[IRP] Body scanners can store, send images, group says

Katitza Rodriguez katitza
Mon Jan 11 14:59:17 EET 2010



Body scanners can store, send images, group says
By Jeanne Meserve and Mike M. Ahlers (CNN)


    * 2008 documents indicate machines must have image storing,
    sending capabilities, group says

    * Electronic Privacy Information Center says requirement
    could lead to abuse

    * Written guidelines appear to contradict assurances made by

    * A TSA official says image saving can be done only in TSA
    test facilities

Washington (CNN) -- A privacy group says the Transportation
Security Administration is misleading the public with claims
that full-body scanners at airports cannot store or send their
graphic images.

The TSA specified in 2008 documents that the machines must have
image storage and sending abilities, the Washington-based
Electronic Privacy Information Center (EPIC) said.

In the documents, obtained by the privacy group and provided to
CNN, the TSA specifies that the body scanners it purchases must
have the ability to store and send images when in "test mode."

That requirement leaves open the possibility the machines --
which can see beneath people's clothing -- can be abused by TSA
insiders and hacked by outsiders, said EPIC Executive Director
Marc Rotenberg.

EPIC, a public-interest group focused on privacy and civil
rights, obtained the technical specifications and vendor
contracts through a Freedom of Information Act lawsuit.

The written requirements also appear to contradict numerous
assurances the TSA has given the public about the machines'
privacy protections.

"The machines have zero storage capability," the TSA Web site

A TSA video assures passengers "the system has no way to save,
transmit or print the image."

And the TSA has distributed numerous news releases with similar
language as it lobbies for public acceptance of the machines as
a less intrusive alternative to pat-downs.

A TSA official who spoke on condition of anonymity because the
official is not authorized to speak on the record said all
full-body scanners have "strong privacy protections in place"
and are delivered to airports "without the capability to store,
print or transmit images."

"There is no way for someone in the airport environment to put
the machine into the test mode," the official said, adding that
test mode can be enabled only in TSA test facilities. But the
official declined to say whether activating test mode requires
additional hardware, software or simply additional knowledge of
how the machines operate.

The controversy arises as the TSA is promoting the machines as a
possible way to prevent assaults on U.S. airliners, such as the
Christmas attempt on Northwest Flight 253.

About 40 machines are already in use at 19 airports, and the TSA
says it will deploy 150 more nationwide this year, while
appropriating money for an additional 300 machines for 2011.

"I don't think the TSA has been forthcoming with the American
public about the true capability of these devices," EPIC's
Rotenberg said. "They've done a bunch of very slick promotions
where they show people -- including journalists -- going through
the devices. And then they reassure people, based on the images
that have been produced, that there's not any privacy concerns.

"But if you look at the actual technical specifications and you
read the vendor contracts, you come to understand that these
machines are capable of doing far more than the TSA has let on,"
he said.

The TSA should suspend further deployment of the machines until
privacy and security questions are resolved, Rotenberg said.

TSA officials say they have taken sufficient measures to protect

The TSA officer viewing the image cannot see the actual
passenger. No cameras, cell phones or other devices capable of
capturing an image are allowed in the room where the image is
displayed, according to the TSA. The agency adds that images are
deleted from the system after the operator reviews them. And
employees who misuse the machines are subject to serious
discipline or removal.

Further, the TSA says, the machines are not networked and cannot
be hacked.

EPIC said it is pursuing a lawsuit to obtain additional
documents about the machines from the TSA.

More information about the IRP mailing list