EPIC v. Department of Homeland Security - Body Scanners
- Federal Court Awards EPIC $30,000 in Social Media Monitoring Case: EPIC has prevailed in a fee dispute with the Department of Homeland Security in an open government case concerning the government’s monitoring of social media. EPIC filed a FOIA request after the agency announced plans to gather information from "online forums, blogs, public websites, and message boards." After the DHS refused to produce documents, EPIC filed suit and obtained more than 500 pages describing the agency program. When the agency subsequently moved to dismiss the case, a federal judge ruled that EPIC had "substantially prevailed." And when the DHS sought to give EPIC a token amount in settlement, the court had harsh words for the agency. The court described EPIC's work in the case as "the sort of public benefit that FOIA was designed to promote." The case is EPIC v. DHS, No. 11-2261 (D.D.C. Nov. 15, 2013). For more information, see EPIC v. DHS: Social Media Monitoring. (Nov. 20, 2013)
- EPIC Prevails in FOIA Case About "Internet Kill Switch": In a Freedom of Information Act case brought by EPIC against the Department of Homeland Security, a federal court has ruled that the DHS may not withhold the agency's plan to deactivate wireless communications networks in a crisis. EPIC had sought "Standard Operating Procedure 303," also known as the "internet Kill Switch," to determine whether the agency's plan could adversely impact free speech or public safety. EPIC filed the FOIA lawsuit in 2012 after the the technique was used by police in San Francisco to shut down cell service for protesters at a BART station, who had gathered peacefully to object to police practices. The federal court determined that the agency wrongly claimed that it could withhold SOP 303 as a "technique for law enforcement investigations or prosecutions." The phrase, the court explained, "refers only to acts by law enforcement after or during the prevention of a crime, not crime prevention techniques." The court repeatedly emphasized that FOIA exemptions are to be read narrowly. For more information, see EPIC: EPIC v. DHS (SOP 303) and EPIC: FOIA. (Nov. 12, 2013)
- EPIC Obtains Information About Government-Corporate Cybersecurity Practices: As a result of a Freedom of Information Act lawsuit against the Department of Homeland Security, EPIC has obtained documents which reveal that the Department of Defense required companies to disclose information about Internet traffic on private networks. These documents contradict Homeland Security’s assertions that companies participating in a DOD pilot project would not be compelled to transmit information to federal agencies. The documents obtained by EPIC under the FOIA also indicate that the National Security Agency, a branch of the Department of Defense, is engaging in offensive cybersecurity measures. A statement to the Senate, EPIC warned that the National Security Agency has become a "black box" for public information about cybersecurity. For more information, see EPIC v. DHS: Defense Contractor Monitoring. (Nov. 1, 2013)
- Open Government Organizations Support EPIC's FOIA Appeal: Citizens for Responsibility and Ethics in Washington (CREW) has filed a "friend of the court" brief in EPIC v. DHS, a challenge to the secrecy of government documents now pending before the D.C. Circuit Court of Appeals. EPIC's is appealing a District Court decision which allowed two federal agencies to withhold factual documents, including test results, about airport body scanners. In the brief, CREW explains that "accepting the District Court's analysis would threaten the integrity of the decision making process and undermine the goals of the FOIA." Several other open government groups joined the CREW amicus brief, including the ACLU, EFF, and the OpenTheGovernment coalition. EPIC filed the opening brief in early October. The government is expected to file an opposition brief at the beginning of November. For more information, see EPIC v. DHS - Body Scanner FOIA Appeal. (Oct. 15, 2013)
- EPIC Appeals Secrecy of Body Scanner Radiation Documents: EPIC has challenged a District Court decision which allowed two federal agencies to withhold documents about airport body scanners, including test results, fact sheets, and estimates regarding radiation risks. In the opening brief to the DC Circuit Court of Appeals, EPIC argues that federal agencies may not withhold factual information under the "deliberative process privilege" in the Freedom of Information Act. EPIC said that under "under the standard adopted by the lower court, not only would the judgement of agency officials be exempt, but so too would reports or studies of any significance." For more information, see EPIC: DHS Body Scanner FOIA Appeal, EPIC v. DHS and EPIC v. TSA. (Oct. 3, 2013)
