Watching the TSA SOP document leak story grow

I suppose that it was inevitable that the TSA would eventually fall on their face and do something like this.  “Secure” documents have a habit of slipping out every now and then and the TSA has been around long enough at this point that the odds were no longer in their favor.  What is interesting to me is how this particular action actually blossomed into a full-blown media event.  A TSO shows up to work with a gun in his pocket and the media eventually gets bored and walks away.  But this is a juicy one.  It has “secrets” in it and who doesn’t like discovering a secret? 

Watching the story grow through web statistics has been interesting for me over the past couple days.  This isn’t the first time I’ve posted about the TSA doing something stupid but it is most certainly the first time it has grown legs.  So just exactly how did it happen?  Here’s the timeline as best as I can recreate it.

Around 3pm on Saturday, December 5th a link was posted on to the FBO.GOV website where there were details of a contract for screening services in Montana that had been out for bid (the FBO link is dead now; there is a cached copy here).  In that bid package there were a number of attachments including two different “redacted” copies of the TSA’s Screening Management SOP.  The copies were actually slightly different but the general content was substantially the same.  That post was out there for almost 24 hours before I stumbled upon it and decided to see what was in the document.  Three clicks later I was reading a “redacted” copy of the SOP, something that the TSA meant to put online.  About 10 minutes and a couple more clicks later, however, I was one of a couple folks who realized just what we were looking at and what the situation was.  It took me another hour to get a blog post together and at 4:16pm EST on Sunday afternoon the post went online.  

My blog doesn’t have all that many readers regularly so I’m honestly not really sure how it went from there.  What I do know is that someone thought it was worthy enough to put a link up on, a self-described “Hacker News” social media site.  From there the story made it to the Wired Threat Level blog as well as (two sites that I really enjoy, FWIW) and Jaunted.  On Monday The Register in the UK picked up the story as well, noting how foolish security through obscurity generally is in the process.  Chris Elliott, a syndicated travel writer also picked up on it during a chat on Monday afternoon and posted a blurb about it on his blogUS News & World Reports had a piece as well.

At that point the story probably could have died.  But it didn’t.  Tuesday saw the story picked up by SlashDot in the morning and Gothamist in the afternoon.  Fortunately the site is hosted by systems that can handle the resulting SlashDot effect and the blog has stayed online. 

And then, it went mainstream.  The Cleveland Plain-Dealer had an article out on the story on Tuesday afternoon.  ABC’s World News Tonight led off their broadcast with the story (and some really bad computer stock images).  The Washington Post followed up on the story as well.  That story was published late Tuesday evening online and is on the front page, below the fold, of today’s print edition.  The Associated Press put together a piece that was been picked up by a number of outlets on Tuesday evening, including USAToday, Yahoo! and MSNBC.

Overnight Tuesday night/Wednesday morning the BBC got into the game and USAToday had an original piece in their Today in the Sky blog.  It was on page A22 of the dead tree edition of the NY Times, running the AP wire piece as well.

Yeah, to say that this one has legs is a bit of an understatement.

I’m sure I’ve missed a number of the sources covering the story at this point.  The good news is that this is out there.  Hopefully the correct questions are asked as a result of the leak and hopefully we can move towards a system that actually represents security rather than security theatre.  I’m not holding my breath.  Oh, and I’m still waiting to hear back from the TSA on a number of open questions about this issue.  Conversations with elected officials will be my next step as hopefully they can actually compel the TSA to answer the questions that they seem likely to brush me off on.

Never miss another post: Sign up for email alerts and get only the content you want direct to your inbox.

Seth Miller

I'm Seth, also known as the Wandering Aramean. I was bit by the travel bug 30 years ago and there's no sign of a cure. I fly ~200,000 miles annually; these are my stories. You can connect with me on Twitter, Facebook, and LinkedIn.


  1. Thanks for sharing that link. It was inevitable that a scapegoat would be found eventually. Off they shall wander into the desert, carrying the sins of their overseers on their backs. Sad, perhaps, but that's the way thing work in government.

  2. KTVU (, the local Fox affiliate in the Bay Area, covered the story today during their morning news show. I didn't catch it all since I just use them for background noise, but their teaser before the commercial was something along the lines of "When we come back, we'll tell you about the greatest airport security breach since 9/11".

    Gotta love US (local) news casts 😉

Comments are closed.