Sensitive Security Information

Sensitive Security Information (SSI) is a specific category of sensitive but unclassified (SBU) information. In response to increasing threats against aviation security, including aircraft hijackings in the 1960s and 1970s, Congress required the FAA to create SSI to safeguard information that would be detrimental to transportation security if publicly released. The FAA issued the first SSI regulation (49 CFR Part 1520) in December 1976.

In the aftermath of the September 11, 2001 attacks, the Transportation Security Administration (TSA) was created in the United States to take responsibility for the security of all modes of transportation. Included in the responsibilities of this new agency was the authority to designate information as SSI. Originally housed in the Department of Transportation, TSA was transferred to the Department of Homeland Security as a result of the Homeland Security Act of 2002.

SSI categories
SSI includes information relating the screening of passengers, vulnerabilities of such screening, and training materials that, if leaked to the public could be used to overcome the various layers of aviation security. The SSI regulation provides 15 specific SSI categroies and a 16th category that provides the TSA administrator the ability to designate additional information as SSI. The 15 categories are:


 * 1) Security programs and contingency plans.
 * 2) Security Directives.
 * 3) Information Circulars.
 * 4) Performance specifications.
 * 5) Vulnerability assessments.
 * 6) Security inspection or investigative information.
 * 7) Threat information.
 * 8) Security measures.
 * 9) Security screening information.
 * 10) Security training materials.
 * 11) Identifying information of certain transportation security personnel.
 * 12) Critical aviation or maritime infrastructure asset information
 * 13) Systems security information.
 * 14) Confidential business information.
 * 15) Research and development.

The SSI regulation requires that only covered persons with a need to know may have access to SSI. Generally, persons covered by the regulation have a need to know SSI when access to the information is necessary to carry out transportation security activities. Those with a need to know include persons outside of TSA, such as airport operators, airlines, vessel and maritime port owners, and other persons. SSI cannot be shared with the general public, and is exempt from disclosure under the Freedom of Information Act.

An agency Final Order on SSI can only be challenged in the U.S. Circuit Court of Appeals.

Challenges
In Chowdhury v. TSA, the ACLU challenged the TSA's authority to withhold SSI from civil litigants and their attorneys in a Petition for Review pending before the U.S. Second Circuit Court of Appeals in New York. The ACLU is challenging the TSA's authority on 3 grounds:
 * Whether the TSA has the requisite statutory authority to withhold SSI from civil litigants and their attorneys, where TSA has determined that such disclosure would be detrimental to transportation security.
 * Whether the TSA's expert judgment to withhold SSI from civil litigants and their attorneys constitutes "actions committed to agency discretion by law"
 * Whether a TSA Final Order on SSI deprives the Plaintiff in this case of a constitutionally protected property interest without due process of law.

As of May 2005, the Second Circuit Court has yet to rule on the issue.