Papers, Please!

The Identity Project

Monthly Archives: May 2024

May 09 2024

Office of Legal Counsel recognizes the right to travel

In researching the law on the right to travel to obtain an abortion, we were pleased to notice an advisory opinion from the Office of Legal Counsel (OLC) that, although only in passing, explicitly acknowledges the right to travel.

OLC is the division of the US Department of Justice that serves as the office legal advisor to the White House and all Executive Branch agencies of the federal government. OLC publishes only a handful public advisory opinions each year, so each of them is significant.

In late 2022, the General Counsel of the US Postal Service asked OLC for advice on whether existing Federal laws (specifically the Comstock Act of 1873) should be interpreted as prohibiting the Postal Service from accepting packages containing abortion-inducing drugs.

OLC’s opinion on this issue includes the following comment, with footnote:

[Even] if a state prohibits a pregnant person from ingesting mifepristone or misoprostol for the purpose of inducing an abortion, such an individual has a constitutional right to travel to another state that has not prohibited that activity and to ingest the drugs there.

Footnote: See Dobbs, 142 S. Ct. at 2309 (Kavanaugh, J., concurring) (“[M]ay a State bar a resident of that State from traveling to another State to obtain an abortion? In my view, the answer is no based on the constitutional right to interstate travel.”); id. (referring to the question as “not especially difficult”); see also Bigelow v. Virginia, 421 U.S. 809, 824 (1975) (explaining that Virginia could not “prevent its residents from traveling to New York to obtain [abortion] services or . . . prosecute them for going there” (citing United States v. Guest, 383 U.S. 745, 757–59 (1966))).

We find this portion of the OLC opinion noteworthy for two reasons:

First, it’s been relatively rare in recent decades for the U.S. government, perhaps especially at the highest levels of overall Federal policy and legal thinking, to explicitly acknowledge the right to travel, much less to acknowledge that it is well established Constitutional law.

Second, the fact that this opinion was issued in this particular context highlights the truism that most people become concerned about rights only when their own rights, or those of people they identify with, are threatened. In other contexts, the same Federal administration (like its predecessors) has been vigorously defending the authority of Federal agencies to impose arbitrary extrajudicial restrictions on the right to travel.

The reality, of course, is that it could be any one of us whose rights are restricted. Human right should be a concern for each of us, whether or not we are currently being targeted. Each of us could become a target of the government, for reasons we may not be able to anticipate. The only way to effectively defend our rights is to defend everyone’s rights.

Legislators and Federal agency officials shouldn’t wait until their own rights, or the rights of those they can identify with, are threatened. But better late than never.

We are glad that OLC has, in this case, recognized the right to travel. We hope they remember to apply the same principles and act consistently in other cases.

May 06 2024

Facial recognition and “identity verification”

A new effort is being made by some Senators to restrict the use of facial recognition by the Transportation Security Administration (TSA), airlines, and airports in the US.

But the proposed cure may be worse than the disease. The latest version of the proposed legislation, while undoubtedly well intentioned, includes a provision that would, for the first time, provide a basis in Federal law for “identity verification” of airline passengers.

The problem with facial recognition is that it’s a tool for identifying people. Legalizing (unjustified and previously unlawful) demands for travelers to identify ourselves in other ways is not a solution to the problems of either facial recognition or ID demands.

S. 3361, the “Travel Privacy Protection Act of 2023”, was introduced in the Senate in November 2023, and remains pending. But standalone bills like this have very little chance of being considered, especially in the current Congress.

With Congress acting on only a few bills that are considered essential to keep the  government operating, other legislation is likely to be acted on only if it can be attached to one of these “must-pass” bills. So some of the sponsors of S. 3361 have incorporated provisions to restrict the use of facial recognition, plus new provisions for alternative means of “identity verification” of travelers, into an amendment to the pending  bill to authorize continued operations of the Federal Aviation Administration (FAA).

We assume that the new “identity verification” provisions in the proposed amendment to the FAA reauthorization bill were added to the previous version of the legislation to address objections from the TSA, the airline industry, and airport operators, all of whom have invested heavily in shared infrastructure for facial recognition at airports on the assumption that it has already been agreed to as a government and industry standard.

The proposed amendment to the FAA reauthorization bill would explicitly authorize the use of facial recognition at US airports, provided that the TSA “provides each protected individual, at the request of the protected individual, with the option to choose between identity verification with or without facial recognition or facial matching software.”

This would be a major change, since no provision of current law authorizes the TSA to operate, or to require travelers to submit to, any sort of ID verification.

Congress should not be intimidated by the threat of facial recognition into authorizing the TSA, airlines, or airport operators to  require travelers to identify ourselves.

