EPIC v. DHS - Body Scanner FOIA Appeal
- EPIC Awarded Nearly $100,000 in Internet Surveillance Case: A federal judge in Washington, DC has issued a final order granting EPIC substantial attorney's fees in a long-running case against the Department of Homeland Security. EPIC sued the DHS in 2012 for information about a secret program to monitor Internet traffic. The "Cyber Pilot" program applied originally to defense contractors, but an executive order dramatically expanded the program, raising concerns about violations of federal wiretap law. EPIC's lawsuit produced the release of several thousand pages on the program. EPIC sought attorneys fees for the successful litigation, which the DHS opposed. In November, Judge Gladys Kessler ruled that EPIC was entitled to attorney's fees because it "substantially prevailed in [the] litigation" and added "to the fund of information that citizens may use in making vital political choices." On Monday, Judge Kessler confirmed that decision and awarded EPIC nearly $100,000 in fees—the largest such award in EPIC's history. (Jun. 5, 2017)
- EPIC Continues Opposition to Social Media Searches of Visa Applicants: In comments to Customs and Border Protection, EPIC opposed a plan to obtain social media information from visa applicants. EPIC said the CBP proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. EPIC has previously opposed proposals to collect social media information from individuals seeking to enter the United States. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country. (May. 31, 2017)
- DC Circuit Rules in Second EPIC Airport Body Scanner Case: In a cursory per curium opinion, the D.C. Circuit denied EPIC's petition for review of the TSA's final rule mandating body scanners in U.S. airports. EPIC argued in EPIC v. DHS II that the TSA had failed to justify body scanners as compared with less invasive, more effective screening techniques, such as magnometers combined with explosive trace detection. Public comments overwhelmingly favored EPIC's recommendations to the federal agency. EPIC also argued that the TSA's decision to end the opt-out was contrary to the DC Circuit's earlier opinion EPIC v. DHS I which held that passengers could opt-out of the invasive screening technique. As Judge Ginsburg explained in the earlier case, "Despite the precautions taken by the TSA, it is clear that by producing an image of the unclothed passenger, an AIT scanner intrudes upon his or her personal privacy in a way a magnetometer does not." Judge Ginsburg further said, "any passenger may opt-out of AIT screening in favor of a patdown, which allows him to decide which of the two options for detecting a concealed, nonmetallic weapon or explosive is least invasive." (May. 30, 2017)
- DHS Privacy Office Releases 2016 Report, Secret Profiling on the Rise: The Department of Homeland Security has released the 2016 Annual Data Mining Report. The report describes several of the agency's profiling systems that assign secret "risk assessments" to U.S. citizens. According to the DHS report, the Analytical Framework for Intelligence is accessible to several agency components, including the Citizenship and Immigration Services, the Coast Guard, and the Transportation Security Administration. Through a Freedom of information Act lawsuit, EPIC previously obtained important documents about the secretive scoring program. EPIC is now appealing EPIC v. CBP to the D.C. Circuit Court of Appeals to compel the release of additional documents. (Apr. 20, 2017)
- Court Rules in EPIC's Passenger Profiling Lawsuit Against DHS: A federal court in Washington, DC has issued a ruling in EPIC v. DHS, case involving a controversial passenger screening program operated by Customs and Border Protection. Under the program, CBP combines detailed personal information with secret algorithms to assign "risk assessments" to travelers—including US citizens. EPIC sued the DHS for information about the "Analytic Framework for Intelligence" program, and argued that the agency unlawfully withheld records under the Freedom of Information Act. As a consequence of the EPIC FOIA lawsuit, EPIC obtained important documents and prevailed in an earlier phase of the case. However, the Court declined to order the further release of certain training materials for the profiling system EPIC sought. EPIC is currently deciding whether to pursue further a legal challenge to the agency's withholding. (Mar. 24, 2017)
