TSA to Terrorists: I’ll show you mine if…

Tsa

After a failed bombing aboard a Detroit-bound plane on Christmas day, it looks like Umar Farouk Abdulmutallab (the “underwear bomber”) will do for whole-body imaging what Richard Reid (the “shoe bomber”) did for the rule that all shoes be sent through an x-ray scanner.

Whole body imaging (known in the media as a “virtual strip search”) uses either backscatter X-rays or millimeter wave technology to create a detailed view of the passenger’s body by constructing images from the X-ray photons or radiation reflected by the body. As I have noted before, whole-body imaging is one of the most effective way of detecting passengers carrying weapons or explosives. Nobody expects this to be a silver bullet in the fight against terror, but it may very well be an important layer in improving the security of air travel.

Unfortunately, most of the public debate over whole-body imaging has not focused on the merits or shortcomings of the technology, but rather on the privacy implications of the technology. Groups like Center for Democracy and Technology (CDT), Electronic Privacy and Information Center (EPIC) and the Privacy Coalition have all argued vehemently against the technology because of supposed privacy fears, even going so far as to demand that the Transportation Security Administration (TSA) suspend all use of the technology. These privacy fears have even made their way to Congress where Rep. Jason Chaffetz (R-UT), who introduced legislation to restrict the use of whole-body imaging, stated “You don’t have to look at my wife and 8-year-old daughter naked to secure an airplane.”

Even in nations that appear to be pushing forward with the technology, privacy objections are causing officials to impose restrictions that reduce the effectiveness of the technology. For example, in the United Kingdom officials announced that they would exempt individuals under the age of 18 from going whole-body imaging requirements because of fears that they would be creating indecent images of children. But if the technology poses no privacy risks, then why are children being excluded from searches? (And does anybody else see the glaring security problem with publicly announcing that an entire group of people will never be subjected to this type of screening?)

While this technology can be used to violate personal privacy, it does not have to. In this sense, it is no different from other security measures already in use like video cameras or pat-downs that, if used improperly, could result in serious violations of personal privacy. More importantly, used with appropriate controls, a traveler’s privacy can be protected without reducing the effectiveness of the technology. Various controls can be used to ensure privacy, including any combination of the following:

* Blurring recognizable facial features (like this)
* Only showing “chalk-line” body outlines (like this)
* Banning equipment that can store the images of passengers
* Isolating the screeners who view the images of passengers from the actual passengers
* Prohibiting recording equipment in the computer rooms displaying images of passengers
* Audits to ensure that government officials properly implement privacy controls
* Stiff penalties for violations of privacy controls
* Whistleblower protection for reports of privacy violations

Ensuring privacy is important, and government officials should welcome ideas on how best to preserve privacy, but privacy should not be a barrier to implementation if the technology is effective. The decision about whether or not to invest in full-body imaging technology should be based on strategic risk management, not privacy fears based on speculation and worst-case scenarios.

Is this technology the most effective use of limited resources to stop terrorism? If so, then scan away.

Print Friendly

About the author

Daniel Castro is a Senior Analyst with ITIF specializing in information technology (IT) policy. His research interests include health IT, data privacy, e-commerce, e-government, electronic voting, information security and accessibility. Before joining ITIF, Mr. Castro worked as an IT analyst at the Government Accountability Office (GAO) where he audited IT security and management controls at various government agencies. He contributed to GAO reports on the state of information security at a variety of federal agencies. He has a B.S. in Foreign Service from Georgetown University and an M.S. in Information Security Technology and Management from Carnegie Mellon University.