Feds pay $40K to settle claim for false arrest at airport

April 24th, 2015

The US government has paid $40,000 as part of the settlement of a lawsuit by a traveler who was falsely arrested by Federal agents and local police when a Frontier Airlines flight she was on arrived at the Detroit airport in 2011, arrive, taken off the plane in handcuffs, locked in a cell for four hours, and strip searched (in a cell with a video camera).

All of this happened without probable cause for an arrest, before any attempt was made to question her, and before any attempt was made by any of the police, airline, airport, or TSA staff to determine whether there was any basis for any of their actions. No criminal or administrative charges were ever filed against her.

The traveler, Ms. Shoshana Hebshi, sued the Federal government, the airline, and named and unknown Federal law enforcement agents, TSA employees, and Wayne County Airport Authority police.

Ms. Hebshi’s lawsuit was dismissed earlier this week on the basis of a settlement, after the Federal judge hearing the case rejected the defendants’ claims of “qualified immunity” with respect to Ms. Hebshi’s complaints of both discrimination and false arrest. “There is no ’suspected terrorist activity exception’ to the probable cause requirement of the Fourth Amendment,” the judge had ruled.

The details of the settlement were not included in court filings, but the ACLU, which represented Ms. Hebshi, disclosed the $40K payment by the Feds in a public statement about the settlement.

No specific Federal agency or individual took responsibility. The lawsuit named “the United States of America” as a defendant, rather than any specific Federal agency or agencies, and multiple Federal agencies (TSA, FBI, ICE, CBP, etc.) were named in the complaint as having been involved in mistreating Ms. Hebshi.  We don’t know whether others of the defendants (the airport, the airline, or any of the individual defendants) paid money to Ms. Hebshi as part of the settlement, in additional to the $40K from the US Treasury.

The dollar value of the settlement is obviously inadequate to deter similar misconduct by government, airline, and airport personnel in the future. But we are pleased by several aspects of the preliminary rulings by US District Court Judge Terrence G. Berg which led to the settlement.

First, Judge Berg was willing to let the case against the airline, airport, and Federal government, and their employees, go to trial. We’ve talked before about how difficult it can be to overcome claims of “qualified immunity” if the court’s sympathies lean toward the defendants in a case like this — or, to put it another way, how easy it is for  a judge to let government defendants and their private accomplices off the hook.

Read the rest of this entry »

Amtrak formats for passenger ID data dumps to governments

April 23rd, 2015

Eight pages of command-line formats for users of Amtrak’s ARROW computerized reservation system have been made public in the second of a series of interim responses to our Freedom of Information Act request for records of Amtrak’s collaboration with police and other government agencies in the US and Canada in “dataveillance” of Amtrak passengers.

The ARROW user documentation covers syntax and codes for entering ID information into Amtrak passenger name records (PNRs), generating reports (”passenger manifests”) by train number and date or other selection criteria, and transmitting these “manifests” or “API data” to the US Customs and Border Protection (CBP) “Advance Passenger Information System” (APIS).

Amtrak extracts “manifest” (API) data from PNRs, formats it according to CBP standards, and pushes it to CBP in batches using EDIFACT messages uploaded through the CBP Web-based online eAPIS submission portal.

Although Amtrak knows it isn’t actually required by law to do any of this, it “voluntarily” (and in violation of Canadian if not necessarily US law) follows the same procedures that CBP has mandated for airlines. The sample EDIFACT headers in the Amtrak documentation refer to Amtrak by its usual carrier code of “2V”.

Travel agents — at least the declining minority who use the command-line interface — will find nothing particularly surprising in these formats. ARROW formats for train reservations are generally comparable, although not identical, to the AIRIMP formats used for API data by the major computerized reservation systems (CRSs) or global distribution systems (GDSs) that host airline PNRs.

CRS/GDS companies and US airlines are private and not subject to FOIA, however, and CRS/GDS documentation is proprietary to the different systems and restricted to their users. There is no freely and publicly-available guide to commercial CRS/GDS data formats. Because Amtrak is a creature of the federal government subject to FOIA, we have been able to obtain more details of its internal procedures than we can for airlines or CRSs/GDSs

The ARROW user documentation shows — again, unsurprisingly — that the “data-mining” capabilities built into ARROW for retrieving and generating reports on selected PNR or manifest (API) entries are quite limited. This is why, despite having access to an ARROW “Police GUI” with additional data-mining functionality, CBP wants to import and retain mirror copies of API and PNR data in its own, more sophisticated TECS and Automated Targeting System databases and its new integrated data framework.

We’re continuing to await more releases from Amtrak of information about its policies for collaboration with law enforcement and other government agencies, and its apparent violation of Canadian privacy law.

