Report concludes internal e-mail compromised airport security test

A Transportation Security Administration official compromised the covert testing of airport security screeners by sending out an e-mail about the testing and did not report the compromise, according to a report by the Homeland Security Department's inspector general.

An unidentified official in TSA's Office of Security Operations sent out an e-mail on April 28, 2006, that contained the subject line "Notice of Possible Security Test," according to the report, which is dated March 20 and released on Friday. The message warned TSA employees that the Federal Aviation Administration and Transportation Department were conducting a secret test in April 2006 of airport security checkpoints at Jacksonville International Airport in Florida. The e-mail also contained information about how the test was to be carried out and the physical appearance of officials doing the testing, and it warned TSA employees to pay attention to passengers' identification.

In all, security at 12 airports were targeted for testing.

"Our review confirmed that TSA officials compromised our covert testing methods and made no effort to report the compromise to OIG," the DHS inspector general reported. "TSA's disclosure of covert testing procedures was inappropriate, and thus potentially undermined the integrity of our ongoing covert testing."

TSA former Administrator Kip Hawley told the House Committee on Homeland Security in November 2007 that the e-mail was a mistake, and there was no intent to alert screeners of the test.

The inspector general disputed that conclusion, however, saying the e-mail was sent out to 388 users of a system that TSA employees used to connect more than 400 airports. Within 14 minutes of the e-mail being sent, Mike Resolovich, an assistant administrator at TSA, attempted to recall the message, but did not notify the IG that the test had been compromised. Resolovich did not send out the initial e-mail, according to the inspector general, but because he had not alerted the inspector general's office that TSA employees knew about the test, he potentially undermined tests at 11 additional airports, the report noted.

"The fact that the assistant administrator recalled the message is evidence that TSA officials considered it to be inappropriate and not an indication of unauthorized testing by nongovernment entities as initially interpreted," the report stated. "Further, there is no record of any attempt by TSA personnel to notify any appropriate law enforcement agency, including divisions within TSA, that unknown individuals were testing airport security."

TSA strongly disagreed with the inspector general's conclusion that the covert testing had been compromised. "There's no evidence that the release of the message compromised covert testing," said TSA spokesman Greg Soule. "There was never any intention or an attempt to circumvent covert testing. This incident happened two years ago, changes have been made to the field communications system, including a high-level review to ensure this type of event doesn't occur again."

The report did note that four TSA officials stationed at three airports scheduled for testing after Jacksonville received the e-mail. "At a minimum, TSA is complicit in the compromise," the inspector general said.

TSA claimed the e-mail was an attempt to alert screeners about potentially unauthorized testing, but the report points out the message expressly acknowledges that federal authorities were conducting the testing.