Out-Law News 2 min. read
07 Jan 2010, 9:15 am
In the aftermath of a Christmas Day attempt to blow up a plane over Detroit the Government has said that it will order airports to install scanners whose gaze can penetrate clothing to display the naked body beneath.
The scanners are used to reveal any secret instruments or materials concealed by passengers. The Christmas Day bomber hid explosives beneath his clothes.
Such scanning has raised privacy and data protection concerns, but the Information and Privacy Commissioner for Ontario in Canada last year published a paper explaining how such technology could be used without violating travelers' privacy rights.
"Described in the press as a 'naked scanner', these technologies have the ability to produce high quality images of the naked body beneath a passenger’s clothes," wrote Ontario Information and Privacy Commissioner Ann Cavoukian. "Improved airport security, however, need not come at the expense of privacy – both may be achieved together."
"We believe that the privacy-invasive potential of Whole Body Imaging must be squarely addressed in the design phase of the technology, as well as in its deployment and use, with attention to physical privacy and adequate privacy processes," she wrote in the paper, which was published in March of last year.
Privacy and modesty concerns are already an issue with the scanners. The body in charge of India's airports has already rejected their use after a test period because of concerns for passengers' and security officials' modesty, Cavoukian said.
The European Parliament vetoed European Commission plans to make extensive use of the scanners in 2008, saying that they would "have a serious impact on the fundamental rights of citizens".
Cavoukian said, though, that if privacy protections are built into scanning systems from the start, then machines could comply with personal information security standards.
She described several technological measures that can be taken to change the images displayed by a scanner, obscuring personally identifiable information.
She said that images can be reduced to a 'chalk outline', a depersonalised representation of the person being scanned with threat objects, such as guns, outlined in the image. Other techniques include picture pattern analysis to identify material next to the body which is not made of skin.
Cavoukian said, though, that security staff practices and routines are as important for protecting privacy as the technology itself.
"There must be a complete prohibition against any retention or transmission of the images in
any format," she wrote. "Another important factor is who actually sees the WBI images, and when. Airport authorities in Canada and the US have created separate image viewing rooms (in remote backrooms), where security personnel cannot see the scanned passengers before or after the scans, and do not have access to passenger details."
"These personnel are also banned from bringing photographic devices (including cell phones) into the viewing area and are prohibited from connecting storage or communication devices to the machine. We applaud this approach," she wrote.
UK privacy law expert Dr Chris Pounder of Amberhawk Consulting said that Cavoukian's advice could allay fears about breaches of UK law.
"All of Dr Cavoukian’s recommendations can be transformed into obligations under the UK’s Data Protection Act," he said. "Any failure to provide passengers information about the scanning process could breach the Act’s fair processing obligations. In other words, if UK airports want to avoid data protection issues, they should consider Dr Cavoukian’s recommendations very seriously; they provide a benchmark through which the procedures adopted by UK airports can be assessed."
"As an experienced privacy regulator herself, Dr Cavoukian has immense credibility with most European Data Protection Commissioners," said Pounder. "Her recommendations therefore are likely to be the basis for Europe-wide data protection procedures."
Amberhawk Consulting is running a series of data protection training courses in London, Manchester and Edinburgh.
