Give Now

We must close the loophole that allows law enforcement to buy our personal data without a warrant.

Holding the Government Accountable
|
Analysis

House Report Faults TSA Security Marking in Air Marshal Case

Last month, the House Committee on Oversight and Government Reform published a joint staff report on the problems with the Transportation Security Administration’s (TSA) use of the “Sensitive Security Information” (SSI) pseudo-classification. The Committee found that TSA has had “organizational problems” with the application of the SSI designation dating back to 2004, and blames TSA leadership for repeatedly ignoring the advice of its SSI Office.

Followers of the Project On Government Oversight blog will remember the story of Robert MacLean, a Federal Air Marshal who in 2003 blew the whistle on the Department of Homeland Security’s (DHS) attempt to remove air marshal coverage of “high-risk” flights. DHS was hoping to save money on hotel costs, a budget concern that, in the eyes of MacLean, paled in comparison to the risk of a potential terrorist attack. Marshals were informed of their canceled flights via an unencrypted text message, which was not originally marked as SSI. After placing unanswered complaints to his supervisor and the DHS Inspector General, MacLean shared the unclassified text message with the media, hoping that public pressure would force the TSA to reinstate the marshals’ coverage of flights. In August 2006, four months after MacLean was fired and years after the decision to reinstitute the air marshal program, the TSA retroactively designated the text message SSI and argued that MacLean must have understood the sensitive nature of this information that qualified it as SSI even if it wasn’t labeled as such.

MacLean challenged his dismissal under the Whistleblower Protection Act (WPA), but the government argued that his disclosures were not protected because TSA’s SSI regulations prohibit their release. In April 2013, the U.S. Court of Appeals for the Federal Circuit sided with MacLean, ruling that agency regulations do not trump a federal employee’s protections under the WPA. The TSA’s appeal of the Federal Circuit’s decision will be heard this fall by the U.S. Supreme Court.

Under the Air Transportation Security Act (ATSA) of 1974, the Federal Aviation Administration (FAA) created SSI as a category for information that was sensitive but unclassified and that could be detrimental to transportation security if published. SSI includes topics such as hijacker profiles, baggage screening protocols, airport or air carrier security programs and plans, terrorism, and air piracy. Within the TSA, a special SSI Office was created to assist in the SSI designation process. However, the final authority of SSI labeling rests with the TSA Administrator, who is required to provide the SSI Office with written documentation of all SSI decisions.

The House Oversight Committee’s joint staff report reveals multiple instances when the SSI Office was not consulted on the potential designation of sensitive material or when the Administrator ignored the advice of the SSI Office. The report also documents instances when the TSA’s Office of Public Affairs (OPA) publicized information about the presence of air marshals aboard commercial flights without the approval of the SSI Office, information very similar to that in the text message at issue in the MacLean case.

Certainly, this case exposes problems with federal agencies using control markings (sensitive but unclassified (SBU), now termed “controlled unclassified information” (CUI)). For years, each executive agency has been able to create its own individualized marking terms under the CUI umbrella, which tend to confine unclassified information within its originating agency. One major concern is agencies marking everything CUI to limit its dissemination and thereby preventing public access to releasable government records.

Equally important is how this case highlights the WPA’s public interest benefits. Strong protections for whistleblowers provide checks on government agencies. MacLean may very well have prevented a terrorist attack by demanding that air marshals be kept on “high-risk” flights; he revealed a glaring lapse in judgment by the TSA that should not be protected by the pseudo-classification of information. His plight as a whistleblower stems from the TSA’s subsequent defense and retroactive decision to hide behind the SSI designation.

Although the Committee’s report recommends that the TSA improve the organization of its classification program, the more important take-away is the need for Congress to curb the proliferation of the use of CUI markings throughout the government. Last month, POGO exposed how the Department of Defense Inspector General is marking reports “For Official Use Only” (FOUO), which conceals those reports from the public for a year or longer. Agencies must make greater efforts to limit their use of pseudo-classification labels that are used to conceal information from Congress, the media, and the public.

Changes are forthcoming, but limiting CUI markings has been slow, to say the least. In 2010, President Obama issued Executive Order 13556, which requires a conversation between the executive departments or agencies, other stakeholders, and the general public to consolidate and standardize the use of CUI designations. A presidential task force found that there are more than 100 different policies for disseminating information across the executive branch. The National Archives and Records Administration (NARA)—the agency tasked with implementing a streamlined CUI designation system—acknowledges that the proliferation of CUI markings has resulted in “inefficiency and confusion, leading to a patchwork system that fails to adequately safeguard information requiring protection, and unnecessarily restricts information sharing by creating needless impediments.” NARA is expecting to release a proposed rule for public comment later this year, and to fully implement a government-wide CUI program in fiscal year 2018. Until then, executive agencies can still hinder the circulation of information that should be available for wider scrutiny through the use of their individual CUI labels, such as SSI.

When the Supreme Court takes up Robert MacLean’s case in October, it will choose between defending the TSA’s retroactive use of a CUI label to cover up its poor decision-making and upholding the necessary protections that should be afforded to whistleblowers. POGO will support MacLean, and will keep you informed on the developments.