The Transportation Security Administration could improve the way it identifies and redacts sensitive security information, according to a report from the Office of Inspector General.
Sensitive Security Information is defined as information gathered in security activities, which would constitute an unwarranted breach of privacy, reveal trade secrets or be detrimental to transportation security.
There have been previous concerns about the way TSA handles sensitive security information. In May 2016, the House Committee on Homeland Security requested that the OIG review TSA’s use of the SSI designation, citing concerns that TSA was using the designation to withhold information from public scrutiny. In a December 2016 report, the DHS Inspector General expressed similar concerns to TSA about “abusing its stewardship” of the SSI program. The Inspector General reiterated the concerns in the December report to Congress in 2017, which led to this most recent review.
In this review, the OIG found that although TSA has adequate policies in place for reviewing sensitive security information, some of its critical guidance on identifying such data needs to be updated. In particular it pinpoints SSI ID guides, which are designed to help program offices and DHS personnel decide whether certain information is SSI. The OIG found that some of these guides had not been updated for many years – some not for up to a decade.
The OIG also found that while the guides still need updating, TSA ought to be recording its reasons for changing its stance on redacting sensitive data. On the subject of redactions, the study also found a 10 percent error rate in reviews of redactions.
Finally, the OIG found that the TSA does not track challenges by stakeholders about SSI decisions or redactions. The report did conclude that in its course it has not found any unreasonable redactions, but it makes three recommendations: implement a schedule to ensure that SSI Identification guides are regularly updated, develop a tracking schedule for all SSI redaction challenges, and document justifications for changes in position on Sensitive Security Information and make the changes accessible to personnel.