Papers, Please! – The Identity Project

Oct 16 2025

USCIS still wants to stalk US residents and visitors on social media

Doubling down on its attack on anonymity and disregarding comments from the Identity Project and more than a thousand other organizations and individuals, US Citizenship and Immigration Services (USCIS) has renewed its request for blanket authorization to require applicants for US visas, visa-free entry, residency, or citizenship to disclose every social media platform and identifier they have used in the last five years.

Today the Identity Project and Restore The Fourth (RT4) filed comments opposing this USCIS proposal for dragnet social media surveillance of foreign visitors and residents and the US citizens with whom they communicate and associate on social media.

USCIS made no significant changes in response to the first round of public comments and ignored most of the issues we and others raised, including the ways that social media surveillance would impact First Amendment rights of assembly and association.

In addition to reiterating the unanswered concerns raised in our initial comments, our latest comments also respond to the false claims made by USCIS:

In its analysis of the first round of comments, USCIS claimed that “the information that DHS may access via social media is publicly accessible and DHS may not access information that is designated as private.”

This claim is entirely unsupported, and clearly false.

The association between an individual and a particular anonymous or pseudonymous social media account or posting is, by definition, not public information. In requiring individuals to disclose with which social media accounts they are associated, including anonymous or pseudonymous accounts, USCIS is demanding disclosure of non-public information.

Of course, if all of the requested information including which individuals are associated with which anonymous or pseudonymous social media accounts and postings were public, USCIS would have no need to request it from individuals or require them to provide it. USCIS is requiring individuals to list all social media accounts with which they are associated, including anonymous and pseudonymous accounts, precisely because this information is deliberately private – in some cases intensely private – and because USCIS cannot obtain this information without forcing individuals to disclose this private information and make it public.

The purpose – the only purpose – of requiring individuals to disclose anonymous and pseudonymous social media accounts is to enable USCIS to access private information.

By falsely claiming that all of this information is public, USCIS entirely avoids responding to any of the comments regarding the compelled disclosure of private information.

The deadline to comment on this proposal is midnight tonight, Eastern time.

Oct 12 2025

CBP changes procedures for airline passengers with “X” passports

CBP regulations require would-be airline passengers to identify as “F” or M”. These regulations were never changed, even when CBP was accepting “X” gender markers.

Traveler Gender CBP Data Element Validation: System Error if missing or invalid. Only submissions of “M” for male and “F” for female are accepted.

[CBP implementation guide says that only “M” and “F” are accepted in APIS data.]

U.S. Customs and Border Protection (CBP has announced plans for changes to its procedures for processing information sent to CBP by airlines (and possibly also train, bus, and ferry operators) about passengers on international routes with non-binary or non-gendered “X” gender marker passports, to take effect on Tuesday, October 12, 2025.

The planned changes were disclosed by press release rather than by rulemaking notice in the Federal Register. Implementation has been outsourced to airlines subject to secret “Security Directives” from CBP. Neither the current nor the planned procedures comply with the law. All of this makes it difficult to predict what will happen to anyone with an “X” gender marker on their passport who tries to make reservations, buy tickets, or check in for international flights after October 12th.

But here’s what we know:

Oct 08 2025

Repeal the REAL-ID Act

After twenty years of resistance by individuals and state governments; twenty years of failed threats, intimidation, and extortion by the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) to get states to administer and participate in a distributed national-ID scheme; twenty years of construction of an outsourced, unaccountable national ID database; and twenty years of lies by the DHS and TSA about what the REAL ID Act requires and whether states and individuals are “complying”; it’s time to repeal the REAL-ID Act of 2005.

Last month Sen. Rand Paul (R-KY) introduced S. 2769, a short, simple bill to repeal the REAL-ID Act of 2005 in its entirety. This isn’t a bill to “reform” or put “guardrails” on the REAL-ID Act. It’s not amendable to reform. The REAL-ID Act was a bad idea from the start, hastily enacted at the height of post-9/11 panic with no hearings or debate. It’s time to acknowledge that mistake, and to repeal the REAL-ID Act. S. 2769 is long overdue.

We urge other US Senators from both sides of the aisle to co-sponsor S. 2769, and US Representatives to introduce the similar legislation in House.

As Chair of the Senate Committee on Homeland Security and Government Affairs, Sen. Paul has the opportunity to convene hearings on repeal of the REAL-ID Act. We’d welcome a chance to testify about the hidden national ID database we uncovered, the DHS and TSA lies, and the TSA’s attempts to prevent us from even reading its new digital REAL-ID rules. And the committee would have a chance to hear from some of the state legislators who’ve been opposing the REAL-ID Act and its burdens on their states and their residents since its enactment. Sen. Paul is also ideally positioned to get REAL-ID Act repeal considered by the full Senate, either as a standalone bill or as part of a larger legislative package.

