Senior officials of US Customs and Border Protection (CBP) came to San Francisco last week to meet with representatives of the Identity Project and other civil liberties and human rights organizations regarding CBP “biometric entry/exit” schemes. These CBP programs, some of which are already in operation, involve taking digital mug shots of international travelers — including US citizens — as they enter and leave the US. The meeting in San Francisco was a follow-up to one in Washington, DC, in August 2017.
Debra Danisek, CBP Privacy Officer, and John Wagner, Deputy Executive Assistant Commissioner in charge of the CBP “Office of Field Operations”, were accompanied to the meeting by CBP national, regional, and SF Bay Area local CBP policy and operations staff.
We welcomed the opportunity to point out to the CBP officials in charge of these programs that — especially as they apply to US citizens — they violate multiple Federal laws, involve unconstitutional warrantless, suspicionless dragnet surveillance of how we exercise our right to assemble as protected by the First Amendment, and should be abandoned.
It was an infuriating meeting, however. Rather than offering explanations for many of the CBP’s practices, the CBP officials across the table flatly denied much of what is happening at airports throughout the US, even in the face of first-person testimony to the contrary from many of the civil liberties advocates in attendance.
Since they wouldn’t admit that some of the most abusive CBP practices — the ones we thought the meeting had been called to discuss — are actually happening, the CBP officials wouldn’t talk about what, if any, legal basis these practices might have. Meanwhile, these unlawful practices by CBP and other DHS components continue and expand.
Here are some of the counter-factual claims made by CBP in our meeting, and some of the issues left unaddressed:
(1) “CBP doesn’t ask anyone for the passwords for their electronic devices.”
This whopper of a claim was made insistently by Ms. Danisek, and backed up by other senior CBP staff, during our face-to-face meeting. It flatly contradicts the common knowledge of travelers who have been asked for the passwords to their cellphones, laptops, and other devices. It also flatly contradicts the most recent official CBP policy directive on searches of electronic devices, issued earlier this month, which reaffirms that, “Passcodes… may be requested and retained as needed to facilitate the examination of an electronic device or information contained on an electronic device.”
In a follow-up email exchange, Ms. Danisek admitted that she “misspoke” during our meeting about whether CBP Officers ask travelers for their passwords. But she still didn’t identify any explicit statutory authorization for collection of passwords or data from electronic devices, as is required by the Privacy Act for any collection of information about the exercise of rights protected by the First Amendment, including speech and assembly.
We’ve never seen this element of the Privacy Act addressed in any DHS “Privacy Impact Assessment”, although it should be a standard part of all of them.
Ms. Danisek also didn’t identify any OMB approval or “OMB control number” for this collection of information, as is required by the Paperwork Reduction Act.
Notably, the Paperwork Reduction Act applies to any collection of information, regardless of whether that information pertains to US citizens or foreigners, whether it is collected verbally or in writing, whether or not (or for how long, if at all) it is retained, whether the collection of information is voluntary or mandatory, and whether it is collected directly by a government agency or by contractors or intermediaries.
Pursuant to the PRA, “An agency shall not conduct or sponsor the collection of information unless in advance of the adoption or revision of the collection of information” the agency has complied with requirements including notice and comment, approval by OMB, and assignment of an “OMB control number” which is included in notice provide to anyone from whom information is to be collected.
The PRA is one of the most important ways that Congress has enacted “fair information processing principles” into Federal law. The PRA defines how individuals are supposed to be given notice of requests for information. But even when the DHS or a DHS component such as CBP conducts a so-called “Privacy Impact Assessment”, their assessment of whether adequate notice has been provided never includes any mention of the PRA.
Neither the DHS nor the CBP has ever gotten OMB approval to collect data from travelers’ electronic devices, making collection of such information a flagrant violation of the PRA.
(2) “No US citizen is required to be photographed in order to enter or leave the US.”
The way things work at most US international airports is that arriving travelers — including US citizens — are herded through roped-off chutes into a corral with “Automated Passport Control” (APC) kiosks. The exit from this corral is blocked by a line-minder — an employee or contractor of the airline or airport or a passenger handling agency — who won’t step aside to allow a traveler to pass unless and until they show an APC kiosk receipt which includes a digital photo of their face.
There’s no way to leave the corral or get near the inspection booths staffed by CBP officers without submitting to an APC mug shot, jumping over the ropes (and risking sanctions for refusing orders or disrupting processing), or pushing past the line-minder (and risking charges for assault). There are prominent signs in these areas (of questionable legal validity) purporting to prohibit use of cameras, recording devices, or cellphones.
There are no Privacy Act or Paperwork Reduction Act notices on or near the APC kiosks, and no OMB control number has ever been issued for collection of entry or exit photos of US citizens. That makes it clearly illegal for CBP to even “sponsor” collection of this information by third-party operators of the APC kiosks, even on a voluntary basis.
