Papers, Please!

The Identity Project

Monthly Archives: June 2016

Jun 30 2016

National REAL-ID database replicates problems with FBI rap sheets

Previously unpublished information we’ve recently obtained from the contractor that developed the SPEXS database at the center of state “compliance” with the REAL-ID Act — the national database of drivers license and state ID details that the DHS and supporters of the REAL-ID Act keep claiming doesn’t exist — shed new light on how the system will work.

Unfortunately, these new documents and statements show that SPEXS will replicate many of the worst problems of poor data quality and lack of accountability of the NCIC database used by the FBI to store criminal history “rap sheets” of warrants, arrests, and dispositions of criminal cases: convictions, diversions, withdrawals, dismissals, acquittals, appellate decisions, etc.

Like SPEXS, NCIC aggregates data sourced from agencies in every state, the District of Columbia, and the US territories of Puerto Rico, the U.S. Virgin Islands, American Samoa, Guam, and the Northern Mariana Islands.  The FBI operates the aggregated database, but disclaims any responsibility for the accuracy of the data it stores, indexes, and distributes.

As we noted in our previous post, the FBI has exempted NCIC records from the requirements of the Privacy Act for accuracy, relevance to a lawful purpose, access by data subjects, and correction of errors.  That should mean that NCIC records can’t be relied on, but the Supreme Court has ruled that an entry in NCIC provides sufficient legal basis for an arrest.

NCIC is the poster child for the evil consequences of reliance on “garbage in, garbage out” aggregated and unverified data as a basis for government decision-making. Inevitably, NCIC records are riddled with errors. Law enforcement agencies are quick to report arrests and newly-issued warrants to NCIC, but have nothing to gain by ever reporting when charges are dismissed or a warrant is quashed. Who knows when some other police agency might find it convenient to rely on an NCIC record of a long-since-quashed warrant as a basis for authority to arrest and search someone who they would otherwise have to let walk away?

We know from long and bad experience with NCIC just where this leads. Innocent people are arrested every day in every state on the basis of erroneous NCIC records. SPEXS replicates the “garbage in, garbage out” unverified multi-source data aggregation model of NCIC, and will replicate its data quality and accountability problems along with its architecture.

Like NCIC, SPEXS is intended to be relied on as the basis for government decisions, specifically, enforcement of the requirement of the REAL-ID Act that a person may not have more than one valid REAL-ID Act compliant drivers license or ID at a time. We fail to see any valid purpose to this provision of the law. Given that states have different and independent licensing requirements, what harm is done by a person having independently satisfied the requirements to operate motor vehicles in more than one state, and having independently been issued credentials by these several states attesting to this fact?  But regardless of the rationale for this law, the justification for the existence of SPEXS is to enable states to refuse to issue a drivers license or state ID to a person if SPEXS shows a record of an outstanding license or ID in any other state or territory for a person believed (according to a secret SPEXS matching algorithm) to be the same person as the applicant.

The inevitable outcome is that some people’s applications for new or renewal drivers licenses or state IDs will be denied by state authorities on the basis of erroneous data in SPEXS records. Perhaps they have been mis-matched with a person in another state with the same or a similar name and date of birth. Perhaps an identity thief has used their name, DOB, and Social Security number to get a license or ID in another state. Perhaps they cancelled their license or ID in another state, but that fact wasn’t reported by that state to SPEXS, or the cancellation message wasn’t received by the SPEXS operator or wasn’t properly processed into the SPEXS database. Perhaps the expiration date of their old license or ID was mis-reported or improperly recorded. Perhaps a record was mis-coded, such as by mis-attributing a record to the wrong state. Perhaps a record of a license or ID that has since been cancelled was left in SPEXS by a state or territory that has withdrawn from SPEXS participation.

What recourse will any of these people have? Not much, not easily, and in some cases none at all.

Read More

Jun 28 2016

Supreme Court gives us more reasons not to show ID

Some people ask us, “What’s wrong with showing ID to police? If you are innocent and have nothing to hide, just show your ID, and you can be on your way.”