- EPIC Submits FOIA Request Seeking Documents on Airline Electronics Ban: EPIC has submitted a Freedom of Information Act request to the TSA seeking information on the recently announced ban on electronics on flights bound for the United States. The ban applies to ten airports in eight majority Muslim countries. EPIC is seeking documents related to the reasons for implementing the ban as well as documentation on TSA policies and procedures for searching electronics in checked luggage. EPIC regularly submits FOIA requests to government agencies and is also seeking information on eye scans conducted at US airports on US travelers. In EPIC v. DHS, EPIC is challenging the TSA's efforts to mandate airport body scanners. (Mar. 22, 2017)
- FBI to Monitor Twitter: According to FBI contracting documents, the FBI has hired Dataminr to monitor in real-time more than 500 million daily tweets. EPIC has warned that these techniques of mass surveillance will subject more innocent people to government investigation. In 2012, EPIC successfully obtained documents detailing the social media monitoring program of the Department of Homeland Security, including instructions to analysts to monitor critics of the agency. EPIC's FOIA work led to a Congressional hearing on social media monitoring and government surveillance. (Nov. 29, 2016)
- EPIC Opposes DHS Plan to Collect Social Media Identifiers: In comments to the Department of Homeland Security, EPIC urged the agency to drop a plan to review the social media accounts of people seeking to visit the U.S. EPIC argued that the proposal threatens important First Amendment rights, risked abuse, and would disproportionately impact against minority groups. Documents obtained by EPIC in 2011 in a Freedom of Information Act lawsuit revealed that the DHS gathered social media comments to identify individuals, including US citizens, critical of the agency and the government. A 2012 Congressional hearing, based on the documents obtained by EPIC, revealed bipartisan opposition to the original DHS social media monitoring program. (Aug. 23, 2016)
- EPIC, Coalition Call for Congressional Hearings on Unlawful TSA Mandate for Body Scanners: EPIC and 25 organizations have urged Congress to hold a hearing on TSA's decision to end the opt-out for airport body scanners. Dozens of organizations petitioned the DHS secretary in 2010 to solicit public comments on the original program. In EPIC v. DHS the lawsuit that followed, the D.C. Circuit ruled that TSA violated federal law when it installed body scanners in airports without public comment. The agency said at the time that the body scanner program was optional. The Court also concluded because "any passenger may opt-out of AIT screening in favor of a patdown" there was no violation of the Fourth Amendment. (Jan. 13, 2016)
- Supreme Court Denies EPIC's Petition to Obtain Cellphone Shutdown Policy: Today, the U.S. Supreme Court declined to review EPIC v. DHS, concerning the government's cellphone shutdown policy. EPIC had pursued the secret policyafter government officials disabled cellular service at a BART station in San Francisco during a peaceful protest. A district court in Washington, D.C. ruled in EPIC's favor when the DHS sought to withhold the policy, but the court of appeals later overturned the ruling. EPIC urged the Supreme Court to review the case to resolve a conflict between the D.C. Circuit and the Second Circuit Courts of Appeals. EPIC also pointed to competing public safety interests when cell service is disabled, but the Court declined. Despite today's order, EPIC successfully obtained a redacted version of the shutdown policy. (Jan. 11, 2016)
In February 2007, the Transportation Security Administration ("TSA"), a component of the U.S. Department of Homeland Security ("DHS"), began testing full body scanners - also called “whole body imaging,” and "advanced imaging technology" - to screen air travelers. Full body scanners produce detailed, three-dimensional images of individuals. Security experts have described full body scanners as the equivalent of "a physically invasive strip-search."
TSA is using full body scanner systems at airport security checkpoints, screening passengers before they board flights. The agency provided various assurances regarding its use of full body scanners. TSA stated that full body scanners would not be mandatory for passengers and that images produced by the machines would not be stored, transmitted, or printed. A previous EPIC FOIA lawsuit against DHS revealed that TSA’s body scanner images can be stored and transmitted.
On February 18, 2009, TSA announced that it would require passengers at six airports to submit to full body scanners in place of the standard metal detector search, which contravenes its earlier statements that full body scanners would not be mandatory. On April 6, 2009, TSA announced its plans to expand the mandatory use of full body scanners to all airports. TSA renewed its call for mandatory body scans for all air travelers in the wake of the attempted bombing of Northwest Flight 253, which traveled from Amsterdam to Detroit on December 25, 2009.
