Opinion for the Court filed by Circuit Judge GINSBURG.
The Electronic Privacy Information Center (EPIC) and two individuals petition for review of a decision by the Transportation Security Administration to screen airline passengers by using advanced imaging *3 technology instead of magnetometers. They argue this use of AIT violates various federal statutes and the Fourth Amendment to the Constitution of the United States and, in any event, should have been the subject of notice-and-comment rulemaking before being adopted. Although we are not persuaded by any of the statutory or constitutional arguments against the rule, we agree the TSA has not justified its failure to issue notice and solicit comments. We therefore grant the petition in part.
I. Background
By statute, anyone seeking to board a commercial airline flight must be screened by the TSA in order to ensure he is not “carrying unlawfully a dangerous weapon, explosive, or other destructive substance.” 49 U.S.C. §§ 44901(a), 44902(a)(1). The Congress generally has left it to the agency to prescribe the details of the screening process, which the TSA has documented in a set of Standard Operating Procedures not available to the public. In addition to the SOPs, the agency has promulgated a blanket regulation barring any person from entering the so-called “sterile area” of an airport, the area on the departure side of the security apparatus, “without complying with the systems, measures, or procedures being applied to control access to, or presence or movement in, such area[ ].” 49 C.F.R. § 1540.105(a)(2). The Congress did, however, in 2004, direct the TSA to “give a high priority to developing, testing, improving, and deploying” at airport screening checkpoints a new technology “that detects nonmetallic, chemical, biological, and radiological weapons, and explosives, in all forms.” Intelligence Reform and Terrorism Prevention Act of 2004, Pub.L. No. 108-458, § 4013(a), 118 Stat. 3719 (codified at 49 U.S.C. § 44925(a)).
The TSA responded to this directive by contracting with private vendors to develop AIT for use at airports. The agency has procured two different types of AIT scanner, one that uses millimeter wave technology, which relies upon radio frequency energy, and another that uses backscatter technology, which employs low-intensity X-ray beams. Each technology is designed to produce a crude image of an unclothed person, who must stand in the scanner for several seconds while it generates the image. That image enables the operator of the machine to detect a nonmetallic object, such as a liquid or powder — which a magnetometer cannot detect — without touching the passengers coming through the checkpoint.
The TSA began to deploy AIT scanners in 2007 in order to provide additional or “secondary” screening of selected passengers who had already passed through a magnetometer. In 2009 the TSA initiated a field test in which it used AIT as a means of primary screening at a limited number of airports. Based upon the apparent success of the test, the TSA decided early in 2010 to use the scanners everywhere for primary screening. By the end of that year the TSA was operating 486 scanners at 78 airports; it plans to add 500 more scanners before the end of this year.
No passenger is ever required to submit to an AIT scan. Signs at the security checkpoint notify passengers they may opt instead for a patdown, which the TSA claims is the only effective alternative method of screening passengers. A passenger who does not want to pass through an AIT scanner may ask that the patdown be performed by an officer of the same sex and in private. Many passengers nonetheless remain unaware of this right, and some who have exercised the right have complained that the resulting patdown was unnecessarily aggressive.
*4 The TSA has also taken steps to mitigate the effect a scan using AIT might have upon passenger privacy: Each image produced by a scanner passes through a filter to obscure facial features and is viewable on a computer screen only by an officer sitting in a remote and secure room. As soon as the passenger has been cleared, moreover, the image is deleted; the officer cannot retain the image on his computer, nor is he permitted to bring a cell phone or camera into the secure room. In addition to these measures to protect privacy, the agency has commissioned two studies of the safety of the scanners that use backscatter technology, each of which has found the scanners emit levels of radiation well within acceptable limits. Millimeter wave scanners are also tested to ensure they meet accepted standards for safety.
The petitioners, for their part, have long been unsatisfied with the TSA’s efforts to protect passengers’ privacy and health from the risks associated with AIT. In May 2009 more than 30 organizations, including the petitioner EPIC, sent a letter to the Secretary of Homeland Security, in which they objected to the use of AIT as a primary means of screening passengers. They asked that the TSA cease using AIT in that capacity pending “a 90-day formal public rulemaking process.” The TSA responded with a letter addressing the organizations’ substantive concerns but ignoring their request for rulemaking.
