EPIC - EPIC v. Department of Homeland Security

EPIC v. Department of Homeland Security - Body Scanners

Top News |
Background |
Legal Documents |
Freedom of Information Act Documents |
News Items |
Body Scanner Resources

Top News

EPIC FOIA Request Reveals Details About Government Cybersecurity Program: New documents obtained by EPIC in a Freedom of Information Act lawsuit reveal that the Department of Defense advised private industry on how to best circumvent federal wiretap law. The documents concern a collaboration between the Defense Department, the Department of Homeland Security, and private companies to allow government monitoring of private Internet networks. Though the program initially only applied to defense contractors, an Executive Order issued by the Obama administration earlier this year expanded it to include other "critical infrastructure" industries. The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation. For more information, see EPIC: EPIC v. DHS (Defense Contractor Monitoring), and EPIC: EPIC v. NSA - Cybersecurity Authority. (Apr. 24, 2013)
Public Opposes TSA Nude Body Scanners: Following a court mandate that the Transportation Security Administration receive public comment on airport body scanners, the public overwhelmingly opposes invasive nude body scanners. The court mandate was in response to EPIC's lawsuit in EPIC v. DHS, where EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. The TSA will accept comments until June 24, 2013. The public has submitted almost 2,000 comments noting various problems with the scanners, including privacy violations, potential health risks, and the machine's inability to accurately detect threats. EPIC has recently filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanner radiation risks and threat detection software. For more information, see EPIC: Comment on the TSA Nude Body Scanner Proposal, EPIC: Radiation Risks lawsuit, and EPIC: ATR lawsuit. (Apr. 23, 2013)
EPIC Appeals FOIA Decisions Concerning Body Scanner Information: EPIC has filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanners from the Department of Homeland Security and the Transportation Security Administration. EPIC filed FOIA requests with the agencies seeking records related to radiation risks from body scanners and the threat detection software the machines use. The TSA is currently developing formal rules for the use of body scanners in response to a court order in one of EPIC's previous cases. Body scanners allow routine digital strip searches of individuals who are not suspected of any crime. For more information, see EPIC: Radiation Risks lawsuit and EPIC: ATR lawsuit, and EPIC: Suspension of Body Scanner Program. (Apr. 16, 2013)
DHS Reveals More Information on Covert Social Media Monitoring Program: The Department of Homeland Security has issued a Privacy Impact Assessment, updating information on its controversial social media monitoring program. As part of the program, DHS scours social media sites, including Twitter, Facebook, and Youtube, for public posts that contain words such as "cops," "police," "airport," "hacktivist," and "zombie." DHS then disseminates social media information it has collected to "federal, state, local, and foreign government and private sector partners." Although the Privacy Impact Assessment states DHS should only collect "relevant" social media information, the document also states that "any information posted publicly can be used by [DHS] in providing situational awareness and establishing a common operating picture." Recently, EPIC obtained a court order and an opinion in a Freedom of Information Act lawsuit against DHS, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. For more information, see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Apr. 16, 2013)
EPIC Obtains News Information on TSA Body Scanner Program: The Transportation Security Administration was forced to disclose additional information regarding the Agency's controversial body scanner program after EPIC prevailed in a lawsuit against the Agency. In March 2013, Judge Royce Lamberth held that the Agency had unlawfully redacted certain information from records released to EPIC under the Freedom of Information Act containing details on software modifications made to the scanners. In response to a separate lawsuit filed against the Department of Homeland Security regarding the Agency's authority to deploy the devices, the TSA has initiated a process to allow the public to comment on the program. EPIC is recommending that the TSA adopt more effective screening procedures. For more information, see and EPIC v. DHS (Suspension of Body Scanner Program). (Apr. 10, 2013)