Since June 2009, the TSA has installed hundreds of additional full body scanners in American airports. On July 2, 2010, EPIC filed suit in the U.S. Court of Appeals for the D.C. Circuit to suspend the TSA’s full body scanner program. The Court ruled that the TSA can only use the body scanners so long as passengers are allowed to "opt-out" and receive another form of screening. In addition, the Court ordered the agency to issue formal regulations on the use of the devices. The TSA did not issue a proposed rule until early 2013, and subsequently solicited public comment. The comments have been overwhelmingly opposed to the body scanner program.
Health Risks from Body Scanner Radiation Unknown
Experts have questioned the safety of full body scanners and noted that radiation exposure from devices like full body scanner increases individuals’ cancer risk. No independent study has been conducted on the health risks of full body scanners.
In April 2010, scientists at the University of California - San Francisco wrote to President Obama, calling for an independent review of the full body scanners’ radiation risks. The experts noted that children, pregnant women, and the elderly are especially at risk “from the mutagenic effects of the [body scanners’] X-rays.” Dr. David Brenner, director of Columbia University's Center for Radiological Research and a professor of radiation biophysics, has warned “it's very likely that some number of [air travelers] will develop cancer from the radiation from these scanners.” Peter Rez, a professor of physics at Arizona State University, has identified cancer risks to air travelers arising from improper maintenance and flawed operation of the TSA’s full body scanners. Other scientists and radiology experts have also identified serious health risks associated with the full body scanner program, including increased cancer risk to American travelers.
Automated Target Recognition ("ATR") Software
The manufacturers of body scanners have developed "Automated Target Recognition" ("ATR") software that allows TSA agents viewing the whole-body images to see only a generic human image instead of an image of a traveler's naked body. The software is actually designed to detect "anomalies" on travelers' bodies, and the TSA asserts that this will automatically detect threatening objects travelers are concealing. When an anomaly is detected somewhere on a body, that area is highlighted in red on the displayed generic image. TSA employees are directed to further screen the areas on passengers where anomalies are detected, including an enhanced pat down. If the machine does not detect any threatening objects, instead of displaying an image it will merely display a green "OK."
The TSA began testing the software in airports in February 2011, and has announced that it will be installing this software on all of its millimeter wave body scanners nationwide. Images are displayed alongside the body scanning machines, and passengers are able to view the same image as TSA employees monitoring them.
The TSA believes that ATR modifications will mitigate travelers' privacy concerns. However, it remains unclear whether body scanners using the ATR software will retain, store, or transfer the underlying raw naked images that are captured before they are analyzed and used to display a generic figure. EPIC seeks to determine how ATR software handles naked images of travelers, and how ATR software really impacts traveler privacy.
Body Scanner Radiation Request
On July 13, 2010, EPIC filed a Freedom of Information Act ("FOIA") request with the Department of Homeland Security ("DHS") seeking agency records related to radiation emissions from the machines used at airport security checkpoints. In particular, EPIC requested:
- All records concerning TSA tests regarding body scanners and radiation emission or exposure; and
- All records concerning third party tests regarding body scanners and radiation emission or exposure.
DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On November 19, 2010, EPIC sued DHS to force disclosure of the body scanner radiation documents. The suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. On the heels of EPIC's lawsuit, DHS disclosed key documents, including test results that indicated full body scanners could be emitting more radiation than the TSA claims. But DHS failed to produce all records demanded in EPIC's FOIA request.
Automated Target Recognition Software Requests
In June 2010 and October 2010, EPIC also filed two FOIA requests with the Transportation Security Administration seeking other body scanner records. EPIC sought documents related to the Automated Target Recognition ("ATR") software used by the machines. ATR software analyzes the images produced by the body scanners and identifies "anomalies" that it deems to be "potential threats." If an "anomaly" is found, it triggers additional screening and invasive pat downs by TSA agents. EPIC sought documents that would illuminate how the software works so that its privacy risks could be better understood and managed. DHS Secretary Janet Napolitano previously submitted some of this information in a letter to Senator Susan Collins. In particular, EPIC first requested:
- All specifications provided by TSA to automated target recognition manufacturers concerning automated target recognition systems.
