Skip the navigation
News

Documents refute TSA privacy claims on body scanners, group says

Body imaging technologies can store, transmit images of airline passengers, EPIC says

By Jaikumar Vijayan
January 11, 2010 04:17 PM ET

Computerworld - The Transportation Security Administration is overstating the privacy protections applied in the use of whole body scanners at U.S. airports, a leading privacy advocacy group warned today.

As a result of a Freedom of Information Act lawsuit, the Electronic Privacy Information Center (EPIC) recently obtained U.S. Department of Homeland Security documents related to the use of whole body imaging technologies.

The documents "clearly refute" what the TSA has said about the devices on a number of fronts, said Marc Rotenberg, EPIC's executive director. They also show that the devices, which are based on Windows XP technology, may be vulnerable to tampering, EPIC said.

The documents show that contrary to the representations of the TSA, whole body imaging devices include the ability to store, record and transfer images of passengers screened at U.S. airports. The device specifications include hard disk storage, USB integration and Ethernet connectivity, all of which raise significant privacy and security concerns, EPIC said.

The advocacy group said the device's specifications allow the TSA to manipulate 10 variable privacy settings.

"Presumably, privacy can be dialed both up and down," Rotenberg said.

The TSA's technical specifications for the body scanners and its language in vendor contracts show that the systems also have a category of generic superusers who have the ability to disable privacy functions at any time, EPIC said. The group also drew attention to the fact that the systems are based on Windows XP Embedded with Ethernet connectivity and are therefore subject to all of the security risks associated with Windows.

In an e-mailed comment, a TSA spokeswoman today said the TSA is committed to ensuring the privacy of the traveling public to the greatest extent possible. "This technology is part of our multi-layered security strategy to stay ahead of evolving threats," she wrote.

On the DHS Web site, the department maintains that all full body scanners are delivered to airports without the capability to store, print or transmit images. It says each image is automatically deleted after it is cleared by the officer looking at the images. It also says the documents obtained by EPIC show that the TSA required the ability to store and export images only for use while testing the systems, and that the ability to change privacy settings was only possible in the testing phase. The machines also are not connected to one another, or to the Internet, making external hacking unlikely.

EPIC's concerns over the body scanning technology come amid what appears to be growing public support for use of the machines after a failed attempt to blow up a U.S. airliner on Christmas Day. In a USA Today/Gallup poll conducted last week, 78% of those surveyed said they approve of full body scans on airline passengers. About 67% said they would not feel uncomfortable if they were to undergo a full body scan at an airline security checkpoint.



Additional Resources
Forrester Consulting - Optimizing Users and Applications in a Mobile World
WHITE PAPER
Solving application issues over the WAN requires careful consideration. Based on their independent research, Forrester Consulting offers recommendations on how to tackle application performance issues, insufficient bandwidth and the inability to quickly restore users in a disaster.

Read now.

Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Privacy White Papers
Overcome Top 7 Admin Challenges of Active Directory
As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
Insiders Can Ruin Your Company. Take Action.
Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
Top Solutions and Tools to Prevent Devastating Malware
Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
Streamline Compliance and Increase ROI
Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...
X-Ray of the PCI Process-4 Proactive Steps
This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into...
All Privacy White Papers
Privacy Webcasts
A Road Map for Best Practice Social Media Acceptable Use Policy
Organizations around the world are racing to leverage the power of social media for business. Sites like Facebook are used for marketing, human...
Data Protection and Disaster Recovery with iSCSI and VMware
Get this on demand webcast now
Optimizing Networks for the Cloud
Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
All Privacy Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs