In a column last week, CNET News.com's Declan McCullagh TSA's Web site after obtaining the password in an unauthorized manner. At the time, anyone could download the encrypted documents, but a password was required to open and read them.on whether he would be violating the contentious Digital Millennium Copyright Act (DMCA) if he viewed downloaded documents from the
The DMCA contains a provision that prohibits cracking protections on copyrighted works, or publishing information about how to do so, without permission from the owner--a ban that could include accessing data with an improperly obtained password. Violation of the statute could carry criminal penalties including fines and jail time. Government documents are not necessarily protected under the DMCA, but these particular reports were apparently prepared by an outside consultant and may have been subject to the law.
Other news reports questioned the effectiveness of the TSA's security method--particularly because it would be impossible to determine whether someone opened the documents without permission after downloading them onto a personal computer.
CNET News.com had obtained a password to unlock the documents--which at the time were "restricted to airport management and local law enforcement"--from a confidential source.
The incident raises questions about the scope of the DMCA and whether governments and corporations may increasingly remove data from the Web rather than maintain password-protected files that may spark murky legal situations.
The TSA, which is dealing with the fallout of a Dec. 31 baggage-screening deadline, did not return calls seeking comment.