“Extreme Vetting” would be a #PreCrime #DigitalMuslimBan

November 16th, 2017

Today The Identity Project joined 55 other civil rights, civil liberties, government accountability, human rights, immigrant rights, and privacy organizations in calling on the US Department of Homeland Security to abandon its Extreme Vetting Initiative.

The essential goal of the DHS Extreme Vetting Initiative is to extend the bogus “pre-crime” prediction algorithms and methods based on “big data” from suspicionless mass surveillance, already being used by the DHS and its partner agencies in the US and abroad to decide who is allowed to board airplanes, to a broader range of decisions about who is allowed to travel to, or reside or remain in, the US.

But the DHS doesn’t have any “pre-cogs”, human or robotic, to make these predictions. And prior restraint of our movements or other activities based on predictions of future criminality is not only impossible (and inherently subject to abuse by those who create the predictive and decision-making algorithms) but an affront to fundamental notions of justice, due process, and human rights.

According to a joint letter we sent today to the Acting Secretary of Homeland Security, Elaine Duke:

We write to express our opposition to Immigration & Customs Enforcement’s proposed new Extreme Vetting Initiative, which aims to use automated decision-making, machine learning, and social media monitoring to assist in vetting of visa applicants and to generate leads for deportation. As it is described in ICE documents, this program would be ineffective and discriminatory. It would also pose a signal threat to freedom of speech and assembly, civil liberties, and civil and human rights. We urge the Department of Homeland Security to abandon this effort….

The goal of the Extreme Vetting Initiative is to “develop processes that determine and evaluate an applicant’s probability of becoming a positively contributing member of society as well as their ability to contribute to national interests,” using analytic capabilities including machine learning.  ICE also seeks to “develop a mechanism/methodology that allows [the agency] to assess whether an applicant intends to commit criminal or terrorist acts after entering the United States.”

In reality, as a group of prominent technologists advised in a recent letter, “no computational methods can provide reliable or objective assessments of the traits that ICE seeks to measure.” There is no definition anywhere in American law of what it means to be a “positively contributing member of society” or to “contribute to national interests,” posing a risk that ICE will exercise maximal latitude to discriminate beneath the cover of an unproven algorithm….

Confirming that ICE’s focus is on quantity rather than quality, the agency has announced that the winning vendor for the Extreme Vetting Initiative contract must “generate a minimum of 10,000 investigative leads annually” – without regard to how many leads are actually appropriate….

The Extreme Vetting Initiative will also undoubtedly chill free expression, contravening the First Amendment and international human rights, such as those contained in the Universal Declaration of Human Rights, for which the United States has registered official support, and the International Covenant on Civil and Political Rights, to which the U.S. is a party… These risks are particularly acute in light of existing initiatives to ask travelers to identify all of their social media handles in order to obtain permission to travel to the United States….

Through the Extreme Vetting Initiative, ICE seeks to automate the process by which the U.S. government targets, finds, and forcibly removes people from our country…. But this system … risks hiding politicized, discriminatory decisions behind a veneer of objectivity – at great cost to freedom of speech, civil liberties, civil rights, and human rights.

Palantir Technologies has already become a target of criticism for its role in building tools for “extreme vetting”. (See our report from a protest outside the home of Palantir founder Peter Thiel earlier this year, and this recent 10-minute video, “Is Silicon Valley Building the Infrastructure for a Police State? New AI tools could empower the government to violate our civil liberties.“)  Now IBM, which attended a recent outreach day for Extreme Vetting Initiative contractors and has declined to distance itself from bidding to build the pre-crime program, is also being targeted by a petition asking IBM to “back up your verbal support of immigrants by publicly rejecting and denouncing the Extreme Vetting Initiative and pledge to not bid on any contract to build the tool.”

Silicon Valley Is Building the Infrastructure for a Police State

November 14th, 2017

The Identity Project is  featured along with our friends at the Electronic Frontier Foundation in the latest report from Reason.TV, Is Silicon Valley Building the Infrastructure for a Police State? New AI tools could empower the government to violate our civil liberties.

If you have ten minutes to watch the video, it’s a good introduction to Palantir, pre-crime policing, automated decision-making and control (“extreme vetting”), and the homeland-security industrial complex.

