Hours after two TSA agents served a civil subpoena on blogger Steven Frischling last week to uncover the anonymous source of a leaked document, an unusual message appeared on the blogger's Twitter account.

"To the gentleman who sent Flying With Fish the TSA Security Directive ... Thank You! Can you drop me an email?I have a question. Thanks-Fish."

Now conflicting stories about origins of the message have emerged, underscoring the unusual measures taken by the TSA in tracking down the leak, and the actions of a blogger under extraordinary pressure over the publication of unclassified government information.

According to someone familiar with the incident, one of the TSA agents, while in possession of Frischling's BlackBerry, typed the message in the blogger's Twitter account. He then handed the BlackBerry back to Frischling and asked him to click on the "send" button to post the message to his Flying With Fish Twitter page, the source offered to Threat Level.

The honeypot message was intended to draw the source out of hiding so that agents could obtain his e-mail address, which would allow investigators to subpoena the source's e-mail provider to obtain his IP address. Once the agent had written the message, he handed the BlackBerry back to Frischling to publish it, "So that they could then say we didn't send that," the source told Threat Level.

A TSA spokeswoman, however, has denied that either of the agents drafted or wrote the message or asked Frischling to hit a button to post the message online.

Frischling, a freelance travel writer and photographer in Connecticut, didn't respond to calls for comment about the tweet and never mentioned the Twitter message during several conversations with Threat Level last week. He has indicated in subsequent messages on his Twitter account that he would not identify who wrote the message that was directed at his source.

The controversy adds yet another twist to an investigation that has been described as heavy-handed and excessive.

A blogger named Dennis Schaal speculated on Saturday that the TSA might have written the tweet message and asked Frischling about the timestamp on the message. Frischling told Schaal that the BlackBerry from which the message was posted to Twitter was set to Pacific standard time and that the local time in Connecticut was around 10pm when the message was posted. Frischling previously told Threat Level that the TSA agents were at his house from 7pm to about 9pm, when they left briefly before returning around 10pm and staying for another hour or so. This would put them in his home around the time the message was sent.

Schaal suggested that Frischling's cooperation in sending the message to ensnare his source made him more of an accomplice in the TSA's investigation than he has previously acknowledged.

"Identifying the author of the tweet is important because Frischling argues that he acted appropriately in facing the TSA onslaught," Schaal writes. "But, the Dec. 29 tweet from Frischling’s account makes it appear that he became part of the hunt to help the TSA identify the source of the leaked document.…"

The TSA's denial suggests that Frischling was solely responsible for the message.

Frischling has been criticized by TechCrunch's Michael Arrington for cooperating with the agents, saying that Frischling "caved" to the TSA. Arrington argues that bloggers have the same responsibility as mainstream journalists to protect their sources if they want to be taken seriously as journalists.

Frischling and another blogger named Christopher Elliott received home visits from Transportation Security Administration agents last Tuesday after the agency published a controversial, new directive that revised screening procedures and put new restrictions on passengers in the wake of the Christmas Day bombing attempt by the so-called underwear bomber.

The agents served each of the bloggers with a civil subpoena demanding information on the anonymous source who provided them with the TSA document. The document was not classified – but was marked Sensitive Security Information, or SSI. Although it is not illegal for journalists or bloggers to publish SSI, government employees can lose their job for disclosing the information to unauthorized people.

Elliott refused to comply with the subpoena and indicated to the TSA that he would challenge it in federal court. Frischling cooperated fully and allowed agents to search his BlackBerry, iPhone and laptop.

The TSA has been heavily criticized for its tactics in trying to uncover the identity of the person who leaked the document. The TSA directive was sent to airport and airline personnel around the world, a list that likely included thousands of recipients. The use of a subpoena to uncover a journalist's source is considered extraordinary. Even in the case of the 2005 New York Times story about the Bush administration's warrantless wiretapping, the Justice Department refrained from using that tool against the reporters who published the information.

Frischling, who writes a blog for the KLM Royal Dutch Airlines as well as a personal blog, told Threat Level last week that his anonymous source had sent him the TSA directive after he'd posted messages to his Twitter account describing his frustrated attempts to obtain more information from the TSA about the new security procedures.

Both he and Elliott received the document separately and published it within minutes of each other on Dec. 27. Two days later, two agents visited Frischling at his home arrived around 7 p.m. One of the visitors was TSA Special Agent John Enright.

Frischling told Threat Level that the two agents threatened to get Frischling fired from his KLM contract and indicated they could get him designated a security risk, which would make it difficult for him to travel and do his job, unless he identified his source.

Frischling said the source had sent him the document anonymously using a Gmail account, but he had already deleted the e-mail after publishing the security directive and couldn't remember the sender's full address. The Gmail address consisted of the name “Mike,” followed by random numbers and letters. Frischling determined, after speaking with an attorney, that he might as well cooperate with the TSA agents since he had little information about the source and there was no federal shield law to protect him.

The agents searched through Frischling’s BlackBerry and iPhone, but couldn't find anything from the source. The agents then told Frischling that they wanted to take an image of his hard drive. They went to WalMart to buy a hard drive, but when they returned, they were unable to get it to work.

The agents left around 11 p.m., after which Frischling began tweeting about the experience, tipping off the source and anyone else who was reading his Twitter account that the TSA was investigating the leak of the document.

"It is not fun being visited by two US Federal Special Agents with two kids behind you in the living room & one in your arms," he wrote in a couple of tweets. "Yesterday I was joking about the DHS reading my blog & the black helicopters...it wasn't quite as amusing this evening. . . . I was visited by the Feds tonight."

The agents returned to his house Wednesday morning and, with Frischling’s consent, seized his laptop, which they later returned after copying the hard drive.

Last Thursday, in the wake of public outcry against the TSA for serving civil subpoenas on the bloggers, the government agency canceled the legal action and apologized for the strong-arm tactics agents used. According to a source who spoke with Threat Level, the administration said it had obtained what it needed and therefore the subpoenas were no longer necessary.

This post was updated with a response from the TSA.

See also: