Checkpoints and Borders Policy Debate - Nextgov: TSA wants spyware to screen employees’ digital activities for leaks

Some reporting by Aliya Sternstein:

Nextgov:
TSA wants spyware to screen employees’ digital activities for leaks
12:02 PM on June 21, 2012 (http://www.nextgov.com/cio-briefing/2012/06/tsa-wants-spyware-screen-employees-digital-activities-leaks/56393/)

A short quote:
The Transportation Security Administration is shopping for a computer program to snoop into the online activities of agency employees, including their keystrokes and emails, for signs of potential leaks, procurement documents reveal. TSA issued a solicitation (https://www.fbo.gov/?s=opportunity&mode=form&id=6b790f932382cb2aa5b5c7249820ac72&tab=core&_cview=0) for an “enterprise insider threat software package” Wednesday, the same day the Office of Special Counsel released a memorandum warning (http://www.nextgov.com/cio-briefing/2012/06/agencies-receive-stern-warning-about-reading-employees-emails/56398/?oref=ng-HPriver) all agencies against targeted email monitoring.

And here is the solicitation on FedBizOps:

FedBizOps:
Insider Threat Software
Solicitation Number: HSTS03-12-SSN-CIO571
Agency: Department of Homeland Security
Office: Transportation Security Administration
Location: Headquarters TSA (https://www.fbo.gov/?s=opportunity&mode=form&id=6b790f932382cb2aa5b5c7249820ac72&tab=core&_cview=0)

I hate the idea of employers spying on their employees, either with software like this or reading their emails or installing cameras in their workspaces, but they do have the right to make sure that employees are abiding by the terms of their employment.

I did find this quote to be somewhat infuriating, though:

On Thursday evening, TSA spokesman David A. Castelveter said in a statement, "As the agency whose serious responsibility it is to deal with national security, TSA must remain vigilant to safeguard sensitive information in order to secure the nation's transportation systems. This software is intended to assist in carrying out that mission. This initiative will be used in accordance with all federal laws and will be reserved for specific instances that meet TSA's qualifications for an insider threat."

Since when is TSA a "national security" agency? They're mall cops.

Also, the idea that this software will be "reserved for specific instances" is ludicrous; it's useless unless it's installed on every computing device in the agency. Besides, they said AIT would not be used as primary screening, yet in most airports that have it, it IS used as primary, at least part of the time.

I still find it outrageous that TSA has created the BS category SSI, which deliberately subverts federal law regarding the classification of information. I'd love to see a SCOTUS decision invalidating such bogus end-runs around the law.

This software is clearly part of a program to prevent/punish/discourage TSA employees from releasing embarrassing information, not to address real insider security threats.

But what does this say about the 50,000 fine and upstanding :rolleyes: employees of TSA? At best, their hiring and supervision processes are broken. Most likely the biggest vulnerabilities come from WITHIN the system.

Insider issues, huh? TSA should immediately require their clerks and every other person entering the airport to the same process us passengers have to follow.

And finally... Nappy should get a pat down every morning on TSA TV to lead by example.

(sorry for the last one... still hoping for a pucky smiley)

One word: Smartphone.

Two words: TSA Fail.

This software is clearly part of a program to prevent/punish/discourage TSA employees from releasing embarrassing information, not to address real insider security threats.

This. Especially when TSA employees represent the largest security threat at the airport.

Since when is TSA a "national security" agency? They're mall cops.

I still find it outrageous that TSA has created the BS category SSI, which deliberately subverts federal law regarding the classification of information. I'd love to see a SCOTUS decision invalidating such bogus end-runs around the law.
Like it or not, the TSA is tasked with "national security", just at the operational level. Ok, there are 2 DHS departements that are elements in the USIC (US Intelligence Community)... Office of Intelligence and Analysis (I&A), and Coast Guard Intelligence (CGI). Yet TSA is not in there. TSA has 16 Assistant Administrators (what's up with this 16 thing?), and there's at least one group under TSA that are FLEO's... under the Federal Air Marshal Service. The TSA that we speak of most of here fall under Security Operations... those are the "mall cops".

Yet I will agree the SSI has gotten out of hand. The use of "could endanger current or future operations" has gotten out of hand. I'm now hearing the term "Law Enforement Sensitive", which really sounds like "it would not be to our benefit to share". What's really got me confused is that the President has now claimed Executive Priviledge over documents over at the Judicial Branch... anyone else find that a bit confusing? Granted, it's a political mess in an election year, yet crossing branches?

I vote for a new category... Private Citizen Sensitive.

I know of one employer that has installed data leak protection software on each and every computer used by it's employees. In addition, all data passing through the firewall is subject to DPI with keyword monitoring. SSL connections are intercepted & monitored. Company also blocks all connections to Siri on Apple equipment owned by the company or operated through the firewall (VPN).

What is uncertain is whether similar software is installed by employees that connect from home computers via webmail.

Most employees of the company use smartphones or other connections outside the company firewall for all personal contacts.

Some additional coverage:

Information Week:
TSA Wants To Monitor Employee Computer Activities
Transportation Security Administration seeks software to monitor employee keystrokes, emails, attachments, screen captures, file transfers, chats, network activities, and website visits.
June 25, 2012 03:50 PM (http://www.informationweek.com/news/government/security/240002665)

A short quote:
The software must have the ability to monitor Windows OS, but the solicitation notes it also potentially should have the ability to monitor Mac OS X, as well.

Many of the capabilities TSA is looking for are commercially available now, but are used primarily for computer forensics, to look at activities after they have happened, said Chet Hosmer, VP and chief scientist with WetStone Technologies, a subsidiary of Allen Corporation that specializes in investigative software.

A good illustration that there is no honor among thieves.