- TSA Conducts Warrantless Searches Outside of Airports: The Transportation Security Administration has expanded its Visible Intermodal Prevention and Response (VIPR) program to perform warrantless searches at various locations, including festivals, sporting events, and bus stations. The VIPR program uses "risk-based" profiling and "behavior detection" to search and detain individuals. Members of Congress have opposed these searches, and the GAO has questioned the validity of TSA's behavior detection and dispelled behavior detection effectiveness. Last year, EPIC prevailed in a lawsuit against the TSA that revealed the agency's plan to deploy body scanners outside of the airport at bus stations, train stations, and elsewhere. For more information, see EPIC: EPIC v. DHS (Mobile Body Scanners FOIA Lawsuit). (Aug. 8, 2013)
- TSA "Unplugs, Boxes Up, and Ships Back" X-Ray Body Scanners: The TSA has completed removal of the x-ray body scanners from US airports. The devices revealed detailed images of a person's naked body and have been described as "digital strip searches." The TSA action follows an Act of Congress and several lawsuits by EPIC. The TSA was forced to remove the machines after Congress required that the devices produce only generic image. And as result of EPIC v. TSA the TSA is currently required to accept public comments on its airport screening procedures. The public has until June 24, 2013 to voice its opinions. The millimeter wave devices remain in US airports. For more information, see: EPIC: Comment on the TSA Nude Body Scanner Proposal and EPIC: ATR lawsuit.
Backscatter x-ray machines show detailed images of a person's naked body and have been described as "digital strip searches."(May. 30, 2013)
- EPIC FOIA Request Reveals Details About Government Cybersecurity Program: New documents obtained by EPIC in a Freedom of Information Act lawsuit reveal that the Department of Defense advised private industry on how to best circumvent federal wiretap law. The documents concern a collaboration between the Defense Department, the Department of Homeland Security, and private companies to allow government monitoring of private Internet networks. Though the program initially only applied to defense contractors, an Executive Order issued by the Obama administration earlier this year expanded it to include other "critical infrastructure" industries. The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation. For more information, see EPIC: EPIC v. DHS (Defense Contractor Monitoring), and EPIC: EPIC v. NSA - Cybersecurity Authority. (Apr. 24, 2013)
- Public Opposes TSA Nude Body Scanners: Following a court mandate that the Transportation Security Administration receive public comment on airport body scanners, the public overwhelmingly opposes invasive nude body scanners. The court mandate was in response to EPIC's lawsuit in EPIC v. DHS, where EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. The TSA will accept comments until June 24, 2013. The public has submitted almost 2,000 comments noting various problems with the scanners, including privacy violations, potential health risks, and the machine's inability to accurately detect threats. EPIC has recently filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanner radiation risks and threat detection software. For more information, see EPIC: Comment on the TSA Nude Body Scanner Proposal, EPIC: Radiation Risks lawsuit, and EPIC: ATR lawsuit. (Apr. 23, 2013)
- EPIC Appeals FOIA Decisions Concerning Body Scanner Information: EPIC has filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanners from the Department of Homeland Security and the Transportation Security Administration. EPIC filed FOIA requests with the agencies seeking records related to radiation risks from body scanners and the threat detection software the machines use. The TSA is currently developing formal rules for the use of body scanners in response to a court order in one of EPIC's previous cases. Body scanners allow routine digital strip searches of individuals who are not suspected of any crime. For more information, see EPIC: Radiation Risks lawsuit and EPIC: ATR lawsuit, and EPIC: Suspension of Body Scanner Program. (Apr. 16, 2013)
In EPIC v. Department of Homeland Security, EPIC has sought the release of documents regarding whole body imaging (WBI) held by the agency.
In February 2007, the Transportation Security Administration, a component of the US Department of Homeland Security, began testing passenger imaging technology - called “whole body imaging,” "body scanners," and "advanced imaging technology" - to screen air travelers. Body scanners produce detailed, three-dimensional images of individuals. Security experts have described whole body scanners as the equivalent of "a physically invasive strip-search." In 2007, TSA tested whole body imaging systems at airport security checkpoints, screening passengers before they board flights. The agency provided various assurances regarding its use of whole body imaging. TSA stated that whole body imaging would not be mandatory for passengers and that images produced by the machines would not be stored, transmitted, or printed. TSA also stated that an algorithm will be applied to the image to mask the face of each passenger.