DHS blinks (again) on REAL-ID

October 24th, 2017

The Department of Homeland Security and the Transportation Security Administration have threatened to prevent citizens of many US states from being able to travel by air within the US, starting in January 2018, because their state governments won’t dump all their driver’s license and ID card information into a nationwide database. But these threats didn’t actually cause states to follow the TSA’s illegal orders. So rather than follow through on the threat, which would risk a legal challenge that would make it clear the threat is hollow, the DHS has again blinked. It just quietly deferred its deadline about when it claims it will enforce the REAL-ID Act against airline passengers.

Just over a week ago, when we testified before the California Department of Motor Vehicles about why the largest state in the union should not comply with the REAL-ID Act, and could not do so without violating its state constitution and its residents’ rights, the DHS website included California among 21 states “under review” by the DHS for possible Federal interference with their residents’ right to travel by air beginning as early as January 18, 2018.

Just days later, the DHS in its standardless discretion granted 15 of these 21 states, including California, another round of “extensions of time” to comply with the REAL-ID Act until October 20, 2018.

The states granted another round of arbitrary extensions until October 2018 included eight of the nine states singled out by signs in airports across the country as targeted for TSA harassment of their residents who travel by air beginning in January 2018:

The dates picked by the DHS are as arbitrary as the DHS choices of which states to threaten. The DHS has repeatedly amended its REAL-ID Act regulations to postpone its threatened “deadlines”, but neither January 18, 2018, nor October 20, 2018, are dates that appear anywhere in the law or the most recently revised regulations.

Read the rest of this entry »

CBP Intelligence Records System (CIRS)

October 23rd, 2017

Today The Identity Project and eight other civil liberties and human rights organizations filed comments with the US Department of Homeland Security objecting to both the creation and the exemption from the Privacy Act of the latest DHS system of social media and travel surveillance records, the US Customs and Border Protection (CBP) Intelligence Records System (CIRS).

Our comments were co-signed and submitted jointly on behalf of:

Members of the public (regardless of whether they are U.S. citizens or residents) can submit their own comments on these DHS proposals, including anonymous comments, until midnight tonight, Washington DC time, by using the official Web forms here and here at Regulations.gov.

In part, the proposed creation and exemption from the Privacy Act of CIRS is merely the latest episode in a DHS shell game in which some of the same DHS travel logs and surveillance records have been successively redefined as being part of the TECS records system, then the Automated Targeting System (the system used as the basis for algorithmic pre-crime scoring and blacklisting of international travelers), then the Analytical Framework for Analysis (the system used by Palantir’s data mining and profiling tools), and now CIRS.

DHS Privacy Act notices for these systems have often lagged years behind DHS operational practices, even though it’s a crime for a Federal agency to maintain a database of information about individuals without a specific sort of notice before it’s created.

What’s new about CIRS, aside from the new name, is that the categories of records in CIRS would be expanded to include “Articles, public-source data (including information from social media), and other published information on individuals and events of interest to CBP.” Additional sources of information for CIRS records would include “private sector entities and organizations, individuals, commercial data providers, and public sources such as social media, news media outlets, and the Internet.”

According to the comments we filed today along with other civil liberties and human rights organizations: Read the rest of this entry »

Civil liberties and human rights groups denounce illegal DHS social media monitoring

October 18th, 2017

The Identity Project and ten other civil liberties and human rights organizations filed comments today with the US Department of Homeland Security objecting to the DHS keeping records of what we say and publish and who we associate with on social media.

(See our FAQ: U.S. government monitoring of social media. The DHS isn’t the only Federal agency spying on us on social media. We submitted comments earlier this month on parallel proposals by the Department of State to expand social media monitoring that it began last year over our objections and those of many other organizations and individuals.)

The comments from civil liberties and human rights groups were submitted in response to a notice from the DHS last month that “Social media handles and aliases, associated identifiable information, and search results” would be added to DHS “Alien Files”.

Our comments were co-signed and submitted jointly on behalf of:

Members of the public (regardless of whether they are U.S. citizens or residents) can submit their own comments, including anonymous comments, until midnight tonight, Washington DC time, by using the official Web form at Regulations.gov.

