Brief: TSA sub­poe­nas blog­gers to find source of secu­rity doc leak.

The Trans­porta­tion Secu­rity Admin­is­tra­tion is attempt­ing to find the source of a leak of a sen­si­tive secu­rity direc­tive that fol­lowed a failed air­line bomb­ing attempt on Christ­mas Day. Two travel blog­gers have revealed that they have been sub­poe­naed to pro­vide infor­ma­tion that may lead to the source of the leak.

Shortly after an attempted “under­wear” bomber was dis­cov­ered on North­west Air­lines Flight 253 from Ams­ter­dam to Detroit on Decem­ber 25, the Trans­porta­tion Secu­rity Admin­is­tra­tion issued imme­di­ate, tem­po­rary changes to secu­rity pro­ce­dures in an attempt to pre­vent sim­i­lar inci­dents. The par­tic­u­lar details of those changes were issued in an inter­nal secu­rity direc­tive, intended only for TSA employ­ees. How­ever, copies of the direc­tive were leaked to sev­eral blog­gers and quickly spread around the ‘Net.

Writ­ers Chris Elliott and Steven Frischling both received copies of the secu­rity direc­tive from anony­mous sources, and both pub­lished the text of the direc­tive after mass con­fu­sion set in among hol­i­day trav­el­ers affected by the sud­den changes in secu­rity pro­ce­dures. It appears that the TSA is not pun­ish­ing either for pub­lish­ing the doc­u­ment; rather, they are try­ing to find the source of the leak.

“The DHS & TSA are tak­ing this mat­ter seri­ously, and that tells me that they are pay­ing atten­tion to secu­rity in detail,” Frischling wrote on his blog. So far, nei­ther has admit­ted to know­ing the iden­tity of the source of the TSA directive.

The leak is some­what embar­rass­ing for the TSA, though, in light of a recent leak of the entire con­tents of the TSA’s “Stan­dard Oper­at­ing Pro­ce­dures” man­ual online. That dis­clo­sure was due to improper redact­ing of the doc­u­ment, which the TSA later claimed to be out of date.

[Ars Tech­nica]

The les­son to be learned here is that if you find your­self in pos­ses­sion of infor­ma­tion which would embar­rass the gov­ern­ment, don’t pin a giant tar­get on your­self by post­ing it to your blog. Instead, use Tor to upload it anony­mously to Wik­ileaks.

My company’s Microsoft mail server has been flak­ing out all day, so I’m using the time to get acquainted with Google Wave. Thanks, IT guys!

Sprint fed cus­tomer GPS data to cops over 8 mil­lion times.

Christo­pher Soghoian, a grad­u­ate stu­dent at Indi­ana University’s School of Infor­mat­ics and Com­put­ing, has made pub­lic an audio record­ing of Sprint/Nextel’s Elec­tronic Sur­veil­lance Man­ager describ­ing how his com­pany has pro­vided GPS loca­tion data about its wire­less cus­tomers to law enforce­ment over 8 mil­lion times. That’s poten­tially mil­lions of Sprint/Nextel cus­tomers who not only were prob­a­bly unaware that their wire­less provider even had an Elec­tronic Sur­veil­lance Depart­ment, but who cer­tainly did not know that law enforce­ment offers could log into a spe­cial Sprint Web por­tal and, with­out ever hav­ing to demon­strate prob­a­ble cause to a judge, gain access to geolo­ca­tion logs detail­ing where they’ve been and where they are.

[Ars Tech­nica]

It’s well known by now (at least, to any­one who pays atten­tion) that cell phones are used to spy on the loca­tion and move­ment of their own­ers. This is the first solid infor­ma­tion I’ve seen on just how often the cops spy on people–and keep in mind that this is only one com­pany. It’s pretty much guar­an­teed that other com­pa­nies are equally eager to col­lab­o­rate with Big Brother.