But on April 27, 2007, TSA removed from its website assurances that its whole body imaging technology would “incorporate a privacy algorithm” that will “eliminate much of the detail shown in the images of the individual while still being effective from a security standpoint.” And on February 18, 2009, TSA announced that it would require passengers at six airports to submit to whole body imaging in place of the standard metal detector search, which contravenes its earlier statements that whole body imaging would not be mandatory. On April 6, 2009, TSA announced its plans to expand the mandatory use of whole body imaging to all airports.
On June 4, 2009, the U.S. House of Representatives passed HR 2200, a bill that would limit the use of whole body imaging systems in airports. The bill prevents use of whole body imaging technology for primary screening purposes. HR 2200 was referred to the Senate for consideration on June 8, 2009. The legislation was referred to the Senate Committee on Commerce, Science, and Transportation. TSA renewed its call for mandatory body scans for all air travelers in the wake of the attempted bombing of Northwest Flight 253, which traveled from Amsterdam to Detroit on December 25, 2009.
EPIC's Freedom of Information Act Requests and Subsequent Lawsuit
On April 14, 2009, EPIC filed a Freedom of Information Act (FOIA) request with the US Department of Homeland Security (DHS) for agency records that directly relate to the TSA body scanner program. EPIC requested the following agency records:
- all documents concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals;
- all contracts that include provisions concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals;
- all instructions, policies, and/or procedures concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals.
DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On November 9, 2009, EPIC sued DHS to force disclosure of the body scanner documents. The suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. On the heels of EPIC's lawsuit, DHS disclosed key documents, including technical standards, but failed to produce all records demanded in EPIC's FOIA request. The lawsuit is ongoing.
On July 2, 2009, EPIC filed a second, related FOIA request. EPIC requested the following agency documents:
- All unfiltered or unobscured images captured using Whole Body Imaging Technology (WBI);
- all contracts entered into by DHS pertaining to WBI systems, including contracts for hardware, software or training;
- all documents detailing the technical specifications of WBI hardware, including any limitations on image capture, storage or copy;
- all documents, including but not limited to presentations, images and videos used for training persons to use WBI systems;
- all complaints related to the use of WBI and all documents related to the resolution of those complaints;
- all documents concerning data breaches of images generated by WBI technology.
DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On January 13, 2010, EPIC sued DHS to force disclosure of the additional body scanner documents. The second suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. This suit was later consolidated with EPIC's first lawsuit against DHS.
Documents Obtained by EPIC Through Its Lawsuit
On January 11, 2010, EPIC released documents obtained from DHS as a result of EPIC's lawsuit.
The disclosed documents include TSA Procurement Specifications for body scanners, TSA Operational Requirements for the machines, a TSA contract with L3 (a company that manufactures whole body imaging devices), and 2 TSA contracts with Rapiscan, another body scanner manufacturer (1), (2).
The documents contradict numerous assurances made by the TSA regarding the body scanners. The records demonstrate:
- The device specifications, set out by the TSA, prove the machines’ ability to store, record, and transfer images, contrary to the representations made by the TSA
- The device specifications, set out by the TSA, include hard disk storage, USB integration, and Ethernet connectivity that raise significant privacy and security concerns
- The DHS Privacy office failed to adequately assess the privacy impact of these devices
- The TSA continues to withhold critical documents from the public concerning body scanners' operation.
On March 2, 2010, EPIC obtained further documents from DHS as a result of EPIC's lawsuit. These documents included more than thirty traveler complaints to the TSA regarding WBI machines. The complaints described a variety of problems with WBI machines, including objections to the invasive nature of the machines and complaints about improper signage and a lack of transparency regarding the pat-down alternative. The complaints indicated that TSA was not fulfilling its duty to inform passengers of their options regarding WBI machines.
On March 15, 2010, EPIC obtained hundreds of pages of additional traveler complaints (see below for links). This further contradicted TSA's statements that travelers approve of WBI machines and are being informed of their option for a pat-down.
On April 15, 2010, EPIC obtained several hundred more pages of documents. This included hundreds of pages of traveler complaints, an updated Procurement Specifications Document, and several vendor contracts. DHS refused to release several of EPIC's requested documents, including over 2000 WBI machine generated images.
