Sarah Ludford MEP writes: Passengers should be able to opt out of body scanning

The EU is considering whether to enlarge the list of techniques approved under its aviation security regulations beyond physical searches or metal detectors, and if so with what safeguard provisions.

In the meantime, individual Member States can trial security scanners known as ‘whole body’ scanners – or more popularly as ‘naked’ bodyscanners – and apply their own rules. They are currently in use at many European as well as American airports.

In the UK, they are being trialled at Heathrow, Gatwick and Manchester airports, governed by the 1982 Aviation Security Act and an interim Code of Practice issued last year. A permanent code is expected soon, once the government has published the conclusions of its consultation.

These machines use electromagnetic waves which pass through clothes to create an undressed image of the passenger. This image is assessed by a security guard (the ‘viewing officer’) and if they see any suspicious concealed objects, the passenger is physically searched.

The picture is really pretty explicit in showing bodies and bits. Therefore, as I have said before, these scanners generate serious privacy and data protection issues. Even though the reviewer is in a separate room, and image storage or transmission is banned, fears of an intrusive picture escaping into the public arena persist.

Tabloids would surely pay large amounts of cash for naked celebrity photos, and there could also be a tasteless demand for ‘freak’ pictures or a sinister demand from paedophiles for naked photos of children.

These concerns arouse interest in a new generation of threat detection bodyscanners coming into use which dispense both with the display of a recognisably ‘body’ image and with the human reviewer.

A computer scans for hard edges or changes in texture that seem abnormal, to produce a ‘stick figure’ with red flags showing which areas, if any, are potential threats. These ‘Automatic Threat Recognition’ (ATR) scanners are currently being trialled at Amsterdam’s Schiphol airport and at Hamburg airport.

A lot of false alarms have been reported, with mere folds in clothing causing the machine to flash red. Assuming however that glitches are ironed out, ATR scanners seem to be a step forward in reducing some of the privacy concerns about the ‘naked’ bodyscanners.

But they cannot yet be judged a panacea. Although there is no screen display of the nude image or need for a human being to look at it, scan data must be captured in order to be analysed and assessed. So the question remains as to whether this data could still be turned into a nude image with the potential to be stored and downloaded or transmitted.

I have sought to get an answer from manufacturers to the question of whether it is technically possible to design an ATR machine in a way which entirely eliminates any technical capability for a nude image to be produced from scan data, but have not secured a definitive answer.

It is perhaps only by building this requirement into the tender specifications, which techie privacy experts could check, that we could be sure that ATR machines really were out of bounds for image reproduction. This was certainly not the case for initial tenders from the US Transport Security Administration, and the NGO the Electronic Privacy Information Center is pursuing this goal.

Another possible concern derives from the fact that Automatic Threat Recognition software is self-teaching, so the more information the machine has about what is ‘normal’ and what is ‘suspicious’, the more effective it will be. I speculate that governments could come under pressure to allow data from passengers’ scans to be stored, for them to be used to increase scanner accuracy.

No doubt some will think privacy scares are paranoid. But experience of data loss, bribes and dirty press practices undermine the promises and assurances of data protection.

At least scanners displaying the nude image must become a thing of the past. I urge Transport Secretary Philip Hammond to quickly remove naked bodyscanners and change to the automated ‘stick figure’ scanners as being more privacy-friendly. The European Commission should also only include these ATR scanners in the list of approved screening methods.

But no data collection system is 100% proof against abuse, and that, pending further clarification, seems to include even ATR machines. So I believe passengers should be able to opt, as they can in the United States, in the Netherlands and in Germany (but not so far here in the UK), for a physical pat-down instead of going through any kind of bodyscanner.

6 Comments

Dave Page 4th May '11 - 1:55pm

Sarah Ludford here ignores the elephant in the room – porno scanners offer no tangible security benefit, and are hugely expensive. They were brought in after the Underpants Bomber failed to blow himself up, but would not have stopped him.

There has to come a point where we accept that no method of transport is 100% safe, let alone from the miniscule threat of terrorism, and stop spending vast amounts of public money destroying people’s privacy just for the illusion of safety.
KL 4th May '11 - 2:25pm

If you can opt out in the US, they certainly don’t make any indication you can do this. I had to pass through one of these machines in Los Angeles last summer, along with my wife and (then) 8 year old daughter, and I looked to see if there was an option. If there was, it wasn’t signposted and basically everyone for all international flights was being forced through the body scanner.

But I did notice that they had reintroduced “kerbside check-in” again – probably an even more likely way to get bombs on board planes. And it seemed to be as chaotic as it was when I was there in July 2001….
Cassie 4th May '11 - 8:25pm

US insists on taking your fingerprints and an iris scan even if you are only going to spend two hours on its soil in a transit lounge.
So I wouldn’t look there for any ideas on how to frame EU rules.
Wimpie 4th May '11 - 11:06pm

So now the airlines are a tiny bit safer, but the determined terrorists will move on to “softer” targets, like Times Square, Xmas tree lighting ceremonies and cargo bombs.

Next attack – shopping centers, schools, cruise ships, sports events, subways, tunnels, buses, airport security lines to name but a few.

We cannot possibly catch every attempt by screening, but we can humiliate millions of people and help bankrupt already hurting commercial aviation companies.

Fire 25,000 TSA clerks, dump the scanners and pat-downs, bring in dogs, and give the saved money to the FBI & CIA, who can actually catch terrorists (maybe).

My family and I won’t fly until this travesty is lifted.

By the way – you can and should OPT-OUT in the USA or risk getting cancer from these machines, a bigger danger than terrorists. Click my name for more info.
Ian Sanderson (RM3) 5th May '11 - 9:34am

I’m glad to see Sarah is keeping up with the issues here. Developing technology is definitely a field where we could slide into infringement of civil liberties and privacy. It needs codes of practice on the construction of the machines and the use of the data. The key issue is breaking the link between the data and the person it refers to as soon as possible. With that proviso, collecting data to help a machine “learn” would seem reasonable.

A couple of years ago, my wife had a hip replacement operation, leaving her with several pieces of metal embedded in her body. This invariably sets off airport metal detectors, so she always has a longer interview with a searcher, and patting down and/or use of a hand metal detector. So I think she would welcome a scanner that would immediately establish that the metal was inside her body, and no threat!
Jessica Ottowell 5th May '11 - 12:49pm

I think that even the idea of these systems is an affront to common sense, lest face it, to this date we have no recorded proof that these high cost, high threat machines would even work to stop an attack, I also feel that pat downs are violating and damn right demeaning, personally I would like to see the end of this “paranoid state” mentality and a return to 1990’s level security. If we needed to protect ourselves from ne’er-do-wells and terrorists then perhaps we should educate our security services in spotting possible risks like they do in some middle eastern states, not, as we are doing, spreading terror and fear ourselves, not to mention the inconvenience of these scans.

I would also like to ask why are we not being as careful with the cargo that enters the united kingdom, as I recall, most cargo passes unchecked, still in to sea and airports. One must ask is this not more of a danger than people?