Aug 25 2008

DHS plays a “shell game” with border crossing records

Today we filed comments with the Department of Homeland Security objecting to a newly-defined DHS “system of records” containing logs of everyone who crosses U.S. borders, including those who cross by car or on foot.  “Border Crossing Information” (BCI) about innocent U.S. citizens not suspected of any crime would be kept for 15 years, while records on foreign vistors would be kept for 75 years.

DHS has, apparently, told the press that they didn’t start keeping records of land border crossings by innocent U.S. citizens until 2008.  According to a story last week in the Washington Post,

Customs and Border Protection agents only this year began to log the arrivals of all U.S. citizens across land borders.

But we know that’s not true, because we’ve seen copies — provided by CBP itself in response to individual requests for records from its Automated Targeting System (ATS) — of records of routine land border crossings by innocent U.S. citizens at least as far back as 2006.

The DHS previously considered the logs now being labeled “BCI” to be part of the ATS system of records. We’ve objected to ATS as illegal, and demanded that these dossiers be destroyed. According to our comments on BCI:

The data now being relabeled as BCI is part of the same data that was previously labeled as ATS. The collection and retention of this data was and is illegal….  Changes to the name of the system of records containing this data neither make it legal nor address our prior comments regarding its illegality. As when such data was considered a part of ATS, collection and retention of travel history data in BCI is prohibited by 5 U.S.C. 552a(e)(7). This section of the Privacy Act restricts the collection or retention of records of the exercise of rights protected by the First Amendment….  Rather than trying again, as they did with the ATS SORN, to provide retroactive notice and yet more new excuses for this illegal travel surveillance dragnet and system of “historical” travel records about the activities of innocent Americans, DHS should entirely expunge these illegal records of lawful activities protected by the First Amendment and international human rights treaties.

Why has the DHS created this new BCI label for portions of its files of travel histories?  The DHS claims they are “providing additional transparency”.  But as we point out in our comments, it’s really a “shell game” that willl do more to hide these records than to faciliate transparency:

Under the Privacy Act, “transparency” is provided by the right to obtain records about oneself. This SORN will make it more difficult to exercise that right, since to obtain the records of their travels held by DHS an individual will now need to request records from even more systems of records: at a minimum, TECS, ATS, APIS, and now also BCI. Given the absence of a clear separation or well-defined distinctions between these “systems” within DHS – as is made clear by the succession of redefined SORNs which DHS claims cover the “same” records — greater transparency would be provided by recognizing that these are all parts of a single system of “Travel Records”, and allowing individuals to obtain all such records held by all DHS components with a single request.

We’ll be revising our templates for requests for travel records, and posting new versions you can use to request your records from as many DHS “systems of records” about travelers as we know about (ATS, APIS, BCI, and TECS).

We’ll keep trying — through helping individuals request their records — to find out exactly what information ATS and these other systems of travel records contain.  The only way anyone can really know what’s in the government’s files about them is to exercise their right to review those files.  But as we say in our comments on BCI:

That right, and the transparency it should provide, are meaningless unless DHS actually responds to requests for access. Rather than issuing new SORNs that complicate the task of obtaining DHS records, the DHS Privacy Office should concentrate on processing the backlog of requests that has accumulated since the public learned of the existence of these travel records through news reports about ATS. The Identity Project has received numerous reports from individuals who have been waiting months without any response to their Privacy Act requests and appeals for ATS records (portions of which would, under this SORN, be recategorized as BCI records). One of our own appeals of the failure to provide requested ATS records has gone almost a year without any acknowledgment, assignment of a docket number, or reply.

The names of the systems of records have changed, but the crimes of the DHS in maintaining these travel histories remain the same.  We haven’t given up on our requests, and we’ll keep you posted on what we find out.

Aug 20 2008

Person on No-Fly List to have her case heard by a District Court

The 9th Circuit ruled yesterday that individuals who finds themselves on a government no-fly or watch list can have their case against the Terrorist Screening Center (TSC), the governmental agency responsible for putting them on the list, heard by a federal District Court. While the Transportation Security Agency (TSA) compels airlines to match their flight manifests against the list in their search for “bad people,” it is the TSC (a joint venture among the FBI, CIA, and departments of State and Homeland Security) that actually compiles the lists. This is the first time any court will hear such a case.

Monday’s ruling involves Rahinah Ibrahim, a Stanford doctoral student in architecture who was stopped at a United Airlines counter in San Francisco in January 2005 when an employee spotted her name on the no-fly list. A phone call was fielded by a private contractor who instructed that she be arrested. She was handcuffed in front of her 14-year-old daughter, held in custody for two hours and then released by orders of the FBI.

Ibrahim’s lawsuit against the TSA, claiming violations of her constitutional rights, is in the D.C. Circuit Court of Appeals due to jurisdictional and venue rules applicable for challenges to TSA orders. Her lawsuit against the TSC for putting her on the list, the government contractor for ordering her arrest, and the SFPD for arresting her, now can go forward in the District Court in San Francisco.

Click here for more information on earlier proceedings in the Ibrahim case.

Aug 14 2008

TSA threatens airlines who tell people they’re on watchlists

Let’s see. You’re hassled mercilessly by airline employees, who won’t let you check luggage, won’t let you print a boarding pass, won’t let you check in, and bring cops and airport security people to confront you when you appear to resolve the situation. But under a new plan by TSA, the airline risks a $25,000 fine if they tell you WHY they are hassling you.

USA Today reports that TSA’s upset when airlines explain the hassle by telling people they’re on a TSA watch list. TSA will not tell people when they are on such a list. TSA won’t tell people when they ARE NOT on such a list. They want the airlines to do the same — keep mum, but keep harassing the public.

