May 22 2024

New DHS publicity about REAL-ID

[Portion of airport sign from May 2024 DHS media toolkit.]

A year before the most recently self-imposed “deadline” on which the Department of Homeland Security (DHS) has threatened to start illegally denying passage through Transportation Security Administration (TSA)  checkpoints at airports to would-be travelers without ID it deems sufficiently “compliant” with the REAL-ID Act of 2004,  the DHS has launched a new campaign of advertisements, press releases, and signs in airports to publicize its threat to start restricting the right to fly without ID.

“Starting May 7, 2025, you need a REAL-ID* to board domestic flights,” the TSA says, with a footnote in much smaller print, “or acceptable alternative”.

Is this threat for real? No, no, and no.

No #1: The May 7, 2025 date is entirely arbitrary, not fixed by law, has been extended time and time again for years, and can and likely will be extended again.

This is a threat, not a deadline. As our friend Jim Harper notes in his latest article in The Atlantic, “The Real ID Deadline Will Never Arrive”:

[T]hose airport signs and travel stories have been telling us about a final deadline for more than 15 years. And yet, that deadline has never arrived. If past extensions are any indication, it probably never will….

Fortunately, the threat of being denied boarding without a compliant license is hollow…. Under any likely scenario, the political costs of turning Americans away at airports in May 2025 will be too high. Here’s my prediction: Well before next May, the Real ID compliance deadline will be rolled back again.

No #2: Perhaps in response to our criticism of their previous litany of lies about the REAL-ID Act and ID to fly, the TSA has added a footnote to its latest signage, “or acceptable alternative”.

What’s not obvious is that an “acceptable alternative” to REAL-ID to fly is no ID at all.

As the TSA has admitted, thousands of people fly without ID every year. Nothing in the REAL-ID Act, and no current or proposed legislation or regulations, would change that.

No #3: Imposing a requirement to have, carry, or show ID to travel by common carrier– even if that were  Constitutional, which we don’t think it would be — would require new legislation and/or regulations.

The TSA has twice (in 2016 and again in 2020) given notice that it intended to propose new procedures to require air travelers to show ID. But it never actually submitted those proposals, much less obtained the required regulatory approvals. Numerous procedural steps would be required before any such plan could go into effect.

Travelers can and should say “No” to these DHS/TSA attempts to intimidate us into surrendering our rights.

But while the DHS and TSA aren’t about to follow through on their latest ultimatum — not now, not next year, and probably never — they aren’t going to stop making these baseless threats until Congress and/or the courts  say “No” as well.

States should prepare to litigate to defend their residents’ right to travel. Congress should put an end to this endless shakedown by repealing the REAL-ID Act in its entirety. It was a bad idea when it was enacted in a post-9/11 panic, and it’s still a bad idea today.

May 09 2024

Office of Legal Counsel recognizes the right to travel

In researching the law on the right to travel to obtain an abortion, we were pleased to notice an advisory opinion from the Office of Legal Counsel (OLC) that, although only in passing, explicitly acknowledges the right to travel.

OLC is the division of the US Department of Justice that serves as the office legal advisor to the White House and all Executive Branch agencies of the federal government. OLC publishes only a handful public advisory opinions each year, so each of them is significant.

In late 2022, the General Counsel of the US Postal Service asked OLC for advice on whether existing Federal laws (specifically the Comstock Act of 1873) should be interpreted as prohibiting the Postal Service from accepting packages containing abortion-inducing drugs.

OLC’s opinion on this issue includes the following comment, with footnote:

[Even] if a state prohibits a pregnant person from ingesting mifepristone or misoprostol for the purpose of inducing an abortion, such an individual has a constitutional right to travel to another state that has not prohibited that activity and to ingest the drugs there.

