Jan 20 2025

UK “Electronic Travel Authorization” sets a bad example

Effective January 8, 2025, the United Kingdom began requiring citizens of the USA and most other countries who previously could enter the UK without visas for short visits for tourism and some other purposes to obtain a so-called Electronic Travel Authorization (ETA) as a new precondition for admission to the UK for those purposes.

The UK ETA is significant both in its own right and as a case study in what’s wrong with similar requirements and systems already in effect in other countries, including the USA, Canada, Australia, and in preparation in many more countries including all members of the European Union.

The requirement for an ETA is intended for a pupose fundamentally contrary to international treaties on aviation and the rights of refugees, and has been implemented in ways that facilitate surveillance of ETA applicants and arbitrary control by a few private companies of who can and who can’t travel to the UK.

We hope the EU and other countries will learn from and avoid, not emulate, this bad example set by the UK.

The UK ETA system is not the first of its kind, but it’s the first that most US citizens, except those who have traveled to Australia, will encounter. US citizens don’t generally see what foreign citizens have to go through to enter the US, even as tourists or in transit. And US and Canadian citizens visiting each other’s countries are exempt from the electronic travel authorization requirements that their governments apply to visitors from other countries.

But while it may be a new experience for US citizens, the UK ETA is similar to what’s already required for most tourists and short-term business visitors to the USA, Canada, or Australia. And the UK ETA is similar to the system that the EU plans to roll out for citizens of the US, Canada, UK, and many other countries.

Australia pioneered this concept with its ETA system, beginning in 1996 (and modified several times since them). The USA launched its ESTA system, modeled on the Australian ETA, in 2009. Canada followed with its eTA system in 2016. Now the UK is rolling out its similar ETA system in 2025.

The EU EES and ETIAS schemes were planned to go into operation several years ago, sooner than the UK ETA, but have been postponed repeatedly. The most recent announcement by EU authorities is that EES — a system for collecting mug shots and fingerprints of visitors to the EU, as the US already does with visitors —  will be launched sometime in 2025, and ETIAS — an electonic travel authorization like the US ESTA and the UK ETA — will go into effect six months after the EES launch. (The EU is also considering a related system for a “travel permission app” with problematic implications.)

Acronym soup and national variations aside, what’s an ETA? How do ETA requirements violate international law? What’s wrong with the way the UK has implemented its ETA program? Read More

Jan 15 2025

Maine may stop complying with the REAL-ID Act

A bipartisan group of six Maine state legislators has introduced a bill, L.D. 160, which would repeal all of the provisions of Maine law enabling the state to issue driver’s licenses and state ID cards potentially compliant with the REAL-ID Act of 2005.

L.D. 160 was introduced yesterday and immediately referred to the Joint Committee on Transportation. No hearing on the bill has been scheduled yet.

According to a report by Randy Billings in the Portland Press-Herald, State Rep. Laurel Libby (R-Auburn), the lead sponsor of L.D. 160, says of the REAL-ID Act that, “It’s expensive. It puts Mainers’ privacy at risk. It doesn’t protect us from terrorism.”  Rep. Libby is joined by five Democratic co-sponosrs of L.D. 160. (News reports are separate from editorials, but the Press-Herald has previously editorialized that Congress should repeal the REAL-ID Act.)

Read More

Jan 14 2025

TSA issues new non-rules for REAL-ID

Today the Transportation Security Administration (TSA) published new regulations for the REAL-ID Act in the Federal Register, finalizing a bizarre and clearly illegal proposal the agency made in September 2024.

The new TSA regulations leave it even more unclear than before who the TSA will allow to fly without ID, and who it will prevent from flying without ID, after May 7, 2025.

Rather than establishing standards applicable to demands for ID by all Federal agencies, the new TSA regulations purport to authorize the TSA itself as well as other Federal agencies to establish agency-specific plans for selective enforcement of REAL-ID Act requirements.

These “graduated enforcement plans” will be regulations in all but name, and the TSA seems to think that they  will have the force of law. But these graduated enforcement plans won’t be standardized, and may vary from agency to agency, contrary to the plain mandate of the REAL-ID Act for the Department of Homeland Security to promulgate standards for ID applicable to all Federal agencies.

“Graduated enforcement plans” will be promulgated summarily, solely by posting on different Federal agency websites, without notice, opportunity for public comment, or publication in the Federal Register. In effect, the TSA is trying to opt itself and all other Federal agencies out of the most basic  transparency, procedural, and due process requirements of the Administrative Procedure Act (APA).

