Edward Hasbrouck – Papers, Please!

Apr 15 2025

Withdrawal from REAL-ID gets a hearing in Maine

A bipartisan proposal to withdraw the state of Maine from compliance with the Federal REAL-ID Act of 2005 had its first hearing today (archived video) before the Joint Standing Committee on Transportation of the Maine State Legislature.

The REAL-ID withdrawal bill, LD 160, was presented to the Transportation Committee by state Rep. Laurel Libby (R-Auburn) and state Sen. Nicole Grohowski (D-Ellsworth), two of the six co-sponsors.

Public testimony in support of LD 160 was given by:

There was no public testimony against LD 160. The only opposition to the bill was voiced by Maine’s Secretary of State, Shenna Bellows.

Secretary of State Bellows struggled to explain her current support for REAL-ID compliance, in light of her history of opposition to the REAL-ID Act and Maine state compliance in her former positions as Executive Director of the ACLU of Maine and Maine State Senator.

Today, Secretary of State Bellows claimed, falsely — even after Mr. Kebede of the ACLU quoted the provisions of the REAL-ID Act requiring sharing with all other states of the contents of the state’s driver’s license database — that all of this information remains in the state of Maine. Secretary of State Bellows also claimed, also falsely, that the Federal government could not access the national REAL-ID database, SPEXS.

In fact, the SPEXS database is held by AAMVA, not by any Federal or state government agency. The Federal government could obtain access to SPEXS with a search warrant, subpoena, or national security letter directed to AAMVA, the same way it could obtain similar records from any private custodian. That order to AAMVA could include a “gag order” prohibiting AAMVA from disclosing the existence of the order or the release of SPEXS records to Maine, other states, or affected individuals. For all we, Secretary of State Bellows, or anyone in Maine knows, this may already have happened.

Members of the Transportation Committee seemed surprised — understandably — to learn from our testimony and that of other sponsors and supporters of LD 160 that the Maine Bureau of Motor Vehicles already uploaded personally identifying information extracted from all Maine driver’s license records to the SPEXS national ID database in December 2024.

Later in the same hearing, the Transportation Committee heard testimony from some of the same witnesses with respect to LD 1360, a well-meaning but inevitably flawed alternate legislative proposal to require the BMV to maintain the option of a “noncompliant” driver’s license or state ID. The problem with this is that those who get a noncompliant license or ID will think they have opted out of the national ID system, but their information will end up in the same SPEXS national ID database.

Secretary of State Bellows first tried to say that there was no such database, then that it only contained information concerning REAL-ID compliant licenses and IDs, but finally conceded that Maine actually has only one driver’s license and ID database that includes both compliant and noncompliant credentials. Pointers extracted from all records in this state database, including both compliant and noncompliant licenses and IDs, have been and are continuing to be uploaded to SPEXS. And those pointer records, as we pointed out, contain sensitive personal information vulnerable to abuse.

Here’s our 3-minute statement in support of LD 160 (full written submission):

Apr 11 2025

DOGE, DHS, and data matching

“Data matching” may seem abstract, but its consequences can be life-changing: visa revocation, deportation, sudden cessation of Social Security payments, all without warning or opportunity to present argument or evidence to a human fact-finder.

One of the hallmarks of the new U.S. Department Of Government Efficiency (DOGE) is large-scale algorithmic analysis and comparison of existing databases of personally-identified information. In many cases, algorithms, AI, and data matching are being substituted for human judgement as the basis for decisions about individuals. Similar projects are being carried out by the Department of Homeland Security (DHS).

These activities appear likely to violate the Privacy Act (including its rarely-enforced criminal provisions) and/or the Computer Matching and Privacy Protection Act.

DOGE’s programmers are working to aggregate and correlate databases that have been compiled by different agencies or commercial third parties such as social media platforms, identified in different ways, and ingested in different formats.

