Feeds

US airport body scanners can store and export images

Uproar likely over threat of blurry customs pr0n

Remote control for virtualized desktops

Full body scanners at US airports can transmit digital strip search images of people, contrary to US Transportation Security Authority assurances.

The TSA has maintained that such scanners cannot store or transmit scanned body images of people, stating that "the machines have zero storage capability."

A TSA release stated that any scanned full body image "won't be stored, transmitted or printed, and [will be] deleted immediately once viewed." This is wrong too.

But according to documents obtained under freedom of information laws by EPIC (Electronic Privacy Information Center), they do indeed have a storage capability.

According to the TSA procurement specification, v1.02, 23 September 2008, the scanner, termed a Whole Body Imager (WBI) will have "a high capacity read/write drive... to permit data uploads and downloads." It will also "provide capabilities for data transfers via USB devices" and support both Ethernet and TCP/IP. Field reporting data for up to a year will be stored on the hard drive.

The procurement spec specifies two operating modes. In screening mode the WBI system will "prohibit the storage and exporting of passenger images."

However, "when not being used for normal screening operations, the capability to capture images of non-passengers for training and evaluation purposes is needed" and this is provided in test mode. In screening mode, the system will be prohibited from exporting passenger image data. The spec states: "During Test Mode, the WBI shall not be capable of conducting passenger screening."

Therein lies the rub. The system does not know a passenger from a non-passenger - both are simply humans inside the system's scanning field. The spec does not state how the system is switched between modes.

Another document obtained by EPIC says one system, identified by the government, can record images for training purposes. This capability is configurable at a superuser level and will be disabled in operational systems.

So that leaves us with full body scanners that can capture strip search scanned images of people when in test mode and export them either by USB or TCP/IP transfers (which are subject to certain security restrictions), and at least one system that can store scanned images.

That leaves privacy campaigners salivating at the mouth with the possibilities for information abuse, and the TSA with much egg on its face for issuing misleading statements. ®

Beginner's guide to SSL certificates

More from The Register

next story
Bladerunner sequel might actually be good. Harrison Ford is in it
Go ahead, you're all clear, kid... Sorry, wrong film
Euro Parliament VOTES to BREAK UP GOOGLE. Er, OK then
It CANNA do it, captain.They DON'T have the POWER!
Musicians sue UK.gov over 'zero pay' copyright fix
Everyone else in Europe compensates us - why can't you?
I'll be back (and forward): Hollywood's time travel tribulations
Quick, call the Time Cops to sort out this paradox!
Megaupload overlord Kim Dotcom: The US HAS RADICALISED ME!
Now my lawyers have bailed 'cos I'm 'OFFICIALLY' BROKE
Forget Hillary, HP's ex CARLY FIORINA 'wants to be next US Prez'
Former CEO has political ambitions again, according to Washington DC sources
prev story

Whitepapers

Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.