EPIC v. DHS - Body Scanner FOIA Appeal
- EPIC Urges Congress to Examine FBI Response to Russian Cyber Attacks: EPIC has sent a statement to the House Judiciary Committee ahead of Thursday's FBI Oversight hearing. EPIC urged the Committee to question FBI Director Wray about the agency's ability to respond to future cyberattacks concerning the 2018 elections. A recent Associated Press investigation found that the FBI, the lead agency for cyber response, did not notify U.S. officials that their email accounts were compromised during the 2016 election. According to documents obtained by EPIC, the FBI is to notify victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit, EPIC v. FBI, filed earlier this year. EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. ODNI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity). (Dec. 5, 2017)
- EPIC FOIA - Rep. Ted Lieu Asks FBI to Explain Failure to Notify Russian Hacking Victims: In a letter to FBI director Christopher Wray, Rep. Ted Lieu (D-CA) asked the FBI to brief Congress on the agency's failure to notify victims targeted by the Russian hacking group Fancy Bear. Lieu's letter follows an Associated Press's (AP) investigation which found that the FBI did not notify U.S. officials that their accounts were compromised even though the FBI knew of the targeted cyber attacks and had primary responsibility in the federal government for notification. EPIC obtained the FBI's Victim Notification Procedures through a Freedom of Information Act lawsuit (EPIC v. FBI) filed earlier this year. The FBI policy calls for notifying victims of cyberattacks "even when it may interfere with another investigation or (intelligence) operation." EPIC is currently pursuing several related FOIA cases about Russian interference in the 2016 Presidential election, including EPIC v. ODNI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity). (Nov. 28, 2017)
- Nominee for DHS Secretary Favors Less Wall, More Surveillance Tech at Border: Today Congress considered the nomination of Kirstjen M. Nielsen as Secretary at the Department of Homeland Security. Ms. Nielsen opposes a border wall but suggested an expansion of border surveillance. "Technology, as you know, plays a key part, and we can't forget it," she said. EPIC is pursuing a FOIA request regarding the use of DHS drones for border surveillance. Earlier EPIC cases - including EPIC v. DHS which led to the removal of x-ray body scanners in US airports - revealed that technologies for border surveillance invariably impact the privacy rights of Americans. Ms. Nielsen views on the use of DACA applicant data for enforcement remains unclear. EPIC recently warned that 800,000 DACA applicants face privacy risks as a result of the decision to end the Deferred Action for Childhood Arrivals. (Nov. 9, 2017)
- Senate Begins Investigation Into Russian Meddling: This week the Senate is holding two hearings to investigate Russians' use of social media platforms to influence the 2016 U.S. presidential election. Today, the Senate Committee on the Judiciary's Subcommittee on Crime and Terrorism is holding a hearing on "Extremist Content and Russian Disinformation Online: Working with Tech to Find Solutions." Representatives from Facebook, Twitter, and Google as well as foreign policy experts will testify. Tomorrow the Senate Select Committee on Intelligence will hold a hearing on "Social Media Influence in the 2016 U.S. Elections." In 2017, EPIC launched the Democracy and Cybersecurity project to preserve the integrity of democratic institutions. EPIC is currently pursuing several Freedom of Information Act cases to learn more about Russian interference in the 2016 Presidential election, including: EPIC v. ODNI (Russian hacking), EPIC v. FBI (Russian hacking), EPIC v. IRS (Release of Trump Tax Returns), and EPIC v. DHS (election cybersecurity). (Oct. 31, 2017)
- EPIC Opposes DHS Plan for Social Media Surveillance: In comments to the Department of Homeland Security, EPIC opposed a plan to add social media information to the official files of all immigrants. EPIC said the DHS proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. A coalition of organizations also submitted comments to express concern about the proposal. EPIC previously opposed a Customs and Border Protection proposal to collect social media identifiers from visa applicants. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country. (Oct. 19, 2017)
- TSA Proposal to Inspect Books at US Airports Raises First Amendment Concerns: The TSA is considering a requirement to remove books from carry-on luggage for inspection during security screenings. The procedure raises concerns that individuals may be singled out for their religious and political beliefs, implicating core First Amendment values. In 2015 a college student won a $25,000 settlement after he was detained by the TSA for carrying Arabic flash cards. EPIC has pursued litigation against invasive airport screening techniques. In EPIC v. DHS, EPIC successfully sued to require the Department of Homeland Security to obtain public comment on the use of body scanners in U.S. airports. The litigation also led to the removal the backscatter x-ray devices from airports. EPIC recently filed a FOIA request to determine why US travelers returning to the United States are subject to biometric identification. In numerous cases, including a recent case before the US Supreme Court, EPIC has argued for the freedom to without government surveillance. (Jun. 27, 2017)
