TSA image operators are no longer isolated from travelers during some ‘whole body’ inspections
Backscatter (left) and
When its screening operators use the latest Automatic Target Recognition software at an airport checkpoint – which presents images of a concealed weapon on a cartoon-like outline of a human body – those TSA operators are no longer required to sit in a remote location.
Instead, under revised privacy procedures, TSA now allows operators of such advanced backscatter X-ray and millimeter wave devices to sit in the same area where the passenger is being inspected.
“Since the technology uses a generic image that provides greater privacy protections for the individual being screened, systems using Automatic Target Recognition will not isolate the operator viewing the image from the individual being screened,” says the latest version of a DHS “privacy impact assessment,” which was updated on January 25, 2011 and summarized in a Federal Register announcement published by the department on May 27.
When the airport uses the older imaging equipment, which presents a picture of a potential weapon or other threat on a more-realistic photo-like image of the traveler’s body, the TSA employee is still required to sit in a remote location, where he or she has no direct contact with the traveling passenger. “To mitigate the privacy risk associated with creating an image of the individual’s body, TSA isolates the TSA officer (the image operator) viewing the image from the TSA officer interacting with the individual,” explains the most-recent DHS privacy impact assessment.
Travelers will continue to be given the option of undergoing physical screening as an alternative to either form of “whole body” imaging, now known as Advanced Imaging Technology (AIT) -- whether the operator is in a remote location or sitting nearby, says TSA.
To further protect the privacy and health of travelers, the current AIT systems generate low doses of radiation, says DHS. The backscatter system emits “ionizing radiation” that is “well within American National Standards Institute (ANSI) standards,” explains the impact statement. “For comparison purposes, the x-ray dose received from the backscatter system is less than the radiation received in two minutes of airplane flight at altitude,” the document maintains.
Similarly, the privacy impact assessment says the millimeter wave technology, which uses “non-ionizing radio frequency energy in the millimeter wave spectrum” is also safe for the flying public. “The energy projected by the system is a fraction of the energy projected by other commercially approved radio frequency devices,” says DHS.
Also, TSA has taken steps to eliminate the possibility that images of a traveler’s body -- whether the realistic version or the cartoon outline – can be captured from the imaging equipment, stored and removed from the airport.
“The ability to store images is not included on the software on AIT devices placed in airports,” says the DHS privacy impact assessment, “and there is no capability to activate image storage functions by anyone at the airport.”
DHS acknowledges that earlier versions of the AIT equipment did possess the ability to store images, and DHS had to ask manufacturers to “disable” that storage function. “Current versions of the software installed at airports do not include any storage function to disable, and eliminate the need to perform the disabling of the storage function,” explains the latest privacy impact assessment.
For those concerned about the security of the data being transmitted between the system and the operator at the airport, DHS emphasizes that the transmissions for the backscatter system are encrypted and sent only over landlines, while the digital data for the millimeter wave systems are “transmitted in a proprietary format that cannot be deciphered without proprietary technology.”
Further information on this privacy impact assessment – and a host of others that were initially published by DHS between January 8, 2011 and March 31, 2011 – is available from Mary Ellen Callahan, the department’s chief privacy officer, at email@example.com
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|