There’s been lots of traffic about a programme from German TV station ZDF, generally under a headline like “German TV programme shows naked scanners don’t work”. When something like that gets onto Twitter, BoingBoing and Bruce Schneier’s blog, it’s clearly reaching a heck of an audience.
It’s unfortunate, then, that even Schneier (and I realise this is close to heresy) is jumping from a set of premisses to a conclusion which they really do not support… certainly not in the terms which most readers will assume. Put in its simplest form, the logic readers might be tempted to follow on reading Schneier’s post is this: “this type of full-body scanner failed in certain respects in this demonstration, therefore all full-body scanners are useless in any implementation”. The shame of it is, of course, that Bruce has a well-deserved reputation for debunking exactly that kind of bogosity.
The title of his post is: “German TV on the Failure of Full-Body Scanners”. Now, I appreciate an eye-catching lede as much as the next blogger… but that one is just bound to create some very misleading impressions (and it’s not helped, frankly, by Schneier’s implication that you will pick up the relevant gist of the video even if you don’t understand German).
Sure, we’ve all seen the media footage of those millimeter-wave “naked scanners”, and most of us have seen some of the resulting privacy-related fallout. But if you thought that the ZDF programme would give you the evidence for why those scanners are useless, you’re going to be disappointed. OK, so I’d better put my iconoclastic money where my blasphemous mouth is. Here are some of the factors which Bruce might usefully have pointed out…
– the scanner used for the programme is not an X-ray device; in fact, it’s an entirely passive device which generates an image based on the subject’s radiated body-heat. Things placed between the body and the detector, and which obstruct the radiation of body-heat, will show up because of the difference in temperature between them and the body itself. In some respects it can reveal more than an X-ray-based scanner (for instance, it was obvious if the subject was wearing a tie or not, because that forms a partial heat-shield in front of the chest); in other respects, it shows less than an X-ray scanner (for instance, it did not clearly show objects which were in the subject’s jacket pockets, because those were not between the body and the scanner). Neither did it reveal Wolfgang Bosbach’s pacemaker… because that is subcutaneous.
– As you will have gathered from the previous point, some of the items which weren’t detected would have been found under airport security conditions, even by this scanner… either because
the subject would have had to take off his jacket, or because he would have been scanned from the side as well as front and back.
I’m not saying that makes this scanner good, by the way – I’m just clearing up some of the things which anyone just reading the blog/Twitter traffic might not be aware of.
There are a couple of other interesting points which come across if you listen to the programme.
– Mr Bosbach, one of the participants, is Chair of the Bundestag’s Home Affairs Committee. I make no comment about his broader policy position, but just note that he explicitly states three criteria which full-body scanners will have to satisfy before he will consider deploying them in Germany:
- They must deliver a quantifiable benefit in terms of increased security;
- They must do so in a way which adequately respects passengers’ privacy;
- They must do so without risk of causing harm.
Those seem like a pretty rational set of pre-conditions (though they also still leave plenty of wiggle-room about what the benefits might be, how much respect for privacy, and so on).
– Bosbach also notes that even the high-resolution millimeter-wave scanners can be implemented in ways which are more privacy-respecting than the kinds of image we have all seen on the news. For instance, if a scan detects nothing suspect, it can simply respond to the operator with a green “OK” symbol. If something untoward is found, its location can be indicated on a simple stick-figure representing the passenger. No graphical representation of the passenger is needed for either of those steps.
Again, I’m not saying that makes such a system desirable – nor am I suggesting that that makes it impossible for the scanner (as opposed to the operator’s display screen) to capture, store, transmit and otherwise process the images it generates.
So, the points about side-scanning and detection of items in jacket pockets illustrate that a failure in this demonstration do not necessarily imply that this scanner (let alone all types of full-body scanner) must be ineffective in all implementations; the points about pre-conditions for implementation, and how data is presented to the operator, illustrate that not all deployments need be equally privacy-intrusive.
Don’t get me wrong: I’m all for railing against the idiocies of so-called airport “security” measures which maximise passenger inconvenience for no (and in some cases negative) security benefit. For example, I’ve blogged in the past about what is probably the most dangerous place in any airport: that massive queue for the security scanners, where you have a higher density of people than almost anywhere else in the system, and guess what… at that point, no-one has been scanned, and neither has their hand luggage.
I’ve also commented on the arbitrary nonsense which passes for risk mitigation – such as the time when a (lethal and subversive) tennis ball was confiscated from my carry-on luggage on the grounds that it would harden under low air pressure and could be hurled at someone. This, when the Harrods shop in the same terminal would happily sell me a box of golf balls (and a stylish Argyle sock to pop them into), or some nice [censored, I’m not giving you any more free advice on how to arm yourself pre-flight…].
The best technology will fail if it is poorly implemented and badly deployed; and the best deployments can fail to achieve good outcomes if they reflect a fundamentally flawed policy. I seriously doubt that all deployments of full-body scanners (whichever technology they use) will be either effective or privacy-respecting. But I don’t think the argument against them is best conducted by leaving a swathe of relevant factors out of the analysis.