TSA Begins Court Ordered Rulemaking on Body Scanner Program, EPIC Urges Public Comment: The TSA announced today that it will begin a public comment process on its airport screening procedures. The action follows from a 2011 court order in EPIC v. DHS. In that case, the Federal Appeals Court for the DC Circuit found that the agency unlawfully deployed body scanners in US airports. In a proposed two-sentence change to the agency's extensive regulations, the TSA seeks to grant itself authority to continue to deploy Nude Body Scanners ("NBS") without establishing privacy safeguards. EPIC, which brought the successful challenging to the TSA program, is urging public comment on the agency proposal. EPIC is recommending that the TSA adopt more effective screening procedures. If the TSA continues with Nude Body Scanner program, EPIC said the agency should make clear the right of individuals to opt-out as well as require privacy filters for all devices. For more information, see EPIC v. DHS (Suspension of Body Scanner Program). (Mar. 26, 2013)
EPIC Prevails in Two FOIA Cases, Obtains Further Details on Body Scanners: A federal judge has granted EPIC victories in two Freedom of Information Act cases involving the controversial airport body scanners. Judge Royce Lamberth in Washington, DC held that the Department of Homeland Security must turn over two safety reports detailing radiation output by the scanners and a set of power point slides containing details on automated target recognition software. The agency previously claimed it was not required to release the documents to EPIC. EPIC has pursued several related Freedom of Information Act cases as a challenge to the deployment of the devices. In 2011, the DC Circuit of Appeals ruled in EPIC v. DHS that the agency must receive public comments on the decision to deploy body scanners for primary screening. For more information see: EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program). (Mar. 8, 2013)
EPIC Prevails in Social Media Monitoring FOIA Suit: EPIC has obtained a court order and an opinion in a Freedom of Information Act lawsuit against the Department of Homeland Security, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. EPIC had previously obtained several hundred pages of documents, revealing that the agency monitors the internet for reports that “reflect adversely” on the agency or the federal government. EPIC also obtained a list of very broad search terms used by the agency to monitor social media. As a result of EPIC’s findings, Congress held a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." For more information see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Mar. 4, 2013)
EPIC Obtains DHS Body Scanner Training Manuals, New Questions About Absence of Privacy Safeguards: In response to an EPIC FOIA request, the Department of Homeland Security has released documents about the use of body scanners by the US Secret Service. EPIC sought information about the types of images that body scanners capture, the length of time the images can be stored, and safeguards for maintaining the integrity and security of the captured images. EPIC also asked about radiation body scanner radiation risks. EPIC received the contract of sale between the Government and Rapiscan, the body scanner manufacturer; and the Secret Service’s training manuals for instructing new recruits on the operation of body scanners. The training materials make no mention of data privacy. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners. (Feb. 15, 2013)
TSA to Pull Naked Body Scanners Out of US Airports: The US Transportation Security Administration will end the contract for backscatter x-ray devices. As a consequence, all devices that produce a detailed naked image of air travelers will be removed from US airports. Beginning in 2005, EPIC and then a coalition of privacy advocates, scientists, legal experts and lawmakers urged the TSA not to deploy the devices. The groups petitioned DHS Secretary Napolitano to suspend the program pending a thorough review. The agency went forward and EPIC sued. In EPIC v. DHS, the DC Circuit held that the devices could be used as long as passengers were able to opt-out. The federal appeals court also ordered the agency to "promptly" begin a public rulemaking. That process will likely begin in March 2013. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners. (Jan. 18, 2013)