In the real world, however, showing ID can be a bad idea even if you are innocent. And the decision of the Supreme Court last week in Utah v. Strieff provides a case study in why you should never voluntarily identify yourself to police, and should avoid having any identification on your person if you don’t need it.

As we discussed when Utah v. Strieff  was argued in February, the sequence of events that led to this case was as follows: Police looking for drugs illegally stopped and detained a pedestrian without any articulable basis for suspecting him of any crime. While illegally detaining Mr. Strieff, the police asked (or demanded) that he identify himself, and he told the police his name.  The police ran a check on his name and found a record of a warrant for his arrest for a minor traffic violation.

Based on this warrant, the police re-classified the man already in their custody from “detainee” to “arrestee”, searched him “incident to his arrest”, and found — surprise — illegal drugs, which they had been hoping all along to find, but had lacked any legal basis to search for.

Strieff argued that he wouldn’t have been searched, but for the original stop and detention, which the police conceded was illegal, and therefore that the police shouldn’t be allowed to use the drugs they found as evidence against him. The Supreme Court upheld the legality of the arrest and search, despite the illegal stop and detention, and allowed the evidence to be used against Mr. Strieff.

Most of the commentary on the Supreme Court’s decision has focused on Justice Sotomayor’s dissent:

The Court today holds that the discovery of a warrant for an unpaid parking ticket will forgive a police officer’s violation of your Fourth Amendment rights. Do not be soothed by the opinion’s technical language: This case allows the police to stop you on the street, demand your identification, and check it for outstanding traffic warrants — even if you are doing nothing wrong. If the officer discovers a warrant for a fine you forgot to pay, courts will now excuse his illegal stop and will admit into evidence anything he happens to find by searching you after arresting you on the warrant….

We share Justice Sotomayor’s outrage. But what are the lessons we should take away from the majority opinion?

First, we can’t count on the police to tell us our rights. It’s not clear whether the police represented their “request” that Mr. Strieff identify himself as mandatory, or whether, while under police detention and not free to leave (and without having been read his Miranda rights), he knew that he had the right to remain silent and not give his name. But whatever happened, the Supreme Court majority doesn’t seem to have been much interested in these issues. Know your rights, and exercise them. By the time the police read you your rights, if they do so at all, it’s often too late.

Second, you should always exercise your right to remain silent when questioned by police — even if all they ask you is, “What’s your name?” Mr. Strieff’s detention would have remained illegal, and any evidence obtained by (illegally) searching him would have remained inadmissible, if he hadn’t told the police his name so that they could run a check for warrants.  This case shows that when police say, “Anything you say may be used against you,” that includes your name and any other identifying information you might disclose. Don’t tell police your name, and don’t voluntarily show them anything that might identity you. If you don’t need to have it with you, you are better off not having any ID on your person that might be found if you are searched on some other pretext.

Third, if you are tempted to think that you don’t need to worry because there isn’t a warrant out for arrest, think again. There are warrants out for millions of people in the US. Until they are busted, many people don’t know that there is a warrant for their arrest. Are you sure that every time you have ever gotten a traffic ticket, your check was received by the court and properly processed? If a bench warrant had already been issued by the time your payment was received and processed, was the warrant quashed? Was that fact reported to the FBI, and was the original record of the bench warrant removed from the NCIC database? Have you gotten your NCIC file recently to confirm this?  If not, there’s a non-trivial chance that there’s a warrant for your arrest, or that NCIC shows that there’s a warrant for your arrest. NCIC is riddled with errors, and the FBI has exempted it from the accuracy requirement of the Privacy Act. But the Supreme Court has said that an NCIC record of a warrant is enough to make an arrest legal, even if the data in NCIC is incorrect. You should always assume that NCIC might show a warrant for your arrest that any cop who runs a check on your name or ID will find. If you know this and still choose to identify yourself to police, you are practically asking to be arrested. If police stop or question you, they are looking for an excuse to arrest and/or search you. The only way — and the easy way, fortunately — to avoid giving police the basis to arrest and search you that they are looking for is not to tell them who you are and not to show them any ID.

Jun 16 2016

How the DHS practices “transparency”

realid-nonresponsive [A “complete” response from DHS to a FOIA request, with “no deletions”. Click image for larger version.]