This is standard (illegal) operating procedure at airports throughout the US. And the CBP’s FAQ on this program specifically claims that CBP has authority to collect biometrics of US citizens.
But Mr. Wagner — the top official in charge of CBP operations — categorically denied that any US airport is set up like this. He refused to discuss how anyone could “opt out” of submitting to facial photography at the APC kiosks, or how they could get to the CBP officers if the line-minders block the way to anyone who can’t show an APC receipt.
So far as we can tell, a travelers’ only recourse would be to report the line-minders to local police (or bring a civil action against them) for false arrest and imprisonment, after submitting to a mug shot, completing CBP inspection, and leaving the inspection area. That still wouldn’t enable a traveler to “opt out” of being photographed for CBP.
Meanwhile, the DHS is working systematically to expand its (illegal) facial photography of travelers from international to domestic flights. Last Friday, just days after our meeting with the CBP in San Francisco, the TSA announced that it plans to conduct a three-week trial at Los Angeles International Airport (LAX) of photography and automated facial recognition of travelers passing through some of the TSA checkpoints for domestic flights.
The TSA didn’t say when or at which of the checkpoints at LAX this trial will be conducted.
There’s no OMB approval for any collection of biometric information at TSA checkpoints, and no Privacy Act notice that covers these records. So this TSA trial will be flagrantly illegal even if travelers are allowed to opt out.
In practice, international travelers are routinely forced to use the “voluntary” APC kiosks. We have no confidence that domestic travelers won’t similarly be corralled into checkpoint lanes in which they are used as guinea pigs for the TSA’s experiments in facial recognition.
Travelers at LAX should watch out for this scheme, refuse to participate, and record what happens, especially if they aren’t told they have a choice about whether to be photographed.
(3) “Airlines and airports have no interest in keeping photos of passengers, or using them for any other purpose.”
This isn’t true, and even the most willfully ignorant “see no evil, hear no evil” CBP and DHS officials can’t possibly believe this.
But the CBP officials we met with refused to discuss any of the issues raised by giving government agencies access to commercial data, or requiring individuals to provide information not to the government but to commercial entities that are free to use it for their own purposes as well as to pass it on to the government.
In fact, airlines, airports, and government agencies have an explicit shared vision for common use of shared biometric data about travelers, starting with facial images, throughout the air travel “passenger experience”.
A report published last week by the World Economic Forum in conjunction with its annual meeting in Davos laid out one version of this vision, which would include use of a “blockchain” to record a non-repudiable travel history log linked to biometric identifiers for each traveler:
This report, co-published by the World Economic Forum and Accenture, highlights the opportunities made possible through advances in emerging technologies like biometrics, cryptography and distributed ledgers to advance security capabilities of industry and governmental agencies while improving passenger facilitation in international travel. Importantly, it recommends a paradigm shift to an interoperable digital identity system that … enables the trustful [sic] cooperation between international public and private sector partners required for ensuring the safe and secure movement of people across borders.
CBP and TSA regulations already require airlines to make API, PNR , and “Secure Flight” data about air travelers available to the government, while placing no restrictions on how airlines can use the data travelers are required to provide as a condition of travel.
Airlines are eager for governments to make passengers hand over even more information, including biometric information. Airlines want to use this information for business process automation, profiling, and personalization (“the “holy grail”) including personalized pricing. The report released in Davos last week gives an indication of some of the data that law enforcement agencies might ask airlines to collect on their behalf:
This is explicitly envisioned as a joint venture in which data specified by law enforcement agencies would be collected by airlines and airports and used by both.
The same vision is articulated by governments through ICAO’s Traveler Identification Program (TRIP). ICAO’s free TRIP Magazine provides frighteningly Orwellian ongoing coverage of the rollout of this global travel surveillance and control scheme.
A decade ago, we heard the vice-president of IATA (the international airline trade association) for government relations tell representatives of the world’s police (from the DHS to the Public Security Bureau of the Peoples Republic of China) assembled at ICAO headquarters in Montreal that airlines would be happy to collect additional information about travelers, as long as (a) governments reimburse airlines for the cost of collecting this data and (b) airlines get to retain this data and use it for their own purposes.
Airlines have gotten half of what they asked for. The airline industry hasn’t gotten its several billion dollars in data collection costs and enforced modifications to their IT systems since 9/11 reimbursed by governments, so those have been passed on to travelers. Airline ticket buyers have to pay more for tickets to cover the cost of having themselves surveilled.
On the other side of airlines’ balance sheets, though, they are still being given completely free rein to store personal information about passengers, collected under government duress, in grossly insecure systems, to make this data available worldwide without geographic or purpose limitations or access logs, and to use it however they like.
The DHS shouldn’t be allowed to keep on refusing to acknowledge this. Travelers should demand that travel companies distance themselves from spying on their customers. Surveillance of travelers should be limited to what is authorized by warrants issued by judges based on probable cause, and restrictions on travel should be limited to injunctions issued by judges after adversary fact-finding, not on pre-crime predictions.