Nearly a year later, in April 2010, the EPIC and a slightly different group of organizations sent the Secretary and her Chief Privacy Officer a second letter, denominated a “petition for the issuance, amendment, or repeal of a rule” pursuant to 5 U.S.C. § 553(e). They argued the use of AIT for primary screening violates the Privacy Act; a provision of the Homeland Security Act requiring the Chief Privacy Officer upon the issuance of a new rule to prepare a privacy impact assessment; the Religious Freedom Restoration Act (RFRA); and the Fourth Amendment. In May the TSA again responded by letter, clarifying some factual matters, responding to the legal challenges, and taking the position it is not required to initiate a rulemaking each time it changes screening procedures. In July, the EPIC, joined by two members of its advisory board who travel frequently and have been subjected to AIT screening by the TSA, petitioned this court for review.
II. Analysis
The petitioners focus their opening brief upon their substantive challenges to the TSA’s decision to use AIT for initial screening. They raise all the legal claims foreshadowed in their request for rulemaking, as well as a claim under the Video Voyeurism Prevention Act. As explained below, however, our attention is most drawn to their procedural argument that the TSA should have engaged in notice- and-eomment rulemaking.
A. Notice and Comment
In their opening brief, the petitioners argue the TSA “refus[ed] to process” and “effectively ignored” their 2010 letter, which was “explicitly marked as a ‘petition’ ” for rulemaking under § 553. The TSA responds that the petitioners did not petition “for the issuance, amendment, or repeal of a rule,” as authorized by § 553(e), because “the relief actually sought [was] ... the immediate suspension of the AIT program.” A construction of § 553(e) that excludes any petition with a goal beyond mere process is dubious at best, and the agency offers no authority for it. The petitioners were clearly seeking “amendment!] or repeal of a rule”; that their aim was expressed in terms of *5 the substance of the rule surely does not work against them. Indeed, we would be surprised to find many petitions for rule-making that do not identify the substantive outcome the petitioner wants the agency to reach. *
Anticipating this conclusion, the TSA next argues it responded appropriately to the petition by denying it. We will set aside an agency’s decision to deny a petition for rulemaking only if it is “arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law.” 5 U.S.C. § 706(2)(A). Moreover, “an agency’s refusal to institute rulemaking proceedings is at the high end of the range of levels of deference we give to agency action under our arbitrary and capricious review.”
Defenders of Wildlife v. Gutierrez,
We turn, then, to § 553(b) and (c) of the APA, which generally require an agency to publish notice of a proposed rule in the Federal Register and to solicit and consider public comments upon its proposal.
See U.S. Telecom Ass’n v. FCC,
1. Procedural Rule
We consider first the TSA’s argument it has announced a rule of “agency organization, procedure, or practice,” which our cases refer to as a “procedural rule.” In general, a procedural rule “does not itself ‘alter the rights or interests of parties, although it may alter the manner in which the parties present themselves or their viewpoints to the agency.’ ”
Chamber of Commerce of U.S. v. DOL,
Of course, stated at a high enough level of generality, the new policy imposes no new substantive obligations upon airline passengers: The requirement that a passenger pass through a security checkpoint is hardly novel, the prohibition against boarding a plane with a weapon or an explosive device even less so. But this overly abstract account of the change in procedure at the checkpoint elides the privacy interests at the heart of the petitioners’ concern with AIT. Despite the precautions taken by the TSA, it is clear that by producing an image of the unclothed passenger, an AIT scanner intrudes upon his or her personal privacy in a way a magnetometer does not. Therefore, regardless whether this is a “new substantive burden,”
see Aulenback,
2. Interpretive Rule
The TSA next tries to justify having proceeded without notice and comment on the ground that it announced only an “interpretative” rule advising the public of its current understanding of the statutory charge to develop and deploy new technologies for the detection of terrorist weapons. For their part, the petitioners argue the rule is legislative rather than interpretive because it “effectively amends a prior legislative rule,”
Am. Mining Congress v. Mine Safety & Health Admin.,
The practical question inherent in the distinction between legislative and interpretive regulations is whether the new rule effects “a substantive regulatory
*7
change” to the statutory or regulatory regime.