We look forward to working with Sen. Paul and to seeing S. 2769 become law. It’s time!

Oct 06 2025

The weaponization of travel blacklists

Excerpt from "After Action Report" by a Federal Air Marshal.

[A Federal Air Marshal (FAM) tasked with surveillance of an airline passenger targeted by Quiet Skies lists and/or rules followed the traveler out to the curb and recorded the license plate number of the vehicle in which she left the airport, so that her airline reservations could be integrated with license plate reader data into an uninterrupted multi-modal travel history.]

On September 30, 2025, the Senate Committee on Homeland Security and Government Affairs held a hearing on Examining the Weaponization of the Quiet Skies Program.

Coming just hours before the partial shutdown of Federal government operations, this hearing was sparsely attended, even by members of the committee, and got little press attention. The hearing opened with the Chair and Ranking Minority Member of the committee talking over each other at length.

Much of the argument between Senators and the questioning of witnesses focused not on the general problems of the Quiet Skies traveler surveillance program program or government travel blacklists (referred to euphemistically as “watchlists” throughout the hearing) but on whether these programs have been weaponized to a greater extent under Democratic or Republican administrations.

But if we — and, we hope, members of Congress — can look past the partisan polemics, the testimony and documents introduced into the record of this hearing provide important guidance on what can and should be done to protect all travelers — regardless of our party affiliation (if any), ethnicity, religious beliefs, or political opinions — against the weaponization of travel blacklists by whatever government is in power. Read More →

Oct 01 2025

ICE is buying location data from smartphone apps, etc.

How can your movements be tracked?

The Penlink surveillance company counts some of the ways:

Penlink was brought to our attention by a report from Joseph Cox in 404 Media that the Immigration and Customs Enforcement (ICE) division of the US Department of Homeland security (DHS) is entering into a contract with Penlink as a unique and irreplaceable source of aggregated location data from smartphone apps and other sources.

According to an ICE document justifying the no-bid single-source contract that was uncovered by 404 Media, Penlink is the only company that can “compile, process, and validate billions of daily location signals from hundreds of millions of mobile devices, providing both forensic and predictive analytics”, and that is willing to sell ICE access to this data.

Penlink also extracts and makes available to its subscribers, in real-time, location data embedded in EXIF metadata in smartphone photos uploaded to Facebook and other social media, and boasts of its ability to aggregate location data from many other sources.

How does Penlink get this data, in order to be able to sell it to ICE?

Most people didn’t (and wouldn’t) knowingly consent to having this information sent to and used by the government, and wouldn’t think of this information as “open source”. How many people even realize that, by default, each smartphone photo contains precise location information included within the image file?

Most people would consider an app that collects timestamped location tracking data and sends it to a company that sells it to the police to be “malware”.

Almost all of these apps with embedded surveillance malware are distributed — in most cases, distributed exclusively — through the Google Play Store or the Apple App Store.

To put it another way, the Google Play Store and the Apple App Store are the primary distribution channels for malware people install on their smartphones that enable government surveillance.

Sep 24 2025

Passports, travel, and the First Amendment

Earlier this month, as part of a lengthy and complex bill to reauthorize the US State Department, the Chair of the House Foreign Affairs Committee, Rep. Brian Mast (R-FL) revived a proposal that had been rejected but came close to passage in 2017 to authorize the Secretary of State to summarily deny or revoke the passport of any US citizen on the basis of an extrajudicial determination by the Secretary that a US citizen has “knowingly aided, assisted, abetted, or otherwise provided material support to an organization the Secretary has designated as a foreign terrorist organization”.

The proposal drew immediate condemnation on both due process and First Amendment grounds. “Provide material support” has been interpreted to include making or amplifying statements supporting the political goals of a banned organization — i.e., free speech.

Last week, during markup of the State Department reauthorization bill, the Committee on Foreign Affairs approved an amendment sponsored by Rep. Mast to remove the passport denial and revocation provisions he himself had introduced a week earlier.

We’re pleased that this trial balloon went down in flames so quickly. But we’re disturbed that it was even introduced.

If there’s any silver lining in this episode, it’s that it’s proved a teachable moment to articulate the relationship between passports, travel, and the First Amendment.

We’re especially pleased by the comment of Rep. Joaquin Castro (D-TX):

Travel abroad is a form of expression and association.

In saying this, Rep. Castro recognized that, as we’ve always argued, to travel is “to assemble”, and to do so is an act directly protected by the First Amendment guarantee of “the right of the people… to assemble”.

Sep 15 2025

Foreigners must register and carry their papers

The US Department of Homeland Security (DHS) is threatening to step up enforcement of Federal laws that require each foreign citizen present in the US for more than 30 days — even as a tourist or other visa-free visitor — to register with the US government and “at all times carry with him and have in his personal possession” the registration certificate issued by the US government.

These laws are not new, but they have rarely been enforced. Until the creation by the DHS in March 2025 of a new registration procedure, there was no practical way for many foreigners to comply. This was especially true for Canadian citizens who can stay in the US for six months at a time without a visa and without being registered by US authorities at land border crossings.

These laws and others like them that place foreigners under special suspicion and surveillance should be repealed, not revived. They are a threat to the freedom of foreigners in the US and, to the extent that other countries reciprocate, a threat to the freedom of US citizens traveling abroad. We shouldn’t always have to carry government-issued papers to prove who we are, whether we are in the country of our citizenship or any other. Human rights, including rights to freedom of movement, should not depend on citizenship.

The Alien Registration Act (currently codified at (8 USC §1301-1306) was enacted in 1940 as part of a bill more often referred to as the Smith Act. The bundling together of restrictions on dissident speech and association with requirements for registration and tracking of all foreigners reflects the xenophobic assumption that foreign ideas, associations, and individuals are presumptively suspicious and potentially subversive.

Similarly xenophobic assumptions underlie the Foreign Agents Registration Act (FARA), which requires almost impossibly burdensome registration, reporting, and labeling of informational materials produced or funded by foreigners.

Portions of the Smith Act were eventually found unconstitutional, but have largely been left on the Federal statute books along with the alien registration requirement. There have been fewer challenges to the Constitutionality of FARA, but it too remains on the books.

Violations of the the registration and other provisions of the Smith Act or FARA carry potentially substantial criminal penalties for those singled out for prosecution.

Laws like this that are widely and often unknowingly violated and rarely but selectively enforced are inherently vulnerable to weaponization against the demons du jour.

How many foreign tourists on Waikiki or Miami Beach are carrying their alien registration certificates in waterproof pouches over their bikinis or board shorts, or know that failure to do so is a crime? How many US citizens would want to be subject to reciprocal requirements when they travel outside the US?

Standard advice to tourists and other travelers anywhere is to carry only copies of your passport and any separate entry card or visa, not the hard-to-replace and valuable-to-thieves original documents. Leave the originals in a secure place in your hotel or lodging whenever possible.

Typical of this advice is the State Department wallet card of Smart Travel Tips send out with every new US passport:

[“Safeguard your passport. While overseas, carry *copies* of your passport ID page and foreign visa with you at all times.”]

Why should foreigners in the US be required to do differently than US citizens are advised by the US government to do when they are traveling abroad, and put themselves at unnecessary extra risk of loss, damage, or theft of vital immigration documents?

The Alien Registration Act has quirks that cast doubt on its purpose or fitness for purpose. The law requires all foreigners to carry evidence of registration on their person at all times, but doesn’t require them to show these papers to police. Police or immigration enforcement officers need some independent basis to search a suspected foreigner for their immigration papers. There’s no statutory requirement for foreigners to have, carry, or show passports, only registration papers. Foreigners, especially asylum seekers including those who are stateless, can lawfully be admitted to the US without passports.

Thousands of comments were submitted to the DHS in response to the new alien registration regulations promulgated this year. Almost all of the commenters objected to the registration requirement, not just the new registration procedures.

The revival of the Alien Registration Act as a tool for tracking, intimidation, silencing, expulsion, or imprisonment of disfavored foreigners should be a sign that it’s time to repeal this law and all of the vestiges of the Smith Act as well as FARA.

Sep 12 2025

“America brought ‘predictive policing’ to China”

[Diagrams obtained by AP News show how the functionality of IBM suspicion-generating software for analyizing relationships between cellphone users (left) was deliberately replicated by developers of Chinese pre-crime software (right)]

We’ve often pointed to China as exemplifying modes of government surveillance and control of movement that we don’t want replicated in the USA.

But a new report by independent journalist Yael Grauer and a team from the Associated Press, based on documents provided by courageous whistleblowers in China and the US, shows that US technology companies are sometimes leaders, not just followers, in the globalization of Big Brother tools and techniques.

As a summary of key takeaways from the AP investigation puts it, “America brought ‘predictive policing’ to China”:

U.S. companies introduced systems that mine a vast array of information — texts, calls, payments, flights, video, DNA swabs, mail deliveries, the internet, even water and power use — to unearth individuals deemed suspicious and predict their movements. But this technology also allows Chinese police to threaten friends and family and preemptively detain people for crimes they have not even committed….