TSA and the DoJ counterterrorism center twice barred a Malaysian woman from flying, ordered her arrested, kept her in custody for hours, and eventually allowed her to fly out of the US only long enough for them to permanently cancel her US visa without notice, so she could not return to Stanford to finish her PhD. The victim, Rahinah Ibrahim, sued them. Even in court, TSA refuses to confirm or deny whether she was on the watch list. Idiots!

TSA’s lists are secret, just as in all good government institutions. TSA’s regulations are secret, just as in all good government institutions. Let’s hope TSA doesn’t propose new regulations next month with $25,000 fines against web sites or the press if they tell people that secret watch lists exist and that you’re being hassled at the airport because TSA suspects you of being a terrorist without a shred of evidence.

(Of course, airlines have been known to screw up, and they love to blame government regulations when it’s their own damn fault. But despite the airlines’ eagerness to check IDs so that their customers can’t resell unused tickets, it was the government that imposed the current system of harassment, and put 400,000 to 1,000,000 alleged communists — oops, wrong bogeyman, it’s not the 50’s any more — I meant “terrorists” — on these secret blacklists.)

Aug 14 2008

TSA stops building database of ID-less travelers

USA Today reports that Lack of ID put fliers on TSA list.  16,500 people were in this database since TSA changed the secret rules for travelers in June.  After being called by USA Today to comment for the story, TSA head Kip Hawley changed the rule “effective today” and pledged to remove the 16,500 names from its database of “suspicious people”.

We applaud Mr. Hawley for ceasing to keep permanent records on the id-less 1% of the population.  It remains for him to stop trying to bar citizens from domestic travel based on blacklists, and to stop demanding that people submit to illegitimate government demands to “identify themselves” before moving from place to place in their own country.

Aug 08 2008

New U.S. “exit permit” scheme for visitors goes into effect

The Identity Project filed comments today with the DHS Bureau of Customs and Border Protection CBP) in opposition to the new Electronic System for Travel Authorization (ESTA) which went into effect this week.  According to our comments:

The essence of the ESTA rule is to require certain foreign citizens to obtain an exit permit from the United States government before they may leave their own country, or leave other countries.

In this rulemaking, the Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security (DHS) is promulgating an interim final rule imposing a new requirement that “each nonimmigrant alien intending to travel by air or sea to the United States under the Visa Waiver Program (VWP) must … prior to embarking on a carrier for travel to the United States”, (a) provide specified data elements, in specified form and manner, to the CBP, and (b) “receive a travel authorization, which is a positive determination of eligibility to travel to the United States under the VWP, via the Electronic System for Travel Authorization (ESTA), from CBP.”

Under the interim final rule, “[a]n authorization under ESTA is not a determination that the alien is admissible to the United States” and is “not a determination of visa eligibility.” It would be granted, or not granted, by the CBP, in its sole, standardless, secret, and non-reviewable “discretion.” It would be required as a pre-condition for foreign citizens to “embark” from foreign countries if the CBP believes that they intend to apply (at some later time ) for admission to the U.S. under the VWP.

The Identity Project submits these comments because this CBP regulatory requirement that foreign citizens obtain permission from the U.S. in order to leave their own country, or a third country, (1) exceeds the statutory authority of the CBP; (2) exceeds the jurisdiction of the CBP; (3) is contrary to the obligations of the U.S. under the International Covenant on Civil and Political Rights and other international human rights, maritime, and aviation treaties; (4) has been promulgated without complying with the procedural requirements of Executive Order 13107 regarding Implementation of Human Rights Treaties, the Airline Deregulation Act, the Regulatory Flexibility Act, and the Administrative Procedure Act; (5) fails to consider or grossly underestimates many of the major costs of the rule, including its impact on small entities, business travelers, and other travelers; (6) is impermissibly vague, and (7) would be so impractical and unenforceable as to deprive it of any of the benefits claimed by the CBP.

The Identity Project urges the CBP to withdraw the interim final rule, in its entirety. If it does not withdraw the ESTA rule entirely, the CBP must complete the actions directed by Executive Order 13107, prepare the statutorily required analyses, publish them in a full Notice of Proposed Rulemaking (NPRM) , and provide a new opportunity for public comment, before finalizing any ESTA rule.

In their comments, airlines and travel agencies have objected that the CBP is “wrong” to implement the ESTA on an emergency basis, without the public notice and opportunity for public comment normally required for new Federal regulations.  But the CBP began accepting “voluntary” applications for travel authorizations, through a (still buggy) Web interface.  The CBP says they plan to issue an order later this year to make the ESTA system mandatory starting sometime in January 2009.

Countries that participate in the VWP, mainly in Western Europe, are still considering whether it amounts to a de facto visa requirement for their citixzens to visit the U.S.  This could prompt them to reciprocate by ending visa-free entry to their countries for U.S. visitors, and requiring U.S. visitors to apply for permission before embarking for Europe.

Aug 05 2008

“Trusted Traveler” Identification Program Loses Unencrypted Laptop and TSA’s Trust

A provider of the Transportation Security Administration’s Registered Traveler (RT) program has been suspended from enrolling new applicants after TSA learned “an unencrypted [Verified Identity Pass] laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.”

Verified Identity Pass operated Registered Traveler under the name “Clear.” The program is supposed to improve air travel security by creating “trusted” individuals who could go through security more quickly because their identities would have been confirmed as “clean” through the program. However, experts have explained that this just creates incentive for criminals to figure out a way to get into the “trusted” group – whether by creating fake identities that can withstand the program’s check or by using individuals who have no previously found connection to terrorists or other criminals.

According to a Washington Post report, “The laptop had the names, addresses and driver’s license or passport numbers of mostly online applicants to the Registered Travel program.” However, Clear records can contain more than that, such as: credit card data, biometric data (fingerprints and iris scans), and previous home addresses for the past five years. Read More