Papers, Please!

The Identity Project

Monthly Archives: October 2014

Oct 30 2014

Amtrak admits passenger profiling but not DHS collaboration

[Excerpt from DHS “TECS” travel history log showing API data extracted from the reservation for a passenger on Amtrak (carrier code 2V) train 69 from Penn Station, New York (NYP) to Montreal (MTR). “QYRSLT” redacted by DHS (at left on second line from bottom) is result of pre-crime risk score query to DHS profiling system. Click on image for larger version.]

Amtrak has admitted to profiling its passengers, while improperly withholding any mention of its transmission of railroad passenger reservation data to DHS for use in profiling and other activities.

In response to a Freedom Of Information Act (FOIA) request from the ACLU, Amtrak has disclosed profiling criteria that Amtrak staff are instructed to use as the basis for reporting “suspicious” passengers to law enforcement agencies.  As the ACLU points out in an excellent analysis in its “Blog of Rights”, pretty much everyone fits, or can be deemed to fit, this profile of conduct defined as “indicative of criminal activity”.

It’s suspicious if you are unusually nervous — or if you are unusually calm. It’s suspicious if you are positioned ahead of other passengers disembarking from a train — or if you are positioned behind them.

Normal, legal activities are defined as suspicious: paying for tickets in cash (Amtrak and Greyhound are the common carriers of last resort for the lawfully undocumented and unbanked), carrying little or no luggage (how many business day-trippers on the Acela Express are carrying lots of luggage?), purchasing tickets at the last minute (also the norm for short-haul business travelers), looking around while making telephone calls (wisely keeping an eye out for pickpockets and snatch thieves, as Amtrak police and notices in stations advise passengers to do), and so forth.

“Suspicion” based on this everyone-encompassing profile is used to justify interrogations and searches of Amtrak passengers, primarily for drugs but also for general law-enforcement fishing expeditions.  Suspicion-generation is a profit center for Amtrak and its police partners: The documents obtained by the ACLU from Amtrak include agreements with state and local police for “equitable sharing of forfeited assets” seized from passengers or other individuals as a result of such searches.

The ACLU requested, “procedures, practices, agreements, and memoranda governing the sharing of passenger data with entities other than Amtrak, including but not limited to… other… federal… law enforcement agencies;” and, “Policies, procedures, practices, agreements, and memoranda regarding whether and how passenger data is shared with any law enforcement agency.”

But Amtrak’s response included no records whatsoever concerning the provision of passenger data obtained from Amtrak reservations to DHS or any other government agency.

We know that DHS obtains information from Amtrak about all passengers on all international Amtrak trains.  DHS has disclosed this in public reports, and we have confirmed it from DHS responses to FOIA and Privacy Act requests.  The example at the top of this article is of a DHS “TECS” travel history log showing Advance Passenger Information (API) data extracted from a record in Amtrak’s ARROW computerized reservation system for a passenger traveling on Amtrak (carrier code 2V) train number 69 in the outbound direction from the US (“O”) from Penn Station, New York (station code NYP) to Montreal (MTR). The entry in the “QYRSLT” column redacted by DHS is the result for this passenger and trip of the pre-crime risk score query to the DHS profiling system.

Read More

Oct 20 2014

Supreme Court to review Constitutionality of warrantless police access to hotel guest logs

Today the US Supreme Court agreed to review whether — as was decided en banc by the 9th Circuit Court of Appeals last year — a Los Angeles city ordinance requiring hotel-keepers to identify guests, log their identities and the details of their hotel stays, and open those log books to police inspection at any time, without advance notice, any basis for suspicion, or a warrant or subpoena — is, on its face, in violation of the Fourth Amendment to the US Constitution.

It’s interesting that hotels are the context in which the Supreme Court has chosen to consider service providers’ Fourth Amendment objections to warrantless, suspicionless compelled police access to business transaction metadata about their customers’ identities, locations, and activities at particular times and dates.  The Supreme Court has yet to accept any cases dealing with such objections by telecommunications, air transportation, or internet service providers, despite the essentially similar issues in those industries.

The key difference is that few providers of other services have challenged the government’s demands in court, as hotel owners did in the case now known at the Supreme Court as City of Los Angeles v. Patel.