- All records concerning the capabilities, operational effectiveness, or suitability of automated target recognition systems, as described in Secretary Napolitano's letter to Senator Collins.
- All records provided to TSA from the Dutch government concerning automated target recognition systems deployed in Schiphol Airport, as described by Secretary Napolitano's letter to Senator Collins.
- All records evaluating the [body scanner] program and determining automated target recognition requirements for nationwide deployment, as described in Secretary Napolitano's letter to Senator Collins.
EPIC's second FOIA request asked for other ATR-related documents from DHS:
- All records provided from L3 Communications or Rapiscan in support of the submission or certification of ATR software modifications;
- All contracts, contract amendments, or statements of work related to the submission or certification of ATR software modifications;
- All information, including results, of government testing of ATR technology, as referenced by Greg Soule of the TSA in an e-mail to Bloomberg News, published September 8, 2010.
In November 2010, EPIC filed a lawsuit in the U.S. District Court for the District of Columbia against the Department of Homeland Security, for the agency's failure to respond to EPIC's FOIA request for radiation emissions documents. In February 2011, EPIC filed a similar FOIA lawsuit in the same court against the TSA, for failure to disclose documents related to ATR software.
Judge Royce Lamberth, presiding over both lawsuits, ordered the agencies to disclose some documents to EPIC that had previously been withheld. But the Court allowed some other documents to be withheld under the "deliberative process privilege" exemption to the FOIA. This exemption states that agencies may withhold materials that are "deliberative and predecisional" in nature, so as to protect the decision-making process by allowing agency officials to speak candidly. However, entire documents cannot be withheld simply because part of them are deliberative. Rather, the non-deliberative and deliberative materials must be separated and all non-deliberative materials must be disclosed unless they are "inextricably intertwined" with deliberative materials.
The Court, finding that some of the documents contained non-deliberative factual materials, nonetheless allowed the materials to be withheld in their entiretybecause the documents containing them, as a whole, were deliberative. EPIC objected to this incorrect interpretation of established legal precedent and filed an appeal in these cases to the D.C. Circuit Court of Appeals.
On April 16, 2013, EPIC appealed these decisions to the Court of Appeals for the D.C. Circuit. EPIC presented the following issue to be determined by the Court:
- "Whether the District Court erred in failing to apply this Circuit's 'inextricably intertwined test before determining that records containing non-deliberative, factual materials may properly be withheld in their entirety under Exemption 5 of the Freedom of Information Act ("FOIA")."
EPIC also filed a motion to consolidate the two appeals into one case, because they present substantially similar legal issues. Citizens for Responsibility and Ethics in Washington ("CREW") will be filing an amicus brief supporting EPIC's position.
District Court Documents
Court of Appeals Documents
- Procedural Documents
- Notice of Appeal, EPIC v. DHS, ___ F. Supp. 2d ___, No. 10-cv-1992, 2013 WL 829483 at (D.D.C. Mar. 7, 2013)
- Notice of Appeal, EPIC v. TSA, ___ F. Supp. 2d ___, No. 11-cv-0290, 2013 WL 829516 (D.D.C. Mar. 7, 2013)
- Motion to Consolidate
- Statement of Issues
- Briefs and Appendices
- Letter of Assessment, Final Release
- Comparison of X-Ray Technologies for Whole-Body Imaging
- Emission Safety Reports
- American National Standards Institute Standard N43.17-2009 Fact Sheet
- American National Standards Institute Standard N43.17 Fact Sheet
- TSA Full Body Scanner Fact Sheet
- EPIC: Open Government
- EPIC v. TSA - Body Scanner Modifications (ATR)
- EPIC v. DHS - Full Body Scanner Radiation Risks
- EPIC v. DHS - Suspension of Body Scanner Program
- EPIC: Whole Body Imaging Technology and Body Scanners
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
by Ryan Calo, A. Michael Froomkin,