EPIC v. the Department of Homeland Security, Case No. 09-02084(RMU) (D.D.C.filed Nov. 9, 2009)
- EPIC's April 14, 2009 Request for Agency Records under the Freedom of Information Act
- EPIC's July 2, 2009 Request for Agency Records under the Freedom of Information Act
- DHS's First Interim Production of Records to EPIC:
- TSA Traveler Complaints Regarding Whole Body Imaging Part One
- TSA Traveler Complaints Regarding Whole Body Imaging Part Two
- TSA Traveler Complaints Regarding Whole Body Imaging Part Three
- TSA Traveler Complaints Regarding Whole Body Imaging Part Four
- TSA Traveler Complaints Regarding Whole Body Imaging Part Five
- Logan Airport Looks Forward to Less Revealing Scanners, Donna Goodison, Boston Herald, July 16, 2010.
- Backlash grows against full-body scanners in airports, Gary Stoller, USA Today, July 13, 2010.
- Privacy Group Files Lawsuit to Block Airport Body Scanners, Roger Yu, USA Today, July 9, 2010.
- Full-body security scanners scrapped at Dubai airports, officials say the device "contradicts Islam", Aliah Shahid, New York Daily News, July 6, 2010.
- Full-body scanners could pose cancer risk at airports, U.S. scientists warn, Ben Mutzabaugh, USA Today, July 1, 2010.
- ,Sikh concerns delay hand search plans at UK airports, Dil Neiyyar, BBC News, June 30, 2010.
- Rights Panel Urges Ban on Body Scanners, Bae Hyun-jung, Korea Herald, June 30, 2010.
- Body Scanners Violation of Privacy, Elham Asaad Buaras, The Muslim News, June 25, 2010.
- European commission is fence-sitting on body scanners, Sarah Ludford, The Guardian, June 24, 2010.
- US Outstrips Europe on Body Scanners, Valentina Pop, Business Week, June 23, 2010.
- Miami Airport Screener Accused of Attack After Jeers at Genitals, Dan Ovalle, Miami Herald, May 7, 2010.
- Airport Worker Warned in Scanner Ogling Claim, Michael Holden, Reuters, March 24, 2010.
- Scanners may not have detected alleged explosive in Detroit jet case, GAO reports, By Spencer S. Hsu, Washington Post, March 18, 2010
- Travelers file complaints over TSA body scanners, Jaikumar Vijayan, Business Week, March 8, 2010
- Muslim woman refuses body scan at airport, Will Pavia, London Times Online, March 3, 2010
- Suspend airport body scanner program, privacy groups say, Jaikumar Vijayan, Computerworld, Feb. 26, 2010
- EPIC wants TSA to halt implementation of body scanners at airports, Doug Hanchard, ZCNet, Feb. 24, 2010
- Scannergate: Facts Contradict Heathrow Claim That Naked Images Can't Be Printed, Paul Joseph Watson, Prison Planet.com, Feb. 10, 2010
- Body scans: for their eyes only, Andrea Sachs, Washington Post, Feb. 6, 2010
- Airport-security plan calls for 500 body scanners in '11, Thomas Frank, USA Today, Feb. 3, 2010
- Why Europe doesn't want an invasion of body scanners, Ben Quinn, The Christian Science Monitor, Jan. 26, 2010
- Full-Body Scans: Virtual Strip Searches or Magic Boxes?, Katie Glueck, Politics Daily, Jan. 25, 2010
- Scanners can store images, group says , Joel Tiller, The Globe and Mail (UK), Jan. 12, 2010
- US airport body scanners can store and export images, Chris Mellor, The Register, Jan. 12, 2010
- TSA Admits Body Scanners Store and Transmit Body Images, Barbara E. Hernandez, BNET, Jan. 12, 2010
- Mixed Signals on Airport Scanners, Matthew L. Wald, The New York Times, Jan. 12, 2010
- Full-body scanners used on air passengers may damage human DNA, Mike Adams, Natural News.com, Jan. 11, 2010
- Body scanners can store, send images, group says, Jeanne Meserve and Mike M. Ahlers, CNN.com, Jan. 11, 2010