Jul 28 2008

DHS Ignores OMB Government Approval Process on TSA’s Questionnaire Form for Travelers Without ID

Since June 21st, TSA has required all air travelers in the United States to present identification when entering a secure area at airports. Prior to then, a person could simply say they had lost their ID or didn’t want to show it, and they would be subjected to a secondary screening to enter the area. Now you can only get through security if you can convince TSA and their behavioral detection specialists that you lost or forgot your ID and are “cooperative” with their efforts to identify you by means of commercial data. Part of that process involves filling out their Certification of Identity form.

It appears that DHS has ignored the process of procuring an OMB (Office of Management and Budget) number for their new form. The OMB process requires publication of a notice in the Federal Register and the opportunity for public comment whenever the government gathers information from the public. The law clearly states that someone can’t be punished for failing to answer questions on a government form unless the questioning agency has an OMB number associated it. Despite this, TSA’s new Certification of Identity form states that failing to answer the questions may result in your inability to fly. Further, false statements made by travelers when using the form may be punishable by up to five years in prison. DHS is again showing that it doesn’t believe the rule of law applies to them. Read More

Jul 10 2008

Auditor: Colorado DMV Security So Poor That It Puts Cardholders At Risk of Identity Theft

A report from the Colorado State Auditor reveals that the state DMV’s data security system is so flawed that it puts the personal information of 3.4 million driver’s license and state ID cardholders at risk of identity theft or fraud. The State Auditor told the Colorado legislature that, among other things, the Colorado DMV “does not have adequate processes for mitigating the risk of employee-perpetrated fraud or measuring the effectiveness of its improvements to the issuance system” and “the Department’s management of information security is fragmented, disorganized, and poorly planned.”

The State Auditor explained that the DMV transmitted large batches of personally identifiable data unencrypted. “These batch transmissions could be intercepted by unscrupulous individuals and expose Colorado residents to identity theft and other criminal activity.” A significant problem is that “the Department lacks a tracking mechanism for collecting and analyzing statistics on the effectiveness of its controls for preventing fraudulent issuances [of licenses or ID cards]. As such, the Department cannot determine whether additional controls or system enhancements are needed.”

Under the REAL ID national identification system being pushed by the US Department of Homeland Security, the databases of 56 states and territories would be linked, allowing any individual state to access all of the others’ information. This massive, centralized system would include the personal data of 245 million license and ID cardholders nationwide. It would be a tempting target for identity thieves, because if a criminal could break just one state’s data security system, then he would have access to the sensitive data retained by all 56 states and territories.

Jul 08 2008

TSA “identity verification” procedures

In a series of posts in their blog, the TSA has expanded on its claimed authority for the changes to “ID verification procedures” announced in a press release last month.

Lawmaking by press release exemplifies the evils of “secret law” which the Supreme Court declined to consider in Gilmore v. Gonzalez. The TSA now says that, “Our position is that Gilmore v. Gonzalez affirmed our ability to require ID for transportation via air and the law that formed TSA, the Aviation and Transportation Security Act (ATSA) empowers the TSA to make these decisions.”

In fact:

  1. The 9th Circuit Court of Appeals in Gilmore v. Gonzalez reached its decision without addressing whether it would have been permissible for the airline or the TSA (or anyone else) to require Mr. Gilmore to show evidence of his identity, or to prevent him from travelling if he failed to do so. The court found that, as of that time and in that particular case, Mr. Gilmore could have flown without showing ID. Read More
Jul 08 2008

Electronic System for Travel Authorization (ESTA)

In a Notice of Proposed Rulemaking (NPRM) in the Federal Register on June 9, 2008 (73 Federal Register 32440-32453), the Department of Homeland Security has proposed a new system for foreign citizens intending to visit the U.S without visas, and to enter the U.S. by air or sea, to apply for and receive an additional form of advance permission to travel to the U.S.

Effective August 8, 2008, a person “intending to travel to the United States by air or sea under the VWP [Visa Waiver Program]” will be permitted to apply in advance for an electronic “travel authorization”(ETA) from the DHS Bureau of Customs and Border Protection (CBP). The ETA application will contain “such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I–94W Nonimmigrant Alien Arrival/Departure Form (I–94W).”

Effective as of a date the CBP intends to specify in another Federal Register notice in early November 2008, at least 60 days after the publication of that follow-up notice but no later than January 12, 2009, each person with such intent will be required to (1) provide certain specified personal information, in specified form, to the CBP in an ETA application and (2) “receive a travel authorization [from the CBP] prior to embarking on a carrier for travel to the United States.”

While the proposed regulations would require travellers to apply for and obtain ETA’s, nothing in the NPRM would require the CBP to respond to or act on such applications at all, much less to do so with any specified timeliness. No standards or criteria for approval, denial, or inaction on an ETA application are specified; no particular decision-making entity within CBP is specified; no administrative appeal is provided for; and no court would have jurisdiction to review an ETA decision (although courts could, of course, review the legality of the program as a whole). Read More

Jul 07 2008

ACLU Marks Addition of One Millionth Name to Terrorist Watchlists

The massive U.S. terror watchlists will soon add their one millionth name and the ACLU will mark the day with an event on July 14th at the National Press Club involving innocent individuals who have been wrongly matched to the terrorist watchlists. The ACLU gets the one millionth number from a Department of Justice Inspector general report that said the watchlists included 700,000 names in April 2007 and the lists were growing by 20,000 names per month.

The Transportation Security Administration recently stated on its blog, “While the exact number of ‘no-flys’ is secret, there are many, many less than 500, 000.” The agency did not point to any documentation, merely asking the public to believe its numbers. The agency also did not estimate the number of individuals on the “selectee” list.

The Terrorist Screening Center maintains two terrorist watchlists, the “no fly” and “selectee” lists. Individuals on the “no fly” lists are deemed too dangerous to fly by the U.S. government. Individuals on the “selectee” lists must endure more invasive security screening before they are allowed to fly by the U.S. government. How individual names are added to the list is unknown. The government claims there is a redress process for individuals who are “mistakenly matched” to the watchlists, but it is cumbersome and opaque.

A number of innocent individuals including a nun, Senator Ted Kennedy, and former presidential candidate John Anderson have all been wrongly deemed suspects. Have you been caught in the watchlist web? Tell us your story. E-mail jph AT papersplease DOT org