Data matching is central to the methods of DOGE and the Trump 2.0 Administration. One of President Trump’s Executive Orders to heads of all Federal agencies directs that:

Agency Heads shall take all necessary steps, to the maximum extent consistent with law, to ensure Federal officials designated by the President… have full and prompt access to all unclassified agency records, data, software systems, and information technology systems… This includes authorizing and facilitating both the intra- and inter-agency sharing and consolidation of unclassified agency records.

How is this working out, and what does this say about ID-linked records?

Mar 31 2025

Senators propose to abolish the TSA

[Excerpt from the Abolish TSA Act of 2025]

Late last week Senators Mike Lee (R-UT) and Tommy Tuberville (R-AL) announced that they are introducing the Abolish TSA Act in Congress.

If enacted, the Abolish TSA Act would abolish the Transportation Security Administration (TSA), in its entirely. Within three years of enactment of this bill, responsibility for securing airline flights, and for the cost of doing so, would be returned to the airlines and whatever private contractors they might hire. Responsibility for oversight over aviation security would be returned to the Federal Aviation Administration (FAA), as was the case before the creation of the TSA in 2002.

It should go without saying that if the new Department Of Government Efficiency (DOGE) is targeting wasteful programs and agencies, the TSA and its security theater should be near the top of the list. DOGE doesn’t have the authority to abolish the TSA, but Congress does.

In and of itself, privatizing aviation security won’t necessarily do anything to improve protection for travelers’ rights. As part of a largely stalled pilot program in privatization of searches of airline passengers, checkpoints at San Francisco International Airport and a few other smaller airports have been operated by private contractors almost since the creation of the TSA. The private contractors at SFO are trained to carry out the same searches of travelers as TSA agents at other airports, with the same intrusiveness.

Although we are unaware of any court ruling on the authority of TSA contractors at SFO or other airports, the TSA appears to think that these contractors have both police powers and the same “qualified immunity” that the agency has claimed for its own staff.

The Abolish TSA Act wouldn’t just privatize airline security, though. It would also provide, as part of the ground rules for a three-year transition plan for privatization, that:

The plan may not include… any agency requirement or regulation compelling private contractors conducting airport security screening services to conduct warrantless searches and seizures.

The main activity of the TSA is, of course, conducting warrantless searches. So this clause of the Abolish TSA Act would imply a major change in practices at airports.

We’d prefer that the word “compelling” in this sentence of the bill be replaced with “authorizing”. As introduced, the Abolish TSA Act might leave wiggle room for airlines or their contractors to claim that, even if they aren’t compelled by the government to perform warrantless searches as though they were police, they are still authorized to do so.

At a minimum, though, prohibiting the Federal government from compelling airlines to subject their passengers to warrantless searches would allow airlines to choose not to do so, deprive them of the defense that “the government made me do it”, and remove any basis for a claim of police-like qualified immunity against charges of battery or false arrest.

As of this writing, the Abolish TSA Act has not yet been docketed. We’ll update this article when the bill is assigned a number.

Mar 17 2025

FinCen demands reporting of cash transactions over $200

The Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury has ordered all money transfer agencies and currency exchanges in seven counties in California and Texas along the US-Mexico border to file reports with FinCEN including the identities of the customers engaging in all cash transactions over $200.

Implicit in this order is that would-be customers who are unable or unwilling to provide sufficient evidence of their identity (and to allow that information and the details of their transaction to be passed on to FinCEN) will be denied these financial services.

The Geographic Targeting Order published by FinCEN in the Federal Register last Friday is effective for transactions with financial services businesses in those counties from April 14, 2025, through September 9, 2025. The Bank Secrecy Act, which authorizes such orders, limits them to 180 days but allows them to be renewed an unlimited number of times.

The misleadingly-named Bank Secrecy Act is already subject to abuse as an enabler and pretext for financial surveillance, and already requires reporting of cash transactions of $10,000 or more. But so far as we’ve been able to determine, this order lowering the reporting threshhold to $200 is, even for a geographically limited area, unprecedented.

