Feeds

Perv scanner code of practice still a balls-up

Privacy concerns hand-waved

The essential guide to IT transformation

Comment A blog reader asked me to look at the code of practice on the acceptable use of body scanners to enhance security at UK airports. The consultation period associated with the code ended four weeks ago, so I apologise for a severe case of “better late than never”.

In summary, the code still ignores several key issues. However, to be fair to the incoming coalition government, the consultation (.doc) had been commenced in the dying days of the previous administration. It had no choice but to finish a process that carries all the hallmarks of New Labour’s dismissive approach to most privacy concerns.

The code gives the impression that the Data Protection Act only applies at the margins. This is illustrated by a 400-word Privacy Impact Assessment (pdf) which fails to impress; it is limited mainly to some security commentary – as if these were the only issues. The PIA does not consider the fairness elements of the processing of personal data, an area where the code needs most work.

For instance, the fair processing notice implied by the code fails to explain important elements. For instance, those who are scanned can request a same sex member of staff to see the scanned images. So how is this option going to be exercised, if this does not form part of the fair processing arrangements?

Also, I think the fair processing procedure excludes its most obvious component. Anybody selected for scanning, I am sure, will be thinking: “How does this system display my ‘bits’?” So how can a passenger be properly informed about the processing of his personal data if he has no idea what kind of images are produced (or displayed) by the specific scanning system used?

I think another major problem is an absence of a commitment to implement privacy-enhanced scanning technologies as a matter of principle. Instead, the decision of “which choice of scanner” (ionising X-ray or non-ionising millimetre wave) is merely “an operational decision for individual airports” (eg on cost grounds).

The consultation thus ignores the research published by Dr Anne Cavoukian that shows there are solutions that can protect privacy. I would have liked the code to make a commitment to implement such non-ionising scanners as soon as their operational effectiveness is proven.

Also I think the code is misleading when it tells passengers that they have a choice – they can either “be scanned” or “not fly”. I don’t believe this to be the relevant choice. For instance, suppose an individual tries to get on a plane and is selected for random scanning. Suppose further that the individual refuses to be scanned for whatever reason. Do you think that the refusal to be scanned would be the end of it?

To provide an extreme example: do you really think that someone who might be a terrorist who has opted-out of a scan because he might be discovered will merely be escorted away from the secure passenger side of the airport and let go?

Nope! I think any refusal to be scanned would result in close scrutiny of that individual and anybody remotely “suspicious” would be searched. And if the security people are then going to search “suspects” and find nothing, why can’t the searched individual then go on to fly?

I think the whole proposition in the code is based on a fallacy. The option is not between “be scanned” or “don’t fly” - the only real option is between “be scanned” or “be searched”.

In other words, those who refuse to be scanned and "don't fly" are likely to be searched. And if this is the case, why can’t someone state that they would prefer to be searched at the outset? Another example. Suppose the scanner sees “something” - that passenger will then be searched. And if that is the case, why can’t people choose to be searched before the scan?

I therefore think the code is wrong to insist that those with electronic heart pacemakers, pregnant women, external medical bags (eg stoma), the disabled and young children have to be scanned (eg by ionising radiation) if selected.

Indeed, with respect to ionising radiation, the code confidently states that analysis has shown that procedure “does not constitute any unacceptable risk to health” – almost with the same certainty of those who said the Titanic was unsinkable. But if you are that passenger with an electronic pacemaker or a young child or a patient with a certain medical condition, I do not think you will be reassured by government statisticians. This reinforces my view that a choice between “scan” or “search” should be available.

The code acknowledges that the Data Protection Act applies to the scanning regime, but fails to mention some of the consequences of this. For example, there is no mention of the fact that the ICO has regulatory powers over the use of scanners. Instead the code refers to inspectors from the Department of Transport taking enforcement action against those Airports.

This shows that the code has not got its data protection analysis correct. I would expect that any complainant would prefer to contact the ICO if there was an issue with the scanners and not deal with the Department of State that has a vested interest in installing these scanners.

Offences in the Act are overlooked. I would have thought passengers would be reassured that any leering security guard could face criminal sanction under the Act.

Finally, as with all the previous government’s surveillance activity, there is no mention in the code about measuring outcomes. For instance, how many people are scanned? How much does it cost per scan? How many false positives? How many searches? How many passengers objected to compulsory scanning? How many choose not to fly? All these numbers allow for these scanners to be assessed. The numbers to allow assessment are simply not collected and it is simply not good enough.

In summary, there is no change of mind from me. This code needs a total rethink.

This story originally appeared at HAWKTALK, the blog of Amberhawk Training Ltd.

Secure remote control for conventional and virtual desktops

More from The Register

next story
'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
And now a message from our sponsors: 'STFU or else'
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Uber, Lyft and cutting corners: The true face of the Sharing Economy
Casual labour and tired ideas = not really web-tastic
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
Don't even THINK about copyright violation, says Indian state
Pre-emptive arrest for pirates in Karnataka
The police are WRONG: Watching YouTube videos is NOT illegal
And our man Corfield is pretty bloody cross about it
Oz biz regulator discovers shared servers in EPIC FACEPALM
'Not aware' that one IP can hold more than one Website
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.