EPIC v. Department of Homeland Security - Body Scanners
- EPIC to Argue Before DC Circuit for Release of Cell Phone Shutdown Policy: This week EPIC President Marc Rotenberg will argue EPIC v. DHS, No. 14-5013 before the US Court of Appeals for the DC Circuit. At issue is the public release of the policy - "SOP 303" - to shut down cell phone service in the United States. EPIC filed a filed a Freedom of Information Act request for the policy after government officials shut down cell phone service during a peaceful protest at BART subway stations in San Francisco. The government first contended it could not find the document, then located the document, then claimed it was exempt from disclosure. EPIC filed suit against the agency and a federal court ruled in EPIC's favor. On appeal, the government argued the decision should be reversed. EPIC responded that the decision was correct and SOP 303 should be released. The DC Circuit will hear arguments Thursday morning. For more information, see EPIC v. DHS - SOP 303. (Dec. 9, 2014)
- Post-Snowden, Social Media Users Concerned About Access to Personal Data: According to the Pew Research Report "Public Perceptions of Privacy and Security in the Post-Snowden Era," most users of social media are very concerned about businesses and government accessing their personal data. 80% of adults "agree" or "strongly agree" that Americans should be concerned about the government's monitoring of phone calls and internet communications. 64% believe there should be more regulation of advertisers. Almost all users rank their social security number as the most sensitive piece of personal data. EPIC has asked the House Committee on Homeland Security to suspend a DHS program that is monitoring social networks and media organizations. EPIC has recommended that the FTC to establish privacy protections for online advertising. EPIC has also urged the US Congress over many years to limit the use of the Social Security Number for commercial purposes. For more information, see EPIC: Public Opinion on Privacy, EPIC: Facebook Privacy, EPIC: Social Media Monitoring, and EPIC: Social Security Numbers. (Nov. 13, 2014)
- Department of Homeland Security Releases 2014 Privacy Report: The Department of Homeland Security released the 2014 Privacy Office Annual Report to Congress. The report describes a joint review conducted with the European Commission regarding the transfer of EU Passenger Name Records to the US. The European Commission found the redress mechanisms were lacking for passengers denied boarding. The Commission also found that DHS would often review passenger records without a legal reason. The Annual Report describes the sixth Compliance Review of the department’s social media monitoring program. The review found that the DHS began collecting GPS and geo-location of Internet users without assessing or mitigating the privacy risks. In 2012, EPIC obtained FOIA documents revealing that the Department of Homeland Security monitored social media for political dissent. For more information, see EPIC: EU-US Airline Passenger Data Disclosure and EPIC: EPIC v. DHS - media monitoring. (Oct. 2, 2014)
- Pew Survey: Users Online Self-Censor Discussion of Government Surveillance: According to the Pew Research Report "Social Media and the 'Spiral of Silence,'" most users of social media are afraid to talk about government surveillance on Facebook, Twitter, and other social platforms. Users were more willing to share their views on government surveillance if they thought others shared the same view. Those who thought they held minority views were more likely to self-censor—an effect known as the "spiral of silence." In 2012, EPIC obtained FOIA documents revealing that the Department of Homeland Security monitored social media for political dissent. A subsequent Congressional hearing led the DHS to cancel the program. For more information, see EPIC v. DHS: Media Monitoring and EPIC: Public Opinion on Privacy. (Sep. 9, 2014)
- Security Experts: EPIC Correct About Body Scanners-Invasive and Ineffective: The first independent analysis of backscatter x-ray body scanners corroborate the claims EPIC and others have made for several years: The scanners are invasive and ineffective. In a detailed report published in 2005, EPIC warned that the x-ray body scanners amounted to a virtual strip search and were an ineffective means of airport security. Freedom of Information Act documents later obtained by EPIC revealed that TSA could disable the body scanner's privacy settings, the nude images could be stored on the machines, and the scanners ran on a standard operating system making them vulnerable to outside security threats. EPIC and a coalition of civil liberties organizations then petitioned DHS Secretary Napolitano to suspend the program. When the DHS failed to do so, EPIC sued the agency. The D.C. Circuit Court of Appeals ruled in EPIC v. DHS that the agency must begin a public rule making. The backscatter X-ray scanners were subsequently removed from US airports. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Whole Body Imaging Technology. (Aug. 22, 2014)
- Congress Investigates Airline Privacy Practices: Senator John Rockefeller (D-WV) is currently seeking information from ten U.S. airlines concerning how airlines safeguard consumer traveler data. Senator Rockefeller has requested information regarding: (1) the type of information airlines collect; (2) airlines' data retention periods; (3) airline privacy and security safeguards governing consumer information; (4) whether consumers may access and amend their information; (5) whether airlines sell or disclose consumer information and if so, to whom do they disclose the consumer data; and (6) how airlines inform consumers about airline privacy policies governing consumer information. EPIC routinely urges the Department of Homeland Security to provide privacy protections for air travelers and end the agency's secret "risk-based" passenger profiling. For more information, see EPIC: Air Travel Privacy, EPIC: Passenger Profiling, EPIC: Secure Flight, and EPIC: EPIC v. DHS (Suspension of Body Scanner Program). (Aug. 20, 2014)
