Suspend airport body scanner program, privacy groups say
EPIC, Nader call for halt to deployments, seek review of scanners
Computerworld - The Electronic Privacy Information Center and consumer advocate Ralph Nader are urging President Obama to review the administration's plans to install whole body scanners at U.S. airports.
In a joint letter, Marc Rotenberg, the president of EPIC, and Nader asked the president to suspend deployment of the devices until a "comprehensive evaluation" of the effectiveness of the technology and potential health hazards, is completed.
The letter pointed to an event hosted last week by EPIC and Nader's Center for the Study of Responsive Law (CSRL) at which aviation security and radiation experts discussed the potential impact of whole body scanners. Conference participants also included members of the Muslim community and air travelers who have been placed on watch lists and are subject to secondary screenings, according to EPIC.
Based on the discussions at the event, it is evident that body scanners can be easily defeated by concealing explosive materials in body cavities, the letter says. There is also little information on the health risks posed by the use of such scanners, according to the letter. The fact that the systems can be configured at any time to record and store images of travelers also raises privacy questions, the letter says.
"The public does not currently understand the inability of these devices to detect the types of explosive materials that could be used or the possible risks to privacy and health," Rotenberg and Nader wrote. "The Department of Homeland Security has made significant mistakes with similar programs in the past," they added, citing as an example the agency's discontinued effort to equip airports with so-called explosive trace portals (ETP), which are designed to detect traces of explosives on travelers' clothing.
Speaking with Computerworld today, Rotenberg said the goal is to try to persuade the administration to conduct a review of whole body scanners similar to the three-month review underway in the European Union.
"Obviously there are groups that favor canceling the program entirely," Rotenberg said. "All we have said is that there needs to be an independent review that could be similar to what the EU required back in January," Rotenberg said. I think there are also some issues that need to be discussed from a security standpoint," he said.
Whole body imagers, or advanced imaging technology (AIT) scanners as the government calls them, are designed to detect non-metallic weapons and explosives concealed under a passenger's clothing, such as the explosive PETN powder that the would-be Christmas Day bomber concealed in his underwear.
The scan creates an image of an individual's body. Privacy advocates have blasted the plan to install such devices, saying they enable virtual strip-searching of passengers at U.S. airports. However, polls taken in the wake of the attempted bombing attempt appear to show growing public support for use of the technology.
The U.S. Transportation Security Administration (TSA) plans to deploy about 200 AIT scanners at airports around the country by the end of this year. By 2014, close to 900 of the machines are expected to be installed at a cost of $130,000 to $170,000 per scanner. The current TSA budget asks for close to $450 million for 500 scanners.
The concerns expressed in this week's letter from EPIC and the CSRL are similar to those mentioned in a report released by the Government Accountability Office last month.
Like EPIC and the CSRL, the GAO called for a thorough vetting of the scanners and highlighted the TSA's botched attempt to deploy ETPs at airport checkpoints as an example of what can go wrong with technologies that are not properly vetted. The TSA procured more than 200 ETPs in 2006 and deployed over 100 of them at 36 airports even though tests on earlier models showed them to be unreliable, the GAO noted.
The TSA, meanwhile, maintains that the scanners are vital to bolstering security at airport checkpoints. The agency has also played down privacy concerns related to the technology and pointed to the controls it has in place for ensuring passenger privacy rights. As an example, the TSA said that all full-body scanners are delivered to airports without the capability to store, print or transmit images. It said each image is automatically deleted after it is cleared by the officer looking at the images. Faces are also blurred and the agent checking the images is located in a separate room away from the scanners, the TSA has said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts