EPIC v. DHS - Body Scanner FOIA Appeal

Litigating the Interpretation of the Freedom of Information Act

Top News

  • D.C. Circuit Sets Date for Argument in EPIC v. IRS, FOIA Case for Trump's Tax Returns: The D.C. Circuit has scheduled oral argument in EPIC v. IRS, EPIC's Freedom of Information Act case to obtain public release of President Trump's tax returns. The Court will hear the case on Thursday, September 13, 2018. EPIC has argued that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim "plainly contradicted by his own attorneys, family members, and business partners." As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS." A broad majority of the American public favor the release of the President's tax returns. EPIC v. IRS is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyber attack) and EPIC v. DHS (election cybersecurity). (Jun. 19, 2018)
  • EPIC Sues to Obtain Privacy Impact Assessment for DHS Journalist Database: EPIC has filed a Freedom of Information Act lawsuit to obtain a Privacy Impact Assessment for "Media Monitoring Services," a controversial new database proposed by the Department of Homeland Security. In April, the DHS announced a system to track journalists and "media influencers" and to monitor hundreds of thousands of news outlets and social media accounts. Although the system is designed to monitor journalists, the federal agency failed to conduct a Privacy Impact Assessment as required by law. EPIC submitted a request for Assessment but the agency did not respond. EPIC has successfully obtained several Privacy Impact Assessments, including a related media tracking system (EPIC v. DHS) and for facial recognition technology (EPIC v. FBI). In EPIC v. Presidential Election Commission, EPIC challenged the Commission's failure to publish a Privacy Impact Assessment prior to collection of state voter data. (May. 31, 2018)
  • EPIC, Coalition Oppose State Department's Plan to Collect Social Media Identifiers of Visa Applicants: EPIC, the Brennan Center and 55 privacy, civil liberties, and civil rights organizations submitted comments opposing the State Department's plan to collect social media identifiers from individuals applying for visas. The coalition warned that the proposal would "undermine First Amendment rights of speech, expression, and association." Social media monitoring raises serious privacy and civil liberties issues. EPIC previously opposed the State Department's expansion of social media collection as well as a similar proposal by the Department of Homeland Security. In EPIC v. DHS, a 2011 Freedom of Information Act case, EPIC uncovered the first agency plan to monitor social media. (May. 30, 2018)
  • After EPIC Obtains FBI Victim Notification Procedures, Court Rules for Bureau: After EPIC obtained the FBI cyberattack victim notification procedures in Freedom of Information Act lawsuit EPIC v. FBI, a D.C. federal court has ruled that the agency may withhold remaining records explaining FBI's response to the Russian interference in the 2016 election. EPIC had argued that the FBI had failed to demonstrate that releasing records of the agency's response to cyberattacks would interfere with its investigation of the Russian interference. The "Victim Notification Procedures" obtained by EPIC led to Associated Press investigation which found that the FBI did not follow the Procedures and failed to notify U.S. officials that their email accounts were compromised. EPIC is currently pursuing related FOIA cases about Russian interference in the 2016 election, including EPIC v. IRS (Release of Trump Tax Returns) and EPIC v. DHS (election cybersecurity). (May. 23, 2018)
  • EPIC Obtains Comey's Memos Detailing Conversations with Trump: Through a Freedom of Information Act request, EPIC obtained declassified memorandums from former FBI Director James Comey detailing his conversations with President Trump from January to April 2017. The conversations include President Trump asking about the possibility of imprisoning journalists, dropping the investigation of former advisor Michael Flynn, and the need to "lift the cloud" of the Russia investigation. In early 2017, EPIC launched the Project on Democracy and Cybersecurity. EPIC is currently pursuing several FOIA cases concerning Russian interference with the 2016 election including: EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity). (May. 15, 2018)
  • Tax Day: EPIC Files Second Lawsuit to Obtain Trump Tax Records: EPIC has filed a second Freedom of Information Act lawsuit to obtain President Trump's tax records. EPIC is seeking information about IRS settlements involving the President and his businesses—information which the agency is required to disclose to the public upon request. The IRS agreed to process EPIC's request in February but has failed to release any records to date. EPIC previously sued the IRS for the release of the President's personal tax returns to correct misstatements of fact about his financial ties to Russia. President Trump tweeted "I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim contradicted by the President's own lawyers. That case, EPIC v. IRS, is now before the D.C. Circuit Court of Appeals. EPIC is litigating several other FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. FBI (response to Russian cyber attack) and EPIC v. DHS (election cybersecurity). (Apr. 17, 2018)
  • EPIC v. IRS: EPIC Urges D.C. Circuit to Green-Light Release of President Trump's Tax Returns: EPIC has filed the opening brief in its case to obtain President Trump's tax returns. EPIC told the D.C. Circuit Court of Appeals that the IRS has the authority to disclose the President's returns to correct numerous misstatements of fact concerning his financial ties to Russia. For example, President Trump tweeted that "Russia has never tried to use leverage over me. I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim "plainly contradicted by his own attorneys, family members, and business partners." A Quinnipiac poll released today confirms that public overwhelmingly supports (67%) the release of the President's returns. As EPIC told the Court, "there has never been a more compelling FOIA request presented to the IRS." EPIC v. IRS is one of several FOIA cases EPIC is pursuing concerning Russian interference in the 2016 Presidential election, including EPIC v. ODNI (scope of Russian interference), EPIC v. FBI (response to Russian cyber attack), and EPIC v. DHS (election cybersecurity). Press Release. (Feb. 22, 2018)
  • Congressional Task Force Releases Report on Election Security: The Congressional Task Force on Election Security today released its final report detailing vulnerabilities in U.S. election systems. The report includes many recommendations, purchasing voting systems with paper ballots, post-election audits, and funding for IT support. The report also proposes a national strategy to counter efforts to undermine democratic institutions. Election experts have said that Congress has not done enough to safeguard the mid-term elections. In early 2017, EPIC launched the Project on Democracy and Cybersecurity. EPIC is currently pursuing several FOIA cases concerning Russian interference with the 2016 election, including EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity). (Feb. 14, 2018)
  • Senators Question Intelligence Officials on Russian Election Interference: The Senate Intelligence Committee held a hearing today with top officials from all U.S. intelligence agencies: Office of the Director of National Intelligence, CIA, NSA, Defense Intelligence Agency, FBI, and the National Geospatial-Intelligence Agency. The officials unanimously agreed that Russia interfered in the 2016 election and will interfere in the 2018 election, noting that they have already observed attempts to influence upcoming elections. Director of National Intelligence Dan Coats said: "There should be no doubt that Russia perceived that its past efforts as successful and views the 2018 U.S. midterm elections as a potential target for Russian influence operations." EPIC launched the Project on Democracy and Cybersecurity, after the 2016 presidential election, to safeguard democratic institutions. EPIC is currently pursuing several FOIA cases concerning Russian interference, including EPIC v. FBI (cyberattack victim notification), EPIC v. ODNI (Russian hacking), EPIC v. IRS (release of Trump's tax returns), and EPIC v. DHS (election cybersecurity). EPIC also provided comments to the Federal Election Commission to improve transparency of election advertising on social media. (Feb. 13, 2018)
  • EPIC FOIA: IRS Agrees to Fulfill EPIC's Request for Trump Tax Records: The IRS acknowledged that it will fulfill EPIC's FOIA request seeking certain tax records of President Trump and the President's businesses. It marks the first time, to EPIC's knowledge, that the IRS has agreed to process a third-party FOIA request for the President's tax information. EPIC is seeking tax records relating to settlements with the IRS, which the agency is required to disclose to the public upon request. EPIC previously sued the IRS for the release of the President's personal tax returns to correct misstatements of fact about his financial ties to Russia. President Trump tweeted "I HAVE NOTHING TO DO WITH RUSSIA - NO DEALS, NO LOANS, NO NOTHING"—a claim contradicted by the President's own lawyers. That case, EPIC v. IRS, is now before the D.C. Circuit Court of Appeals. EPIC is litigating several other FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. ODNI (scope of Russian interference), EPIC v. FBI (response to Russian cyber attack), and EPIC v. DHS (election cybersecurity). (Feb. 12, 2018)

Factual Background on Airport Body Scanners

In February 2007, the Transportation Security Administration ("TSA"), a component of the U.S. Department of Homeland Security ("DHS"), began testing full body scanners - also called “whole body imaging,” and "advanced imaging technology" - to screen air travelers. Full body scanners produce detailed, three-dimensional images of individuals. Security experts have described full body scanners as the equivalent of "a physically invasive strip-search."

TSA is using full body scanner systems at airport security checkpoints, screening passengers before they board flights. The agency provided various assurances regarding its use of full body scanners. TSA stated that full body scanners would not be mandatory for passengers and that images produced by the machines would not be stored, transmitted, or printed. A previous EPIC FOIA lawsuit against DHS revealed that TSA’s body scanner images can be stored and transmitted.

On February 18, 2009, TSA announced that it would require passengers at six airports to submit to full body scanners in place of the standard metal detector search, which contravenes its earlier statements that full body scanners would not be mandatory. On April 6, 2009, TSA announced its plans to expand the mandatory use of full body scanners to all airports. TSA renewed its call for mandatory body scans for all air travelers in the wake of the attempted bombing of Northwest Flight 253, which traveled from Amsterdam to Detroit on December 25, 2009.

Since June 2009, the TSA has installed hundreds of additional full body scanners in American airports. On July 2, 2010, EPIC filed suit in the U.S. Court of Appeals for the D.C. Circuit to suspend the TSA’s full body scanner program. The Court ruled that the TSA can only use the body scanners so long as passengers are allowed to "opt-out" and receive another form of screening. In addition, the Court ordered the agency to issue formal regulations on the use of the devices. The TSA did not issue a proposed rule until early 2013, and subsequently solicited public comment. The comments have been overwhelmingly opposed to the body scanner program.

Health Risks from Body Scanner Radiation Unknown

Experts have questioned the safety of full body scanners and noted that radiation exposure from devices like full body scanner increases individuals’ cancer risk. No independent study has been conducted on the health risks of full body scanners.

In April 2010, scientists at the University of California - San Francisco wrote to President Obama, calling for an independent review of the full body scanners’ radiation risks. The experts noted that children, pregnant women, and the elderly are especially at risk “from the mutagenic effects of the [body scanners’] X-rays.” Dr. David Brenner, director of Columbia University's Center for Radiological Research and a professor of radiation biophysics, has warned “it's very likely that some number of [air travelers] will develop cancer from the radiation from these scanners.” Peter Rez, a professor of physics at Arizona State University, has identified cancer risks to air travelers arising from improper maintenance and flawed operation of the TSA’s full body scanners. Other scientists and radiology experts have also identified serious health risks associated with the full body scanner program, including increased cancer risk to American travelers.

Automated Target Recognition ("ATR") Software

The manufacturers of body scanners have developed "Automated Target Recognition" ("ATR") software that allows TSA agents viewing the whole-body images to see only a generic human image instead of an image of a traveler's naked body. The software is actually designed to detect "anomalies" on travelers' bodies, and the TSA asserts that this will automatically detect threatening objects travelers are concealing. When an anomaly is detected somewhere on a body, that area is highlighted in red on the displayed generic image. TSA employees are directed to further screen the areas on passengers where anomalies are detected, including an enhanced pat down. If the machine does not detect any threatening objects, instead of displaying an image it will merely display a green "OK."

The TSA began testing the software in airports in February 2011, and has announced that it will be installing this software on all of its millimeter wave body scanners nationwide. Images are displayed alongside the body scanning machines, and passengers are able to view the same image as TSA employees monitoring them.

The TSA believes that ATR modifications will mitigate travelers' privacy concerns. However, it remains unclear whether body scanners using the ATR software will retain, store, or transfer the underlying raw naked images that are captured before they are analyzed and used to display a generic figure. EPIC seeks to determine how ATR software handles naked images of travelers, and how ATR software really impacts traveler privacy.

EPIC's Freedom of Information Act Requests

Body Scanner Radiation Request

On July 13, 2010, EPIC filed a Freedom of Information Act ("FOIA") request with the Department of Homeland Security ("DHS") seeking agency records related to radiation emissions from the machines used at airport security checkpoints. In particular, EPIC requested:

  1. All records concerning TSA tests regarding body scanners and radiation emission or exposure; and
  2. All records concerning third party tests regarding body scanners and radiation emission or exposure.

DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On November 19, 2010, EPIC sued DHS to force disclosure of the body scanner radiation documents. The suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. On the heels of EPIC's lawsuit, DHS disclosed key documents, including test results that indicated full body scanners could be emitting more radiation than the TSA claims. But DHS failed to produce all records demanded in EPIC's FOIA request.

Automated Target Recognition Software Requests

In June 2010 and October 2010, EPIC also filed two FOIA requests with the Transportation Security Administration seeking other body scanner records. EPIC sought documents related to the Automated Target Recognition ("ATR") software used by the machines. ATR software analyzes the images produced by the body scanners and identifies "anomalies" that it deems to be "potential threats." If an "anomaly" is found, it triggers additional screening and invasive pat downs by TSA agents. EPIC sought documents that would illuminate how the software works so that its privacy risks could be better understood and managed. DHS Secretary Janet Napolitano previously submitted some of this information in a letter to Senator Susan Collins. In particular, EPIC first requested:

  1. All specifications provided by TSA to automated target recognition manufacturers concerning automated target recognition systems.
  2. All records concerning the capabilities, operational effectiveness, or suitability of automated target recognition systems, as described in Secretary Napolitano's letter to Senator Collins.
  3. All records provided to TSA from the Dutch government concerning automated target recognition systems deployed in Schiphol Airport, as described by Secretary Napolitano's letter to Senator Collins.
  4. All records evaluating the [body scanner] program and determining automated target recognition requirements for nationwide deployment, as described in Secretary Napolitano's letter to Senator Collins.

EPIC's second FOIA request asked for other ATR-related documents from DHS:

  1. All records provided from L3 Communications or Rapiscan in support of the submission or certification of ATR software modifications;
  2. All contracts, contract amendments, or statements of work related to the submission or certification of ATR software modifications;
  3. All information, including results, of government testing of ATR technology, as referenced by Greg Soule of the TSA in an e-mail to Bloomberg News, published September 8, 2010.

Litigation in the U.S. District Court for the District of Columbia

DHS and TSA failed to fully respond to EPIC's FOIA requests. The agencies withheld documents and, when they did release some documents, asserted exemptions in an overbroad manner.

In November 2010, EPIC filed a lawsuit in the U.S. District Court for the District of Columbia against the Department of Homeland Security, for the agency's failure to respond to EPIC's FOIA request for radiation emissions documents. In February 2011, EPIC filed a similar FOIA lawsuit in the same court against the TSA, for failure to disclose documents related to ATR software.

Judge Royce Lamberth, presiding over both lawsuits, ordered the agencies to disclose some documents to EPIC that had previously been withheld. But the Court allowed some other documents to be withheld under the "deliberative process privilege" exemption to the FOIA. This exemption states that agencies may withhold materials that are "deliberative and predecisional" in nature, so as to protect the decision-making process by allowing agency officials to speak candidly. However, entire documents cannot be withheld simply because part of them are deliberative. Rather, the non-deliberative and deliberative materials must be separated and all non-deliberative materials must be disclosed unless they are "inextricably intertwined" with deliberative materials.

The Court, finding that some of the documents contained non-deliberative factual materials, nonetheless allowed the materials to be withheld in their entiretybecause the documents containing them, as a whole, were deliberative. EPIC objected to this incorrect interpretation of established legal precedent and filed an appeal in these cases to the D.C. Circuit Court of Appeals.

Litigation in the Court of Appeals for the D.C. Circuit

On April 16, 2013, EPIC appealed these decisions to the Court of Appeals for the D.C. Circuit. EPIC presented the following issue to be determined by the Court:

  • "Whether the District Court erred in failing to apply this Circuit's 'inextricably intertwined test before determining that records containing non-deliberative, factual materials may properly be withheld in their entirety under Exemption 5 of the Freedom of Information Act ("FOIA")."

EPIC also filed a motion to consolidate the two appeals into one case, because they present substantially similar legal issues. Citizens for Responsibility and Ethics in Washington ("CREW") will be filing an amicus brief supporting EPIC's position.

Legal Documents

District Court Documents

Court of Appeals Documents

Disclosed Documents

Resources

Pages

News Reports

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.

Universal Guidelines for AI

UGAI image

EPIC is gathering support for the Universal Guidelines for Artificial Intelligence, which aim to inform and improve the design and use of AI.