EPIC - EPIC v. DHS (Suspension of Body Scanner Program)

EPIC v. DHS (Suspension of Body Scanner Program)

Top News |
Background |
EPIC's Lawsuit |
Legal Documents |
News Items |
EPIC: Body Scanner Resources

Introduction

EPIC has obtained a court order requiring the Department of Homeland Security to undertake a public notice on and comment rulemaking. On July 2, 2010, EPIC petitioned the D.C. Circuit Court of Appeals to suspend the body scanner program, stressing its core assertion that "the TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers." EPIC asserted that the federal agency's controversial program violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, the Video Voyeurism Prevention Act, and the Fourth Amendment. On July 15, 2011, the D.C. Circuit Court of Appeals ruled that the agency had violated the Administrative Procedures Act by implementing body scanners as a primary screening method without first undertaking public notice and comment rulemaking. The Court ordered the agency to "promptly" undertake the proper rulemaking procedures and allow the public to comment on the body scanner program. To date, the agency has made no visible progress toward complying with the Court's order.

Top News

EPIC FOIA Request Reveals Details About Government Cybersecurity Program: New documents obtained by EPIC in a Freedom of Information Act lawsuit reveal that the Department of Defense advised private industry on how to best circumvent federal wiretap law. The documents concern a collaboration between the Defense Department, the Department of Homeland Security, and private companies to allow government monitoring of private Internet networks. Though the program initially only applied to defense contractors, an Executive Order issued by the Obama administration earlier this year expanded it to include other "critical infrastructure" industries. The documents obtained by EPIC also cited NSPD 54 as one source of authority for the program. NSPD 54 is a presidential directive issued under President Bush that EPIC is pursuing in separate FOIA litigation. For more information, see EPIC: EPIC v. DHS (Defense Contractor Monitoring), and EPIC: EPIC v. NSA - Cybersecurity Authority. (Apr. 24, 2013)
Public Opposes TSA Nude Body Scanners: Following a court mandate that the Transportation Security Administration receive public comment on airport body scanners, the public overwhelmingly opposes invasive nude body scanners. The court mandate was in response to EPIC's lawsuit in EPIC v. DHS, where EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. The TSA will accept comments until June 24, 2013. The public has submitted almost 2,000 comments noting various problems with the scanners, including privacy violations, potential health risks, and the machine's inability to accurately detect threats. EPIC has recently filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanner radiation risks and threat detection software. For more information, see EPIC: Comment on the TSA Nude Body Scanner Proposal, EPIC: Radiation Risks lawsuit, and EPIC: ATR lawsuit. (Apr. 23, 2013)
EPIC Appeals FOIA Decisions Concerning Body Scanner Information: EPIC has filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanners from the Department of Homeland Security and the Transportation Security Administration. EPIC filed FOIA requests with the agencies seeking records related to radiation risks from body scanners and the threat detection software the machines use. The TSA is currently developing formal rules for the use of body scanners in response to a court order in one of EPIC's previous cases. Body scanners allow routine digital strip searches of individuals who are not suspected of any crime. For more information, see EPIC: Radiation Risks lawsuit and EPIC: ATR lawsuit, and EPIC: Suspension of Body Scanner Program. (Apr. 16, 2013)
DHS Reveals More Information on Covert Social Media Monitoring Program: The Department of Homeland Security has issued a Privacy Impact Assessment, updating information on its controversial social media monitoring program. As part of the program, DHS scours social media sites, including Twitter, Facebook, and Youtube, for public posts that contain words such as "cops," "police," "airport," "hacktivist," and "zombie." DHS then disseminates social media information it has collected to "federal, state, local, and foreign government and private sector partners." Although the Privacy Impact Assessment states DHS should only collect "relevant" social media information, the document also states that "any information posted publicly can be used by [DHS] in providing situational awareness and establishing a common operating picture." Recently, EPIC obtained a court order and an opinion in a Freedom of Information Act lawsuit against DHS, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. For more information, see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Apr. 16, 2013)
EPIC Obtains News Information on TSA Body Scanner Program: The Transportation Security Administration was forced to disclose additional information regarding the Agency's controversial body scanner program after EPIC prevailed in a lawsuit against the Agency. In March 2013, Judge Royce Lamberth held that the Agency had unlawfully redacted certain information from records released to EPIC under the Freedom of Information Act containing details on software modifications made to the scanners. In response to a separate lawsuit filed against the Department of Homeland Security regarding the Agency's authority to deploy the devices, the TSA has initiated a process to allow the public to comment on the program. EPIC is recommending that the TSA adopt more effective screening procedures. For more information, see and EPIC v. DHS (Suspension of Body Scanner Program). (Apr. 10, 2013)