- EPIC Awarded Nearly $100,000 in Internet Surveillance Case: A federal judge in Washington, DC has issued a final order granting EPIC substantial attorney's fees in a long-running case against the Department of Homeland Security. EPIC sued the DHS in 2012 for information about a secret program to monitor Internet traffic. The "Cyber Pilot" program applied originally to defense contractors, but an executive order dramatically expanded the program, raising concerns about violations of federal wiretap law. EPIC's lawsuit produced the release of several thousand pages on the program. EPIC sought attorneys fees for the successful litigation, which the DHS opposed. In November, Judge Gladys Kessler ruled that EPIC was entitled to attorney's fees because it "substantially prevailed in [the] litigation" and added "to the fund of information that citizens may use in making vital political choices." On Monday, Judge Kessler confirmed that decision and awarded EPIC nearly $100,000 in fees—the largest such award in EPIC's history. (Jun. 5, 2017)
- EPIC Continues Opposition to Social Media Searches of Visa Applicants: In comments to Customs and Border Protection, EPIC opposed a plan to obtain social media information from visa applicants. EPIC said the CBP proposal threatens First Amendment rights, risked abuse, and would disproportionately impact minority groups. EPIC has previously opposed proposals to collect social media information from individuals seeking to enter the United States. In a FOIA lawsuit against DHS, EPIC obtained documents which revealed that federal agencies gather social media comments to identify individuals critical of the government. EPIC is currently pursuing a FOIA request about a revised DHS plan to require disclosure of social media passwords before allowing entry into the country. (May. 31, 2017)
- DC Circuit Rules in Second EPIC Airport Body Scanner Case: In a cursory per curium opinion, the D.C. Circuit denied EPIC's petition for review of the TSA's final rule mandating body scanners in U.S. airports. EPIC argued in EPIC v. DHS II that the TSA had failed to justify body scanners as compared with less invasive, more effective screening techniques, such as magnometers combined with explosive trace detection. Public comments overwhelmingly favored EPIC's recommendations to the federal agency. EPIC also argued that the TSA's decision to end the opt-out was contrary to the DC Circuit's earlier opinion EPIC v. DHS I which held that passengers could opt-out of the invasive screening technique. As Judge Ginsburg explained in the earlier case, "Despite the precautions taken by the TSA, it is clear that by producing an image of the unclothed passenger, an AIT scanner intrudes upon his or her personal privacy in a way a magnetometer does not." Judge Ginsburg further said, "any passenger may opt-out of AIT screening in favor of a patdown, which allows him to decide which of the two options for detecting a concealed, nonmetallic weapon or explosive is least invasive." (May. 30, 2017)
- DHS Privacy Office Releases 2016 Report, Secret Profiling on the Rise: The Department of Homeland Security has released the 2016 Annual Data Mining Report. The report describes several of the agency's profiling systems that assign secret "risk assessments" to U.S. citizens. According to the DHS report, the Analytical Framework for Intelligence is accessible to several agency components, including the Citizenship and Immigration Services, the Coast Guard, and the Transportation Security Administration. Through a Freedom of information Act lawsuit, EPIC previously obtained important documents about the secretive scoring program. EPIC is now appealing EPIC v. CBP to the D.C. Circuit Court of Appeals to compel the release of additional documents. (Apr. 20, 2017)
In February 2007, the Transportation Security Administration ("TSA"), a component of the U.S. Department of Homeland Security ("DHS"), began testing full body scanners - also called “whole body imaging,” and "advanced imaging technology" - to screen air travelers. Full body scanners produce detailed, three-dimensional images of individuals. Security experts have described full body scanners as the equivalent of "a physically invasive strip-search."
TSA is using full body scanner systems at airport security checkpoints, screening passengers before they board flights. The agency provided various assurances regarding its use of full body scanners. TSA stated that full body scanners would not be mandatory for passengers and that images produced by the machines would not be stored, transmitted, or printed. A previous EPIC FOIA lawsuit against DHS revealed that TSA’s body scanner images can be stored and transmitted.