The Los Angeles hotel registry ordinance mandates exactly the same three essential elements, for example, as the Federal government’s system for outsourced dragnet surveillance and control of air travelers:

  1. Presentment to private service providers of government-issued ID credentials (to enable log entries to be compiled into, linked with, and mined from personal travel history dossiers).
  2. Recording by service providers of transaction metadata including locations, time, date, and customer ID information.
  3. Warrantless, suspicionless, “open book” police root access to these metadata logs at any time.

So far as we know, however, not one airline, travel agency (online or offline), or computerized reservations service (including Google, which now operates an airline reservations hosting service) has challenged any of the government’s dragnet demands for customer transaction, location, chronology, and ID metadata.

In its (successful) argument to the Supreme Court to take the case, the city of L.A. argues that state and local laws mandating identification, logging, and police access to logs of hotel guest information are “ubiquitous”, and that by the logic of the 9th Circuit decision all these laws could be found to be unconstitutional on their face. That’s true. Hotel guests (“outsiders”) have long been deemed per se suspicious persons, and hotel registry laws are among the oldest and most pervasive of (unconstitutional) laws mandating businesses to compile and maintain metadata about their customers’ and their activities and make it available to police, without warrant or suspicion for data mining or gumshoe fishing expeditions. That’s exactly why it’s so important for the Supreme Court to uphold the decision of the Court of Appeals.

The hotel owners challenged only the requirement for warrantless open-book police access to hotel registries, and not the requirements for hotels to maintain such registries or for hotel guest to show ID. That’s still an important challenge, though, and one that goes further than other businesses (certainly further than any other travel businesses) have done to defend their customers’ rights not to treated as suspects.

We continue to commend the hotel owner plaintiffs/respondents in this case for their stand. Other businesses in the travel, communications, and Internet industries could and should bring similar court challenges when they are presented with similar (and similarly unconstitutional) government demands.  They cannot excuse their actions in spying on their customers by saying, “The government made us do it, and we had no choice,” if they never asked a court to rule on whether that “demand” was legally valid.

Oct 17 2014

“Travelers, say bon voyage to privacy”

We talked at length with Watchdog investigative reporter Dave Lieber for his column in today’s Dallas Morning News: Travelers, say bon voyage to privacy.

Lieber hits the nail on the head by calling out how few travelers realize that the U.S. government is keeping a permanent file of complete mirror copies of their reservations:

Did you know that when you buy an airline ticket and make other travel reservations, the government keeps a record of the details?

If airlines don’t comply, they can’t fly in the U.S., explains Ed Hasbrouck, a privacy expert with the Identity Project who has studied the records for years and is considered the nation’s top expert.

Before each trip, the system creates a travel score for you…. Before an airline can issue you a boarding pass, the system must approve your passage, Hasbrouck explains….

The idea behind extensive use of PNRs [Passenger Name Records], he says, is not necessarily to watch known suspects but to find new ones.

Want to appeal? “It’s a secret administrative process based on the score you don’t know, based on files you haven’t seen,” Hasbrouck says….

Hasbrouck says: “You can’t keep files on everybody in case you want some dirt on them. That’s what J. Edgar Hoover did. We’ve been through this before in this country. Think of all the ways those files targeted innocent people and were misused. People’s lives were destroyed on the basis of unfounded allegations.

“Do we want to go back to that?”

For those whose curiosity has been piqued, here are links to more about this issue:

The FAQ, What’s in a Passenger Name Record (PNR)?, includes links to examples of PNR data, templates to request your travel history and PNR files from DHS, and information about our lawsuit against DHS to try to find out what files it has about us and how it has used and “shared” them.

Requirements for airlines to send passenger data to the government, and receive individualized (per-passenger, per-flight) permission from the government before issuing a boarding pass, are contained in two separate sets of DHS regulations: Secure Flight for domestic flights and the Advance Passenger Information System (APIS) for international flights. (More about the APIS regulations.)

The system of “pre-crime” profiling and assigning scores to all air travelers was discussed in recent government audit reports and at a Congressional hearing last month, and in a front-page story in the New York Times, in which we were quoted, last year.

There’s a good overview of the government’s travel surveillance and control process in a talk by Edward Hasbrouck of the Identity Project that was broadcast on C-SPAN</a> last year. The slides from that talk include diagrams of the system and examples of PNR data and other government files about travelers.

Oct 16 2014

“Jetsetting Terrorist” confirms DHS use of NSA intercepts

We’ve been reading the Jetsetting Terrorist blog (highlighted last week by Boing Boing) to see what we can learn from the anonymous author’s chronicles of his experiences traveling on commercial airlines, within the U.S. and internationally, after being convicted of a nonviolent misdemeanor criminal offense the U.S. has since defined as “terrorism”:

Since 2009, I’ve been on the TSA’s “terrorist watch list” [because] years ago I was convicted of an activist-related property crime.  The government deemed it “terrorism.” My “weapon of mass destruction” was a small tool purchased at a hardware store for under $30. My crime resulted in a loss of profits to several businesses. No one was injured. And it wasn’t even a felony.

Some of what the Jetsetting Terrorist describes is unsurprising, such as the inconsistency and unpredictable of the TSA’s “There are no rules” operational practices (a/k/a, “We make up the rules as we go along”, or “The rules are whatever we say they are today”). Or the confusion of TSA and airport checkpoint contractor staff, accustomed to carrying out crude profiling on the basis of race, religion, and national origin, when they receive instructions to treat a white-skinned hipster techie U.S. native like the Jetsetting Terrorist as a second-class citizen.  We’ve heard many accounts like these from other travelers about the TSA’s real-world Standard Operating Procedures, as distinct from those contained in the secret written manuals for TSA staff and contractors.

Beyond that, several things stand out from our reading of the Jetsetting Terrorist blog:

  1. Anyone could be subjected to the same treatment as the “Jetsetting Terrorist”. Millions of people in the U.S. have been convicted, at some point in their lives, of some nonviolent property crime or other nonviolent misdemeanor.  There are no limits to what crimes the government can retroactively define as “terrorism”, and courts have enforced few constraints on what additional burdens, restrictions, and prohibitions can retroactively be imposed — by law or by extrajudicial administrative fiat — on anyone who has ever in their life been convicted of any crime.  Once someone has a criminal record, they are considered to “deserve” whatever they later get when additional administrative infirmities are later piled on to their long-ago-completed judicially-imposed sentence.  And it’s not just people convicted of crimes later defined as “terrorism”. Where will it end? “First they came for the terrorists.  Then they came for the drug dealers…. Then they came for you and me.”
  2. So-called “watchlists” are really blacklists. The word “watchlist” is an Orwellian euphemism which the government uses to minimize its infringement of the rights of people on these lists. Properly speaking, a “watchlist” implies a list used to target surveillance, and the consequences of being on a “watchlist” are limited to being watched, i.e. surveilled. A bad thing, but very difference from the consequences of being on a blacklist, on the basis of which the government actively interferes with one’s movements, lays hands on one’s body (calling genital groping by another minimizing euphemism, “patdown”), and rips open one’s luggage to paw through one’s possessions.
  3. DHS pre-crime profiling is not binary, and can lead to many levels of consequences. Most travelers  naively assume that unless you are “on the no-fly list”, there are only three levels of pre-crime “risk scores” and consequent levels of intrusiveness of DHS action against you at airports: the TSA Pre-Check line, the “normal” (in the post-9/11 sense of “normal”) screening line, and the “secondary screening” line for those “selectees” who get “SSSS” printed on their boarding passes. But as the experiences reported by the Jetsetting Terrorist remind us, not all “selecteees” are selected for like treatment.  As was made public in a government filing in the first no-fly trial last year, each entry on the “selectee” list is assigned a numeric “handling code”. The range of handling codes and their meanings remains secret, but while some “selectees” merely get the full monty (“enhanced patdown”), others like the Jetsetting Terrorist are prevented from proceeding through TSA checkpoints until the checkpoint staff phone the FBI to report their itinerary and get permission for them to travel. In the case of the Jetsetting Terrorist, everyone on the same plane is subjected to an additional guilt-by-proximity ID document check and luggage inspection at the gate, at the entrance to the jetway.
  4. DHS components are among the “customers” for NSA electronic surveillance. On a recent international trip, the Jetsetting Terrorist spent time, while he was abroad, with a friend from the US: “My friend went back one day before me. We didn’t arrive together. We didn’t leave together. We don’t live anywhere near each other. Separate itineraries, everything. But a few hours before I was to leave for the airport, I get an email. Customs got her. Details were sparse, but she said they’d detained her for over an hour, asked her a thousand questions, took her computer in the back room, and asked her about me. A lot about me.  What’s most interesting: Somehow, they knew we were traveling together. This could not be gleaned from airline records. In fact, it could only have been learned of from electronic surveillance.”  Assuming these facts are accurately reported, we agree. (The Jetsetting Terrorist blog is anonymous and unverifiable. But we have no reason to doubt its legitimacy.)  This isn’t the first report of DHS employees questioning a US citizen about information that could only have been obtained from surveillance of electronic communications: that’s part of the basis for an ongoing  lawsuit in federal court in Indiana.  We continue to believe, as we said when  we reported on that case earlier this year, that it’s more likely that the DHS is one of, and possibly the most frequent, “customer” and user of information obtained from the illegal NSA electronic communications dragnet than that the DHS is running its own parallel illegal surveillance scheme on the same scale.

