I understand the point. I was exploring the concept of, when is it OK to make security gaps public, possibly ones terrorists might use. The consensus answer here seems to be, anytime, with no consequences, because it helps things. That discussion led to two instances of Godwin’s Law being invoked.
When the person is an insider the leak concerns me more since may will assume that a pilot is aware of all of the levels of security and how it all fits together, which is not the case but lends credence and authority to the leak. Having someone else do your site survey for you is one less step in taking action.
And, I know what I’d do if I had a trusted employee casing my company and publishing exploitable vulnerabilities! Over all of his protests that he’s actually helping me, I’d make sure that his access to any more information was cut off immediately! That’s been my experience in industry, like the electronic game industry, to aerospace contractors, and the irradiation facility I mentioned above.
TSA comes up with specific responses to specific threats (real, theoretical, or imagined), overlaid with some good-intention might-be-a-good-idea general screening/security, then gets that run through Congress and the airlines association and all the unions. The result is a Charlie Foxtrot mishmash of stuff implemented and performed by people that are really good at following scripts and who are given almost no flexibility to change the script. It sucks, but it is the best we can cobble together until we can get some real reform and some “leaders” in Washington that actually like the USA and the citizens who live in it. Mapping blueprints of the holes and gaps certainly won’t help because, as I mentioned above, even if TSA tried to fix things, the bad guys can respond much quicker than TSA can ever dream of.
I think Congress should get out of the loop except to provide money to airports and airlines to hire private security firms whose metric is security and safety, not earmarks and CYA and counting how many people in your department.
That is not the consensus answer.
Scenario (1)...There is one unmarked door that leads to a critical security area at one airport. Its alarm contacts are broken, and there is a three week wait for spare parts, which are on order. Only four members of the security staff know this fact. Clearly in this case it would be reprehensible to publish the information.
Scenario (2)...There are unalarmed doors left open at airports all over the country. Thousands of people are seen to walk through those doors every day. Despite this fact being known throughout the security staff, no one seems to be able to get management to lock the doors. Equally clearly, in this case, public whistleblowing is appropriate.
“TSA comes up with specific responses to specific threats”
I must disagree: TSA (run bureaucrats who, by the inherent nature of their job, almost immediately lose focus on substance) comes up with generalized responses to specific threats. This might be the problem in a nutshell.
Failure to profile is failure to get specific.
This failure is so big, so pervasive that the risk from a pilot exposing it is less than miniscule in comparison and might bring enough attention to regain a little focus on specific responses to the substance of the threat.