TSA Begins Court Ordered Rulemaking on Body Scanner Program, EPIC Urges Public Comment: The TSA announced today that it will begin a public comment process on its airport screening procedures. The action follows from a 2011 court order in EPIC v. DHS. In that case, the Federal Appeals Court for the DC Circuit found that the agency unlawfully deployed body scanners in US airports. In a proposed two-sentence change to the agency's extensive regulations, the TSA seeks to grant itself authority to continue to deploy Nude Body Scanners ("NBS") without establishing privacy safeguards. EPIC, which brought the successful challenging to the TSA program, is urging public comment on the agency proposal. EPIC is recommending that the TSA adopt more effective screening procedures. If the TSA continues with Nude Body Scanner program, EPIC said the agency should make clear the right of individuals to opt-out as well as require privacy filters for all devices. For more information, see EPIC v. DHS (Suspension of Body Scanner Program). (Mar. 26, 2013)
EPIC Prevails in Two FOIA Cases, Obtains Further Details on Body Scanners: A federal judge has granted EPIC victories in two Freedom of Information Act cases involving the controversial airport body scanners. Judge Royce Lamberth in Washington, DC held that the Department of Homeland Security must turn over two safety reports detailing radiation output by the scanners and a set of power point slides containing details on automated target recognition software. The agency previously claimed it was not required to release the documents to EPIC. EPIC has pursued several related Freedom of Information Act cases as a challenge to the deployment of the devices. In 2011, the DC Circuit of Appeals ruled in EPIC v. DHS that the agency must receive public comments on the decision to deploy body scanners for primary screening. For more information see: EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program). (Mar. 8, 2013)
EPIC Prevails in Social Media Monitoring FOIA Suit: EPIC has obtained a court order and an opinion in a Freedom of Information Act lawsuit against the Department of Homeland Security, requiring the agency to turn over more documents about the monitoring of social media and Internet media organizations. EPIC had previously obtained several hundred pages of documents, revealing that the agency monitors the internet for reports that “reflect adversely” on the agency or the federal government. EPIC also obtained a list of very broad search terms used by the agency to monitor social media. As a result of EPIC’s findings, Congress held a hearing on "DHS Monitoring of Social Networking and Media: Enhancing Intelligence Gathering and Ensuring Privacy." For more information see: EPIC: EPIC v. Department of Homeland Security: Media Monitoring. (Mar. 4, 2013)
EPIC Obtains DHS Body Scanner Training Manuals, New Questions About Absence of Privacy Safeguards: In response to an EPIC FOIA request, the Department of Homeland Security has released documents about the use of body scanners by the US Secret Service. EPIC sought information about the types of images that body scanners capture, the length of time the images can be stored, and safeguards for maintaining the integrity and security of the captured images. EPIC also asked about radiation body scanner radiation risks. EPIC received the contract of sale between the Government and Rapiscan, the body scanner manufacturer; and the Secret Service’s training manuals for instructing new recruits on the operation of body scanners. The training materials make no mention of data privacy. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners. (Feb. 15, 2013)
TSA to Pull Naked Body Scanners Out of US Airports: The US Transportation Security Administration will end the contract for backscatter x-ray devices. As a consequence, all devices that produce a detailed naked image of air travelers will be removed from US airports. Beginning in 2005, EPIC and then a coalition of privacy advocates, scientists, legal experts and lawmakers urged the TSA not to deploy the devices. The groups petitioned DHS Secretary Napolitano to suspend the program pending a thorough review. The agency went forward and EPIC sued. In EPIC v. DHS, the DC Circuit held that the devices could be used as long as passengers were able to opt-out. The federal appeals court also ordered the agency to "promptly" begin a public rulemaking. That process will likely begin in March 2013. For more information, see EPIC: EPIC v. DHS and EPIC: Body Scanners. (Jan. 18, 2013)

Background

In 2005, the Transportation Security Administration ("TSA), a component of the US Department of Homeland Security ("DHS"), began testing passenger imaging technology - called “whole body imaging,” "body scanners," "full body scanners," and "advanced imaging technology" - to screen air travelers. Body scanners produce detailed, three-dimensional images of individuals. Security experts have described whole body scanners as the equivalent of "a physically invasive strip-search." The agency operates the body scanner devices at airports throughout the United States.

As part of a Freedom of Information Act lawsuit, EPIC obtained documents which establish that the TSA required the machines to be capable of storing, recording, and transferring detailed images of naked air travelers. EPIC also obtained hundreds of pages of traveler complaints, which described the invasive program and the lack of proper signage and information regarding the machines. The complaints establish that the body scanners are effectively mandatory, because the agency routinely denies air travelers alternative screening opportunities.

The images captured by body scanner devices can uniquely identify individual air travelers. The TSA uses body scanners to search air travelers as they pass through the TSA’s airport security checkpoints. The TSA recently established body scanners as primary screening.

EPIC's Lawsuit

On July 2, 2010, EPIC sued in the District of Columbia Circuit Court of Appeals to challenge the TSA's unilateral decision to make body scanners the primary screening technique in U.S. airports. Three frequent air travelers joined EPIC in the lawsuit: security expert Bruce Schneier, human rights activist Chip Pitts, and the Council on American-Islamic Relations Legal Counsel Nadhira Al-Khalili. The Petitioners brought claims under the Administrative Procedure Act, the Privacy Act, the Video Voyeurism Prevention Act, the Religious Freedom Restoration Act, and the Fourth Amendment. EPIC sought the suspension of the body scanner program, pending independent review and public notice and comment rulemaking.

Procedural History

EPIC petitioned the D.C. Circuit Court of Appeals for review of three DHS actions— one failure to act, one agency Order, and one agency Rule—of the TSA, a DHS component. The Petitioners filed a motion for emergency stay, urging the Court to shut down the program as soon as possible in order to prevent irreparable harm to American travelers. On July 15, 2010, the federal agency opposed the motion. On July 20, 2010, EPIC filed a reply to the opposition. On September 1, 2010, the Court ordered the motion be denied, and set out the briefing schedule.

On November 1, 2010, EPIC filed its opening brief, arguing that the DHS "has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history." EPIC further argued that the TSA "must comply with relevant law, and it must not be permitted to engage in such a fundamental change in agency practice without providing the public the opportunity to express its views."

On November 5, 2010, the Department of Homeland Security moved to exclude religious objector Nadhira Al-Khalili from the lawsuit. Ms. Al-Khalili is Legal Counsel for the Council on American Islamic Relations, one of the organizations that supported EPIC's petition, which is the basis for the challenge to the body scanner program. Ms. Al-Khalili's claims are based on the Religious Freedom Restoration Act and Islamic modesty requirements. EPIC opposed the government's motion and stated that the agency is "simply afraid to have the Religious Freedom Restoration Act claims heard by this Court." EPIC further argued that "Respondents hope by seeking to exclude Ms. Al- Khalili . . . they will avoid judicial scrutiny of an agency practice that substantially burdens the free exercise of religion in violation of federal law."

On December 23, 2010, Respondent DHS filed its answer brief, again urging the Court to exclude Nadhira al-Khalili as a religious objector in the suit. Respondents also asserted that the body scanner program was not substantial enough of a change in agency policy to constitute a "rule" under the Administrative Procedures Act. EPIC has previously argued that the body scanner program is "the single most significant change in air traveler screening in the United States since the creation of the agency," adding that the agency has considered far less significant changes to be rules, including policies relating to butane lighters and transportation worker identity documents.

On January 6, 2011, EPIC filed a reply brief, arguing that "the TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers, the agency’s rule should be set aside and further deployment of the body scanners should be suspended." On the same day, EPIC hosted a one-day public conference "The Stripping of Freedom: A Careful Scan of TSA Security Procedures" in Washington, DC. Oral Argument in the case is scheduled for March 10, 2011.

