TSA to test privacy-enhancing software on whole body scanners

Computerworld - The Transportation Security Administration (TSA) will soon begin testing new software designed to better protect the privacy of individuals passing through its full body scanners at U.S. airports.

The TSA says that the new software will eliminate the passenger-specific images that are generated by current Advanced Imaging Technology machines and replace them with generic images instead.

The software is designed to automatically detect potentially dangerous items on a person and to indicate its location on a generic outline of the individual, the TSA said in a statement .

Testing of the new software began today at Las Vegas' McCarran International Airport. Similar tests are scheduled to begin over the next few days at Atlanta's Hartsfield Jackson airport and at the Ronald Reagan National Airport in Arlington, Va.

The testing is being done to confirm if the new software will yield the "same high level of security" as the body scanners currently in use at U.S airports, but with better privacy protections, TSA Administrator John Pistole said today in a statement.

The TSA's move to test the new privacy-enhancing software appears designed to defuse stubborn concerns relating to the use of such systems. Though polls have suggested that a majority of Americans support the use of such scanners, several groups have expressed concerns over the technology and have asked for a through review of its usefulness.

Whole body imagers or advanced imaging technology (AIT) scanners, as the TSA calls them, are supposed to help detect non-metallic weapons and explosives concealed under a passenger's clothing. One example is the explosive PETN powder that would-be Christmas Day bomber Umar Farouk Abdulmutallab concealed in his underwear.

The TSA has already deployed, or is deploying, hundreds of such scanners around the country. By 2014, about 900 of the machines are expected to be installed at a cost of $130,000 to $170,000 per scanner.

Groups such as the Electronic Privacy Information Center (EPIC) have said that the detailed, three-dimensional images of passengers that are generated by such scanners are overly invasive and equivalent to a physical strip search. They have also challenged the TSA's claims about the efficacy of such systems in helping detect concealed threats.

EPIC and others have been pressing for a complete review of the technology and of its privacy implications. Even the Government Accountability Office (GAO) has called for a more thorough vetting of the technology over similar concerns.

The TSA has steadfastly downplayed such concerns. It has noted that the images generated by the scanners are too indistinct to identify individuals. It also notes that the agents who actually see the scanned images are located in a viewing station some distance away from the actual scanner so they have no idea of who is being scanned at any time.

The TSA has also repeatedly insisted that its scanners do not store images of scanned passengers -- an assertion that has been challenged by EPIC and others.

EPIC said today that the TSA's moves do not go far enough. "We are not at all convinced," that the new software will address privacy concerns, said Marc Rotenberg, president of EPIC. He said using the new software would actually create new privacy concerns because the TSA has indicated that it no longer needs a remote viewing facility once the new software becomes operational.

"We will be filing a FOIA lawsuit this week for more information about the revised airport screening software," Rotenberg said. He added that EPIC's previous lawsuit seeking a suspension of the body scanning program is scheduled for March 10 before the D.C. Circuit Court of Appeals.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at  @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about Privacy in Computerworld's Privacy Topic Center.