In EPIC v. The United States Transportation Security Administration, EPIC has sought the release of documents regarding the use of Automated Target Recognition (“ATR”) software to modify airport body scanners. Full body scanners have been installed at airports around the country, and the TSA seeks to have 2,000 body scanners in 350 airports by the end of 2014. The manufacturers of these scanners developed ATR software that allows TSA agents viewing the whole-body images to see only a generic human image instead of an image of a traveler’s naked body. The software is actually designed to detect “anomalies” on travelers’ bodies, and the TSA asserts that this will automatically detect threatening objects travelers are concealing. When an anomaly is detected somewhere on a body, that areas is highlighted in red on the displayed generic image. TSA employees are directed to further screen the areas on passengers where anomalies are detected, including an enhanced pat down. If the machine does not detect any threatening objects, instead of displaying an image it will merely display a green “OK.”
The TSA began testing the software in airports in February 2011, and has announced that it will be installing this software on all of its millimeter wave body scanners nation-wide. The new system is intended to cut agency costs, as additional agents will no longer be need to view the naked scanned images in a separate room. Now images will be displayed alongside the body scanning machines, and passengers will be able to view the same image as TSA employees monitoring them. There is currently no plan to install similar software on the more widely used and more controversial backscatter x-ray scanners, though the TSA plans to conduct tests in Fall 2011.
The TSA believes that ATR modifications will mitigate travelers’ privacy concerns, and states it will provide a better experience at checkpoints. However, it remains unclear whether body scanners using the ATR software will retain, store, or transfer the underlying raw naked images that are captured before they are analyzed and used to display a generic figure. EPIC’s litigation is designed to determine how ATR software handles naked images of travelers, and how ATR software really impacts traveler privacy.
EPIC’s Freedom of Information Act Requests and Subsequent Lawsuit
On June 15, 2010, EPIC filed a Freedom of Information Act (“FOIA”) request with the Transportation Security Administration (“TSA”) for documents concerning ATR software modifications to airport body scanners. EPIC requested the following agency records:
all specifications provided by the TSA to automated target recognition manufacturers concerning automated target recognition systems;
all records concerning the capabilities, operational effectiveness, or suitability of automated target recognition systems, as described in Secretary Napolitano’s letter to Senator Collins;
all records provided to the TSA from the Dutch government concerning automated target recognition systems deployed in Schiphol Airport, as described in Secretary Napolitano’s letter to Senator Collins;
all records evaluating the [full-body scanning] program and determining automated target recognition requirements for nationwide deployment, as described in Secretary Napolitano’s letter to Senator Collins.
The TSA failed to comply with the FOIA’s requirements, and did not produce any documents. EPIC filed an appeal with the TSA on October 12, 2010, but it repeatedly delayed the appeal, and denied the appeal by not responding.
On December 14, 2010, EPIC sent a second administrative appeal to the TSA, appealing the agency’s failure to respond. On December 27, 2010, the TSA acknowledged receipt of the appeal, but did not produce any documents. The agency invoked a deadline extension, and improperly placed the appeal in a backlogged queue for processing FOIA requests. The agency failed to make any substantive response or produce any documents.
On October 5, 2010 EPIC filed a related FOIA request with the Department of Homeland Security (“DHS”) for the release of the following documents:
all records provided from L3 Communications or Rapiscan in support of the submission or certification of ATR software modifications;
all contracts, contract amendments, or statements of work related to the submission or certification of ATR software modifications;
all information, including results, of government testing of ATR technology, as referenced by Greg Soule of the TSA in an e-mail to Bloomberg News, published September 8, 2010.
DHS forwarded the request to the TSA, where, once again, the Agency provided no substantive response. EPIC filed an administrative appeal with the agency, but received no documents or substantive response despite the expiration of all FOIA mandated deadlines.
EPIC filed suit in response to the TSA’s failures, stating that the agency violated the FOIA in regards to both of its requests and appeals by failing to comply with its statutory deadlines, and wrongfully withholding records. EPIC has requested that the court order TSA to make a determination regarding the FOIA requests, and produce all the documents that fall within the scope of its request.
The TSA claims that the ATR software will eliminate the need for anyone to see naked images of travelers, and protect personal privacy. However, it is unclear if, and to what extent, this is true. The way that traveler images are treated, potentially stored, and transmitted by ATR systems has not been publicly disclosed. EPIC’s FOIA requests and subsequent lawsuit are designed to determine how the ATR software will actually impact traveler privacy, and how it handles traveler images beyond merely generating a generic image.
EPIC has been involved in evaluating and informing the public about the body scanner program since the machines were first implemented. EPIC uncovered a number of DHS and TSA body scanner records that contradict statements made by those agencies through its FOIA lawsuit, EPIC v. Department of Homeland Security, and related FOIA requests. These documents reveal that body scanner machines were designed to capture and store traveler images, despite the TSA’s claims to the contrary. Further, documents obtained in the lawsuit reveal that the scanners are not designed to detect powdered explosives such as pentaerythritol tetranitrate (“PETN”), the explosive used in the failed 2009 Christmas Day “underwear bomb” plot, calling into question the capacity for effective “threat recognition” by ATR software.
EPIC v. The United States Transportation Security Administration, Case No. 11-0290 (RWR) (D.D.C. filed Feb. 2, 2011)