On February 18, 2009, TSA announced that it would require passengers at six airports to submit to full body scanners in place of the standard metal detector search, which contravenes its earlier statements that full body scanners would not be mandatory. On April 6, 2009, TSA announced its plans to expand the mandatory use of full body scanners to all airports. TSA renewed its call for mandatory body scans for all air travelers in the wake of the attempted bombing of Northwest Flight 253, which traveled from Amsterdam to Detroit on December 25, 2009.
Since June 2009, the TSA has installed hundreds of additional full body scanners in American airports. On July 2, 2010, EPIC filed suit in the U.S. Court of Appeals for the D.C. Circuit to suspend the TSA’s full body scanner program. The Court ruled that the TSA can only use the body scanners so long as passengers are allowed to "opt-out" and receive another form of screening. In addition, the Court ordered the agency to issue formal regulations on the use of the devices. The TSA did not issue a proposed rule until early 2013, and subsequently solicited public comment. The comments have been overwhelmingly opposed to the body scanner program.
Health Risks from Body Scanner Radiation Unknown
Experts have questioned the safety of full body scanners and noted that radiation exposure from devices like full body scanner increases individuals’ cancer risk. No independent study has been conducted on the health risks of full body scanners.
In April 2010, scientists at the University of California - San Francisco wrote to President Obama, calling for an independent review of the full body scanners’ radiation risks. The experts noted that children, pregnant women, and the elderly are especially at risk “from the mutagenic effects of the [body scanners’] X-rays.” Dr. David Brenner, director of Columbia University's Center for Radiological Research and a professor of radiation biophysics, has warned “it's very likely that some number of [air travelers] will develop cancer from the radiation from these scanners.” Peter Rez, a professor of physics at Arizona State University, has identified cancer risks to air travelers arising from improper maintenance and flawed operation of the TSA’s full body scanners. Other scientists and radiology experts have also identified serious health risks associated with the full body scanner program, including increased cancer risk to American travelers.
Automated Target Recognition ("ATR") Software
The manufacturers of body scanners have developed "Automated Target Recognition" ("ATR") software that allows TSA agents viewing the whole-body images to see only a generic human image instead of an image of a traveler's naked body. The software is actually designed to detect "anomalies" on travelers' bodies, and the TSA asserts that this will automatically detect threatening objects travelers are concealing. When an anomaly is detected somewhere on a body, that area is highlighted in red on the displayed generic image. TSA employees are directed to further screen the areas on passengers where anomalies are detected, including an enhanced pat down. If the machine does not detect any threatening objects, instead of displaying an image it will merely display a green "OK."
The TSA began testing the software in airports in February 2011, and has announced that it will be installing this software on all of its millimeter wave body scanners nationwide. Images are displayed alongside the body scanning machines, and passengers are able to view the same image as TSA employees monitoring them.
The TSA believes that ATR modifications will mitigate travelers' privacy concerns. However, it remains unclear whether body scanners using the ATR software will retain, store, or transfer the underlying raw naked images that are captured before they are analyzed and used to display a generic figure. EPIC seeks to determine how ATR software handles naked images of travelers, and how ATR software really impacts traveler privacy.
Body Scanner Radiation Request
On July 13, 2010, EPIC filed a Freedom of Information Act ("FOIA") request with the Department of Homeland Security ("DHS") seeking agency records related to radiation emissions from the machines used at airport security checkpoints. In particular, EPIC requested:
- All records concerning TSA tests regarding body scanners and radiation emission or exposure; and
- All records concerning third party tests regarding body scanners and radiation emission or exposure.
DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On November 19, 2010, EPIC sued DHS to force disclosure of the body scanner radiation documents. The suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. On the heels of EPIC's lawsuit, DHS disclosed key documents, including test results that indicated full body scanners could be emitting more radiation than the TSA claims. But DHS failed to produce all records demanded in EPIC's FOIA request.