Background

In EPIC v. Department of Homeland Security, EPIC has sought the release of documents regarding whole body imaging (WBI) held by the agency.

In February 2007, the Transportation Security Administration, a component of the US Department of Homeland Security, began testing passenger imaging technology - called “whole body imaging,” "body scanners," and "advanced imaging technology" - to screen air travelers. Body scanners produce detailed, three-dimensional images of individuals. Security experts have described whole body scanners as the equivalent of "a physically invasive strip-search." In 2007, TSA tested whole body imaging systems at airport security checkpoints, screening passengers before they board flights. The agency provided various assurances regarding its use of whole body imaging. TSA stated that whole body imaging would not be mandatory for passengers and that images produced by the machines would not be stored, transmitted, or printed. TSA also stated that an algorithm will be applied to the image to mask the face of each passenger.

But on April 27, 2007, TSA removed from its website assurances that its whole body imaging technology would “incorporate a privacy algorithm” that will “eliminate much of the detail shown in the images of the individual while still being effective from a security standpoint.” And on February 18, 2009, TSA announced that it would require passengers at six airports to submit to whole body imaging in place of the standard metal detector search, which contravenes its earlier statements that whole body imaging would not be mandatory. On April 6, 2009, TSA announced its plans to expand the mandatory use of whole body imaging to all airports.

On June 4, 2009, the U.S. House of Representatives passed HR 2200, a bill that would limit the use of whole body imaging systems in airports. The bill prevents use of whole body imaging technology for primary screening purposes. HR 2200 was referred to the Senate for consideration on June 8, 2009. The legislation was referred to the Senate Committee on Commerce, Science, and Transportation. TSA renewed its call for mandatory body scans for all air travelers in the wake of the attempted bombing of Northwest Flight 253, which traveled from Amsterdam to Detroit on December 25, 2009.

EPIC's Freedom of Information Act Requests and Subsequent Lawsuit

On April 14, 2009, EPIC filed a Freedom of Information Act (FOIA) request with the US Department of Homeland Security (DHS) for agency records that directly relate to the TSA body scanner program. EPIC requested the following agency records:

all documents concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals;
all contracts that include provisions concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals;
all instructions, policies, and/or procedures concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals.

DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On November 9, 2009, EPIC sued DHS to force disclosure of the body scanner documents. The suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. On the heels of EPIC's lawsuit, DHS disclosed key documents, including technical standards, but failed to produce all records demanded in EPIC's FOIA request. The lawsuit is ongoing.

On July 2, 2009, EPIC filed a second, related FOIA request. EPIC requested the following agency documents:

All unfiltered or unobscured images captured using Whole Body Imaging Technology (WBI);
all contracts entered into by DHS pertaining to WBI systems, including contracts for hardware, software or training;
all documents detailing the technical specifications of WBI hardware, including any limitations on image capture, storage or copy;
all documents, including but not limited to presentations, images and videos used for training persons to use WBI systems;
all complaints related to the use of WBI and all documents related to the resolution of those complaints;
all documents concerning data breaches of images generated by WBI technology.

DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On January 13, 2010, EPIC sued DHS to force disclosure of the additional body scanner documents. The second suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. This suit was later consolidated with EPIC's first lawsuit against DHS.

Documents Obtained by EPIC Through Its Lawsuit

On January 11, 2010, EPIC released documents obtained from DHS as a result of EPIC's lawsuit.

The disclosed documents include TSA Procurement Specifications for body scanners, TSA Operational Requirements for the machines, a TSA contract with L3 (a company that manufactures whole body imaging devices), and 2 TSA contracts with Rapiscan, another body scanner manufacturer (1), (2).

The documents contradict numerous assurances made by the TSA regarding the body scanners. The records demonstrate:

The device specifications, set out by the TSA, prove the machines’ ability to store, record, and transfer images, contrary to the representations made by the TSA
The device specifications, set out by the TSA, include hard disk storage, USB integration, and Ethernet connectivity that raise significant privacy and security concerns
The DHS Privacy office failed to adequately assess the privacy impact of these devices
The TSA continues to withhold critical documents from the public concerning body scanners' operation.

On March 2, 2010, EPIC obtained further documents from DHS as a result of EPIC's lawsuit. These documents included more than thirty traveler complaints to the TSA regarding WBI machines. The complaints described a variety of problems with WBI machines, including objections to the invasive nature of the machines and complaints about improper signage and a lack of transparency regarding the pat-down alternative. The complaints indicated that TSA was not fulfilling its duty to inform passengers of their options regarding WBI machines.

On March 15, 2010, EPIC obtained hundreds of pages of additional traveler complaints (see below for links). This further contradicted TSA's statements that travelers approve of WBI machines and are being informed of their option for a pat-down.

On April 15, 2010, EPIC obtained several hundred more pages of documents. This included hundreds of pages of traveler complaints, an updated Procurement Specifications Document, and several vendor contracts. DHS refused to release several of EPIC's requested documents, including over 2000 WBI machine generated images.