The DHS only published its formal Privacy Act notice for social media records in September 2017, although the DHS says it has been monitoring and keeping records of social media activities since at least 2012. The Federal Privacy Act of 1974 requires that a notice be published in the Federal Register before any new system of records about individuals is created by a Federal agency, or a new category of data or individuals is added to an existing system. Operation of a system of records without prior publication of a notice including all categories of information and individuals included in the system is a Federal crime on the part of the responsible Federal officials: “Any officer or employee of any agency who willfully maintains a system of records without meeting the notice requirements of subsection (e)(4) of this section shall be guilty of a misdemeanor and fined not more than $5,000.”

According to comments we filed today along with other civil liberties and human rights organizations: Read the rest of this entry »

Two lawsuits challenge demands for air travelers’ IDs

October 12th, 2017

Two Federal lawsuits have been filed against the Federal government and officers and agents of the Department of Homeland Security and its component agencies for violating air travelers rights by demanding that they identity themselves and/or provide evidence of their identities.

Read the rest of this entry »

Comments to the California DMV on the REAL-ID Act

October 11th, 2017

As we noted a month ago, the California Department of Motor Vehicles (DMV) is currently considering whether to amend state regulations on driver’s license and state ID cards to meet some, but not all, of the statutory criteria for “compliance” with the Federal REAL-ID Act of 2005.

States are not required to comply with this Federal law, but apparently the DMV hopes that if the state of California makes a show of partial compliance, the TSA and DHS won’t carry out some of their threats to unlawfully interfere with air travel by residents of California and other noncompliant states.

Comments on these proposals can be submitted to the DMV in writing until 5 p.m. Monday, October 16th, or in person at a public hearing on Monday at 10 a.m. in Sacramento. We encourage everyone concerned about ID demands and freedom to travel to submit written comments and/or come to the hearing.

We’ll be at the hearing on Monday to testify in person, and today we submitted more detailed written comments, which we introduce with the following summary: Read the rest of this entry »

FAQ: U.S. government monitoring of social media

October 2nd, 2017

Is the U.S. government monitoring social media?

Yes. Since December 2016, all visitors to the U.S. under the “Visa Waiver Program” (VWP) have been asked to identify the social media IDs they use to the Department of State on the online ESTA form. In several recent notices in the Federal Register, and in official statements in response to questions about those notices, the Department of Homeland Security has confirmed that it already searches for and reviews information about individuals from social media.

Why is the U.S. singling out immigrants and visitors for this surveillance?

The U.S. government is targeting foreigners first because they are legally more vulnerable. Under U.S. law, foreign visitors and immigrants have often been held to have fewer rights than U.S. citizens. We don’t think this is the way it ought to be, and we don’t think this is even a correct reading of the U.S. Constitution and the human rights treaties that the U.S. has ratified. But this is often the way that courts have ruled. Most acts of terrorism in the U.S., like most crimes of any sort, are committed by U.S. citizens. Most of those criminals are white, and most of them are Christian, not that this should matter either. In practice, the government knows that it is more likely to be able to get away with surveillance of foreigners — on social media or in any other realm — than with surveillance that targets U.S. citizens equally or that focuses on, say, white Christian nationalist domestic sources of terrorism.

The Federal government also appears to be motivated by a profound xenophobia. It regards foreigners, communications or association with foreigners, and foreign travel as per se suspicious and thus as justifying more intrusive search, seizure, interrogation, interference, etc. Instead, these activities should be seen as the exercise of rights recognized and protected by Federal laws, the First Amendment and other provisions of the U.S. Constitution, and international treaties. As such, they should be specially protected, not subjected to special surveillance.

Does this social media surveillance include U.S. citizens and green-card holders?

Yes. Social media is, by definition, social. It’s about connections and communication between people, not individuals in isolation. Social media networks aren’t defined by national borders. (Except in countries like China where repressive government block access to “foreign” social media to keep their citizens isolated from the thinking of the rest of the world.) Even if only non-U.S. persons are targeted, surveillance of social media will inevitably suck in information about U.S. citizens and permanent residents who are “associated” with foreigners on social media. Whoever you are, that probably includes you. Do you know which of your Facebook “friends” or Twitter followers or the people who post comments on your page are U.S. citizens or permanent U.S. residents, and which of them aren’t? We don’t, and we don’t believe the U.S. government does either. There is no way that government agents, whether human or robotic, could contain social media surveillance to foreigners even if they tried. The rights of U.S. citizens and permanent residents will be collateral damage whenever foreigners are attacked.

