May 2009 – Papers, Please!

May 26 2009

TSA releases (censored) ID checking procedures

In response to a request by the Identity Project under the Freedom of Information Act, the TSA has for the first time given us a (redacted) version of the section on Travel Document and ID Checks from the TSA’s “Screening Management SOP” (Standard Operating Procedures) manual. Our request was made June 21, 2008, the day the TSA announced what they claimed were changes to ID “requirements” for air travelers. It took the TSA almost seven months to respond.

The version of the SOP manual which the TSA has now made public is dated June 30, 2008, so it ought to reflect the changes announced in the TSA’s June 21, 2008 press release. But there is nothing at all in the sections of the manual the TSA has released about the new procedures and new ID verification form which the TSA had, in fact, started using. Rather than requiring people who don’t have or don’t choose to show government-issued ID credentials to execute affidavits stating who they are under penalty of perjury, the TSA procedures manual requires that such people be allowed to proceed through secondary screening as “selectees”, and specifically directs screeners and other TSA staff not to make any attempt to detain or delay them.

Add your name to the campaign against TSA “Virtual Strip Searches”

The Identity Project has joined with the Privacy Coalition in a campaign to stop “Whole Body Imaging” in U.S. airports.

The TSA is in the process of substituing these “Virtual Strip Search” machines as a replacement for, or an addiiton to, metal detectors for primary screening of all travelers. You’ll be able (at least at first) to opt out of the virtual strip search “Whole Body Imaging”, but then you’ll automatically get the full secondary screening pat-down, as though you had set off the metal detector. The “Whole Body Imaging” machines use microwaves that go through your clothes and reflect off your skin to display a detailed picture of your naked body to a TSA operator, in a back room where you can’t see who they are or what they are doing while they ogle your as-though-naked image.

Individual travelers as well as organizations can sign up until May 31, 2009 (Sunday) to endorse a joint letter (scroll ot the bottom of this page for the sign-on form) calling for on Secretary of Homeland Security Napolitano to suspend the use of “Whole Body Imaging” for primary screening. Read More →

May 18 2009

GAO moves the goalposts to “approve” Secure Flight

We were surprised last week to see that the GAO has issued a report certifying that, “As of April 2009, TSA had generally achieved 9 of the 10 statutory conditions related to the development of the Secure Flight program and had conditionally achieved 1 condition (TSA had defined plans, but had not completed all activities for this condition).”

Surprised, that is, until we we saw how the GAO had defined (re-defined?) those statutory conditions in ways very different from what we thought they meant, or what we think Congress thought they meant: Read More →

May 18 2009

Time to stop tinkering with “watchlists”

This month the Office of the Inspector General (OIG) of the Department of Justice has released a report on their recent audit of the FBI’s “Terrorist Watchlist Nomination Practices”.

The OIG report contains far more detail than has previously been made public about how and by whom (although very little about why) the government’s watchlists are compiled. It’s must reading for anyone interested in how the US government is deciding who to allow, and who not to allow, to travel or to engage in other activities for which these watchlists are used as blacklists.

As we discuss in our FAQ about Secure Flight, these watchlists serve as the primary determinant of who the DHS (both the CBP for international flights and the TSA for domestic flights, although eventually the TSA under Secure Flight for both) gives permission to fly.

Unfortunately, because it is confined to the “nomination” component of the system, the OIG report fails to address the more fundamental problems with the watchlist system — problems that cannot be resolved by the sort of tinkering with the watchlisting process that is suggested by the OIG’s recommendations. A much more fundamental change is required in how the watchlists and their use are conceptualized.

Air France passenger data and “no-fly” orders

Follow-up reports have provided more details but also raised more questions about the incident last month in which the US government refused to allow an Air France flight en route from Paris to Mexico City to follow its normal route through US airspace, because the passengers included a journalist on the US “no-fly” list. The orders from the US authorities, coming while the plane was already in flight, resulted in a lengthy detour to avoid overflying US territory, and an unscheduled refueling stop in Martinique. (Air France’s Paris-Mexico flights used to stop in Houston, but these days they are scheduled to operate nonstop, in significant part to spare through passengers the need for US transit visas and US-VISIT processing including fingerprinting and photgraphing, now required even for foreign passengers merely transiting a US airport.)

As with previous incidents of blacklisted passengers and delayed, diverted, or canceled flights, this episode should be a reminder that the problems with the “no-fly” list are not limited to mistaken for other people on the watchlist. The problem, in this case, is that one of the passengers actually was on the list of people administratively banned from the US, without any way of knowing why, confronting his accusers or the evidence (if any) against him, or obtaining judicial review of their decision to deny him the right of passage by common carrier through US airspace (a right guaranteed by international treaties to which the US is a party).