Footnote: See Dobbs, 142 S. Ct. at 2309 (Kavanaugh, J., concurring) (“[M]ay a State bar a resident of that State from traveling to another State to obtain an abortion? In my view, the answer is no based on the constitutional right to interstate travel.”); id. (referring to the question as “not especially difficult”); see also Bigelow v. Virginia, 421 U.S. 809, 824 (1975) (explaining that Virginia could not “prevent its residents from traveling to New York to obtain [abortion] services or . . . prosecute them for going there” (citing United States v. Guest, 383 U.S. 745, 757–59 (1966))).

We find this portion of the OLC opinion noteworthy for two reasons:

First, it’s been relatively rare in recent decades for the U.S. government, perhaps especially at the highest levels of overall Federal policy and legal thinking, to explicitly acknowledge the right to travel, much less to acknowledge that it is well established Constitutional law.

Second, the fact that this opinion was issued in this particular context highlights the truism that most people become concerned about rights only when their own rights, or those of people they identify with, are threatened. In other contexts, the same Federal administration (like its predecessors) has been vigorously defending the authority of Federal agencies to impose arbitrary extrajudicial restrictions on the right to travel.

The reality, of course, is that it could be any one of us whose rights are restricted. Human right should be a concern for each of us, whether or not we are currently being targeted. Each of us could become a target of the government, for reasons we may not be able to anticipate. The only way to effectively defend our rights is to defend everyone’s rights.

Legislators and Federal agency officials shouldn’t wait until their own rights, or the rights of those they can identify with, are threatened. But better late than never.

We are glad that OLC has, in this case, recognized the right to travel. We hope they remember to apply the same principles and act consistently in other cases.

May 06 2024

Facial recognition and “identity verification”

A new effort is being made by some Senators to restrict the use of facial recognition by the Transportation Security Administration (TSA), airlines, and airports in the US.

But the proposed cure may be worse than the disease. The latest version of the proposed legislation, while undoubtedly well intentioned, includes a provision that would, for the first time, provide a basis in Federal law for “identity verification” of airline passengers.

The problem with facial recognition is that it’s a tool for identifying people. Legalizing (unjustified and previously unlawful) demands for travelers to identify ourselves in other ways is not a solution to the problems of either facial recognition or ID demands.

S. 3361, the “Travel Privacy Protection Act of 2023”, was introduced in the Senate in November 2023, and remains pending. But standalone bills like this have very little chance of being considered, especially in the current Congress.

With Congress acting on only a few bills that are considered essential to keep the  government operating, other legislation is likely to be acted on only if it can be attached to one of these “must-pass” bills. So some of the sponsors of S. 3361 have incorporated provisions to restrict the use of facial recognition, plus new provisions for alternative means of “identity verification” of travelers, into an amendment to the pending  bill to authorize continued operations of the Federal Aviation Administration (FAA).

We assume that the new “identity verification” provisions in the proposed amendment to the FAA reauthorization bill were added to the previous version of the legislation to address objections from the TSA, the airline industry, and airport operators, all of whom have invested heavily in shared infrastructure for facial recognition at airports on the assumption that it has already been agreed to as a government and industry standard.

The proposed amendment to the FAA reauthorization bill would explicitly authorize the use of facial recognition at US airports, provided that the TSA “provides each protected individual, at the request of the protected individual, with the option to choose between identity verification with or without facial recognition or facial matching software.”

This would be a major change, since no provision of current law authorizes the TSA to operate, or to require travelers to submit to, any sort of ID verification.

Congress should not be intimidated by the threat of facial recognition into authorizing the TSA, airlines, or airport operators to  require travelers to identify ourselves.

A choice between submitting to facial recognition so that we can be identified, and showing documents so that we can be identified, is not a choice we should have to make.

Regardless of how we are identified, we know how our identity will be used by the TSA and its commercial and governmental partners in the US and around the world.

The TSA will check our identity against the million and a half mostly Muslim names on the TSA’s no-fly blacklist, use our identity as one of the inputs to the algorithmic black box they use to decide whether to send the airline a Boarding Press Printing Result (BPPR) that “permits” the airline to issue a boarding pass for each of our flights, and use it to link its record of our flight to the permanent file it keeps about each of us. None of this is lawful or serves any legitimate purpose. Congress should put a stop to all of this.