DHS expands mining of travel data while reducing logging and controls

April 22nd, 2015

The US Department of Homeland Security has announced plans to expand its data mining and “sharing”of DHS files about travelers, while removing some of the limited access controls and audit logging that it had only recently claimed to be putting in place for its Department-wide surveillance data framework:

Privacy Impact Assessment for the DHS Data Framework — Interim Process to Address an Emergent Threat (DHS/ALL/PIA-051, April 15, 2015)

DHS has a critical mission need to perform classified queries on its unclassified data in order to identify individuals supporting the terrorist activities of: (1) the Islamic State of Iraq and the Levant (ISIL), (2) al-Qa’ida in the Arabian Peninsula (AQAP), (3) al-Nusrah Front, (4) affiliated offshoots of these groups, or (5) individuals seeking to join the Syria-Iraq conflict. (These individuals are often referred to as “foreign fighters” by the media and in public discourse.) The ability to perform classified searches of unclassified data for this uniquely time sensitive purpose will allow DHS to better identify and track foreign fighters who may seek to travel from, to, or through the United States. This type of comparison is a long-standing mission need; however, the specific threat has shortened the timeframe in which DHS must meet the need.

To meet this critical mission need, DHS will adopt an interim process that foregoes many of the automated protections of the DHS Data Framework, such as the tagging of necessary data sets in the unclassified data lake. By foregoing these automated protections, DHS will be able to expedite transfers of information from the Electronic System for Travel Authorization (ESTA), the Advance Passenger Information System (APIS), Form I-94 records, and Passenger Name Records (PNR) directly from the unclassified DHS domain to the classified DHS domain through a manual process….

The previously announced “protections”  on DHS use and sharing of personal data are fig leaves of little value to the subjects of DHS travel surveillance. But the DHS decision to “forego” those protections is significant for what it shows about how the DHS carries out its activities.

Read the rest of this entry »

Does an airline have the “right” to refuse service to anyone?

April 20th, 2015

This week cyber-security and threat modeling expert Chris Roberts of One World Labs was detained and interrogated for four hours and had his laptop and other electronic devices seized without warrant by the FBI, and later was denied boarding by United Airlines for a flight on which he had a valid ticket, for posting this Tweet questioning the security of IP-based networks on aircraft that commingle in-flight entertainment (IFE) data with data from navigation flight control sensors and avionics systems such as Engine Indication and Crew Alerting System (EICAS) data.

The incident raises important questions about the legality of Mr. Roberts’ detention, the search and seizure of his electronic devices, and the decision by United Airlines to refuse to transport him.

Read the rest of this entry »

Bill C-51 would match Canadian no-fly scheme to the US — and go further

April 17th, 2015

This week is Stop C-51 Week, marked by events throughout Canada and elsewhere in opposition to Bill C-51, currently under consideration by the Parliament of Canada, “An Act to enact the Security of Canada Information Sharing Act and the Secure Air Travel Act, to amend the Criminal Code, the Canadian Security Intelligence Service Act and the Immigration and Refugee Protection Act and to make related and consequential amendments to other Acts.”

We’ve joined a who’s who of civil liberties and human rights organizations, activists, and experts from Canada and around the world who have co-signed a letter to Prime Minister Stephen Harper opposing Bill C-51.

It’s only a slight oversimplification to say that Bill C-51 is Canada’s version of the USA Patriot Act, 13 years later but on steroids.  It appears to violate the Canadian Charter of Rights and Freedoms and Canadian obligations pursuant to several human rights treaties including the International Covenant on Civil and Political Rights (ICCPR).  But if enacted, and if not voided on constitutional grounds by Canadian courts, it would purport to authorize a wide range of government spying, “pre-crime” policing (profiling), and preemptive interference with the exercise of fundamental rights.

Read the rest of this entry »

Feds change no-fly procedures to evade judicial review

April 16th, 2015

In updates filed with Federal courts in at least two pending challenges to US government “no-fly” orders, lawyers for the government have revealed plans for changes to the internal procedures administrative agencies use in deciding who they “allow” to fly — and who they don’t.

While these changes look like cosmetic but inadequate improvements, they actually include an obscure but much more significant change designed to make it harder for people on the no-fly list to get the factual basis (if any) for the decision to put them on the list reviewed by a judge.

By shifting official responsibility for administrative no-fly decisions from the FBI to the TSA, the government hopes to bring those decisions fully within the scope of a special Federal jurisdictional law, 49 U.S.C. § 46110, which is designed to preclude any effective judicial review of TSA decisions.

