EPIC v. DHS (Suspension of Body Scanner Program)

Body Scanner Incident Reports


EPIC has obtained a court order requiring the Department of Homeland Security to undertake a public notice on and comment rulemaking. On July 2, 2010, EPIC petitioned the D.C. Circuit Court of Appeals to suspend the body scanner program, stressing its core assertion that "the TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers." EPIC asserted that the federal agency's controversial program violated the Administrative Procedures Act, the Privacy Act, the Religious Freedom Restoration Act, the Video Voyeurism Prevention Act, and the Fourth Amendment. On July 15, 2011, the D.C. Circuit Court of Appeals ruled that the agency had violated the Administrative Procedures Act by implementing body scanners as a primary screening method without first undertaking public notice and comment rulemaking. The Court ordered the agency to "promptly" undertake the proper rulemaking procedures and allow the public to comment on the body scanner program. To date, the agency has made no visible progress toward complying with the Court's order.

Top News

  • Government Gets Extension in EPIC Supreme Court Case about Cellphone Shutdown Policy: The US Supreme Court has granted the Solicitor General extra time to respond to EPIC's charges that the government's effort to keep under wraps a controversial cellphone shutdown policy violates the law. EPIC has pursued public release of the government policy since BART subway officials shut down cellphone service during a peaceful protest in 2011. After EPIC prevailed in district court and a judge ordered release of the policy, the government appealed and a federal appeals court reversed. In the Supreme Court petition, EPIC argued that the was "contrary to the intent of Congress, this Court's precedent, and this Court's specific guidance on statutory interpretation." The government's response is now due on October 14. (Sep. 14, 2015)
  • Appeals Court Turns Down EPIC's Challenge to Cellphone Shutdown Secrecy : The Court of Appeals for the D.C .Circuit has denied EPIC's petition for further review of EPIC v. DHS, 14-5013. The Court sided with the DHS earlier this year, ruling that the agency could withhold from the public its cellphone shutdown policy. EPIC then asked that the full Court review the earlier ruling, arguing that the three-judge panel misconstrued the relevant law. The case is now headed back to the district court to determine which portions of the secret document the DHS must release. EPIC brought the case after cellphone service in a BART station was shutdown in advance of a peaceful protest. (May. 14, 2015)
  • EPIC Files Lawsuit for Details About Government "Pre-crime" Program: EPIC has filed a Freedom of Information Act lawsuit about "Future Attribute Screening Technology", a "Minority Report" program that purports to identify individuals who will commit crimes in the future. EPIC filed the complaint after the DHS failed to respond to EPIC's FOIA request for information. EPIC charged that the agency uses secret algorithms to identify behavioral "abnormalities" that the agency claims indicate "mal intent." "Minority Report" is a 2002 movie with Tom Cruise about "a special police unit is able to arrest murderers before they commit their crime." (Feb. 26, 2015)
  • In EPIC v. DHS, DC Circuit Backs Agency Secrecy on "Internet Kill Switch": The federal court of appeals based in Washington, DC has ruled that the Department of Homeland Security may withhold from the public a secret procedure for shutting down cell phone service. EPIC pursued the DHS policy after government officials in San Francisco disabled cell phone service during a peaceful protest in 2011. EPIC sued DHS when the agency failed to release the criteria for network shutdowns. A federal judge ruled in EPIC's favor. On appeal, the D.C. Circuit held for the DHS but said that the agency might still be required to disclose some portions of the protocol. (Feb. 10, 2015)
  • EPIC to Argue Before DC Circuit for Release of Cell Phone Shutdown Policy: This week EPIC President Marc Rotenberg will argue EPIC v. DHS, No. 14-5013 before the US Court of Appeals for the DC Circuit. At issue is the public release of the policy - "SOP 303" - to shut down cell phone service in the United States. EPIC filed a filed a Freedom of Information Act request for the policy after government officials shut down cell phone service during a peaceful protest at BART subway stations in San Francisco. The government first contended it could not find the document, then located the document, then claimed it was exempt from disclosure. EPIC filed suit against the agency and a federal court ruled in EPIC's favor. On appeal, the government argued the decision should be reversed. EPIC responded that the decision was correct and SOP 303 should be released. The DC Circuit will hear arguments Thursday morning. For more information, see EPIC v. DHS - SOP 303. (Dec. 9, 2014)