- EPIC Defends FOIA Victory in Federal Appeals Court: EPIC has filed a brief in response to an appeal by the Department of Justice in EPIC v. DHS, concerning the government policy to disrupt cellular networks. EPIC won a major FOIA victory when a federal district court ruled that the DHS could not withhold "SOP 303," a government procedure to shut down cellular phone service. EPIC sought the policy after authorities shut down cell phone service at a peaceful protest in San Francisco. The government argued it did not need to release the document to EPIC because it was a "law enforcement technique" and because it would endanger the physical safety of an individual. The federal court rejected those arguments and ordered that the document be disclosed to EPIC, pending a decision on the appeal. For more details, see EPIC v. DHS—SOP 303. (Jul. 8, 2014)
- Senate to Hold Homeland Security Oversight Hearing: The Senate Judiciary Committee will hold an oversight hearing for the Department of Homeland Security. Secretary Jeh Johnson will testify. EPIC has objected to many of the agency's mass surveillance practices, including the secret profiling of American air travelers, the use of drones for aerial surveillance, the amassing of information on Americans into "fusion centers", and the collection of biometric identifiers. EPIC has also warned that the DHS Chief Privacy Officer has failed to safeguard privacy, a legal obligation for that office. According to the DHS, the number of privacy complaints increased in 2013. EPIC has several Freedom of Information Act case pending against the DHS. In an earlier case, EPIC determined the DHS was monitoring social media and news organizations for criticisms of the agency. Another EPIC case led to the removal of the x-ray backscatter devices from US airports. For more information, see EPIC v. DHS - Social Media Monitoring and EPIC v. DHS (Suspension of Body Scanner Program). (Jun. 10, 2014)
- DHS Open Government Report Reveals Increased Backlog and Use of Law Enforcement Exemptions: The Department of Homeland Security has released the 2013 Freedom of Information Act Report detailing the agencies attempts to comply with the federal open government law. The FOIA requires each agency to provide the numbers of requests received and processed, the time taken to respond, the outcome of each request, and other statistics. In 2013, the DHS reported a significant increase in its FOIA backlog, which rose from 28,553 unanswered requests in 2012 to 53,598 unanswered requests in 2013. Of the nine exemptions that an agency can invoke to withhold documents, DHS relied most heavily on exemption 7(C) (law enforcement records that if released would constitute an invasion of personal privacy) and 7(E) (law enforcement records that if released would disclose law enforcement techniques or procedures, which is significant because the DHS is not a law enforcement agency. DHS reported granting about 7% of requests for expedited processing. EPIC has prevailed in several FOIA lawsuits against DHS, and has also worked to reform the agency's FOIA processing practices for other requesters. For more information, see EPIC v. DHS - Body Scanner FOIA Appeal, EPIC v. DHS - Social Media Monitoring, and EPIC v. DHS - SOP 303. (Feb. 21, 2014)
- DHS Appeals Ruling in EPIC's "Internet" Kill Switch Case: The Department of Homeland Security has appealed a ruling for EPIC in a Freedom of Information Case involving Standard Operating Procedure 303, a protocol which describes the government's plan for deactivating wireless communications networks. Seeking information about the First Amendment and public safety implications of the protocol, EPIC filed a FOIA lawsuit against the agency. A federal court ruled that the protocol could not be withheld under the FOIA because it was not an investigative technique and DHS had not established that releasing the document would cause harm to any individual. Therefore, the court concluded, the documents EPIC sought should be turned over. The Department of Justice has now appealed that decision to the D.C. Circuit Court of Appeals. For more information, see EPIC: EPIC v. DHS (SOP 303) and EPIC: FOIA. (Jan. 13, 2014)
In EPIC v. Department of Homeland Security, EPIC has sought the release of documents regarding whole body imaging (WBI) held by the agency.
In February 2007, the Transportation Security Administration, a component of the US Department of Homeland Security, began testing passenger imaging technology - called “whole body imaging,” "body scanners," and "advanced imaging technology" - to screen air travelers. Body scanners produce detailed, three-dimensional images of individuals. Security experts have described whole body scanners as the equivalent of "a physically invasive strip-search." In 2007, TSA tested whole body imaging systems at airport security checkpoints, screening passengers before they board flights. The agency provided various assurances regarding its use of whole body imaging. TSA stated that whole body imaging would not be mandatory for passengers and that images produced by the machines would not be stored, transmitted, or printed. TSA also stated that an algorithm will be applied to the image to mask the face of each passenger.