Is this limited to people who are suspected of immigration violations or other crimes?

No. What is being practiced already, and what is being expanded, is dragnet social media surveillance. The Department of State is already asking every applicant for admission to the U.S. under the VWP for their social media IDs. The social media surveillance authority claimed by the DHS, and the practices described in its recent notices, are not limited to specific persons of interest. The DHS and other law-enforcement agencies already have the authority to subpoena records from social media service providers if there is probable cause for suspicion that any crime has been committed, including but not limited to criminal violations of U.S. immigration laws. What’s happening now and expanding is additional surveillance of people who are not (yet) under any particularized suspicion.

The U.S. government’s interest in social media can best be understood in the context of other programs of automated suspicionless dragnet surveillance. The NSA collects metadata about the movement of our messages from telephone companies and and Internet service providers. The DHS collects metadata about the movements of our bodies from entry/exit and border crossing logs and reservation records obtained from airlines, Amtrak, and other travel companies. Why not add metadata about our associations and activities on social networks — IDs, posting histories, keywords and tags, social network maps, etc. — to that data lake?

If I’m not doing anything wrong, do I have anything to worry about?

Yes. Activities that are legal in the U.S. may be illegal in other countries, and the U.S. government claims the right to share the fruits of social media surveillance, and the blacklisting and other conclusions drawn from them, with other governments around the world. Activities that are legal today could become illegal tomorrow. People with whom you are associated, but who you may not know and may never have met, may come under suspicion in the future. Any information the government has can be used against you. Things that you say or people with whom you are “associated” on social media say could result in your being assigned a pre-crime predictive “risk score” that leads to your being placed on a government blacklist (“watchlist”) or subjected to other government sanctions, even if you are never suspected or accused of any crime. The algorithmic criteria for blacklisting, the data used as the basis for blacklisting decisions, and the lists themselves are all secret. You know you are on a blacklist only when you are unexpectedly prevented from exercising your right to travel or other rights. Read the rest of this entry »

Muslim Ban 3.0 blaimed on ICAO passport standards and “ID management”

September 24th, 2017

Invoking memes that we’ve seen and warned about before under both Democratic and Republican administrations, President Trump has attributed the latest version 3.0 of his “Muslim ban”announced today (proclamation, FAQ, explainer) with the need to comply with ICAO and INTERPOL standards for passport issuance, “identity management”, and data sharing about travelers — as though US immigration and asylum policy should be determined by an international technical body for aviation operations, as though such a body has the authority to override US treaty obligations to freedom of movement and “open skies“, and as though predictive pre-crime profiling based on “biographic and biometric data” can be substituted for judicial fact-finding as a basis for denial of the right to travel.

We hope that seeing the “Muslim Ban 3.0” blamed on ICAO standards will lead human rights advocates to pay more attention to ICAO’s standard-setting role and opaque decision-making process in non-aviation matters such as passports, identity management, and data sharing.

Read the rest of this entry »

Amtrak lied to travel agents who questioned ID requirements

September 19th, 2017

The encouraging disclosure in the latest installment of documents released by Amtrak in response to one of our Freedom Of Information Act (FOIA) requests is that some travel agents resisted Amtrak demands that they collaborate in surveillance, profiling, and control of train travelers by entering passport or ID numbers and details in each reservation for cross-border Amtrak travel.

According to an email message to Amtrak from a product manager at Worldspan (one of the major computerized reservation systems), “We have one subscriber [i.e. a travel agency that uses Worldspan] that has checked the Federal Register and is quoting ‘chapter and verse’ that it is not mandated … to provide the data”:

Some travel agents pushed back repeatedly, read the official notices and instructions to travel agents about the rail API program carefully (and correctly), and made a travel agency “policy decision of non-provision” of ID data about their customers:

Kudos to the unnamed travel agencies that refused to help the government spy on their customers and called Amtrak on its lies that this was required.

Read the rest of this entry »