EPIC's Legal Arguments

In EPIC v. DHS, No. 10-1157, Petitioners argued that DHS violated the Administrative Procedure Act when it failed to act on EPIC's May 31, 2009 petition to the agency and when it refused to process of EPIC’s April 21, 2010 petition. The Administrative Procedure Act states that each agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule. Courts have found that petitioning parties are entitled to a response on the merits.

EPIC also argued that the DHS Privacy Office failed to comply with its statutory mandate to protect travelers’ privacy. The DHS Chief Privacy Office prepared an inadequate Privacy Impact Assessment of the TSA’s body scanner test program that failed to identify numerous privacy risks to air travelers. Also, the DHS Chief Privacy Office failed to prepare any Privacy Impact Assessment concerning the TSA’s current body scanner program. The TSA’s current body scanner program is materially different from the TSA’s body scanner test program. The program erodes, and does not sustain, privacy protections relating to the use, collection, and disclosure of air traveler’s personal information.

EPIC asserted that the body scanner program violates travelers' Fourth Amendment rights. Courts have required that airport security searches be minimally intrusive, well-tailored to protect personal privacy, and neither more extensive nor more intensive than necessary under the circumstances to rule out the presence of weapons or explosives. Searches are reasonable if they escalate in invasiveness only after a lower level of screening discloses a reason to conduct a more probing search. EPIC argues that the TSA’s body scanner program fails to meet these standards because the TSA subjects all air travelers to the most extensive, invasive search available at the outset. EPIC asserts that the TSA searches are also far more invasive than necessary to detect weapons. Alternative technologies, including passive millimeter wave scanners and automated threat detection, detect weapons with a less invasive search.

EPIC argued that the TSA’s body scanner program violates the Privacy Act because it creates a system of records containing air travelers’ personally identifiable information. The system of records is under the control of the TSA, and the TSA can retrieve information about air travelers by name or by some identifying number, symbol, or other identifying particular assigned to the individual. However, EPIC argued, the TSA failed to publish a “system of records notice” in the Federal Register, and otherwise failed to comply with its Privacy Act obligations.

EPIC asserted that the TSA’s body scanner program violates the Religious Freedom Restoration Act, which bars the government from placing a substantial burden on a person's exercise of religion even if the burden arises from a rule of general applicability unless the government demonstrates a compelling governmental interest, and uses the least restrictive means of furthering that interest. The TSA's use of body scanners violates the RFRA because the capture and transmission of naked images of individuals offends the sincerely held beliefs of Muslims and other religious groups. Muslims believe in maintaining modesty and covering their bodies. Body scanners enable the capture and viewing of naked human images that violates this belief and denies observant Muslims the opportunity to travel by plane in the United States as others are able to do.

Lastly, EPIC argued that the TSA's body scanners violate the Video Voyeurism Prevention Act of 2004, which specifically prohibits the intentional “capture [of] an image of a private area of an individual without their consent . . . under circumstances in which the individual has a reasonable expectation of privacy,” when such circumstances are known. As the documents that EPIC obtained through FOIA litigation demonstrate, the devices are specifically designed to capture such images. Furthermore, as evidenced by the ground swell of grassroots opposition, the public is clearly voicing a reasonable expectation of privacy.

On July 15, 2011, the D.C. Circuit court of appeals ruled that the TSA did, in fact, violate the Administrative Procedure Act when it failed to conduct a public notice and comment rulemaking. The Court ordered the agency to "promptly" undertake a public notice and comment rulemaking.

Because the agency failed to initiate the required notice and comment rulemaking, EPIC twice filed motions asking the Court to enforce it's own order - the first on October 28, 2011 and the second on December 23, 2011. The Court declined these motions. But after a year of agency inaction, on July 17, 2012, EPIC filed a Petition for Writ of Mandamus, asking the Court to enforce its own order and force the agency to initiate the notice and comment rulemaking process within sixty days.

In its Petition for Writ of Mandamus, EPIC cited D.C. Circuit caselaw that shows that a one year delay is unreasonable as a matter of law. EPIC also urged the Court to take into consideration the health risks presented by the machines, which weigh heavily in favor of a transparency rulemaking process which would allow for independent review and democratic process.