U.S. Telecom Ass’n,
3. General Statement of Policy
Finally, the TSA argues notice and comment is not required because, rather than promulgating a legislative rule, the agency, in announcing it will use AIT for primary screening, made a “general statement ] of policy.” The question raised by the policy exception “is whether a statement is ... of present binding effect”; if it is, then the APA calls for notice and comment.
McLouth Steel Prods. Corp. v. Thomas,
The TSA seems to think it significant that there are no AIT scanners at some airports and the agency retains the discretion to stop using the scanners where they are in place. More clearly significant is that a passenger is bound to comply with whatever screening procedure the TSA is using on the date he is to fly at the airport from which his flight departs. 49 C.F.R. § 1540.105(a)(2) (no passenger may enter the “sterile area” of an airport “without complying with the systems, measures, or procedures being applied to control access to” that area). To be sure, he can opt for a patdown but, as the TSA conceded at oral argument, the agency has not argued that option makes its screening procedures nonbinding and we therefore do not consider the possibility. We are left, then, with the argument that a passenger is not bound to comply with the set of choices presented by the TSA when he arrives at the security checkpoint, which is absurd. *
*8
In sum, the TSA has advanced no justification for having failed to conduct a notice- and-comment rulemaking. We therefore remand this matter to the agency for further proceedings. Because vacating the present rule would severely disrupt an essential security operation, however, and the rule is, as we explain below, otherwise lawful, we shall not vacate the rule, but we do nonetheless expect the agency to act promptly on remand to cure the defect in its promulgation.
See Allied-Signal, Inc. v. Nuclear Regulatory Comm’n,
The agency asks us to “make clear that on remand, TSA is free to invoke the APA’s ‘good cause’ exception” to notiee- and-comment rulemaking, 5 U.S.C. § 553(b)(B) (exception “when the agency for good cause finds ... that notice and public procedure thereon are impracticable, unnecessary, or contrary to the public interest”). We have no occasion to express a view upon this possibility other than to note we do not reach it.
B. Substantive Claims
We turn next to the statutory and constitutional claims raised by the petitioners. None of their arguments, as we explain below, warrants granting relief.
1. Statutory Claims
The petitioners argue first that capturing images of passengers is unlawful under the Video Voyeurism Prevention Act, 18 U.S.C. § 1801, a claim the TSA urges should be dismissed because it was not raised before the agency. See 49 U.S.C. § 46110(d) (“court may consider an objection to an order ... only if the objection was made in the proceeding conducted by the [agency] or if there was a reasonable ground for not making the objection in the proceeding”). As the petitioners argue, however, § 46110(d) presupposes there was an agency “proceeding” where the party could advance its argument in the first instance, the absence of which is the very matter at issue here. The TSA more helpfully reminds us the WPA “does not [apply to] any lawful law enforcement, correctional, or intelligence activity.” 18 U.S.C. § 1801(c). Because the only “unlawfulness” the petitioners claim in order to get around that exception is the alleged violation of the Fourth Amendment, which we reject below, and their argument the TSA does not engage in “law enforcement, correctional, or intelligence activity” borders upon the silly, we conclude the exception applies here.
The petitioners next argue the TSA’s use of AIT violates the Privacy Act, 5 U.S.C. § 552a, a statute that applies only insofar as the Government maintains a “system of records” from which it can retrieve a record by using an individual’s name or other identifying information,
see id.
§ 552a(a)(5), (e)(4);
Maydak v. United States,
The petitioners also claim the Chief Privacy Officer of the DHS failed to discharge her statutory duties generally to “assurfe] that the use of technologies” does not “erode[ ] privacy protections”
*9
and, more specifically, to make an assessment of the rule’s impact upon privacy.