This law allows TSA administrative orders to be reviewed only by Courts of Appeal (which have no ability to conduct trials or fact-finding), on the basis of the “administrative record” supplied to the Court of Appeals by the TSA itself.  The Court of Appeals is forbidden to second-guess the TSA’s fact-finding, even if it was made through a secret and one-sided internal process: “Findings of fact by the Secretary, Under Secretary, or Administrator, if supported by substantial evidence, are conclusive.”  As long as there is substantial evidence in the record constructed by the TSA to justify its actions, the Court of Appeals is forbidden to consider the weight of contrary evidence, even if it is also in the record.  And the TSA is free to decide that evidence submitted by anyone on the no-fly list is, for that very reason, not credible.

No-fly cases have been considered by District Courts, and one of them has gone to trial, only because the FBI (as the agency nominally responsible for the inter-agency Terrorist Screening Center) has been declared by both TSA and FBI to be the agency officially responsible for no-fly decisions.  When FBI decisions are challenged by people who claim their rights have been violated, those decisions are reviewed in the normal manner by District Courts that can conduct trials, hear testimony, receive evidence, and make their own findings of fact — without being required to rely exclusively on self-serving submissions by the FBI itself.

Read the rest of this entry »

Why did the TSA prevent these people from flying?

April 9th, 2015

Documents newly released to us by the TSA strongly suggest that the TSA has been lying about whether people are “allowed” by the TSA to fly without showing ID, and that decisions about whether to allow travelers to fly without ID are being made arbitrarily, on the basis of irrelevant and unreliable commercial data and/or at the “discretion” of individual field-level TSA staff.  The TSA documents also show that, at least for the limited sample of data initially released, the “false-positive” rate of watch-list matches is 100%.

The TSA has for many years been contradicting itself, both in word and in deed, as to whether travelers are required show government-issued (or any other) ID credentials in order to fly, or whether it is possible to fly without ID.

TSA signs at airports say that passengers are “required” to show ID. But the TSA has repeatedly told courts at all levels — from in camera (secret) submissions to the 9th Circuit Court of Appeals in Gilmore v. Gonzales in 2006 to public testimony of the TSA’s witness in the (unsuccessful) state court frame-up of Phil Mocek in Albuquerque in 2011 — that these and other official TSA notices to passengers are false, that ID is not required to fly, and that the TSA does have (secret) “procedures” that allow people to fly without having or showing ID.

The TSA’s actions are equally bipolar.  People who say they have lost their ID cards or had them stolen are “allowed” to fly every day.  But people who the TSA deems (for secret or not-so-secret reasons, or completely arbitrarily) to  be”suspicious” or “uncooperative” are routinely subjected to retaliation and summary sanctions including denial of  their right to travel.  Mr. Mocek, for example, was both prevented from boarding the flight for which he had a valid ticket, and falsely arrested by local police at the behest of TSA staff, when he tried to fly without ID and to document the process that the TSA claimed would have allowed him to do so.

What’s the real story? From our close reading of the available evidence, it appears that:

  1. There are no publicly-disclosed “rules” (and probably not even any unambiguous secret rules) defining what is or is not permitted or required of travelers at TSA checkpoints, or what conditions the TSA imposes on the exercise of the right to travel by air.
  2. The TSA claims to have the legal authority, and in practice exercises actual power, to determine who to allow to fly, and who not to allow to fly, in an entirely secret, standardless, and arbitrary manner, at its sole discretion, which discretion is often delegated to front-line TSA staff.

How does this work in practice? We are just beginning to find out.

Read the rest of this entry »

Where can you complain if your human rights are violated?

April 8th, 2015

As we’ve been pointing out for years, the right to travel is not just a right under the First Amendment to the US Constitution (”the right of the people… peaceably to assemble”) but a human right guaranteed by an international treaty ratified by the US (”the right to freedom of movement”).

But what good is a “human right” guaranteed by international treaty if there is no independent entity to which you can complain, and which has the authority to enforce your rights?

At a minimum, what’s needed is the ability of people whose human rights have been violated by the US government to seek redress through US courts, and the ability of those courts to order the government to comply with its treaty obligations.

Given the US government’s current interpretation of many human rights treaties as not being “self-effectuating”, that would require legislation by Congress to effectuate those treaties by creating a cause of action for treaty violations and give US courts jurisdiction to hear such complaints.

That’s exactly what the UN Human Rights Committee concluded a year ago, following its periodic review of US implementation of the International Covenant on Civil and Political Rights (ICCPR):

The State party [i.e. the US] should … Taking into account its declaration that provisions of the Covenant are non-self-executing, ensure that effective remedies are available for violations of the Covenant, including those that do not, at the same time, constitute violations of U.S. domestic law, and undertake a review of such areas with a view to proposing to the Congress implementing legislation to fill any legislative gaps.

In the year since this recommendation from the UNHRC, neither the Administration nor any member of Congress has proposed such effectuating legislation for the ICCPR or any other human rights treaty.

So in the meantime, where can you turn if your human rights are violated by the US government?

