Originally Posted by PTravel
Do TSOs have security clearances? I mentioned that, when I worked in aerospace, I held, at various times, Confidential and Secret security clearances. The former was relatively pro forma, but the latter was not -- I was required to disclose everywhere I'd lived from when I was 16, identify friends and associates, provide banking details and a variety of other personal information that was specifically and expressly investigated and verified by the FBI, who did things like visit my neighbors and make inquiries about me. I also had to sign a statement indicating I was aware of the criminal penalties for disclosing classified information. Even after receiving my Secret clearance, I was only once exposed to information that I would consider remotely related to national security, and that was the result of an accident -- something was delivered to my desk that should not have been (and, though it some 25 years ago, I still won't say what it was because I take the obligations I incurred in connection with the clearance seriously).
What security vetting do TSOs receive before they're exposed to "sensitive security information," whatever that is? What security does SSI carry? Confidential? Secret? Top Secret? Is it even classified? What I don't understand is how it can even be regarded as sensitive. When I ask a TSO, "why do you think you can do this?", and he says, "I can't tell you because it's SSI," wouldn't that imply that procedure is authorized as SSI, and I now know that? Is SSI subject to declassification review in the event of a FOIA request? It should be, by law.
I'd appreciate any illumination you can provide.
TSOs do not have security clearances, and SSI information is not classified. It is protected information, but not up to the point that classified information is. Releasing SSI to people without a legitimate need to know doesn't carry criminal penalties (that I'm aware of, and I might be wrong), but does carry civil penalties.
The procedure itself - the what, as it were; the physical act of what is done - is typically not protected information. You learn that just by
being handwanded, for example. The SSI part of the handwanding process (just to stick with that particular line) is the specific steps of what makes us do certain things, and what, in particular, we're looking for. Also, any information that the public would be told when they're at a security checkpoint is, by definition, not protected — which is how I could tell you, back when the information was relevant, that government-issued credential cards weren't acceptable as a sole form of ID (they are now, for the record) even though the exact page that the information was on has an SSI footer on it. Not
everything in the SOP is SSI, but TSA doesn't differentiate between SSI information and non-SSI information. So most people, out of that abundance of caution on not wanting to lose their job, just say that every part of it is SSI and call it a day. This is technically incorrect.
Fortunately, I'm fairly good at slicing between protected and non-protected information.
Also, SSI is exempt from FOIA.
Bruce Schneier did a really good piece on SSI back in 2005. Here's a bit:
In 1993, the U.S. government created a new classification of information -- Sensitive Security Information -- that was exempt from the Freedom of Information Act. The information under this category, as defined by a D.C. court, was limited to information related to the safety of air passengers. This was greatly expanded in 2002, when Congress deleted two words, "air" and "passengers," and changed "safety" to "security." Currently, there's a lot of information covered under this umbrella.
Here's the whole article.