See
6 U.S.C. § 142(a)(1), (4). The CPO has, however, prepared three privacy impact assessments of the AIT program. Although, as the petitioners point out, the CPO made those assessments before the agency decided to extend the use of AIT from primary screening at six airports and secondary screening at selected others to primary screening at every airport, she also explained she would update the assessments “as needed.” Mary Ellen Callahan,
Privacy Impact Assessment Update for TSA Whole Body Imaging
10 (July 23, 2009) . We infer from the absence of any subsequent assessment a determination by the CPO that her prior efforts remain sufficient to cover the impact upon privacy of the expanded use of AIT,
see Lichoulas v. FERC,
Last, the petitioners claim the use of AIT violates the RFRA, 42 U.S.C. § 2000bb
et seq.,
because revealing a person’s naked body “offends the sincerely held beliefs of Muslims and other religious groups.” The TSA argues that Nadhira Al-Khalili, the only person the petitioners assert has any religiously founded objection to AIT, is not a proper party because she is not named in the petition for review,
see
Fed. R.App. P. 15(a) (petition must “name each party seeking review”); indeed, she first appeared as a purported party in the petitioners’ opening brief. The petitioners respond that their opening brief should be treated as a complaint is treated in the district court, that is, as the appropriate document in which to list the complaining parties. They provide no reasoning to support this assertion and the case they cite actually says something quite different: “ ‘A petition for review ... is analogous to a complaint[,] in which all parties must be named.’ ”
Elkins Carmen v. STB,
Next, the petitioners contend their claims and Al-Khalili’s should be considered as one because she is legal counsel for an organization that was a party to their 2010 letter, the TSA’s response to which is here under review. The case they cite for support,
Rampengan v. Gonzales,
206 Fed-Appx. 248, 252 (4th Cir.2006), concerned a family of four who had jointly applied for asylum and, having been treated in an administrative proceeding as a single party under the husband’s name, listed only his name in their petition for review of the administrative decision. AlKhalili, in contrast, claims no familial or agency or other formal relationship with any other petitioner; her employer, despite having joined the letter to the TSA, did not petition for review. Accordingly, neither Al-Khalili nor her employer is before us and, there being no actual petitioner with standing to assert a religious injury cognizable under the RFRA,
see Lujan v. Defenders of Wildlife,
2. Fourth Amendment Claim
Finally, the petitioners argue that using AIT for primary screening violates the Fourth Amendment because it is more invasive than is necessary to detect weapons or explosives. In view of the Supreme Court’s “repeated!] refus[al] to declare that only the least intrusive search practicable can be reasonable under the Fourth Amendment,”
City of Ontario v. Quon,
— U.S. —,
As other circuits have held, and as the Supreme Court has strongly suggested, screening passengers at an airport is an “administrative search” because the primary goal is not to determine whether any passenger has committed a crime but rather to protect the public from a terrorist attack.
See United States v. Aukai,
That balance clearly favors the Government here. The need to search airline passengers “to ensure public safety can be particularly acute,”
Edmond,
Contrary to the EPIC’s argument, it is not determinative that AIT is not the last step in a potentially escalating series of search techniques. In
Hartwell,
from which the petitioners tease out this argument, the Third Circuit upheld an airport search that started with a walk-through magnetometer, thence to scanning with a
*11
hand-held magnetometer and, when the TSA officer encountered a bulge in the passenger’s pocket, progressed (according to the passenger) to the officer’s removing a package of crack cocaine from that pocket.
III. Conclusion
To sum up, first, we grant the petition for review insofar as it claims the TSA has not justified its failure to initiate notice- and-comment rulemaking before announcing it would use AIT scanners for primary screening. None of the exceptions urged by the TSA justifies its failure to give notice of and receive comment upon such a rule, which is legislative and not merely interpretive, procedural, or a general statement of policy. Second, we deny the petition with respect to the petitioners’ statutory arguments and them claim under the Fourth Amendment, except their claim under the RFRA, which we dismiss for lack of standing. Finally, due to the obvious need for the TSA to continue its airport security operations without interruption, we remand the rule to the TSA but do not vacate it, and instruct the agency promptly to proceed in a manner consistent with this opinion.
So ordered.
Notes
We have no need to reach petitioners’ claim the TSA unreasonably delayed in responding to their 2009 letter; our remand to the agency of their 2010 petition for rulemaking gives them all the relief they would obtain in any event.
The TSA's argument it has not promulgated a “rule” also fails because the question at issue is again whether the agency’s pronouncement is or purports to be binding.
Cf. Amoco Prod.
*8
Co. v. Watson,