The Jetsetting Terrorist is looking for help finding a way to film and/or record his interactions with the TSA, in spite of being separate from his belongings while he is being searched and interrogated.  Since he plans to distribute these recordings publicly, they would be protected from search (as would his other work product documents and data) by the federal Privacy Protection Act, 42 USC 2000aa.  Most journalists aren’t aware of this law.  But it has important implications at airports, and protects anyone with an intent to distribute information publicly — not just full-time professional journalists.

Oct 14 2014

U.S. citizen sues the State Department for a passport

A Yemeni-American U.S. citizen sued the U.S. State Department today, asking a federal court in Michigan, where he lives, to order the State Department to issue him a U.S. passport.

Ahmed Nagi was naturalized as a U.S. citizen twenty years ago.  In May of 2013, after his previous U.S. passport expired, Mr. Nagi applied to renew his passport. He went in person to the State Department’s Passport Office in Detroit, and paid the $60 extra fee for “expedited” passport renewal service.

Normally, a U.S. citizen who applies in person at a Passport Office on an expedited basis — especially if they have been issued a U.S. passport previously, and are applying for a renewal rather than a first-time passport — can pick up their new passport within a couple of days, even the same day if they have evidence of imminent planned international travel.

Mr. Nagi, however, is still waiting for a new passport, sixteen months after he submitted his application. In response to repeated inquiries, Mr. Nasgi and his lawyers have been told only that his passport application is still “pending”. The State Department has used the impossible-to-complete “long form” as a pretext to hold up processing of some disfavored passport applications, but hasn’t asked Mr. Nagi for any additional information or told him anything about why his application hasn’t been approved.

In the meantime, Mr. Nagi is legally prohibited from leaving the USA without a passport.

The U.S. government appears to have decided that there is no legitimate reason for any U.S. citizen to visit Yemen, whether as a tourist or to visit friends or relatives. In a blatant case of discrimination on the basis of national origin, all U.S. citizens of Yemeni birth or ancestry are being treated as presumptively terrorists and subject to de facto travel restrictions, even if they haven’t individually been placed on any U.S. government blacklists.  Hundreds of U.S. citizens are currently stranded in Yemen, unable to leave Yemen or return to the U.S., because the U.S. Embassy in Sana’a has been systematically seizing the passports of any Yemeni-Americans who go to the embassy to request consular services as U.S. citizens.

According to one of Mr. Nagi’s attorneys, Lena Masri of the Council on American-Islamic Relations, “The federal government has routinely delayed the processing of passport applications for Muslims of Yemeni origin for an indefinite period of time.”  By keeping passport applicants in indefinite limbo, the State Department hopes to exercise a “pocket veto” of passport issuance and international travel, without issuing formal decisions denying passport applications that would be subject to judicial review.  “This lawsuit will challenge the federal government’s unchecked practice of denying these individuals their constitutionally-protected right to travel without affording them their right to due process of law.”