Across China, surveillance systems track blacklisted “key persons,” whose movements are restricted and monitored. In Xinjiang, administrators logged people as high, medium, or low risk, often according to 100-point scores with deductions for factors like growing a beard, being 15 to 55 years old, or just being Uyghur.

Chinese government agencies and companies (often indistinguishable in the Chinese economy of state-owned enterprises) have bought into the US model of pre-crime predictive policing, purchasing or copying US pre-crime tools.

This isn’t the first time, of course, that US companies have provided the hardware and software used by foreign governments to identify, track, and control individuals. In the 1970s, for example, Polaroid and IBM sold the South African government the database software, computers, instant cameras, and ID-card printers used to manufacture and keep track of the infamous apartheid travel-permission “passbooks”, with IBM developing customized hardware and software specifically for enforcement of apartheid.

Whistleblowers and dissidents within tech companies played an important role in exposing the role their employers and other corporate partners played as enablers of, and profiteers from, apartheid in South Africa. Similarly today, anonymous whistleblowers within tech companies provided much of the source material for the latest AP report on the US sources of China’s infrastructure of surveillance and control.

We commend these whistleblowers for taking the risk to expose what their employers are doing. We encourage more whistleblowing by other tech workers with information about the companies building Big Brother, whether in the US, China, or anywhere else.

Aug 11 2025

Flock expands pre-crime policing from air travel to road travel

New tools deployed and offered to law enforcement agencies by Flock Safety, the largest US aggregator of automated license plate reader (ALPR) data from both government and private cameras, are moving Flock from data mining into profiling and pre-crime predictive policing. This marks the expansion to road travel of the profiling and predictive policing that was developed and has until now been applied primarily to air travel.

Flock’s data warehouse includes billions of monthly records, each of which links a unique vehicle identifier (license plate number) to a precise date, time, and location. Flock boasts that it is now using artificial intelligence (i.e., more complex algorithms) to identify patterns and “surface” evidence of suspicious activity.

This moves Flock from a surveillance company and provider of investigative tools to a provider of suspicion-generating and predictive tools for “pre-crime” policing. This makes a quantitative difference in degree of intrusiveness and danger, of course, but there’s also a qualitative difference between an investigation based on a lawful pre-existing basis for suspicion, and dragnet surveillance intended to generate a basis for new suspicion (that can in turn be used as the basis for further surveillance, search, seizure, detention, etc.).

Thanks to Jay Stanley for calling attention to these new Flock tools in articles on the ACLU website and and in his own Free Future newsletter.

Aug 05 2025

Higher fees for visitors to the US

Tourists and business visitors to the US from most of the world will have to pay additional fees or post bonds of from $250 to $15,000 per person — over and above the current $185 per person visa fee — under provisions of the One Big Beautiful Bill Act enacted last month and separate regulations under a preexisting law published today in the Federal Register.

The consequences for inbound international tourism as well as travel to meetings and conventions in the US from most of the world are likely to be devastating. Nobody is going to hold a meeting — conference, trade show, academic symposium, etc. — in the US under these rules if they want global participation. If other countries reciprocate, as some probably will, US travelers could be hit with much higher fees when they travel abroad.

The biggest beneficiary of these changes to US laws and regulations is likely to be Mexico, where Cancun is by far the most obvious choice for meeting and convention planners looking for an alternative venue close to the US with more hotel rooms than anywhere in the Americas except Las Vegas, the busiest international airport in Latin America, and more welcoming entry and visa policies than the US for visitors from around the world.

Bonding companies and moneylenders from banks to informal lenders to loan sharks offering to underwrite loans and post bonds for would-be visitors who can’t afford to pay the US visa fees in full are also likely to profit from the new US rules. So will the bounty hunters they will hire to track down and collect from US visitors whose “visa bonds” (and whatever they put up as security for them) are forfeited because they can’t prove to the satisfaction of US authorities that they complied with all of the terms and conditions of entry to and departure from the US — or simply at the “discretion” of US visa officers.

The new US law and regulations establish a three-tier schedule of US fees for short-stay visitors, depending on the citizenship of the traveler:

Citizens of the small number of most US-favored nations in the US Visa Waiver Program will remain eligible to enter the US, after completing an extensive online questionnaire including a list of all their social media accounts, for only a $21 Electronic System for Travel Authorization (ESTA) e-visa fee.
Citizens of countries that are neither especially favored nor disfavored by the US will be required to pay a visa integrity fee of at least $250 (in addition to the visa fee and other visa application requirements). The minimum of $250 is set by law, but the amount can be increased without limit at the discretion of the US Department of Homeland Security (DHS).
Citizens of disfavored countries will be required to post a visa bond of $5,000, $10,000, or $15,000, with $10,000 as the default, before their visa can be issued.