EPIC v. TSA - Body Scanner Modifications (ATR)
- EPIC Obtains Final Report on "Face ePassport Air Entry Experiment": As the result of a Freedom of Information Act request, EPIC has obtained a report on the use of face recognition on travelers entering the United States at Dulles Airport. The report was obtained after EPIC filed a lawsuit against Customs and Border Protection for documents about the agency's biometric entry/exit program, expedited by Executive Order 13769. As the report was heavily redacted, EPIC's FOIA lawsuit is ongoing. In a statement to the House Homeland Security Committee earlier this year, EPIC warned that biometric identification techniques, such as facial recognition, lack proper privacy safeguards. EPIC has extensively litigated airport screening techniques, including EPIC v. TSA, concerning airport body screening. (Sep. 8, 2017)
- EPIC Files Suit to Block "Invasive and Ineffective" Airport Body Scanner Program: EPIC has filed the opening brief in EPIC v. TSA II with the federal appeals court in Washington, DC, challenging the Transportation Security Administration's continued use of body scanners in US airports. TSA issued a regulation mandating the use of body scanners across the country more than five years after the court in EPIC v. TSA ordered the agency to "promptly" solicit public comments on the controversial body scanners program and nearly a decade after the agency deployed the scanners without public comments. EPIC told the court that the TSA's regulation entrenches body scanners over more effective less intrusive screening techniques, and undermines the legal right of passengers to opt out. EPIC wrote that the TSA has failed to "justify the use of invasive screening techniques, or to provide the public with an opportunity to respond to the denial of the passenger opt-out right." (Sep. 27, 2016)
- EPIC Appeals Secrecy of Body Scanner Radiation Documents: EPIC has challenged a District Court decision which allowed two federal agencies to withhold documents about airport body scanners, including test results, fact sheets, and estimates regarding radiation risks. In the opening brief to the DC Circuit Court of Appeals, EPIC argues that federal agencies may not withhold factual information under the "deliberative process privilege" in the Freedom of Information Act. EPIC said that under "under the standard adopted by the lower court, not only would the judgement of agency officials be exempt, but so too would reports or studies of any significance." For more information, see EPIC: DHS Body Scanner FOIA Appeal, EPIC v. DHS and EPIC v. TSA. (Oct. 3, 2013)
- TSA "Unplugs, Boxes Up, and Ships Back" X-Ray Body Scanners: The TSA has completed removal of the x-ray body scanners from US airports. The devices revealed detailed images of a person's naked body and have been described as "digital strip searches." The TSA action follows an Act of Congress and several lawsuits by EPIC. The TSA was forced to remove the machines after Congress required that the devices produce only generic image. And as result of EPIC v. TSA the TSA is currently required to accept public comments on its airport screening procedures. The public has until June 24, 2013 to voice its opinions. The millimeter wave devices remain in US airports. For more information, see: EPIC: Comment on the TSA Nude Body Scanner Proposal and EPIC: ATR lawsuit.
Backscatter x-ray machines show detailed images of a person's naked body and have been described as "digital strip searches."(May. 30, 2013)
- Public Opposes TSA Nude Body Scanners: Following a court mandate that the Transportation Security Administration receive public comment on airport body scanners, the public overwhelmingly opposes invasive nude body scanners. The court mandate was in response to EPIC's lawsuit in EPIC v. DHS, where EPIC successfully challenged the TSA's unlawful deployment of airport body scanners. The TSA will accept comments until June 24, 2013. The public has submitted almost 2,000 comments noting various problems with the scanners, including privacy violations, potential health risks, and the machine's inability to accurately detect threats. EPIC has recently filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanner radiation risks and threat detection software. For more information, see EPIC: Comment on the TSA Nude Body Scanner Proposal, EPIC: Radiation Risks lawsuit, and EPIC: ATR lawsuit. (Apr. 23, 2013)
- EPIC Appeals FOIA Decisions Concerning Body Scanner Information: EPIC has filed appeals in two Freedom of Information Act cases seeking documents related to airport body scanners from the Department of Homeland Security and the Transportation Security Administration. EPIC filed FOIA requests with the agencies seeking records related to radiation risks from body scanners and the threat detection software the machines use. The TSA is currently developing formal rules for the use of body scanners in response to a court order in one of EPIC's previous cases. Body scanners allow routine digital strip searches of individuals who are not suspected of any crime. For more information, see EPIC: Radiation Risks lawsuit and EPIC: ATR lawsuit, and EPIC: Suspension of Body Scanner Program. (Apr. 16, 2013)
- New Congressional Report Recommends TSA Address Privacy and Health Concerns with Airport Bodyscanners: "Rebuilding TSA into a Smarter, Leaner Organization," a new House Report critiques the Transportation Security Administration for "failing to meet taxpayers' expectations." The report, prepared by the House Committee on Homeland Security, recommends that the TSA sponsor "an independent analysis" of the health risks of body scanners and install privacy filters on all devices. The Report cites the decision in EPIC v. DHS, pointing out that the TSA has failed to abide by the ruling of a federal appeals court to "act promptly" to receive public comments. For more information, see EPIC v. Department of Homeland Security - Full Body Scanner Radiation Risks and EPIC v. TSA - Body Scanner Modifications (ATR). (Sep. 11, 2012)
