Bcc

Mr. Kravitz,

Back at home near DC for the holidays, I happened to read your article "More body scanners are coming to an airport near you" in Sunday's Washington Post. I'm glad the Post is pursuing this "Agony at the airport" series and found your article to be both interesting, and having just flown home for the holidays, very relevant.

I was concerned, however, about the neutrality of how the TSA's statements were presented. In the infographic accompanying the article there is a list of "privacy safeguards", including the following:

"The TSA and manufacturers say images cannot be saved, printed, transmitted or uploaded. Once passengers are cleared, their images are erased."

Although I agree that the TSA makes such statements (both on their website and to the press), these points are strongly disputed by the Electronic Privacy Information Center, which has argued that the TSA's own procurement specifications documents contradict the TSA's statements. According to those documents, body scanners are specifically required to be built with the capability for storing images and with USB and Ethernet interfaces for transmitting data, though those capabilities should be disabled during regular use. This is a significant privacy concern considering the potential risk of security vulnerabilities and the unknown number of employees who can turn these capabilities on and off.

I recognize that limitations of space prevent you from including every relevant detail, but it seems misleading in the list of privacy safeguards to cite a TSA assurance without at least acknowledging the ongoing dispute and lawsuit.

Thanks,
Nick Doty

P.S. Also, I applaud the Washington Post on providing email bylines at the ends of articles, which enables electronic feedback even for articles in a paper newspaper. I hope that you generally find readers' responses useful.