How to steal a body-scan picture
(JOHN ROACH) In an effort to reassure skittish fliers, the Transportation Security Administration says its body-scan images “cannot” be stored, transmitted, or printed — unlike the tens of thousands of images that were stored in a machine operated by the U.S. Marshals Service. But just how ironclad can that kind of denial ever be?
The TSA acknowledges that this sort of thing is possible when the machines are in test mode. What’s more, there’s no magic technology that would keep a truly dedicated (and twisted) screener from smuggling out a cell phone picture of a screen shot showing you in all your glory, passing through airport security.
Instead, the TSA relies on a policy that bans cell phones and cameras in the screening area. “Our officers adhere to the highest professional standards, so we are confident our policy is followed,” Lauren Gaches, a TSA spokeswoman, told me.
These reassurances fail to appease privacy rights advocates. Marc Rotenberg, executive director of the Electronic Privacy Information Center, told me this a “double standard.”
He noted that airplane passengers aren’t allowed to bring explosives on the plane, but they are subjected to body scans and enhanced pat-downs on the way to catch their flight — just in case they try to skirt that policy. What’s to prevent a TSA employee from skirting the cell phone policy?
Nor is it clear what keeps the machines locked out of test mode when they’re at the airport. Gaches confirmed that the machines — referred to as Advanced Imaging Technology, or AIT in TSA jargon — can store, export, and print images in test mode, but insisted that this functionality is “disabled prior to arrival at the airport.”
Rotenberg isn’t so sure this will keep the critics at bay. “This is all in software, and a TSA official with a proper account password can enable the recording and storage of images in every single airport in the United States,” he said. “There is nothing stopping the TSA from doing that.”
EPIC is also concerned that USB drives, hard disk drives or the networking capabilities of the machines could be exploited to store images on an unauthorized device, though the TSA says these channels “are for limited data transfer only — an officer’s user ID, log-in and log-out time, and statistical data.”
Rotenberg’s organization wants the scanning program suspended and further deployment of the technology delayed until privacy and security issues are identified and resolved.
“The TSA has crossed a line,” Rotenberg said.
What do you think? Are you reassured by the TSA’s statement that it “has not, will not … and cannot store images of passengers”?