Risk
11/17/2010
11:57 AM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

TSA Turns To YouTube, Twitter Amid Security Backlash

The federal agency is using the Web to defend its use of body scanning X-ray machines and physical pat downs for increased airport security

As concerns grow over the Transportation Security Administration's new X-ray and pat-down procedures, both the agency and its critics are using the Web to get their sides of the story out.

In addition to regular blog and Twitter posts, TSA has turned to YouTube to deflect criticism over its airport security procedures. In response to a radio host who claimed she was handcuffed to a chair and screamed at by its agents, TSA posted security footage of the incident on YouTube.

The 20 minutes of security footage from Fort Lauderdale Hollywood International Airport shows radio host Meg McClain refusing to go through the X-ray machine, moving to a chair where she engages in a heated discussion with TSA officers, and being escorted to a different location. The episode appears shorter and less severe than McClain described on radio.

In a blog post pointing to the video, TSA called the account into question. "TSA takes situations such as this seriously and we immediately looked into it," a TSA official using the pseudonym "Blogger Bob"wrote. "But when inaccurate passenger accounts are made either via media outlets or on the blogs, TSA works to resolve them and present both sides of the story."

It wasn't the first time TSA used YouTube in response to complaints. Last year, the agency posted video from nine angles to rebut a blogger's claim that TSA officials took her baby out of sight while she went through a security checkpoint. And in 2007, TSA responded to a former Secret Service officer's complaint that she was improperly detained after accidentally spilling water from her child's cup by posting an official account and video of the episode.

TSA also used its blog this week to respond to what it described as a "very misleading" headline that seemed to connect the TSA with body scan images that originated with the US Marshal Service at a Florida Courthouse. TSA reiterated that its machines don't store images.

On its Web site, TSA has also tried to quell the uproar over its stepped-up security procedures by linking to a recent CBS News poll that found 81% of those surveyed support the use of full-body x-ray machines such as its new backscatter imaging systems.

"Footage posted to YouTube has been useful to dispel myths," says a TSA spokesperson. "Social media tools like Twitter, a blog, and YouTube are powerful ways to reach as many travelers as possible to inform them about security."

Air travelers, meanwhile, are using the Web to broadcast their dissatisfaction with TSA's security steps. After blogger John Tyner refused to go through a backscatter scanner and rejected a pat-down, he was escorted from the security area and told he could be slapped with a $10,000 fine. Though three videos he posted this week of the experience are mostly audio, with much of the incident out of sight, they have drawn about a million YouTube views.

TSA again turned to its blog to defend its practices, saying that they "just make good security sense."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-0965
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

CVE-2014-3022
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.