- TSA Announces Installation of "Stick Figure" Software for Some Body Scanners: The TSA has announced that it will begin installing software on millimeter wave body scanners that will display a generic stick figure on a computer monitor and not the naked bodies of individual air travelers. The TSA said this will address privacy concerns. However, there is no plan to install similar software on the more widely used backscatter x-ray devices. It is also still unclear whether t the body scanners are capable of capturing, storing, or transferring the underlying graphic naked image. Seeking to answer this question, EPIC filed a lawsuit, following the TSA's failure to provide an adequate response to EPIC's FOIA request. For more information see: EPIC: Body Scanner Technology. (Jul. 21, 2011)
- EPIC Files Lawsuit for Details on New Passenger Screening Devices: EPIC has filed a Freedom of Information Act lawsuit against the TSA for unlawfully withholding documents about software modifications to the Full-Body Scanners. EPIC submitted requests for these documents in June 2010 and October 2010. In response to mounting public criticism about the passenger screening program, the TSA recently announced that it would use "Automatic Target Recognition" software to mask the nude images of airline travelers that TSA officials currently view. However, documents obtained by EPIC in an earlier Freedom of Information Act lawsuit established that these procedures have the capability to store and record unfiltered images of passengers. EPIC has since filed a lawsuit to suspend the controversial screening program. The new case is EPIC v. Dep't of Homeland Security, No. 1:11-cv-00290. For more information see EPIC: Whole Body Imaging Technology and EPIC v. DHS (Suspension of Body Scanner Program). (Feb. 2, 2011)
In EPIC v. The United States Transportation Security Administration, EPIC has sought the release of documents regarding the use of Automated Target Recognition ("ATR") software to modify airport body scanners. Full body scanners have been installed at airports around the country, and the TSA seeks to have 2,000 body scanners in 350 airports by the end of 2014. The manufacturers of these scanners developed ATR software that allows TSA agents viewing the whole-body images to see only a generic human image instead of an image of a traveler's naked body. The software is actually designed to detect "anomalies" on travelers' bodies, and the TSA asserts that this will automatically detect threatening objects travelers are concealing. When an anomaly is detected somewhere on a body, that areas is highlighted in red on the displayed generic image. TSA employees are directed to further screen the areas on passengers where anomalies are detected, including an enhanced pat down. If the machine does not detect any threatening objects, instead of displaying an image it will merely display a green "OK."
The TSA began testing the software in airports in February 2011, and has announced that it will be installing this software on all of its millimeter wave body scanners nation-wide. The new system is intended to cut agency costs, as additional agents will no longer be need to view the naked scanned images in a separate room. Now images will be displayed alongside the body scanning machines, and passengers will be able to view the same image as TSA employees monitoring them. There is currently no plan to install similar software on the more widely used and more controversial backscatter x-ray scanners, though the TSA plans to conduct tests in Fall 2011.
The TSA believes that ATR modifications will mitigate travelers' privacy concerns, and states it will provide a better experience at checkpoints. However, it remains unclear whether body scanners using the ATR software will retain, store, or transfer the underlying raw naked images that are captured before they are analyzed and used to display a generic figure. EPIC's litigation is designed to determine how ATR software handles naked images of travelers, and how ATR software really impacts traveler privacy.
EPIC's Freedom of Information Act Requests and Subsequent Lawsuit
On June 15, 2010, EPIC filed a Freedom of Information Act ("FOIA") request with the Transportation Security Administration ("TSA") for documents concerning ATR software modifications to airport body scanners. EPIC requested the following agency records:
- all specifications provided by the TSA to automated target recognition manufacturers concerning automated target recognition systems;
- all records concerning the capabilities, operational effectiveness, or suitability of automated target recognition systems, as described in Secretary Napolitano's letter to Senator Collins;
- all records provided to the TSA from the Dutch government concerning automated target recognition systems deployed in Schiphol Airport, as described in Secretary Napolitano's letter to Senator Collins;
- all records evaluating the [full-body scanning] program and determining automated target recognition requirements for nationwide deployment, as described in Secretary Napolitano's letter to Senator Collins.
The TSA failed to comply with the FOIA's requirements, and did not produce any documents. EPIC filed an appeal with the TSA on October 12, 2010, but it repeatedly delayed the appeal, and denied the appeal by not responding.
