the widespread use of pseudo-classification of information, which hinders transparency. Agencies must track and report the use of such labels on information to ensure consistency and limits on their use.
The examples set forth in this report raise valid concerns as to whether TSA consistently uses the SSI designation appropriately. While the agency has made some improvements to the program, additional steps may be necessary in order to insulate the integrity of the SSI process. TSA must ensure consistent and appropriate application of the SSI designation. TSA officials should always consult the SSI Office when making decisions either to designate information as SSI or to release information that has been or could be designated SSI. Documentation authorizing the release of SSI must be issued prior to the release, rather than after the fact.
Further, the TSA Administrator should consider the location of the SSI Office within TSA’s organizational structure so that it can perform its work free from political interference. More broadly, Congress must strongly encourage agencies to curb the use of pseudo-classification of information. The proliferation of the use of unclassified designations in Executive Branch departments and agencies has a profound impact on public access. Strict enforcement of rules governing the use of such designations is necessary to prevent abuse and to maximize public access to government information. Agencies must make greater efforts to track and report the use of such labels on information, as it has become clear that consistency is lacking and better controls are needed.