The Transportation Security Administration is overstating the privacy protections applied in the use of whole body scanners at U.S. airports, a leading privacy advocacy group warned today.
As a result of a Freedom of Information Act lawsuit, the Electronic Privacy Information Center (EPIC) recently obtained U.S. Department of Homeland Security documents related to the use of whole body imaging technologies.
The documents "clearly refute" what the TSA has said about the devices on a number of fronts, said Marc Rotenberg, EPIC's executive director. They also show that the devices, which are based on Windows XP technology, may be vulnerable to tampering, EPIC said.
The documents show that contrary to the representations of the TSA, whole body imaging devices include the ability to store, record and transfer images of passengers screened at U.S. airports. The device specifications include hard disk storage, USB integration and Ethernet connectivity, all of which raise significant privacy and security concerns, EPIC said.
The advocacy group said the device's specifications allow the TSA to manipulate 10 variable privacy settings.
"Presumably, privacy can be dialed both up and down," Rotenberg said.
The TSA's technical specifications for the body scanners and its language in vendor contracts show that the systems also have a category of generic superusers who have the ability to disable privacy functions at any time, EPIC said. The group also drew attention to the fact that the systems are based on Windows XP Embedded with Ethernet connectivity and are therefore subject to all of the security risks associated with Windows.
In an e-mailed comment, a TSA spokeswoman today said the TSA is committed to ensuring the privacy of the traveling public to the greatest extent possible. "This technology is part of our multi-layered security strategy to stay ahead of evolving threats," she wrote.
On the DHS Web site, the department maintains that all full body scanners are delivered to airports without the capability to store, print or transmit images. It says each image is automatically deleted after it is cleared by the officer looking at the images. It also says the documents obtained by EPIC show that the TSA required the ability to store and export images only for use while testing the systems, and that the ability to change privacy settings was only possible in the testing phase. The machines also are not connected to one another, or to the Internet, making external hacking unlikely.
EPIC's concerns over the body scanning technology come amid what appears to be growing public support for use of the machines after a failed attempt to blow up a U.S. airliner on Christmas Day. In a USA Today/Gallup poll conducted last week, 78% of those surveyed said they approve of full body scans on airline passengers. About 67% said they would not feel uncomfortable if they were to undergo a full body scan at an airline security checkpoint.
Whole body scanners are low-radiation X-ray machines designed to detect nonmetal weapons and explosives concealed under a passenger's clothing. The scan creates a graphic image of an individual's body under his or her clothes. The systems, which cost about $100,000, are used in nearly 20 airports. The TSA plans to expand its use of the machines to all major airports soon.
Proponents of the technology claim that the systems are vital to detecting nonmetal weapons, such as the explosive PETN powder that the would-be Christmas Day bomber concealed in his underwear.
In an opinion piece for the Washington Post earlier this month, former DHS Secretary Michael Chertoff warned against limitations on the use of the technology and insisted that the TSA has implemented all reasonable privacy measures. For instance, the TSA has limited the number of staffers who can see the images and uses software to blur the face of the individual undergoing the scan. The officer looking at the images is also situated in a private room away from the passengers who are being screened.
Those opposed to using the devices claim that they allow for the virtual strip search of passengers at U.S. airports. In previous complaints filed with the government, EPIC has said that the devices enable the capture of "detailed, graphic images of passengers' naked bodies" and that the machines could be easily programmed to store those images. Rotenberg said it is also unclear whether the devices are designed to detect powdered explosives, such as PETN.
The specifications describe "explosives," "weapons" and "liquid," but not "powder" he said.
Last June, the U.S. House of Representatives passed a bill that would impose limits on the use of whole body imaging technology for aircraft passenger screening. Among other things, the bill calls for the use of full body scanners only if another screening method demonstrates a justifiable cause. The bill is pending in the Senate.
Meanwhile, a coalition of privacy and advocacy groups that includes the American Civil Liberties Union and EPIC have called on the DHS to suspend deployment of the technology until privacy and security risks are evaluated.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, send e-mail to firstname.lastname@example.org or subscribe to Jaikumar's RSS feed .