But on April 27, 2007, TSA removed from its website assurances that its whole body imaging technology would “incorporate a privacy algorithm” that will “eliminate much of the detail shown in the images of the individual while still being effective from a security standpoint.” And on February 18, 2009, TSA announced that it would require passengers at six airports to submit to whole body imaging in place of the standard metal detector search, which contravenes its earlier statements that whole body imaging would not be mandatory. On April 6, 2009, TSA announced its plans to expand the mandatory use of whole body imaging to all airports.
On June 4, 2009, the U.S. House of Representatives passed HR 2200, a bill that would limit the use of whole body imaging systems in airports. The bill prevents use of whole body imaging technology for primary screening purposes. HR 2200 was referred to the Senate for consideration on June 8, 2009. The legislation was referred to the Senate Committee on Commerce, Science, and Transportation. TSA renewed its call for mandatory body scans for all air travelers in the wake of the attempted bombing of Northwest Flight 253, which traveled from Amsterdam to Detroit on December 25, 2009.
EPIC's Freedom of Information Act Requests and Subsequent Lawsuit
On April 14, 2009, EPIC filed a Freedom of Information Act (FOIA) request with the US Department of Homeland Security (DHS) for agency records that directly relate to the TSA body scanner program. EPIC requested the following agency records:
- all documents concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals;
- all contracts that include provisions concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals;
- all instructions, policies, and/or procedures concerning the capability of passenger imaging technology to obscure, degrade, store, transmit, reproduce, retain, or delete images of individuals.
DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On November 9, 2009, EPIC sued DHS to force disclosure of the body scanner documents. The suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. On the heels of EPIC's lawsuit, DHS disclosed key documents, including technical standards, but failed to produce all records demanded in EPIC's FOIA request. The lawsuit is ongoing.
On July 2, 2009, EPIC filed a second, related FOIA request. EPIC requested the following agency documents:
- All unfiltered or unobscured images captured using Whole Body Imaging Technology (WBI);
- all contracts entered into by DHS pertaining to WBI systems, including contracts for hardware, software or training;
- all documents detailing the technical specifications of WBI hardware, including any limitations on image capture, storage or copy;
- all documents, including but not limited to presentations, images and videos used for training persons to use WBI systems;
- all complaints related to the use of WBI and all documents related to the resolution of those complaints;
- all documents concerning data breaches of images generated by WBI technology.
DHS acknowledged receipt of EPIC's FOIA request, but failed to disclose any documents. On January 13, 2010, EPIC sued DHS to force disclosure of the additional body scanner documents. The second suit challenged DHS's failure to disclose public records and failure to comply with the Freedom of Information Act. This suit was later consolidated with EPIC's first lawsuit against DHS.
Documents Obtained by EPIC Through Its Lawsuit
On January 11, 2010, EPIC released documents obtained from DHS as a result of EPIC's lawsuit.
The disclosed documents include TSA Procurement Specifications for body scanners, TSA Operational Requirements for the machines, a TSA contract with L3 (a company that manufactures whole body imaging devices), and 2 TSA contracts with Rapiscan, another body scanner manufacturer (1), (2).
The documents contradict numerous assurances made by the TSA regarding the body scanners. The records demonstrate:
- The device specifications, set out by the TSA, prove the machines’ ability to store, record, and transfer images, contrary to the representations made by the TSA
- The device specifications, set out by the TSA, include hard disk storage, USB integration, and Ethernet connectivity that raise significant privacy and security concerns
- The DHS Privacy office failed to adequately assess the privacy impact of these devices
- The TSA continues to withhold critical documents from the public concerning body scanners' operation.
On March 2, 2010, EPIC obtained further documents from DHS as a result of EPIC's lawsuit. These documents included more than thirty traveler complaints to the TSA regarding WBI machines. The complaints described a variety of problems with WBI machines, including objections to the invasive nature of the machines and complaints about improper signage and a lack of transparency regarding the pat-down alternative. The complaints indicated that TSA was not fulfilling its duty to inform passengers of their options regarding WBI machines.
On March 15, 2010, EPIC obtained hundreds of pages of additional traveler complaints (see below for links). This further contradicted TSA's statements that travelers approve of WBI machines and are being informed of their option for a pat-down.
On April 15, 2010, EPIC obtained several hundred more pages of documents. This included hundreds of pages of traveler complaints, an updated Procurement Specifications Document, and several vendor contracts. DHS refused to release several of EPIC's requested documents, including over 2000 WBI machine generated images.
