TSA Pulls Plug on “Porno Scanners”

January 21, 2013

I have written several times about the ongoing controversy over the US Transportation Safety Administration’s [TSA] use of full-body scanners (which the TSA calls “Advanced Imaging Technology”[AIT]) as part of its security protocol for screening air travelers.   The machines began to be introduced in the fall of 2010, and immediately created controversy.  One criticism, voiced by many security professionals, was that the effectiveness of the machines was questionable.  Another issue was the very detailed anatomical images produced by the devices, which led some privacy advocates to dub them “Porno Scanners”.  There was also a safety concern with one type of scanner, which uses backscatter X-ray technology, since it would expose the passenger to a small dose of ionizing radiation.  (A second type of scanner, which uses millimeter-wavelength radio waves, does not involve radiation exposure.)

Last summer, there were also developments in a court case, brought by a group of plaintiffs led by the Electronic Privacy Information Center [EPIC], challenging the use of the AIT devices, and asking the court to force the TSA to follow the normal review process for new government regulations.  On July 15, 2011, the US Circuit Court of Appeals for the District of Columbia had ruled that the TSA had to follow the normal procedure for issuing new regulations, as specified in the Administrative Procedures Act of 1946.  The TSA has now begun to comply with the review process, and has commissioned the National Academy of Sciences to look at the question of radiation exposure from the X-ray devices. It has also, as ordered by Congress, moved to replace the “anatomically correct” scan images with generic body images generated by software.

Now, according to an article at the Washington Post, the TSA has decided to remove 174 of the backscatter X-ray scanners from airports, because the vendor has not managed to equip them with the new generic-imaging software.

The Transportation Security Administration will remove 174 full-body scanners from airport security checkpoints, ending a $40 million contract for the machines, which caused a uproar because they revealed spectral naked forms of passengers.

TSA Administrator John S. Pistole issued the order this week after concluding that new software that made the machines less intrusive could not be developed by a June 1 deadline mandated by Congress.

The new software has apparently been successfully developed for the millimeter-wave scanners, which will continue to be used, and which will replace most of the X-ray machines that are being removed.

I have felt all along that the most disturbing part of this story was not the “porno” images, or even the safety questions, but the TSA’s apparent attitude that, because the machines were being used to “prevent terrorism”, it could just ignore inconvenient laws and regulations.  So this climb-down is a good thing, though it will doubtless be “spun” as something else.

There are also brief articles on this story at Ars Technica and Wired.


TSA Replies to Court

September 2, 2012

Back at the beginning of August, I posted a note about the status of a court case involving the US Transportation Safety Administration [TSA], and its use of “full body” scanners to screen airline passengers.   The case originated with a lawsuit by a group of plaintiffs, led by the Electronic Privacy Information Center [EPIC], challenging the use of the scanners (which the TSA calls Advanced Imaging Tchnology[AIT]) on the grounds of privacy, safety, and effectiveness.

On July 15, 2011, the US Circuit Court of Appeals for the District of Columbia ruled that the TSA had to follow the normal procedure for issuing new regulations, as specified in the Administrative Procedures Act of 1946.  Basically, this involves the TSA’s publication of the proposed regulations in the Federal Register, solicitation of public comments over a reasonable time period, and then justification for the rule-making in light of the submitted comments.  This summer, since the TSA had not complied with the Court’s order, EPIC returned with a mandamus petition, seeking to compel the TSA’s compliance.  On August 1, the Court ruled that the Department of Homeland Security [DHS] (of which the TSA is a part) respond to the petition on or before August 30.

As reported in an article on the “Threat Level” blog at Wired,  the TSA has given a response [PDF] to the Court.  The basic thrust of the response is that there has been no delay, and that the TSA is expediting the “Notice of Proposed Rulemaking”[NPRM] to comply with the order.  The first section of the response is mainly legal argument and citations; the second, more substantive part, is a statement by John Sammon, Assistant Administrator for the Office of Security Policy and Industry Engagement.

Perhaps the Court will take a different view, but I do not find this statement terribly convincing.  It begins by noting that a “major milestone” has been reached, because the documents required for the NPRM have been submitted to the DHS for review.  That is, a major milestone has been reached because the DHS has submitted some documents to itself for review.  The statement also argues that the departure of two economists from the TSA staff have slowed the proces.   It also says that, because the AIT scanners have been in use, the process of estimating the cost of their use is more diffcult, compared to a case where only estimates were available.  I think this is the first time I have heard someone make the argument that having actual use data makes estimation more difficult.  Finally, the TSA argues that it has made improvements to the AIT systems to address privacy concerns.  (To be fair, I think this is true to some extent; some scanners have been modified to show generic body images, rather than anatomical detail.)  The TSA says that it expects to begin the notice and comment period by the end of February, 2013.

I find it hard to undestand why the preparation of the NPRM should take more than a year and a half; assuming that the original decision to use the AIT devices was made on some sort of rational basis, the TSA should already have the information that is required. It seems to me that the TSA is stalling, hoping they can make enough more-or-less cosmetic improvements to the program to make the critics go away.   Security Theater is still, apparently, the order of the day.


Court to TSA, Again: Follow the Law

August 4, 2012

Back in 2010, a group led by the Electronic Privacy Information Center [EPIC] filed a lawsuit challenging the use of full-body scanners by the US Transportation Security Administration [TSA], on the grounds of privacy, possible health risks, and questionable effectiveness.  On July 15, 2011, the US Circuit Court of Appeals for the District of Columbia ruled that the TSA had to follow the normal procedure for issuing new regulations, as specified in the Administrative Procedures Act of 1946.  Basically, this involves the TSA’s publication of the proposed regulations in the Federal Register, solicitation of public comments over a reasonable time period, and then justification for the regulation in light of the submitted comments.

A year later, as reported in an article at Ars Technica, the TSA had apparently ignored both the requirements of the statute and the Court’s order, so EPIC has returned to court with a mandamus petition to enforce the original order.  This past Wednesday, the Court issued an order [PDF] that the Department of Homeland Security (of which the TSA is a part) respond to the petition on or before August 30.

I can’t think of any sensible reason that the TSA should be excused from following the normal rule-making procedure.  It’s perfectly obvious what the intended purpose of the scanners is, so there is nothing there to give away; and it’s hard to see how allowing public comment could be harmful — it might even help.

Requiring the TSA to follow the formal rule-making procedure is important, because one of the essential steps in that process is the solicitation of public feedback. American travelers will have the opportunity to voice their concerns about the TSA’s policy, and the agency will be required to respond to those concerns. Given that so many of the TSA’s policies are shrouded in secrecy, forcing the TSA to explain its policies will be a much-needed source of transparency.

There is also a petition at the Whitehouse.gov site that requests that President Obama order the TSA to comply with the law and with the court order.  (Jim Harper, Director of Information Policy Studies at the Cato Institute, discusses the petition in an OpEd article at Ars Technica.)   The petition currently has more than 19,000 signatures; if it gets 25,000 by August 9, the administration’s policy requires it to provide a formal response.  You have to register at the site in order to sign, but that requires only an E-mail address.


%d bloggers like this: