Oct 30 2014

Amtrak admits passenger profiling but not DHS collaboration

(Excerpt from DHS "TECS" travel history log showing API data extracted from the reservation for a passenger on Amtrak (carrier code 2V) train 69 from Penn Station, New York (NYP) to Montreal (MTR). "QYRSLT" redacted by DHS (at left on second line from bottom) is result of pre-crime risk score query to DHS profiling system. Click on image for larger version.)

Amtrak has admitted to profiling its passengers, while improperly withholding any mention of its transmission of railroad passenger reservation data to DHS for use in profiling and other activities.

In response to a Freedom Of Information Act (FOIA) request from the ACLU, Amtrak has disclosed profiling criteria that Amtrak staff are instructed to use as the basis for reporting “suspicious” passengers to law enforcement agencies.  As the ACLU points out in an excellent analysis in its “Blog of Rights”, pretty much everyone fits, or can be deemed to fit, this profile of conduct defined as “indicative of criminal activity”.

It’s suspicious if you are unusually nervous — or if you are unusually calm. It’s suspicious if you are positioned ahead of other passengers disembarking from a train — or if you are positioned behind them.

Normal, legal activities are defined as suspicious: paying for tickets in cash (Amtrak and Greyhound are the common carriers of last resort for the lawfully undocumented and unbanked), carrying little or no luggage (how many business day-trippers on the Acela Express are carrying lots of luggage?), purchasing tickets at the last minute (also the norm for short-haul business travelers), looking around while making telephone calls (wisely keeping an eye out for pickpockets and snatch thieves, as Amtrak police and notices in stations advise passengers to do), and so forth.

“Suspicion” based on this everyone-encompassing profile is used to justify interrogations and searches of Amtrak passengers, primarily for drugs but also for general law-enforcement fishing expeditions.  Suspicion-generation is a profit center for Amtrak and its police partners: The documents obtained by the ACLU from Amtrak include agreements with state and local police for “equitable sharing of forfeited assets” seized from passengers or other individuals as a result of such searches.

The ACLU requested, “procedures, practices, agreements, and memoranda governing the sharing of passenger data with entities other than Amtrak, including but not limited to… other… federal… law enforcement agencies;” and, “Policies, procedures, practices, agreements, and memoranda regarding whether and how passenger data is shared with any law enforcement agency.”

But Amtrak’s response included no records whatsoever concerning the provision of passenger data obtained from Amtrak reservations to DHS or any other government agency.

We know that DHS obtains information from Amtrak about all passengers on all international Amtrak trains.  DHS has disclosed this in public reports, and we have confirmed it from DHS responses to FOIA and Privacy Act requests.  The example at the top of this article is of a DHS “TECS” travel history log showing Advance Passenger Information (API) data extracted from a record in Amtrak’s ARROW computerized reservation system for a passenger traveling on Amtrak (carrier code 2V) train number 69 in the outbound direction from the US (“O”) from Penn Station, New York (station code NYP) to Montreal (MTR). The entry in the “QYRSLT” column redacted by DHS is the result for this passenger and trip of the pre-crime risk score query to the DHS profiling system.

In a 2008 Privacy Impact Assessment, DHS described its acquisition of Amtrak reservation data as follows:

Currently, Amtrak collects certain manifest data from passengers and crew on all of Amtrak’s international service, and, on a voluntary basis, Amtrak provides that manifest information to CBP…. For all international service Amtrak trains arriving in the United States from a Canadian location or departing the United States for a Canadian location, Amtrak currently, voluntarily transmits an advance notice submission of information regarding each individual traveling onboard the train to CBP. This transmission [is] automatically sent using a United Nations Electronic Data Interchange for Administration, Commerce, and Trade (UN EDIFACT) text file through eAPIS, the CBP APIS web portal. The manifest data may include the following information for all individuals aboard the train: complete name, date of birth, gender, country of citizenship, travel document type (e.g., Passport, Merchant Mariner Document, NEXUS or SENTRI Card, Legal Permanent Registration Card, Enhanced Driver’s License, etc.), DHS-approved travel document number, DHS-approved travel document country of issuance, DHS-approved travel document expiration date, passenger name record (PNR) or reservation locator number, status on board the train (i.e., passenger or crew member), train point of origin , final destination, date of arrival/departure, rail carrier code (Amtrak), and train number or other official number. This data is generally received by CBP 60 minutes before an arriving train departs from a Canadian location or a train in the United States leaves for a Canadian location.

Whether or not there is a formal memorandum of understanding between Amtrak and DHS (which surely Amtrak would have copies of), we find it inconceivable that Amtrak has no procedural documents concerning this practice. Those documents were responsive to the ACLU’s request, and were improperly withheld — most likely because the search for responsive documents was inadequate and failed to identify them. If we had to guess, we would speculate that Amtrak program staff failed to inform the FOIA office of their existence. Whether that was through ignorance or intentional concealment we don’t know.

All of Amtrak’s international trains serve Canada. There are no through trains between the USA and Mexico, but there are through trains jointly operated by Amtrak and VIA Rail Canada between New York and Montréal, Buffalo and Toronto, and Seattle and Vancouver. Amtrak’s web page on Crossing the US-Canadian Border says, “The information you provide when you make your reservation will be entered into your reservation record and supplied to Customs and Immigration officers to facilitate your clearance. Neither Amtrak nor VIA Rail Canada will use this information for any other purpose.”

In the absence of any agreement between Amtrak and DHS/CBP restricting use of the data from passenger reservations “voluntarily” provided by Amtrak, we can’t see what basis Amtrak would have for assuring passengers that this information will be used “solely” to facilitate your clearance. Nor would most people construe profiling you, assigning you a risk score, and deciding whether to allow you to travel or how intrusively to search and interrogate you at the border as being done “to facilitate your clearance.”

As of 2008, DHS said that, “CBP is pursuing ‘All Modes’ APIS [Advance Passenger Information system] legislative authority to clarify its broad authority to mandate the transmission of manifest information, including all international rail and bus travel,” but that in the meantime, “on a voluntary basis, Amtrak provides that … information to CBP.” There’s been no change in the applicable US laws or regulations since then.

Since DHS has conceded that it currently lacks authority to compel Amtrak to hand over this information, it’s questionable whether these “voluntary” data transfers violate Amtrak’s obligations pursuant to the Canadian “Personal Information Protection and Electronic Documents Act” (PIPEDA), especially when tickets are sold in Canada. Amtrak’s website appears to lack any mention of PIPEDA or any point of contact or procedures for Canadian purchasers of Amtrak tickets to exercise their rights under PIPEDA with respect to Amtrak records. If any Canadian readers have traveled to the US on Amtrak and have asked Amtrak for their records or information about how they have been shared, please let us know how it went and what, if any, answers you received.

We also don’t know whether Amtrak and/or VIA Rail Canada reservation data for passengers on these trains, like airline reservations for US-Canada flights, is provided to the Canadian Border Services Agency (CBSA).

As we’ve noted previously, Amtrak has been found to be subject to FOIA but not the Privacy Act, which makes it more difficult to obtain examples of Amtrak records about individuals or how they are used or shared. But we’ve made a follow-up FOIA request for Amtrak policy and procedures documents, asking specifically about sharing of API or other passenger reservation data with DHS or Canadian authoritires and about any discussion of Amtrak compliance with PIPEDA.