Papers, Please!

The Identity Project

Monthly Archives: October 2025

Oct 16 2025

USCIS still wants to stalk US residents and visitors on social media

Doubling down on its attack on anonymity and disregarding comments from the Identity Project and more than a thousand other organizations and individuals, US Citizenship and Immigration Services (USCIS) has renewed its request for blanket authorization to require applicants for US visas, visa-free entry, residency, or citizenship to disclose every social media platform and identifier they have used in the last five years.

Today the Identity Project and Restore The Fourth (RT4) filed comments opposing this USCIS proposal for dragnet social media surveillance of foreign visitors and residents and the US citizens with whom they communicate and associate on social media.

USCIS made no significant changes in response to the first round of public comments and ignored most of the issues we and others raised, including the ways that social media surveillance would impact First Amendment rights of assembly and association.

In addition to reiterating the unanswered concerns raised in our initial comments, our latest comments also respond to the false claims made by USCIS:

In its analysis of the first round of comments, USCIS claimed that “the information that DHS may access via social media is publicly accessible and DHS may not access information that is designated as private.”

This claim is entirely unsupported, and clearly false.

The association between an individual and a particular anonymous or pseudonymous social media account or posting is, by definition, not public information. In requiring individuals to disclose with which social media accounts they are associated, including anonymous or pseudonymous accounts, USCIS is demanding disclosure of non-public information.

Of course, if all of the requested information including which individuals are associated with which anonymous or pseudonymous social media accounts and postings were public, USCIS would have no need to request it from individuals or require them to provide it. USCIS is requiring individuals to list all social media accounts with which they are associated, including anonymous and pseudonymous accounts, precisely because this information is deliberately private – in some cases intensely private – and because USCIS cannot obtain this information without forcing individuals to disclose this private information and make it public.

The purpose – the only purpose – of requiring individuals to disclose anonymous and pseudonymous social media accounts is to enable USCIS to access private information.

By falsely claiming that all of this information is public, USCIS entirely avoids responding to any of the comments regarding the compelled disclosure of private information.

The deadline to comment on this proposal is midnight tonight, Eastern time.

Oct 12 2025

CBP changes procedures for airline passengers with “X” passports

19 C.F.R. 4.7b (3)

CBP regulations require would-be airline passengers to identify as “F” or M”. These regulations were never changed, even when CBP was accepting “X” gender markers.

Traveler Gender CBP Data Element Validation: System Error if missing or invalid. Only submissions of “M” for male and “F” for female are accepted.

[CBP implementation guide says that only “M” and “F” are accepted in APIS data.]

U.S. Customs and Border Protection (CBP) has announced plans for changes to its procedures for processing information sent to CBP by airlines (and possibly also train, bus, and ferry operators) about passengers on international routes with non-binary or non-gendered “X” gender marker passports, to take effect on Tuesday, October 12, 2025.

The planned changes were disclosed by press release rather than by rulemaking notice in the Federal Register. Implementation has been outsourced to airlines subject to secret “Security Directives” from CBP.  Neither the current nor the planned procedures comply with the law. All of this makes it difficult to predict what will happen to anyone with an “X” gender marker on their passport who tries to make reservations, buy tickets, or check in for international flights after October 12th.

But here’s what we know:

Read More

Oct 08 2025

Repeal the REAL-ID Act

After twenty years of resistance by individuals and state governments; twenty years of failed threats, intimidation, and extortion by the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) to get states to administer and participate in a distributed national-ID scheme; twenty years of construction of an outsourced, unaccountable national ID database; and twenty years of lies by the DHS and TSA about what the REAL ID Act requires and whether states and individuals are “complying”; it’s time to repeal the REAL-ID Act of 2005.

Last month Sen. Rand Paul (R-KY) introduced S. 2769, a short, simple bill to repeal the REAL-ID Act of 2005 in its entirety. This isn’t a bill to “reform” or put “guardrails” on the REAL-ID Act. It’s not amendable to reform. The REAL-ID Act was a bad idea from the start, hastily enacted at the height of post-9/11 panic with no hearings or debate. It’s time to acknowledge that mistake, and to repeal the REAL-ID Act. S. 2769 is long overdue.

We urge other US Senators from both sides of the aisle to co-sponsor S. 2769,  and US Representatives to introduce the similar legislation in House.

As Chair of the Senate Committee on Homeland Security and Government Affairs, Sen. Paul has the opportunity to convene hearings on repeal of the REAL-ID Act. We’d welcome a chance to testify about the hidden national ID database we uncovered, the DHS and TSA lies, and the TSA’s attempts to prevent us from even reading its new digital REAL-ID rules. And the committee would have a chance to hear from some of the state legislators who’ve been opposing the REAL-ID Act and its burdens on their states and their residents since its enactment. Sen. Paul is also ideally positioned to get REAL-ID Act repeal considered by the full Senate, either as a standalone bill or as part of a larger legislative package.

We look forward to working with Sen. Paul and to seeing S. 2769 become law. It’s time!

Oct 06 2025

The weaponization of travel blacklists

Excerpt from "After Action Report" by a Federal Air Marshal.

[A Federal Air Marshal (FAM) tasked with surveillance of an airline passenger targeted by Quiet Skies lists and/or rules followed the traveler out to the curb and recorded the license plate number of the vehicle in which she left the airport, so that her airline reservations could be integrated with license plate reader data into an uninterrupted multi-modal travel history.]

On September 30, 2025, the Senate Committee on Homeland Security and Government Affairs held a hearing on Examining the Weaponization of the Quiet Skies Program.

Coming just hours before the partial shutdown of Federal government operations, this hearing was sparsely attended, even by members of the committee, and got little press attention. The hearing opened with the Chair and Ranking Minority Member of the committee talking over each other at length.

Much of the argument between Senators and the questioning of witnesses focused not on the general problems of the Quiet Skies traveler surveillance program program or government travel blacklists (referred to euphemistically as “watchlists” throughout the hearing) but on whether these programs have been weaponized to a greater extent under Democratic or Republican administrations.

But if we — and, we hope, members of Congress — can look past the partisan polemics, the testimony and documents introduced into the record of this hearing provide important guidance on what can and should be done to protect all travelers —  regardless of our party affiliation (if any), ethnicity, religious beliefs, or political opinions — against the weaponization of travel blacklists by whatever government is in power. Read More

Oct 01 2025

ICE is buying location data from smartphone apps, etc.

How can your movements be tracked?

The Penlink surveillance company counts some of the ways:

Penlink: "6 Overlooked Sources of Tracker Data Investigators Shouldn’t Miss"

Penlink was brought to our attention by a report from Joseph Cox in 404 Media that the Immigration and Customs Enforcement (ICE) division of the US Department of Homeland security (DHS) is entering into a contract with Penlink as a unique and irreplaceable source of aggregated location data from smartphone apps and other sources.

According to an ICE document  justifying the no-bid single-source contract that was uncovered by 404 Media, Penlink is the only company that can “compile, process, and validate billions of daily location signals from hundreds of millions of mobile devices, providing both forensic and predictive analytics”, and that is willing to sell ICE access to this data.

Penlink also extracts and makes available to its subscribers, in real-time, location data embedded in EXIF metadata in smartphone photos uploaded to Facebook and other social media, and boasts of its ability to aggregate location data from many other sources.

How does Penlink get this data, in order to be able to sell it to ICE?

Most people didn’t (and wouldn’t) knowingly consent to having this information sent to and used by the government, and wouldn’t think of this information as “open source”. How many people even realize that, by default, each smartphone photo contains precise location information included within the image file?

Most people would consider an app that collects timestamped location tracking data and sends it to a company that sells it to the police to be “malware”.

Almost all of these apps with embedded surveillance malware are distributed — in most cases, distributed exclusively — through the Google Play Store or the Apple App Store.

To put it another way, the Google Play Store and the Apple App Store are the primary distribution channels for malware people install on their smartphones that enable government surveillance.

Read More