The TSA offers the misleading reassurance that unless we are determined to pose a threat, it won’t retain facial images and other information about our travel. But since the threat-assessment algorithms and outcomes are secret, there’s no way to know whether information about us and any particular flight we take has been retained.

Compelled warrantless, suspicionless ID requirements violate the Fourth and Fifth Amendments to the US Constitution and international treaties protecting the right to freedom of movement both internationally and within the US.

If Congress wants to rein in the TSA and its use of facial recognition, Congress can and should explicitly prohibit the TSA from requiring travelers to identify ourselves, regardless of whether that identity verification is conducted by inspection of ID documents, facial recognition, or other means. Unless our right to travel has been restricted by court order, who we are is irrelevant to our right to travel by common carrier.

May 01 2024

Combining radio and visual tracking of road vehicles

[Jenoptik “Trafficatch” wireless detection device and the data it collects ]

In the latest escalation of surveillance of travelers, data from automated license plate readers (APLRs) is being merged with data from devices that record the unique identifiers of passing WiFi, Bluetooth, and Bluetooth Low Energy (BLE) devices, including always-on devices intended for in-vehicle communications, entertainment, and network access.

Most new cars, SUVs, and light trucks have built-in WiFi access points and Bluetooth and/or BLE connectivity. Each of these wireless access points transmits a unique identifier — usually fixed or not readily changeable by the vehicle owner or operator — to enable devices in the vehicle — cellphones, wireless earbuds, etc. — to establish and maintain connections. Each of those devices broadcasts its own unique and often fixed identifier.

Once the unique identifying numbers of the in-vehicle wireless access points are linked to a vehicle and the vehicle’s registration record and owner by matching the time and location of device detection with an ALPR scan of the vehicle’s license plate, they can be used to track those devices and log their movements in a permanent file associated with the registered owner, even when those devices leave the vehicle.

So if you use your Bluetooth or BLE earbuds to listen to music or make a phone call in a car, even as a passenger, police can and possibly will continue to track your earbuds’ movements and associate them with that car.

According to a report by Byron Tau for NOTUS  (a new nonprofit newsroom founded and funded by Robert Allbritton, the former publisher of POLITICO), wireless “device detectors” and the back-end systems to link ALPR and wireless device tracking data have been purchased by local police departments in border communities in Texas using grant money from the US Department of Homeland Security (DHS) and the  state of Texas.

According to responses to requests for information about bids for government contracts from Jenoptik, the supplier of this system of detectors and databases:

Jenoptik’s Trafficatch wireless device detection is a value add addition to its Vector fixed ALPR solution. Trafficatch records wireless device Wifi, Bluetooth, and Bluetooth Low Energy (BLE) signal identifiers that come within range of the device to record gathered information coupled with plate recognition in the area. This can provide additional information to investigators trying to locate persons of interest related to recorded
crimes in the area.

This should be illegal without a warrant, but current case law leaves enough uncertainty that police may feel that they can get away with this sort of tracking without a warrant.

According to the report by NOTUS, this vehicle and device tracking data is being shared through NLETS (the National Law Enforcement Telecommunications Network). The unusual status of NLETS makes it almost impossible to tell how this data is being used. It could be used to track people and vehicles across state lines or other jurisdictional boundaries, including to identify and track people traveling to obtain abortions.

Like AAMVA, NLETS is nominally a nongovernmental nonprofit organizations, but its members are government agencies.  AAMVA members are the heads of state driver and motor vehicle licensing agencies; NLETS members are Federal, state, and local law enforcement agencies for which NLETS has long served as a private police network in parallel with public communications networks. Once the operator of a dedicated police telex network (like the parallel special-purpose networks operated for airlines and banks)  NLETS is today the hub of the “police Internet“, providing both communications and database hosting services. Because NLETS is nominally “private” and nongovernmental, it itsn’t directly subject to any Federal, state, or local FOIA, public records,  or open meeting laws.