Feeds

US airport body scanners can store and export images

Uproar likely over threat of blurry customs pr0n

Designing a Defense for Mobile Applications

Full body scanners at US airports can transmit digital strip search images of people, contrary to US Transportation Security Authority assurances.

The TSA has maintained that such scanners cannot store or transmit scanned body images of people, stating that "the machines have zero storage capability."

A TSA release stated that any scanned full body image "won't be stored, transmitted or printed, and [will be] deleted immediately once viewed." This is wrong too.

But according to documents obtained under freedom of information laws by EPIC (Electronic Privacy Information Center), they do indeed have a storage capability.

According to the TSA procurement specification, v1.02, 23 September 2008, the scanner, termed a Whole Body Imager (WBI) will have "a high capacity read/write drive... to permit data uploads and downloads." It will also "provide capabilities for data transfers via USB devices" and support both Ethernet and TCP/IP. Field reporting data for up to a year will be stored on the hard drive.

The procurement spec specifies two operating modes. In screening mode the WBI system will "prohibit the storage and exporting of passenger images."

However, "when not being used for normal screening operations, the capability to capture images of non-passengers for training and evaluation purposes is needed" and this is provided in test mode. In screening mode, the system will be prohibited from exporting passenger image data. The spec states: "During Test Mode, the WBI shall not be capable of conducting passenger screening."

Therein lies the rub. The system does not know a passenger from a non-passenger - both are simply humans inside the system's scanning field. The spec does not state how the system is switched between modes.

Another document obtained by EPIC says one system, identified by the government, can record images for training purposes. This capability is configurable at a superuser level and will be disabled in operational systems.

So that leaves us with full body scanners that can capture strip search scanned images of people when in test mode and export them either by USB or TCP/IP transfers (which are subject to certain security restrictions), and at least one system that can store scanned images.

That leaves privacy campaigners salivating at the mouth with the possibilities for information abuse, and the TSA with much egg on its face for issuing misleading statements. ®

Securing Web Applications Made Simple and Scalable

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
LightSquared backer sues FCC over spectrum shindy
Why, we might as well have been buying AIR
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.