Suspend airport body scanner program, privacy groups say
EPIC, Nader call for halt to deployments, seek review of scanners
Computerworld - The Electronic Privacy Information Center and consumer advocate Ralph Nader are urging President Obama to review the administration's plans to install whole body scanners at U.S. airports.
In a joint letter, Marc Rotenberg, the president of EPIC, and Nader asked the president to suspend deployment of the devices until a "comprehensive evaluation" of the effectiveness of the technology and potential health hazards, is completed.
The letter pointed to an event hosted last week by EPIC and Nader's Center for the Study of Responsive Law (CSRL) at which aviation security and radiation experts discussed the potential impact of whole body scanners. Conference participants also included members of the Muslim community and air travelers who have been placed on watch lists and are subject to secondary screenings, according to EPIC.
Based on the discussions at the event, it is evident that body scanners can be easily defeated by concealing explosive materials in body cavities, the letter says. There is also little information on the health risks posed by the use of such scanners, according to the letter. The fact that the systems can be configured at any time to record and store images of travelers also raises privacy questions, the letter says.
"The public does not currently understand the inability of these devices to detect the types of explosive materials that could be used or the possible risks to privacy and health," Rotenberg and Nader wrote. "The Department of Homeland Security has made significant mistakes with similar programs in the past," they added, citing as an example the agency's discontinued effort to equip airports with so-called explosive trace portals (ETP), which are designed to detect traces of explosives on travelers' clothing.
Speaking with Computerworld today, Rotenberg said the goal is to try to persuade the administration to conduct a review of whole body scanners similar to the three-month review underway in the European Union.
"Obviously there are groups that favor canceling the program entirely," Rotenberg said. "All we have said is that there needs to be an independent review that could be similar to what the EU required back in January," Rotenberg said. I think there are also some issues that need to be discussed from a security standpoint," he said.
Whole body imagers, or advanced imaging technology (AIT) scanners as the government calls them, are designed to detect non-metallic weapons and explosives concealed under a passenger's clothing, such as the explosive PETN powder that the would-be Christmas Day bomber concealed in his underwear.
The scan creates an image of an individual's body. Privacy advocates have blasted the plan to install such devices, saying they enable virtual strip-searching of passengers at U.S. airports. However, polls taken in the wake of the attempted bombing attempt appear to show growing public support for use of the technology.
The U.S. Transportation Security Administration (TSA) plans to deploy about 200 AIT scanners at airports around the country by the end of this year. By 2014, close to 900 of the machines are expected to be installed at a cost of $130,000 to $170,000 per scanner. The current TSA budget asks for close to $450 million for 500 scanners.
The concerns expressed in this week's letter from EPIC and the CSRL are similar to those mentioned in a report released by the Government Accountability Office last month.
Like EPIC and the CSRL, the GAO called for a thorough vetting of the scanners and highlighted the TSA's botched attempt to deploy ETPs at airport checkpoints as an example of what can go wrong with technologies that are not properly vetted. The TSA procured more than 200 ETPs in 2006 and deployed over 100 of them at 36 airports even though tests on earlier models showed them to be unreliable, the GAO noted.
The TSA, meanwhile, maintains that the scanners are vital to bolstering security at airport checkpoints. The agency has also played down privacy concerns related to the technology and pointed to the controls it has in place for ensuring passenger privacy rights. As an example, the TSA said that all full-body scanners are delivered to airports without the capability to store, print or transmit images. It said each image is automatically deleted after it is cleared by the officer looking at the images. Faces are also blurred and the agent checking the images is located in a separate room away from the scanners, the TSA has said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts