A privacy group says the Transportation Security Administration is misleading the public with claims that full-body scanners at airports cannot store or send their graphic images.
The TSA specified in 2008 documents that the machines must have image storage and sending abilities, the Washington-based Electronic Privacy Information Center (EPIC) said.
In the documents, obtained by the privacy group and provided to CNN, the TSA specifies that the body scanners it purchases must have the ability to store and send images when in "test mode."
That requirement leaves open the possibility the machines -- which can see beneath people's clothing -- can be abused by TSA insiders and hacked by outsiders, said EPIC Executive Director Marc Rotenberg.
EPIC, a public-interest group focused on privacy and civil rights, obtained the technical specifications and vendor contracts through a Freedom of Information Act lawsuit.
The written requirements also appear to contradict numerous assurances the TSA has given the public about the machines' privacy protections.
"The machines have zero storage capability," the TSA Web site says.
A TSA video assures passengers "the system has no way to save, transmit or print the image."
And the TSA has distributed numerous news releases with similar language as it lobbies for public acceptance of the machines as a less intrusive alternative to pat-downs.
A TSA official who spoke on condition of anonymity because the official is not authorized to speak on the record said all full-body scanners have "strong privacy protections in place" and are delivered to airports "without the capability to store, print or transmit images."
"There is no way for someone in the airport environment to put the machine into the test mode," the official said, adding that test mode can be enabled only in TSA test facilities. But the official declined to say whether activating test mode requires additional hardware, software or simply additional knowledge of how the machines operate.