TSA Fails to Comply With Year-Old ‘Nude’ Body-Scanner Court Order

Images: TSA

It’s been a year following a federal appeals court decision setting aside a constitutional challenge trying to stop the government from using intrusive body scanners across U.S. airports.

But the U.S. Court of Appeals for the District of Columbia Circuit’s decision on July 15, 2011, also ordered the Transportation Security Administration “to act promptly” and hold public hearings and publicly adopt rules and regulations about the scanners’ use, which it has not done.

The three-judge appellate court, which is one stop from the Supreme Court, said that the Transportation Security Administration breached federal law in 2009 when it formally adopted the Advanced Imaging Technology (AIT) scanners as the “primary” method of screening. The judges — while allowing the scanners to be used — said the TSA violated the Administrative Procedures Act for failing to have a 90-day public comment period, and ordered the agency to undertake one.

A year later, the government has yet to hold those hearings. And the appellate court has twice denied motions from the Electronic Privacy Information Center, which brought the case, to order the TSA to get going.

Jim Harper, the director of information policy studies at the Cato Institute, has started a White House petition to force the TSA to promptly follow the law. By government policy, if the petition gets 25,000 signatures, the President Barack Obama administration is obligated to publicly respond. The petition is halfway there.

“The public deserves to know where the administration stands on freedom to travel, and the rule of law. While TSA agents bark orders at American travelers, should the agency itself be allowed to flout one of the highest courts in the land? If the petition gets enough signatures, we’ll find out,” Harper said.

The TSA has told the court in documents that it is “committed to significantly expediting the AIT rulemaking process and has placed this proposed rule among its highest priorities,” (.pdf) and that it has already gotten the ball rolling internally.

Lorie Dankers, a TSA spokeswoman, said in an e-mail that the announcement of the public comment process “will be published in the Federal Register next year.”

To be sure, even if the TSA complied with the court’s order, we doubt that the government would abandon the scanners’ use.

But, then again, complying would bring the issue front and center, and perhaps the TSA might begin altering course and decide the scanners aren’t effective, safe or that they breach the privacy rights of passengers. Consider that, after the court’s decision, the TSA began moving toward displaying to screener technicians broad, generic outlines of passengers instead of taking virtual nude shots.

Under the Administrative Procedures Act, agency decisions like the TSA’s move toward body scanners must go through what is often termed a “notice and comment” period if their new rules would substantially affect the rights of the public — in this case, air passengers. The Environmental Protection Agency often undertakes “notice and comment” periods for proposed pollution regulations.

But the court did not penalize the TSA for its shortcomings. The TSA argued to the court in March that a public comment period would thwart the government’s ability to respond to “ever-evolving threats.”

Judge Douglas Ginsburg, writing for the majority last year, said the TSA must allow for the 90-day notice-and-comment period because of the new “substantive obligations” on airline passengers, which include intrusive pat-downs on passengers who refuse to go through the scanners.

“It is clear that by producing an image of the unclothed passenger, an AIT scanner intrudes upon his or her personal privacy in a way a magnetometer does not. Therefore, regardless of whether this is a ‘new substantive burden,’ the change substantively affects the public to a degree sufficient to implicate the policy interests animating notice-and-comment rulemaking, Ginsburg wrote. (.pdf)

“Indeed, few if any regulatory procedures impose directly and significantly upon so many members of the public. Not surprisingly, therefore, much public concern and media coverage have been focused upon issues of privacy, safety, and efficacy, each of which no doubt would have been the subject of many comments had the TSA seen fit to solicit comments upon a proposal to use AIT for primary screening.”

Oil Companies Spring a Leak, Courtesy of Anonymous

oil-rig_justin

Five top multinational oil companies have been targeted by members of Anonymous, who published about 1,000 email addresses for accounts belonging to the firms, as well as hashed and unencrypted passwords.

The hacks, against Shell, Exxon, BP and two Russian firms — Gazprom and Rosneft, were conducted as digital protests against drilling in the Arctic, a practice that critics say has contributed to the melting of the ice caps there.

“To drill in the Arctic, oil companies have to drag icebergs out the way of their rigs and use giant hoses to melt floating ice with warm water. If we let them do this, a catastrophic oil spill is just a matter of time,” Greenpeace notes on its Save the Arctic web site.

The hackers used some of the stolen credentials to add signatures to Greenpeace’s “Save the Arctic” petition.

“We know we’re going up against the most powerful countries and companies in the world,” the hackers wrote in a note accompanying the release of the credentials on Pastebin. “But together we have something stronger than any country’s military or any company’s budget. Our shared concern for the planet we leave our children transcends all the borders that divide us and makes us — together — the most powerful force today.”

The latest disclosure follows an earlier one in June in which credentials for Exxon were released. The hackers noted at the time that they obtained the credentials not through a vulnerability in Exxon’s network, “but just because of the mistake of their webmaster!”, suggesting an administrator misconfigured or mismanaged something related to the website.

The hackers noted in their post that they are not associated with Greenpeace, they just support its cause.

Photo: Justin/Flickr

Yahoo! Voices Hacked With SQL Injection – Passwords In Plaintext

There’s been a few HUGE cases of large sites being hacked and exposing either plaintext or extremely poorly encrypted passwords, it happened to LinkedIn not that long ago – and the latest case is of Yahoo!. It wasn’t the main site, but with almost half a million username and password combos exposed – it’s a [...]

Read the full post at darknet.org.uk