Mar 21 2009

DHS releases (censored) documents on Automated Targeting System

As part of its celebration of “Sunshine Week”, The Electronic Frontier Foundation has posted more than a thousand pages of documents about the Automated Targeting System (ATS) for archiving and data-mining airline reservations to asisgn risk scores to all international travelers, released by the Department of Homeland Security over the last two years in response to Freedom of Informaiton Act requests and a FOIA lawsuit by EFF’s FOIA Litigation for Accountable Government (FLAG) project.

DHS claims still to be searching for and “processing” yet more documents responsive to the original requests, the documents that have been released are heavily redacted, and the lawsuit is ongoing.  Recently, EFF has asked the Court hearing the case to stay further proceedings while DHS decisions under the Bush Administration to withhold and redact documents at issue in the case are reviewed in light of the Obama Administration’s new instructions to Federal agencies on transparecncy and the processing of FOIA requests.

We’re still making our way through the newly-published documents for the first time, but they include extensive internal DHS discussion on how to respond to our criticisms, when the DHS first published the official notice (we’re still not exactly sure how many years after the fact) that was supposed to precede the deployment of any such system of Federal records about individuals, that the ATS was being used for a purpose specifically forbidden by Congress.  The documents also seem to confirm, even through the redactions, the lack of understanding by DHS of what information is included in the Passenger Name Records (PNRs) being sucked into government databases by the ATS dragnet, or how to interpret it.  Briefing memos prepared by operational staff for senior policy officials and public relations spokespeople refer to what PNRs “seem” to contain, and appear to be based on guesses and reverse engineering rather than on any expertise in industry standards, messaging protocols (such as the AIRIMP), or business practices.

Mar 18 2009

Air France puts digital fingerprints in RFID boarding passes

Yesterday (just in time for tomorrow’s planned strike by French air traffic controllers, which is expected to force the cancellation of many of their flights), Air France began a public beta test of what they are calling a “smartboarding” card, as depicted in this video (and third-party videos in English and another in French) and photos and as described in this press release:

This new system is a world first. With a personal card which contains the latest biometric technology (encrypted fingerprints), RFID (radio frequency identification) and thermal printing (the back of the card can be reused up to 500 times), these passengers will be able to board through a dedicated portal whenever they choose.

Developed together with Citizengate, the smartboarding® service has 4 stages:

1. In a special office at the airport (Paris-Charles de Gaulle Terminal 2F), customers can obtain their personal smartboarding® card in just a few minutes which is immediately operational. During registration, all the customer’s identity information (surname, first name, Flying Blue membership number), as well as their encrypted fingerprints is transmitted to the smart card. This registration stage is only carried out once and no files are kept by Air France. Read More

Mar 18 2009

NPR parrots the government line on RFID passports

Today’s edition of “All Things Considered” includes a puff piece on e-passports with embedded RFID chips, based entirely on propaganda statements by government spokespeople.  For the other side of the story that NPR didn’t bother to cover, see the listener comments in NPRs blog, our previous articles on RFID chips in government-issued identity documents, and reports elsewhere on how RFID passports facilitate ID theft, how the globally unique ID numbers on the RFID chips facilitate surveillance, how the encryption used for the rest of the data on the RFID chip has already been cracked, and how space has already been reserved in the data structure on the chip for logs of travelers’ movements.

Mar 11 2009

European court invalidates secret carry-on baggage blacklist

In a judgment announced yesterday, the European Court of Justice has ruled that a secret list promulgated by the European Commission, specifying items to be prohibited from airline carry-on baggage, cannot be enforced against individual airline passengers because it was not made public:

The annex to Commission Regulation (EC) No 622/2003 of 4 April 2003 laying down measures for the implementation of the common basic standards on aviation security, as amended by Commission Regulation (EC) No 68/2004 of 15 January 2004, which was not published in the Official Journal of the European Union, has no binding force in so far as it seeks to impose obligations on individuals.

The decison means that the original plaintiff, Gottfried Heinrich, who was ordered off a plane before it departed from Vienna Airport because he had carried on an item on the secret list (to wit, a tennis racket), is now free to sue the airline and/or the airport operator in an Austrian court for damages.

Read More

Mar 10 2009

DHS considering hackable long-range RFID as “alternative” to REAL-ID

Chris Strohm of the National Journal’s CongressDaily reports:

Homeland Security Secretary Janet Napolitano, a former governor of Arizona, said Monday that her office is participating in a working group established by the National Governors Association to review the so-called Real ID law, which Congress passed in 2005 while under Republican control.

“What they’re looking at is whether statutory changes need to be made to Real ID,” Napolitano said after a speech to Homeland Security employees marking the sixth anniversary of the department’s creation.

“They are looking at whether some version of an enhanced driver’s license that perhaps creates options for states would be feasible. They’re looking at what the fiscal impact would be particularly given that states have no money right now,” she added.

“I would expect that over the course of the spring we’ll be rolling something out,” she said.

So-called “enhanced” drivers licenses, already being issued in Washington and Vermont, contain a remotely-readable long-range (“vicinity”) RFID chip, in violation of ICAO international standards for only shorter-range RFID chips in travel documents, with a globally unique identification number to permit anyone within range to track the card or the movements of the person carrying it.  Hackers have already demonstrated, in on-camera real-world tests on the streets of San Francisco, that these enhanced drivers licences and the passport cards that use the same type of RFID chips have succeeded in their design goal of being readable from inside or outside a moving car as it passes by.

This is no “solution” to the problems of the REAL-ID Act, and no improvement.

As we’ve argued in our proposals to the administration and Congress, the only solution to REAL-ID is repeal.  Until Congress takes that essential action, states and citizens should continue their refusal to comply with REAL-ID.