Feeds

Home Office stalls on weapons scanner health risks

'Er, dunno', says trustworthy Home Secretary

  • alert
  • submit to reddit

SANS - Survey on application security programs

Are your children being irradiated? Are you being irradiated? The UK Home Office seems unconcerned by the question, despite being responsible for at least one of the government organisations wielding the devices that might be doing the irradiating. Weapons scanners that use x-rays are now being tested by the Metropolitan Police and at Heathrow airport, and while the effect of a single scan will probably be negligible, the actual health risk will depend on the nature of the particular deployments, and on the individuals being scanned. So they should therefore not be deployed casually, without careful prior consideration, on the basis that they're 'harmless'.

Earlier this week Norman Baker MP asked the Home Office the following parliamentary question: "To ask the Secretary of State for the Home Department what air kerma rate has been used to assess radiation doses associated with the use of the Rapiscan Secure 1000 apparatus." David Blunkett's (yes, him again, sorry about that) response was: "The information sought is not in the public domain."

Which is not much of a response from a department deploying at least two Rapiscan 1000s, and with a unit offering them to police forces throughout the country. Nor is the answer true. (Air kerma, by the way, refers to the amount of radiation produced by a device.)

Rapiscan 1000s are indeed mostly harmless, probably, depending. Technology of this sort has been used for baggage scanning for some time now, but more recently people-sized versions have been undergoing testing in the US and elsewhere in the world, and x-ray scanning is also being used in other, mobile and less controlled environments (e.g. scanning containers and trucks for stowaways). You can find some more about that here. One of the public domain sources of information about the effects of x-ray scanners, including the Rapiscan 1000, that David Blunkett says don't exist can be found here. A presidential report by the US National Council on Radiation Protection and Measurements carried out for the Food and Drug Administration - very obscure, not.

The document's very existence provides us with a small case study of how things work in government on either side of the pond. Both the US and the UK are proposing and using x-ray scanners on people, but in the US this involves a diligent process of measurement for potential hazards, while in the UK they just get haphazardly deployed. Both governments still repress us, but the US one is somehow more professional about how it starts off, while the UK one regularly gives the appearance of not being able to find its arse with both hands.

Back, however, to the document, the measurements and the risks. The dose of radiation delivered by a scan, which the NCRP team measured in the range 0.04 µSv - 0.05 µSv, is not terrifying by the radiation standards the US uses. Negligible Individual Dose (NID) over a year is defined as 10 µSv, which is the effective dose deemed acceptable for a single source, while ANSI approved a standard in 2002 defining an acceptable dose per scan as being 0.1 µSv or less. This would mean that a security scanner would have to deliver 2,500 scans of an individual annually at 0.1 µSv per scan in order to reach the US administrative control level of 0.25 mSv. For an airport security scanner, even operating at a rather higher level, you'd probably have to be living in it to achieve that kind of level.

But it's not necessarily going to be the only source of radiation you're exposed to, nor will all of these sources necessarily operate at such low levels. Cumulative dosage will be higher from scanners you have to pass several times every day (say, a weapons scanner at a school), and you'll be exposed at the hospital, at the dentist, and maybe there will be high exposures you don't know about. The NCRP speaks of proposals for concealed scanners, and mobile scannners that could check vehicles (which we covered in our earlier piece), while just today UK Secretary of State for Education Charles Clarke was proposing to give schools powers to search pupils for weapons, and to "have arrangements with their local police forces to undertake snap searches if they thought knives were on school premises". What kind of equipment did you have in mind they bring with them when they do that, Charles?

From our reading of the FDA report, it seems unlikely that the level of exposure via the Rapiscan at Heathrow would present a health risk to most people, nor is the Met's happy deployment of x-ray machines for area stop and searches an obvious hazard to anything other than liberty and race relations. However in both cases what goes for most people may not go for particular individuals, so it's extremely important that the operators make the position vis a vis radiation absolutely clear, and that subjects have an absolute right to decline the kind offer of an x-ray scan.

The consequences of more widespread deployments are far more difficult to quantify. If fixed scanners became sufficiently common for it to be possible to be exposed several times a day, then the risks would climb, and it would be less possible (it's not exactly easy at the moment) for people too know what their cumulative dose was. Concealed scanners would make that impossible, and high dose vehicle and/or concealed scanners would throw the sums out entirely. Reported doses from a cargo scan test in 2001, for example, ranged from 0.1 µSv to 100 µSv, depending on positioning in the compartment. The US annual dose limit set by the NCRP is 1 mSv, excluding exposures from natural background and medical care, while the suggested exposure from a single site is 25 per cent of annual dose, or no single source under one control delivering more than 0.25 mSv annually. It recommends the latter being the one set for security screening such as airport scanners, and that it cover multiple checkpoints at a given (say) airport.

We commend the report as essential reading for Home Secretaries who might need to bone up on the potential risks associated with equipment their departments are deploying. They could of course just carry on giving MPs dumb and obstructive answers, but it's not clever, and in some cases it's the sort of thing people might think of as negligent. Ask a focus group, David. ®

3 Big data security analytics techniques

More from The Register

next story
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Audio fans, prepare yourself for the Second Coming ... of Blu-ray
High Fidelity Pure Audio – is this what your ears have been waiting for?
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Ex–Apple CEO John Sculley: Ousting Steve Jobs 'was a mistake'
Twenty-nine years later, post-Pepsi exec has flat-forehead moment
Number crunching suggests Yahoo! US is worth less than nothing
China and Japan holdings worth more than entire company
Zucker punched: Google gobbles Facebook-wooed Titan Aerospace
Up, up and away in my beautiful balloon flying broadband-bot
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.