Automated Target Recognition Software Requests
In June 2010 and October 2010, EPIC also filed two FOIA requests with the Transportation Security Administration seeking other body scanner records. EPIC sought documents related to the Automated Target Recognition ("ATR") software used by the machines. ATR software analyzes the images produced by the body scanners and identifies "anomalies" that it deems to be "potential threats." If an "anomaly" is found, it triggers additional screening and invasive pat downs by TSA agents. EPIC sought documents that would illuminate how the software works so that its privacy risks could be better understood and managed. DHS Secretary Janet Napolitano previously submitted some of this information in a letter to Senator Susan Collins. In particular, EPIC first requested:
- All specifications provided by TSA to automated target recognition manufacturers concerning automated target recognition systems.
- All records concerning the capabilities, operational effectiveness, or suitability of automated target recognition systems, as described in Secretary Napolitano's letter to Senator Collins.
- All records provided to TSA from the Dutch government concerning automated target recognition systems deployed in Schiphol Airport, as described by Secretary Napolitano's letter to Senator Collins.
- All records evaluating the [body scanner] program and determining automated target recognition requirements for nationwide deployment, as described in Secretary Napolitano's letter to Senator Collins.
EPIC's second FOIA request asked for other ATR-related documents from DHS:
- All records provided from L3 Communications or Rapiscan in support of the submission or certification of ATR software modifications;
- All contracts, contract amendments, or statements of work related to the submission or certification of ATR software modifications;
- All information, including results, of government testing of ATR technology, as referenced by Greg Soule of the TSA in an e-mail to Bloomberg News, published September 8, 2010.
In November 2010, EPIC filed a lawsuit in the U.S. District Court for the District of Columbia against the Department of Homeland Security, for the agency's failure to respond to EPIC's FOIA request for radiation emissions documents. In February 2011, EPIC filed a similar FOIA lawsuit in the same court against the TSA, for failure to disclose documents related to ATR software.
Judge Royce Lamberth, presiding over both lawsuits, ordered the agencies to disclose some documents to EPIC that had previously been withheld. But the Court allowed some other documents to be withheld under the "deliberative process privilege" exemption to the FOIA. This exemption states that agencies may withhold materials that are "deliberative and predecisional" in nature, so as to protect the decision-making process by allowing agency officials to speak candidly. However, entire documents cannot be withheld simply because part of them are deliberative. Rather, the non-deliberative and deliberative materials must be separated and all non-deliberative materials must be disclosed unless they are "inextricably intertwined" with deliberative materials.
The Court, finding that some of the documents contained non-deliberative factual materials, nonetheless allowed the materials to be withheld in their entiretybecause the documents containing them, as a whole, were deliberative. EPIC objected to this incorrect interpretation of established legal precedent and filed an appeal in these cases to the D.C. Circuit Court of Appeals.
On April 16, 2013, EPIC appealed these decisions to the Court of Appeals for the D.C. Circuit. EPIC presented the following issue to be determined by the Court:
- "Whether the District Court erred in failing to apply this Circuit's 'inextricably intertwined test before determining that records containing non-deliberative, factual materials may properly be withheld in their entirety under Exemption 5 of the Freedom of Information Act ("FOIA")."
EPIC also filed a motion to consolidate the two appeals into one case, because they present substantially similar legal issues. Citizens for Responsibility and Ethics in Washington ("CREW") will be filing an amicus brief supporting EPIC's position.
District Court Documents
Court of Appeals Documents
- Procedural Documents
- Notice of Appeal, EPIC v. DHS, ___ F. Supp. 2d ___, No. 10-cv-1992, 2013 WL 829483 at (D.D.C. Mar. 7, 2013)
- Notice of Appeal, EPIC v. TSA, ___ F. Supp. 2d ___, No. 11-cv-0290, 2013 WL 829516 (D.D.C. Mar. 7, 2013)
- Motion to Consolidate
- Statement of Issues
- Briefs and Appendices
- Letter of Assessment, Final Release
- Comparison of X-Ray Technologies for Whole-Body Imaging
- Emission Safety Reports
- American National Standards Institute Standard N43.17-2009 Fact Sheet
- American National Standards Institute Standard N43.17 Fact Sheet
- TSA Full Body Scanner Fact Sheet
- EPIC: Open Government
- EPIC v. TSA - Body Scanner Modifications (ATR)
- EPIC v. DHS - Full Body Scanner Radiation Risks
- EPIC v. DHS - Suspension of Body Scanner Program
- EPIC: Whole Body Imaging Technology and Body Scanners
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age