Also at issue has been how, when, and through what intermediaries or data pathways US authorities learned who was on the plane, espcially since it wasn’t scheduled to touch US soil. Read More →

May 14 2009

California DMV plans crackdown on “look-alikes”

Has anyone ever looked at your face and mistaken you for someone else?

If so, and if you live in California, you could be a victim of a proposal by the California Department of Motor Vehicles which is now under consideration in the state legislature.

At a hearing yesterday (May 13, 2009) before the Assembly Budget Subcommittee No. 5 on Information Technology/Transportation, the Director and Chief Information Officer of the DMV pleaded for more money (in spite of the desperate state budget crisis) to hire a contractor to digitize and store the photographs taken for every California drivers license or state ID, and then use “biometric” facial recognition and matching software to compare each new photo of an applicant for a license or ID with every photo in the database. (The DMV proposal next goes before the Senate Budget Subcommittee No. 2 on Resources, Environmental Protection, Energy and Transportation on Wednesday, March 20th.)

If the computer thinks your picture looks like any other picture in the database, both you and the other person whose photo the robot thinks looks like yours would be placed under suspicion of fraud, identity theft, or worse. Read More →

May 14 2009

“Warden’s skills a plus for TSA chief”

Has it ever seemed like the TSA treats passengers the way prison guards treat convicts? Here’s what the TSA thinks it takes to run their operations at the world’s busiest airport:

Warden’s skills a plus for TSA chief

Newly appointed Byrd has a background in corrections.

By Kelly Yamanouchi, The Atlanta Journal-Constitution (Thursday, May 14, 2009)

Mary Leftridge Byrd sees some similarities between her career in corrections and her new job as head of the Transportation Security Administration at the Atlanta airport….

Byrd, 60, joined the TSA last month from a position as assistant and deputy secretary at the Washington State Department of Corrections, and she is a former prison warden and superintendent in Pennsylvania and Maryland.

… The TSA has about 900 security officers in Atlanta.

May 03 2009

EU Council renews push for government access to PNR data

The Council of the European Union has put forward its new version of the “Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes” originally made by the European Commission. (More background on the proposal is available from Statewatch.)

The latest Council version of the proposal is essentially the same as the original Commision proposal, with only trivial changes in repsonse to input from Council members. Like the original version introduced by the European Commission, the new Council version of the PNR proposal would require each member state to establish a new surveillance agency (a government “Passenger Information Unit” or PIU), and would require each airline operating flights to, from, or within the EU to make PNR data available to the PIU of each origin or destination state.

The Council appears to have entirely ignored the criticisms raised by the European Parliament in its consideration of the PNR proposal, as detailed in its most recent November 2008 resolution withholding Europarl approval. As the Europarl rapporteur said in the plenary session preceeding the vote:

I think the European Parliament is a serious partner, fully available to give input in this process. However, we will only issue a formal position once there are full, satisfactory and detailed answers to all the concerns and objections that were raised on several occasions by the European Parliament, the European Data Protection Supervisor, the national data protection authorities, the fundamental rights agencies and the airlines, because I think they are entitled to a real answer.

The latest Europarl vote in favor of this resolution (and against approval of the PNR proposal) was overwhelming: 512 to 5, with 19 abstentions. Under the “codecision” procedure, Europarl approval is required in order for the PNR proposal to be adopted. But neither the Commission nor the Council have responded in any meaningful way to their critics, or provided any evidence that any benefit of the PNR scheme would be proportionate to the grave damage it would do to funadamental freedoms.

Europeans should encourage their MEPs to continue to demand answers before they approve any scheme with such profound implications for justice and civil liberties, and not to allow the EU to repeat the mistakes made by the U.S. in establishing PNR-based systems of travel surveillance and control.

May 01 2009

“Secure Flight” data formats added to the AIRIMP

Amendments to the ATA/IATA Reservations Interline Message Procedures – Passenger (AIRIMP) take effect today, providing the first industry standard formats that airlines, travel agencies, and computerized reservation systems (CRSs) can use to transmit the additional information about travelers and prospective travelers newly required by the TSA for its Secure Flight airline passenger “screening” (surveillance and control) system.

What does this mean about the status of Secure Flight — especially in light of the TSA press release last month that claimed to “announce … the implementation of the Secure Flight program”? Has Secure Flight been implemented? And if it hasn’t been yet, when will it be? Read More →