Agency drops all references to “insider threats”

Steve Watson
Nov 21, 2012

The TSA has reissued a purchase order for a contractor to develop spyware that will enable the agency to actively spy on its own employees without them knowing or consenting.

The agency has reworded the order, however, seemingly in a response to the fact that vendors were unhappy with the “insider threat” term used in the original. The move also serves as a way of circumventing a congressional demand that the TSA immediately cease all attempts to acquire such technology.

When the order was originally issued back in June, many believed that it represented a push by the TSA to crack down on leaks from potential whistle-blowers on the inside of the agency.

It asked a contractor to develop software that was capable of monitoring the emails, the web browser history, and even the keystrokes of TSA employees. It also required the ability to track the movement of documents and feed all the information through a central command center. reports:

“…the feedback from vendors suggested that the language in the request was too narrow in scope, an agency official told Nextgov. The official acknowledged that TSA is re-soliciting industry with no changes to the technical requirements.”

The new write-up reads: “The scope of this procurement is an enterprise solution to host-based monitoring and the collection of digital forensics information. The information assurance and cybersecurity division /focused operations branch supports areas of cyber threats and digital forensics. FO is seeking an enterprise technology that will automate enterprisewide host-based monitoring.”

The old scope read: “Focused operations is in need of a tool to help detect an insider threat. The focus is to monitor at the host level. FO has determined that the best method to monitor and detect insider threats is at the user host level. The scope of this procurement is an enterprise insider threat software package. In order to detect an insider threat, technology is required to monitor and obtain visibility into users’ actions.”

Both the original and the new order state that “The end user must not have the ability to detect this technology,” and should not be able “to kill the process.”

In other words, the agency does not want its employees to know they are being watched. The clear goal is to prevent leaks by whistle-blowers to anti-secrecy organizations such as wikileaks.

The TSA’s move to reissue the order comes in the wake of a DHS inspector general report, released in September, that concluded that the although the TSA has created an Insider Threat Working Group, and an Insider Threat Section, the agency does not have adequate countermeasures in place against potential information leaks.

The report recommended that the TSA should actively train all of it’s staff on data protection and “implement insider threat policies”.

The report also recommended that the TSA should centrally monitor all of its systems to ensure insiders do not tamper with, transmit or remove any information beyond the agency’s network.

In October, the ranking members of the Homeland Security Committee and the Transportation Security Subcommittee wrote to TSA head John Pistole, asking for clarification on what the TSA was doing regarding the matter.

Rep. Bennie Thompson (D-MS), and Rep. Sheila Jackson-Lee (D-TX) have been pressing the TSA on the issue of insider threat programs for many months now with little or no response.

In July the two sent a letter to the TSA outlining concerns that insider threat countermeasures planned for implementation at the TSA seem to be geared towards monitoring employees and interfering with legitimate attempts by employees to act as whistle-blowers.

In their letter, Thompson and Lee asked that “TSA immediately withdraw this solicitation and refrain from attempting to acquire technology with similar capabilities.”

“While the law governing TSA employees does not afford specific protections to ensure employee whistle-blower protections, the agency is not completely insulated from the affects of the Constitution,” they wrote. “It would seem that installation of the type of technology sought in the solicitation would enable TSA to monitor employee communications with the OSC, the department’s Office of Inspector General and the Congress of the United States.” the representatives concluded.

The TSA’s reissuing of the exact same purchase order for spyware to do the same job, albeit slightly reworded, represents a clear attempt to ignore the concerns of the representatives, and the limits impressed upon the agency by the US constitution. Instead, the TSA is attempting to press ahead with the program to actively spy on its own employees, and prevent workers such as Nilda C. Marugame and others from speaking out.


Steve Watson is the London based writer and editor for Alex Jones’, and He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham in England.

Take advantage of one of nature’s most hardworking nutrients with Vasobeet now at 40% off!

Related Articles