  • Post-Snowden, Social Media Users Concerned About Access to Personal Data: According to the Pew Research Report "Public Perceptions of Privacy and Security in the Post-Snowden Era," most users of social media are very concerned about businesses and government accessing their personal data. 80% of adults "agree" or "strongly agree" that Americans should be concerned about the government's monitoring of phone calls and internet communications. 64% believe there should be more regulation of advertisers. Almost all users rank their social security number as the most sensitive piece of personal data. EPIC has asked the House Committee on Homeland Security to suspend a DHS program that is monitoring social networks and media organizations. EPIC has recommended that the FTC to establish privacy protections for online advertising. EPIC has also urged the US Congress over many years to limit the use of the Social Security Number for commercial purposes. For more information, see EPIC: Public Opinion on Privacy, EPIC: Facebook Privacy, EPIC: Social Media Monitoring, and EPIC: Social Security Numbers. (Nov. 13, 2014)
  • Department of Homeland Security Releases 2014 Privacy Report: The Department of Homeland Security released the 2014 Privacy Office Annual Report to Congress. The report describes a joint review conducted with the European Commission regarding the transfer of EU Passenger Name Records to the US. The European Commission found the redress mechanisms were lacking for passengers denied boarding. The Commission also found that DHS would often review passenger records without a legal reason. The Annual Report describes the sixth Compliance Review of the department’s social media monitoring program. The review found that the DHS began collecting GPS and geo-location of Internet users without assessing or mitigating the privacy risks. In 2012, EPIC obtained FOIA documents revealing that the Department of Homeland Security monitored social media for political dissent. For more information, see EPIC: EU-US Airline Passenger Data Disclosure and EPIC: EPIC v. DHS - media monitoring. (Oct. 2, 2014)
  • Pew Survey: Users Online Self-Censor Discussion of Government Surveillance: According to the Pew Research Report "Social Media and the 'Spiral of Silence,'" most users of social media are afraid to talk about government surveillance on Facebook, Twitter, and other social platforms. Users were more willing to share their views on government surveillance if they thought others shared the same view. Those who thought they held minority views were more likely to self-censor—an effect known as the "spiral of silence." In 2012, EPIC obtained FOIA documents revealing that the Department of Homeland Security monitored social media for political dissent. A subsequent Congressional hearing led the DHS to cancel the program. For more information, see EPIC v. DHS: Media Monitoring and EPIC: Public Opinion on Privacy. (Sep. 9, 2014)
  • Security Experts: EPIC Correct About Body Scanners-Invasive and Ineffective: The first independent analysis of backscatter x-ray body scanners corroborate the claims EPIC and others have made for several years: The scanners are invasive and ineffective. In a detailed report published in 2005, EPIC warned that the x-ray body scanners amounted to a virtual strip search and were an ineffective means of airport security. Freedom of Information Act documents later obtained by EPIC revealed that TSA could disable the body scanner's privacy settings, the nude images could be stored on the machines, and the scanners ran on a standard operating system making them vulnerable to outside security threats. EPIC and a coalition of civil liberties organizations then petitioned DHS Secretary Napolitano to suspend the program. When the DHS failed to do so, EPIC sued the agency. The D.C. Circuit Court of Appeals ruled in EPIC v. DHS that the agency must begin a public rule making. The backscatter X-ray scanners were subsequently removed from US airports. For more information, see EPIC: EPIC v. DHS (Suspension of Body Scanner Program) and EPIC: Whole Body Imaging Technology. (Aug. 22, 2014)
  • Congress Investigates Airline Privacy Practices: Senator John Rockefeller (D-WV) is currently seeking information from ten U.S. airlines concerning how airlines safeguard consumer traveler data. Senator Rockefeller has requested information regarding: (1) the type of information airlines collect; (2) airlines' data retention periods; (3) airline privacy and security safeguards governing consumer information; (4) whether consumers may access and amend their information; (5) whether airlines sell or disclose consumer information and if so, to whom do they disclose the consumer data; and (6) how airlines inform consumers about airline privacy policies governing consumer information. EPIC routinely urges the Department of Homeland Security to provide privacy protections for air travelers and end the agency's secret "risk-based" passenger profiling. For more information, see EPIC: Air Travel Privacy, EPIC: Passenger Profiling, EPIC: Secure Flight, and EPIC: EPIC v. DHS (Suspension of Body Scanner Program). (Aug. 20, 2014)


In 2005, the Transportation Security Administration ("TSA), a component of the US Department of Homeland Security ("DHS"), began testing passenger imaging technology - called “whole body imaging,” "body scanners," "full body scanners," and "advanced imaging technology" - to screen air travelers. Body scanners produce detailed, three-dimensional images of individuals. Security experts have described whole body scanners as the equivalent of "a physically invasive strip-search." The agency operates the body scanner devices at airports throughout the United States.

As part of a Freedom of Information Act lawsuit, EPIC obtained documents which establish that the TSA required the machines to be capable of storing, recording, and transferring detailed images of naked air travelers. EPIC also obtained hundreds of pages of traveler complaints, which described the invasive program and the lack of proper signage and information regarding the machines. The complaints establish that the body scanners are effectively mandatory, because the agency routinely denies air travelers alternative screening opportunities.

The images captured by body scanner devices can uniquely identify individual air travelers. The TSA uses body scanners to search air travelers as they pass through the TSA’s airport security checkpoints. The TSA recently established body scanners as primary screening.

EPIC's Lawsuit

On July 2, 2010, EPIC sued in the District of Columbia Circuit Court of Appeals to challenge the TSA's unilateral decision to make body scanners the primary screening technique in U.S. airports. Three frequent air travelers joined EPIC in the lawsuit: security expert Bruce Schneier, human rights activist Chip Pitts, and the Council on American-Islamic Relations Legal Counsel Nadhira Al-Khalili. The Petitioners brought claims under the Administrative Procedure Act, the Privacy Act, the Video Voyeurism Prevention Act, the Religious Freedom Restoration Act, and the Fourth Amendment. EPIC sought the suspension of the body scanner program, pending independent review and public notice and comment rulemaking.

Procedural History

EPIC petitioned the D.C. Circuit Court of Appeals for review of three DHS actions— one failure to act, one agency Order, and one agency Rule—of the TSA, a DHS component. The Petitioners filed a motion for emergency stay, urging the Court to shut down the program as soon as possible in order to prevent irreparable harm to American travelers. On July 15, 2010, the federal agency opposed the motion. On July 20, 2010, EPIC filed a reply to the opposition. On September 1, 2010, the Court ordered the motion be denied, and set out the briefing schedule.

On November 1, 2010, EPIC filed its opening brief, arguing that the DHS "has initiated the most sweeping, the most invasive, and the most unaccountable suspicionless search of American travelers in history." EPIC further argued that the TSA "must comply with relevant law, and it must not be permitted to engage in such a fundamental change in agency practice without providing the public the opportunity to express its views."

On November 5, 2010, the Department of Homeland Security moved to exclude religious objector Nadhira Al-Khalili from the lawsuit. Ms. Al-Khalili is Legal Counsel for the Council on American Islamic Relations, one of the organizations that supported EPIC's petition, which is the basis for the challenge to the body scanner program. Ms. Al-Khalili's claims are based on the Religious Freedom Restoration Act and Islamic modesty requirements. EPIC opposed the government's motion and stated that the agency is "simply afraid to have the Religious Freedom Restoration Act claims heard by this Court." EPIC further argued that "Respondents hope by seeking to exclude Ms. Al- Khalili . . . they will avoid judicial scrutiny of an agency practice that substantially burdens the free exercise of religion in violation of federal law."

On December 23, 2010, Respondent DHS filed its answer brief, again urging the Court to exclude Nadhira al-Khalili as a religious objector in the suit. Respondents also asserted that the body scanner program was not substantial enough of a change in agency policy to constitute a "rule" under the Administrative Procedures Act. EPIC has previously argued that the body scanner program is "the single most significant change in air traveler screening in the United States since the creation of the agency," adding that the agency has considered far less significant changes to be rules, including policies relating to butane lighters and transportation worker identity documents.

On January 6, 2011, EPIC filed a reply brief, arguing that "the TSA has acted outside of its regulatory authority and with profound disregard for the statutory and constitutional rights of air travelers, the agency’s rule should be set aside and further deployment of the body scanners should be suspended." On the same day, EPIC hosted a one-day public conference "The Stripping of Freedom: A Careful Scan of TSA Security Procedures" in Washington, DC. Oral Argument in the case is scheduled for March 10, 2011.

EPIC's Legal Arguments

In EPIC v. DHS, No. 10-1157, Petitioners argued that DHS violated the Administrative Procedure Act when it failed to act on EPIC's May 31, 2009 petition to the agency and when it refused to process of EPIC’s April 21, 2010 petition. The Administrative Procedure Act states that each agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule. Courts have found that petitioning parties are entitled to a response on the merits.

EPIC also argued that the DHS Privacy Office failed to comply with its statutory mandate to protect travelers’ privacy. The DHS Chief Privacy Office prepared an inadequate Privacy Impact Assessment of the TSA’s body scanner test program that failed to identify numerous privacy risks to air travelers. Also, the DHS Chief Privacy Office failed to prepare any Privacy Impact Assessment concerning the TSA’s current body scanner program. The TSA’s current body scanner program is materially different from the TSA’s body scanner test program. The program erodes, and does not sustain, privacy protections relating to the use, collection, and disclosure of air traveler’s personal information.

EPIC asserted that the body scanner program violates travelers' Fourth Amendment rights. Courts have required that airport security searches be minimally intrusive, well-tailored to protect personal privacy, and neither more extensive nor more intensive than necessary under the circumstances to rule out the presence of weapons or explosives. Searches are reasonable if they escalate in invasiveness only after a lower level of screening discloses a reason to conduct a more probing search. EPIC argues that the TSA’s body scanner program fails to meet these standards because the TSA subjects all air travelers to the most extensive, invasive search available at the outset. EPIC asserts that the TSA searches are also far more invasive than necessary to detect weapons. Alternative technologies, including passive millimeter wave scanners and automated threat detection, detect weapons with a less invasive search.

EPIC argued that the TSA’s body scanner program violates the Privacy Act because it creates a system of records containing air travelers’ personally identifiable information. The system of records is under the control of the TSA, and the TSA can retrieve information about air travelers by name or by some identifying number, symbol, or other identifying particular assigned to the individual. However, EPIC argued, the TSA failed to publish a “system of records notice” in the Federal Register, and otherwise failed to comply with its Privacy Act obligations.

EPIC asserted that the TSA’s body scanner program violates the Religious Freedom Restoration Act, which bars the government from placing a substantial burden on a person's exercise of religion even if the burden arises from a rule of general applicability unless the government demonstrates a compelling governmental interest, and uses the least restrictive means of furthering that interest. The TSA's use of body scanners violates the RFRA because the capture and transmission of naked images of individuals offends the sincerely held beliefs of Muslims and other religious groups. Muslims believe in maintaining modesty and covering their bodies. Body scanners enable the capture and viewing of naked human images that violates this belief and denies observant Muslims the opportunity to travel by plane in the United States as others are able to do.

Lastly, EPIC argued that the TSA's body scanners violate the Video Voyeurism Prevention Act of 2004, which specifically prohibits the intentional “capture [of] an image of a private area of an individual without their consent . . . under circumstances in which the individual has a reasonable expectation of privacy,” when such circumstances are known. As the documents that EPIC obtained through FOIA litigation demonstrate, the devices are specifically designed to capture such images. Furthermore, as evidenced by the ground swell of grassroots opposition, the public is clearly voicing a reasonable expectation of privacy.

On July 15, 2011, the D.C. Circuit court of appeals ruled that the TSA did, in fact, violate the Administrative Procedure Act when it failed to conduct a public notice and comment rulemaking. The Court ordered the agency to "promptly" undertake a public notice and comment rulemaking.

Because the agency failed to initiate the required notice and comment rulemaking, EPIC twice filed motions asking the Court to enforce it's own order - the first on October 28, 2011 and the second on December 23, 2011. The Court declined these motions. But after a year of agency inaction, on July 17, 2012, EPIC filed a Petition for Writ of Mandamus, asking the Court to enforce its own order and force the agency to initiate the notice and comment rulemaking process within sixty days.

In its Petition for Writ of Mandamus, EPIC cited D.C. Circuit caselaw that shows that a one year delay is unreasonable as a matter of law. EPIC also urged the Court to take into consideration the health risks presented by the machines, which weigh heavily in favor of a transparency rulemaking process which would allow for independent review and democratic process.

Litigation Documents

EPIC v. the Department of Homeland Security, Case No. 10-1157 (D.C. Cir. filed July 2, 2010).

News Stories

Body Scanner Resources

Share this page:

Support EPIC

EPIC relies on support from individual donors to pursue our work.

Defend Privacy. Support EPIC.


EPIC Bookstore

Machines of Loving Grace

Machines of Loving Grace by John Markoff