EPIC v. the Department of Homeland Security, Case No. 09-02084(RMU) (D.D.C.filed Nov. 9, 2009)
- EPIC's First Complaint Against DHS (pdf)
- EPIC's Second Complaint Against DHS (pdf)
- DHS' Answer (pdf)
- Motion for Summary Judgment by DHS (pdf)
- EPIC's Opposition to DHS' Motion For Summary Judgment, Cross-Motion For Summary Judgment (pdf)
- DHS' Reply In Support Of Its Motion For Summary Judgment, And Opposition To EPIC's Cross-Motion For Summary Judgment (pdf)
- EPIC's Reply In Support Of Its Cross-Motion For Summary Judgment (pdf)
- Memorandum Opinion (pdf)
- EPIC's April 14, 2009 Request for Agency Records under the Freedom of Information Act
- EPIC's July 2, 2009 Request for Agency Records under the Freedom of Information Act
- DHS's First Interim Production of Records to EPIC:
- TSA Traveler Complaints Regarding Whole Body Imaging Part One
- TSA Traveler Complaints Regarding Whole Body Imaging Part Two
- TSA Traveler Complaints Regarding Whole Body Imaging Part Three
- TSA Traveler Complaints Regarding Whole Body Imaging Part Four
- TSA Traveler Complaints Regarding Whole Body Imaging Part Five
- Logan Airport Looks Forward to Less Revealing Scanners, Donna Goodison, Boston Herald, July 16, 2010.
- Backlash grows against full-body scanners in airports, Gary Stoller, USA Today, July 13, 2010.
- Privacy Group Files Lawsuit to Block Airport Body Scanners, Roger Yu, USA Today, July 9, 2010.
- Full-body security scanners scrapped at Dubai airports, officials say the device "contradicts Islam", Aliah Shahid, New York Daily News, July 6, 2010.
- Full-body scanners could pose cancer risk at airports, U.S. scientists warn, Ben Mutzabaugh, USA Today, July 1, 2010.
- ,Sikh concerns delay hand search plans at UK airports, Dil Neiyyar, BBC News, June 30, 2010.
- Rights Panel Urges Ban on Body Scanners, Bae Hyun-jung, Korea Herald, June 30, 2010.
- Body Scanners Violation of Privacy, Elham Asaad Buaras, The Muslim News, June 25, 2010.
- European commission is fence-sitting on body scanners, Sarah Ludford, The Guardian, June 24, 2010.
- US Outstrips Europe on Body Scanners, Valentina Pop, Business Week, June 23, 2010.
- Miami Airport Screener Accused of Attack After Jeers at Genitals, Dan Ovalle, Miami Herald, May 7, 2010.
- Airport Worker Warned in Scanner Ogling Claim, Michael Holden, Reuters, March 24, 2010.
- Scanners may not have detected alleged explosive in Detroit jet case, GAO reports, By Spencer S. Hsu, Washington Post, March 18, 2010
- Travelers file complaints over TSA body scanners, Jaikumar Vijayan, Business Week, March 8, 2010
- Muslim woman refuses body scan at airport, Will Pavia, London Times Online, March 3, 2010
- Suspend airport body scanner program, privacy groups say, Jaikumar Vijayan, Computerworld, Feb. 26, 2010
- EPIC wants TSA to halt implementation of body scanners at airports, Doug Hanchard, ZCNet, Feb. 24, 2010
- Scannergate: Facts Contradict Heathrow Claim That Naked Images Can't Be Printed, Paul Joseph Watson, Prison Planet.com, Feb. 10, 2010
- Body scans: for their eyes only, Andrea Sachs, Washington Post, Feb. 6, 2010
- Airport-security plan calls for 500 body scanners in '11, Thomas Frank, USA Today, Feb. 3, 2010
- Why Europe doesn't want an invasion of body scanners, Ben Quinn, The Christian Science Monitor, Jan. 26, 2010
- Full-Body Scans: Virtual Strip Searches or Magic Boxes?, Katie Glueck, Politics Daily, Jan. 25, 2010
- Scanners can store images, group says , Joel Tiller, The Globe and Mail (UK), Jan. 12, 2010
- US airport body scanners can store and export images, Chris Mellor, The Register, Jan. 12, 2010
- TSA Admits Body Scanners Store and Transmit Body Images, Barbara E. Hernandez, BNET, Jan. 12, 2010
- Mixed Signals on Airport Scanners, Matthew L. Wald, The New York Times, Jan. 12, 2010
- Full-body scanners used on air passengers may damage human DNA, Mike Adams, Natural News.com, Jan. 11, 2010
- Body scanners can store, send images, group says, Jeanne Meserve and Mike M. Ahlers, CNN.com, Jan. 11, 2010
EPIC relies on support from individual donors to pursue our work.
Subscribe to the EPIC Alert
The EPIC Alert is a by-monthly newsletter highlighting emerging privacy issues.