A choice between submitting to facial recognition so that we can be identified, and showing documents so that we can be identified, is not a choice we should have to make.

Regardless of how we are identified, we know how our identity will be used by the TSA and its commercial and governmental partners in the US and around the world.

The TSA will check our identity against the million and a half mostly Muslim names on the TSA’s no-fly blacklist, use our identity as one of the inputs to the algorithmic black box they use to decide whether to send the airline a Boarding Press Printing Result (BPPR) that “permits” the airline to issue a boarding pass for each of our flights, and use it to link its record of our flight to the permanent file it keeps about each of us. None of this is lawful or serves any legitimate purpose. Congress should put a stop to all of this.

The TSA offers the misleading reassurance that unless we are determined to pose a threat, it won’t retain facial images and other information about our travel. But since the threat-assessment algorithms and outcomes are secret, there’s no way to know whether information about us and any particular flight we take has been retained.

Compelled warrantless, suspicionless ID requirements violate the Fourth and Fifth Amendments to the US Constitution and international treaties protecting the right to freedom of movement both internationally and within the US.

If Congress wants to rein in the TSA and its use of facial recognition, Congress can and should explicitly prohibit the TSA from requiring travelers to identify ourselves, regardless of whether that identity verification is conducted by inspection of ID documents, facial recognition, or other means. Unless our right to travel has been restricted by court order, who we are is irrelevant to our right to travel by common carrier.

May 01 2024

Combining radio and visual tracking of road vehicles

[Jenoptik “Trafficatch” wireless detection device and the data it collects ]

In the latest escalation of surveillance of travelers, data from automated license plate readers (APLRs) is being merged with data from devices that record the unique identifiers of passing WiFi, Bluetooth, and Bluetooth Low Energy (BLE) devices, including always-on devices intended for in-vehicle communications, entertainment, and network access.

Most new cars, SUVs, and light trucks have built-in WiFi access points and Bluetooth and/or BLE connectivity. Each of these wireless access points transmits a unique identifier — usually fixed or not readily changeable by the vehicle owner or operator — to enable devices in the vehicle — cellphones, wireless earbuds, etc. — to establish and maintain connections. Each of those devices broadcasts its own unique and often fixed identifier.

Once the unique identifying numbers of the in-vehicle wireless access points are linked to a vehicle and the vehicle’s registration record and owner by matching the time and location of device detection with an ALPR scan of the vehicle’s license plate, they can be used to track those devices and log their movements in a permanent file associated with the registered owner, even when those devices leave the vehicle.

So if you use your Bluetooth or BLE earbuds to listen to music or make a phone call in a car, even as a passenger, police can and possibly will continue to track your earbuds’ movements and associate them with that car.

According to a report by Byron Tau for NOTUS  (a new nonprofit newsroom founded and funded by Robert Allbritton, the former publisher of POLITICO), wireless “device detectors” and the back-end systems to link ALPR and wireless device tracking data have been purchased by local police departments in border communities in Texas using grant money from the US Department of Homeland Security (DHS) and the  state of Texas.

According to responses to requests for information about bids for government contracts from Jenoptik, the supplier of this system of detectors and databases:

Jenoptik’s Trafficatch wireless device detection is a value add addition to its Vector fixed ALPR solution. Trafficatch records wireless device Wifi, Bluetooth, and Bluetooth Low Energy (BLE) signal identifiers that come within range of the device to record gathered information coupled with plate recognition in the area. This can provide additional information to investigators trying to locate persons of interest related to recorded
crimes in the area.

This should be illegal without a warrant, but current case law leaves enough uncertainty that police may feel that they can get away with this sort of tracking without a warrant.

According to the report by NOTUS, this vehicle and device tracking data is being shared through NLETS (the National Law Enforcement Telecommunications Network). The unusual status of NLETS makes it almost impossible to tell how this data is being used. It could be used to track people and vehicles across state lines or other jurisdictional boundaries, including to identify and track people traveling to obtain abortions.

Like AAMVA, NLETS is nominally a nongovernmental nonprofit organizations, but its members are government agencies.  AAMVA members are the heads of state driver and motor vehicle licensing agencies; NLETS members are Federal, state, and local law enforcement agencies for which NLETS has long served as a private police network in parallel with public communications networks. Once the operator of a dedicated police telex network (like the parallel special-purpose networks operated for airlines and banks)  NLETS is today the hub of the “police Internet“, providing both communications and database hosting services. Because NLETS is nominally “private” and nongovernmental, it itsn’t directly subject to any Federal, state, or local FOIA, public records,  or open meeting laws.