Documents released to us by Amtrak suggest that since 2012, US Customs and Border Protection (CBP) has had direct access to Amtrak’s reservation system, possibly including access to reservations for Amtrak passengers traveling entirely within the USA.
What do these documents show? And why would an immigration and border patrol agency want access to records of travel by US citizens and other residents within the borders of the US?
The Amtrak documents we received this week are the fourth in a continuing series of long-overdue interim responses (1st interim response, 2nd interim response, 3rd interim response) to a FOIA request we made in October 2014 for records related to Amtrak’s data-sharing and other collaboration with the Department of Homeland Security (DHS) and other US and foreign law enforcement agencies.
Most of the latest tranche of Amtrak documents we received are copies of e-mail messages within Amtrak and between Amtrak and CBP in the immediate aftermath of Amtrak’s systemwide transition from paper tickets to e-tickets on July 30, 2012. Those messages suggest that Amtrak’s transition to e-ticketing was followed by the addition of “pull” capability for CBP to retrieve Amtrak reservations to the already existing “push” system of Amtrak sending passenger lists for cross-border trains to CBP by email.
Apparently, despite widespread publicity to Amtrak staff and customers about the change to e-tickets, nobody at Amtrak or CBP anticipated that the absence of paper tickets would be considered a problem by CBP inspectors assigned to scrutinize Amtrak trains that cross the USA-Canada border.
That might seem surprising, but it’s consistent with indications in some of the earlier releases to us from Amtrak that Amtrak IT and operations staff weren’t fully aware of the extent and legal basis (or lack thereof) for Amtrak’s collaboration with DHS in passenger dataveillance.
The messages we’ve received were all exchanged by operational personnel, not by Amtrak or CBP legal or policy offices. That’s probably because this wasn’t a legal issue: CBP has absolutely no legal authority whatsoever to demand warrantless access to tickets, and so far as we know has never claimed such authority. CBP inspectors have no more reason or authority to demand to inspect tickets than Amtrak conductors have to demand to inspect passports.
After the first day of Amtrak e-ticket travel, Amtrak’s eTicketing Program Director reported that, “Our train traveling south from Montreal today had some difficulties with US Customs inspectors today, where apparently they normally match the paper tickets collected from passengers against the ‘planned passenger manifest’. There is a concern that tomorrow’s train may not be allowed to enter the country if this cannot be resolved.”
Prompted by the CBP threat to prevent Amtrak trains from entering the US, Amtrak moved quickly to satisfy CBP’s desire for ticket details. Later the same day, the “APD [Area Port Director] Passenger” at the CBP field office responsible for inspecting the Montreal-New York train wrote back to Amtrak, “It was very nice speaking with you. Your willingness to assist us with our needs is very refreshing.”
Amtrak conductors have been issued with AT&T iPhones with bar-code scanners and a custom app that allows them to access and process reservation and e-ticket information. In the same email message on July 31, 2012, CBP initially suggested to Amtrak that “the e-ticketing i-phone we spoke of would be the ultimate solution and we look forward to getting one or two of those and some training for our supervisors.” There’s no indication, however, that Amtrak ever followed through on this suggestion or gave CBP any e-ticket iPhones or access to the e-ticket app used by Amtrak staff.
Instead, ten days later, “as promised” by Amtrak following a meeting at the “port” of entry (presumably meaning the CBP inspection station alongside the railroad tracks in Rouses Point, NY), Amtrak provided CBP with a URL, https://citrix.amtrak.com/Citrix/AccessPlatform/auth/login.aspx, that CBP personnel could use to access Amtrak e-ticket reports.
Only certain CBP staff members — we don’t know how many — were to be given user IDs for access to the Amtrak e-ticket system. But notably absent from these Amtrak records is any mention of restrictions for CBP users of which Amtrak records they could retrieve, such as limitations to certain “passenger manifest” data fields or to records about only that small minority of Amtrak passengers on cross-border trains.
This same email message indicates that Amtrak was continuing to send CBP passenger manifests for cross-border trains daily by email. And records we already received from Amtrak show that Amtrak was also uploading passenger manifests for those cross-border trains to CBP’s Advance Passenger Information System (APIS).
So the only apparent reason for CBP to want access to e-ticket records would be if either (a) CBP wanted access to additional data about cross-border passengers — such as telephone numbers, credit card numbers, or postal and email addresses — that’s included in ticketing and reservation records but that isn’t included in the more limited APIS data set, and/or (b) CBP wanted the technical capability to access data about passengers on Amtrak trains that don’t cross the border.
Why would an immigration and border patrol agency be interested in passengers on trains that don’t cross the border? In practice, CBP has a history of systematically interrogating and searching passengers on such trains, especially certain long-distance east-west trains that travel within 100 miles of the USA-Canada or USA-Mexico borders. Within this Constitution-free zone, CBP uses claims of “border” authority to justify detention and questioning and to intimidate travelers into “consent” for searches. All this is a pretext for dragnet or profile-based searches that mainly result in seizures, civil forfeitures, and arrests for violations of drug laws.
Earlier interim responses to our FOIA request revealed that Amtrak Police already have access to all Amtrak reservation data through a special “Police GUI“. Records of internal Amtrak investigations of complaints of racial profiling, released in July 2015 in response to a FOIA request by Muckrock News, confirm that Amtrak Police admit to mining reservations for information that can be used to “target” and justify detentions of travelers of interest: “To identify passengers of interest, [redacted name of Amtrak Police officer under investigation] uses the Arrow system, CISPROD, and the manifest to predetermine which passengers should be targeted for closer scrutiny. By determining the traveler’s method of payment when purchasing the ticket, how soon before departure the ticket was purchased, their city of origin, destination, length of stay, and whether or not the traveler recorded a telephone number, one can better target travelers of interest. This information couple with site indicators helps an experience officer develop probable cause for a detention and often times, arrest.”
But Amtrak Police don’t have CBP’s “border” search authority, which serves as the legal excuse for CBP searches not based on any (legitimate) articulable suspicion of criminal activity.
The latest Amtrak documents also include some software project specifications for modifications to Amtrak’s IT systems related to changes in the (often unenforced) lists of acceptable ID credentials for Amtrak travel. The documents also contain details we haven’t seen before of a religious exception to passport requirements for travel across the USA-Canada border without passports by certain US citizens who have opted out of the Social Security system. It’s not clear if this exception also applies to other international travel to or from the USA, or to travel by means other than rail.
Amtrak’s FOIA office has told us it is still processing (i.e. censoring and redacting) “approximately 800-900 records” already identified as responsive to our request for records about data-sharing and other collaboration with US law enforcement agencies and foreign governments, and doesn’t expect to complete its response for another 3-4 months.