On December 14, 2010, EPIC sent a second administrative appeal to the TSA, appealing the agency’s failure to respond. On December 27, 2010, the TSA acknowledged receipt of the appeal, but did not produce any documents. The agency invoked a deadline extension, and improperly placed the appeal in a backlogged queue for processing FOIA requests. The agency failed to make any substantive response or produce any documents.
On October 5, 2010 EPIC filed a related FOIA request with the Department of Homeland Security ("DHS") for the release of the following documents:
- all records provided from L3 Communications or Rapiscan in support of the submission or certification of ATR software modifications;
- all contracts, contract amendments, or statements of work related to the submission or certification of ATR software modifications;
- all information, including results, of government testing of ATR technology, as referenced by Greg Soule of the TSA in an e-mail to Bloomberg News, published September 8, 2010.
DHS forwarded the request to the TSA, where, once again, the Agency provided no substantive response. EPIC filed an administrative appeal with the agency, but received no documents or substantive response despite the expiration of all FOIA mandated deadlines.
EPIC filed suit in response to the TSA's failures, stating that the agency violated the FOIA in regards to both of its requests and appeals by failing to comply with its statutory deadlines, and wrongfully withholding records. EPIC has requested that the court order TSA to make a determination regarding the FOIA requests, and produce all the documents that fall within the scope of its request.
The TSA claims that the ATR software will eliminate the need for anyone to see naked images of travelers, and protect personal privacy. However, it is unclear if, and to what extent, this is true. The way that traveler images are treated, potentially stored, and transmitted by ATR systems has not been publicly disclosed. EPIC's FOIA requests and subsequent lawsuit are designed to determine how the ATR software will actually impact traveler privacy, and how it handles traveler images beyond merely generating a generic image.
EPIC has been involved in evaluating and informing the public about the body scanner program since the machines were first implemented. EPIC uncovered a number of DHS and TSA body scanner records that contradict statements made by those agencies through its FOIA lawsuit, EPIC v. Department of Homeland Security, and related FOIA requests. These documents reveal that body scanner machines were designed to capture and store traveler images, despite the TSA's claims to the contrary. Further, documents obtained in the lawsuit reveal that the scanners are not designed to detect powdered explosives such as pentaerythritol tetranitrate ("PETN"), the explosive used in the failed 2009 Christmas Day "underwear bomb" plot, calling into question the capacity for effective "threat recognition" by ATR software.
EPIC v. The United States Transportation Security Administration, Case No. 11-0290 (RWR) (D.D.C. filed Feb. 2, 2011)
- EPIC's Complaint Against TSA (Feb. 2, 2011) (pdf)
- TSA's Answer to EPIC's Complaint (Mar. 16, 2011) (pdf)
- TSA's Motion for Summary Judgment (Sept. 16, 2011) (pdf)
- Ex. 1 - Declaration of Paul Sotoudeh
- Ex. 1A - June FOIA Request
- Ex. 1B - October FOIA Request
- Ex. 1C - Vaughn Index
- EPIC's Opposition and Cross Motion for Summary Judgment (Oct. 14, 2011) (pdf)
- TSA's Opposition and Reply (Nov. 1, 2011) (pdf)
- EPIC's Reply (Nov. 15, 2011) (pdf)
- Memorandum Opinion
- EPIC's June 15, 2010 FOIA request for agency records under the Freedom of Information Act
- TSA's June 24, 2010 letter acknowledging of receipt of EPIC's FOIA request
- EPIC's Oct. 5, 2010 FOIA request for agency records under the Freedom of Information Act
- TSA's First Document Production (Doc. 1) (pdf)
- TSA's First Document Production (Doc. 2) (pdf)
- TSA's First Document Production (Doc. 3) (pdf)
- TSA's First Document Production (Doc. 4) (pdf)
- TSA's First Document Production (Doc. 5) (pdf)
- TSA's First Document Production (Doc. 6) (pdf)
- TSA's First Document Production (Doc. 7) (pdf)
- TSA's First Document Production (Doc. 8) (pdf)
- TSA's First Document Production (Doc. 9) (pdf)
- TSA's First Document Production (Doc. 10) (pdf)
- TSA's First Document Production (Doc. 11) (pdf)
- TSA's First Document Production (Doc. 12) (pdf)
- TSA's Second Document Production (All Docs) (pdf)
- Experts chide TSA for poor risk assessment of security measures, Nextgov, September 30, 2011.
- Airport body scanner effectiveness questioned, ABC 7 (Florida), September 2, 2011.
- With Modesty In Mind, TSA Rolls Out New Body Scans, NPR, July 25, 2011.
- TSA says it's making airport screening more 'private', USA Today, July 21, 2011.
Share this page:
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a biweekly newsletter highlighting emerging privacy issues.
Privacy in the Modern Age