In its analysis of the 11,000 comments submitted in response to its Notice of Proposed Rulemaking  (NPRM), the TSA acknowledges our objection to its attempt to re-delegate rulemaking authority to other agencies and opt out of APA requirements. But the TSA claims that “graduated enforcement plans” posted on agency websites won’t be “regulations”, even if they are claimed to authorize decisions about who can and can’t exercise rights.

The TSA also brushes off a wide range of Constitutional and statutory objections to the proposed regulations as “outside the scope of this rulemaking”.

It remains to be seen whether the new REAL-ID regulations will be challenged on APA and/or other grounds.

In response to our objection to statements in (NPRM) implying that after the effective date of the new regulations ID would be required to fly, the TSA says  as follows:

Upon full card-based enforcement, TSA may not accept noncompliant State-issued DL/IDs at security screening checkpoints for the purpose of boarding federally regulated commercial aircraft. This rule does not otherwise effect TSA’s policies related to acceptable forms of identification and identity verification.

If this is true, it means that the procedures for travel without ID (as distinct from any procedures for travel with noncompliant state-issued ID) won’t change.  But we won’t know for sure until after May 7, 2025, how the TSA will deal with air travelers without any ID.

Read More

Jan 06 2025

Human Rights and “Countering Terrorist Travel”

In late 2023 the U.N. Special Rapporteur on Counter-Terrorism and Human Rights released perhaps the most significant independent assessment to date of the human rights implications of travel surveillance and control.

The Special Rapporteur’s report was released without publicity on the next-to-last day of the Special Rapporteur’s term. Aside from an article by Statewatch, it got little notice.

A year later, an update from Privacy International reminds us of the Special Rapporteur’s report and calls attention to how little its recommendations have been heeded — and how urgently important they remain.

The Special Rapporteur’s report provides both a call to action and an analysis of travel surveillance and control as a human rights issue.

The report by Special Rapporteur Fionnuala Ní Aoláin and her staff reviewed the U.N. Countering Terrorist (CT) Travel Programme and the goTravel software being provided by the U.N. to its member states for them to use in monitoring and controlling travel worldwide on the basis of airline passenger manifest (API) and reservation (PNR) data.

This wasn’t the first time that the Special Rapporteur has addressed the use of API and PNR data for travel surveillnace and control. But it was the most detailed assessment by to date any of the U.N. human rights bodies of the system of travel surveillance and control based on airline reservations against the norms of international human rights law. The Special Rapporteur’s report addressed privacy — the focus of the recent follow-up by Privacy International — but also other human rights including, perhaps most importantly, the right to freedom of movement.

In the considered judgement of the Special Rapporteur as the holder of the relevant human rights mandate within the U.N. framework, this system fails the test of human rights law. “The roll-out of the system must be paused and an urgent review initiated”:

This position paper carries out an in-depth analysis of human rights implications and concerns associated with the CT Travel Programme and its promulgation of goTravel. The position paper demonstrates how UNOCT and its UN implementing partners appear to be failing to adequately mainstream human rights in the development of the underlying system for collection, use, and sharing of API/PNR data, and how the system which is now being rolled out internationally at pace, risks squarely contravening international law, particularly international human rights law, in multiple respects….

The CT Travel Programme’s API and PNR collection and sharing system was never designed with human rights in mind. It is marked by ad hoc thinking and the absence of rigorous analysis of how the technology and the international framework for data sharing it facilitates could be designed and operated in a manner which complies with relevant legal obligations, particularly international human rights law. The absence of that analysis has led to a situation in which the UN is now directly implicated in an approach to API and PNR data collection and sharing being rolled out globally which risks placing immensely powerful tools in the hands of States which may misuse them, intentionally or inadvertently, to jeopardize human rights, without any evidence of sufficient prior vetting, and without any practical or legal recourse to prevent or sanction such misuse….

The current UN approach to API and PNR data collection and sharing which is facilitated by the UNOCT and UN implementing partners in the CT Travel Programme and go Travel software platform represents a profound human rights risk and a serious reputational risk for the UN itself.

The Special Rapporteur’s report notes, with appropriately grave concern, that the U.N. itself has mandated — as we have reported — that the government of each U.N. member state must establish an airline passenger surveillance and control agency (“Passenger Information Unit”), compel airlines to provide the government with mirror copies of airline reservations (PNRs), and make that data available on request to all other U.N. members.

Read More