A Freedom of Information Act request we made to the Department of Homeland Security hasn’t told us much about what we asked about, but has given us an object lesson in how the DHS practices “transparency”.

An August 2015 document posted on the DHS.gov website revealed that the DHS is systematically collecting data on how many people have been denied access to Federal facilities because they were unable or unwilling to show ID credentials deemed to “comply” with the REAL-ID Act:

Your agency should also have a process for recording the number of encounters of individuals presenting driver’s licenses from noncompliant states for purpose of accessing Federal facilities. This data should be sent monthly to DHS (OSIIS@hq.dhs.gov) for collection no later than the tenth day of each month. DHS will use this data to evaluate the impact of REAL ID enforcement on the public. See Appendix E for a sample report template.

In January of 2016, we submitted a FOIA request to the DHS to the DHS for these reports.  Five months later, after repeated follow-up inquiries, we finally received this mockery of a “response”. It was dated in May, but we didn’t receive it until June, because it was sent to a mis-typed email address and our repeated email and voicemail messages requesting information on the status of the request were ignored. Our request was submitted by email, so it’s not clear why the address on the response was retyped rather than being sent as a “reply” to our message.  But that’s the least of the problems with the DHS response to our request.

Read More

Jun 09 2016

How does the TSA decide if you are who you say you are?

An ongoing trickle of still-incomplete responses by the TSA to a Freedom Of Information Act (FOIA) request we made in June 2013 continues to shed more light on the TSA’s procedures for air travelers who don’t have ID credentials the TSA deems satisfactory.

It’s difficult to compile statistics from files in the image format in which the TSA has released them, but we can make some anecdotal observations about what happens to people who try to fly without “acceptable” ID. Read More

Jun 07 2016

How hard was it for Amtrak to require names in reservations?

Since the start of the post-9/11 shift from case-by-case government access to travel reservations to dragnet surveillance of all reservations and pre-crime profiling of all travelers, the government has claimed repeatedly that the information to which it has demanded access was already “routinely” provided by travelers to airlines and other travel companies.

We’ve recently received some details of just how untrue those claims are, through the latest installment of a continuing trickle of responses by Amtrak to a Freedom Of Information Act request we made in 2014. (See our previous reports on government surveillance of Amtrak passengers.)

Anyone familiar with travel industry practices and reservation data has known all along that the government’s demands for data about airline, train, bus, and cruise ship passengers have exceeded what was needed by common carrier for commercial purposes. Until after September 11, 2001, walk-up customers could buy tickets for cash, for themselves or anyone else, at airline or Amtrak or Greyhound ticket counters, without providing any information at all except an (unverified) name.  No address, phone number, or other identifying or contact information was required.

The government has demanded not just access to existing travel industry databases, but the logging of additional details about travelers that were never previously required. The travel industry worldwide has had to spend billions of dollars modifying every layer and component of their IT systems, and of all the systems that interact with them, to collect and store this additional information and deliver it to the government in standardized government-dictated formats.

Even names of travelers weren’t required for reservations, tickets, or travel.  Space could be reserved for a group of travelers with only a group identifier or lead contact. Sometimes dummy or placeholder names would be entered for group members, but they could be and often were omitted.

The latest file we’ve received from Amtrak is a PDF of images of printouts or views of email messages (we haven’t received the raw “message source” files we requested, and will eventually be appealing Amtrak’s failure to release them) within Amtrak and between Amtrak, the big four CRS/GDS companies (Sabre, Amadeus, Worldspan, and Galileo/Apollo — then owned by Cendant) and possibly their contractors or other “partners” (names redacted).

These messages date from 2006, when Amtrak “voluntarily” decided to start sending data about all passengers on cross-border Amtrak trains and buses between the USA and Canada to the DHS Advance Passenger Information System (APIS).  In order to populate the API data fields, Amtrak decided to make “Passenger ID” (PID) a required field in all Amtrak reservations.  That took some work in itself, but it also caused a cascade of new problems for reservations without names, especially those for as-yet-unknown members of groups:

Read More