Read the rest of this entry »

DHS continues and expands use of commercial vehicle tracking databases

April 7th, 2015

Barely more than a year after publicly cancelling a request for bids on the construction of a national database of vehicle location data compiled from commercial and government-operated license-plate reader (LPR) cameras, the DHS has quietly revealed that it is once again seeking to buy access to commercially-aggregated LPR data, and that some DHS component field offices are already doing so.

Cameras combined with optical character recognition software allow for automated logging of the license-plate number (and of course the associated time, date, plate, and direction of travel) of every passing vehicle. “Some LPR systems also capture within the image the environment surrounding a vehicle, which may include drivers and passengers,” the DHS acknowledges in its latest Privacy Impact Assessment for DHS use of commercial LPR data.

The only apparent difference between the proposal supposedly nixed in February 2014 and the plans revealed in the March 2015 PIA is that the DHS’s own LPR vehicle, driver, and passenger tracking data won’t be completely merged with LPR data from commercial sources and aggregators — at least not by the DHS itself.  The PIA describes a scheme in which the DHS will pay for query-based access to commercially-aggregated LPR data and the ability to set flags that will generate real-time alerts to the DHS whenever license-plate numbers of interest are observed.

Read the rest of this entry »

You can’t tell the travelers without a scorecard

March 31st, 2015
The TSA uses appearance profiles to decide whether to search you and/or your luggage, interrogate you, call the police, or allow you to fly. (Diagram from GAO report.)

Point scores assigned by TSA "Behavior Detection Officers" are used to decide whether to search you or your luggage, interrogate you, call the police, or allow you to fly. (Diagram from 2013 GAO report. Click image for larger version.)

The Intercept has published the scorecard used by TSA “Behavior Detection” precogs to assign points to travelers, as part of the TSA’s “SPOT” pre-crime scheme for deciding which travelers to subject more intrusive search and/or interrogation or “refer” to local police:

Whether you call SPOT and the TSA’s other pre-crime profiling programs “junk science”, “culturally biased”, or simply “unconstitutional”, it’s clear that the TSA can’t tell the terrorist travelers with or without a scorecard.

The SPOT scorecard includes pairs of, “Damned if you do, damned if you don’t,” point categories. “Avoids eye contact with security personnel or LEO [Law Enforcement Officer]“? +1 point. On the other hand, “Cold penetrating stare” or “Widely open staring eyes”? +2 points.

Disturbingly, some of the largest point values are assigned for the exercise of First Amendment rights to express opinions, ask questions, and observe what is in plain sight: “Asks the BDO [Behavior Detection Officer] security-related questions”? +3 points. “Shows arrogance and verbally expresses contempt for the screening process”? +2 points. “Scans area, appearing to look for security personnel or LEO”? +2 points.

In what appears to be flagrant discrimination against people with disabilities, anyone attempting to communicate in sign language is severely penalized: “Exhibiting hand gestures to others”? +3 points.

Part of the scorecard is broken down into “Stress”, “Fear”, and “Deception” categories. Stress and fear would seem to be natural responses to being profiled, judged, interrogated, and groped by government agents in cop-like uniforms who claim discretionary and deliberately unpredictable power to stop us from exercising our rights.  What traveler anywhere in the world doesn’t tense up when they are stopped at a checkpoint, and breathe a sigh of relief when they have made it through?

Points are also assigned for attributes having nothing to do with these factors, and which cannot lawfully be construed as constituting a reasonable basis for suspicion sufficient to justify search or detention.

Are you one of a party of, “Males traveling together who are NOT part of a family”? +1 point. Take that, pairs of traveling salesmen, and pairs of Mormon Elders on a mission! Do you appear to be a “Member of a family”?  -2 points. What’s a “family”? And how can the TSA tell?

Possession of duct tape “which the passenger has no apparent reason to possess”? +1 point. Isn’t the reason to carry duct tape that you never know for what purpose you will need it?

Cash is considered presumptively and for outbound international travelers conclusively suspicious. Possession of, “Large sum of monies leaving U.S.”, or “Large sum of monies with no apparent reason to possess”? Automatically notify a law enforcement officer.

Some of the scoring categories appear to be purely cultural or fashion bigotry: “Face pale from recent shaving of beard”? +1 point.  Others show age and/or gender bias: “Facial flushing while undergoing screening”? +1 point. So much for any woman who happens to have a hot flash at a checkpoint. “Apparent married couple with both spouses over 55 years old”? -2 points.

The Intercept quotes two unnamed former TSA “Behavior Detection Officer” managers. One says the scorecard is, “designed in such a way that virtually every passenger will exhibit multiple ‘behaviors’ that can … justify BDO interaction with a passenger. A license to harass.” Another describes the SPOT porgram as, “Bullshit. Complete bullshit.”  We couldn’t have said it better.