Other Geographic Targeting Orders have been issued, but typically with much higher threshholds — real estate transactions over $50,000 in Baltimore, for example. Why Baltimore, with a lower threshhold than anywhere else in the US? FinCEN didn’t say.

The new order goes against growing bipartisan calls in Congress to repeal the Bank Secrecy Act or at least raise the threshhold amounts for for customer identification and transaction reporting.

Nothing in the order gives any real justification for its geographic boundaries. More than a million people live in the area covered by the order, but it will actually affect a much larger number of people. Many travellers stop at “Casas de Cambio” on their way to and from border crossings in these counties to exchange cash dollars for pesos and pesos for dollars.

It’s unclear whether the goal of the order is primarily harassment or surveillance. The costs of completing the extra paperwork will undoubtedly drive up currency exchange and remittance fees and waste time for financial service businesses and their customers.

Mar 12 2025

State Department puts “X” passport applicants in limbo

The US State Department is withholding passports from some US citizens, effectively denying them the ability to leave or return to the US, without any basis in law or regulations.

Multiple news outlets have reported that the State Department has ordered its staff in the US and abroad to “suspend” processing of all pending applications for new or renewal US passports or passport cards with an “X” gender marker.

A new page of the State Department’s website suggests that each of these passport applicants will (eventually) be notified that their application has been “suspended” and will remain “suspended” (i.e. that they won’t be issued a passport) unless and until they provide “certain documents and records to help us establish your biological sex”.

Mar 03 2025

Treasury Department says it won’t enforce ID requirement for corporate principals

The US Department of the Treasury has announced that it plans not to enforce the provisions of the Corporate Transparency Act (CTA) that were to go into effect next month requiring owners and principals of all corporations to file copies of government-issued ID credentials, including photos, with the Financial Crimes Enforcement Network (FinCEN).

The Treasury Department also says it plans to propose revisions to the CTA regulations that would limit the ID-filing requirement to principals of “foreign reporting companies”, a term that doesn’t appear in the statute and isn’t defined in the announcement.

We don’t want the government to try to enforce the CTA reporting requirement. But if the law isn’t going to be enforced, it should be repealed, not left on the books as a Sword of Damocles available to prosecutors to threaten or persecute disfavored businesspeople. And the proposed regulations, redefining which entities must file CTA reports, would appear to be contrary to the explicit language of the CTA statute as to who must file.

Press releases like this one form the Treasury Department aren’t binding on Federal prosecutors, even now, much less in the future. Regardless of this announcement, nobody subject to the CTA is safe from prosecution if they don’t file the reports required by the law.

There are few legal constraints on prosecutorial discretion. Many laws — including those that impose reporting and filing requirements — are routinely ignored and unenforced. Police and prosecutors, especially those with malign intentions, love to have laws like this on the books that everybody violates. That allows anyone to be prosecuted at any time, with the government claiming truthfully that it is merely “enforcing the law”. Only in rare cases is the government required to explain the real reasons why some people are prosecuted while others who are known to have violated the same laws are not.

To word it a little differently, the combination of unlimited prosecutorial discretion and universally violated laws is central to the phenomena of pretextual police action and pretextual prosecution. An essential part of the solution is the repeal of unenforced laws.

We welcome, in the short term, the nonenforcement of CTA reporting rules. And we urge Congress to address the problem, promptly, by repealing the CTA in its entirety.

Feb 25 2025

“TSA must go away”

Thanks to a mutual fan, we were invited to speak about the work of the Identity Project with Alex Newman on the latest edition of The Liberty Report on Patriot.tv and Rumble.

We talked about current and long-term concerns including digital ID, the REAL-ID Act, how demands for ID enable surveillance and control and are being increasingly integrated into a global system of surveillance and control of our movements, and the importance of anonymous cash payment for protection against financial surveillance.

What can be done? We talked about the need for popular vigilance and popular resistance, but also about what the government could do:

If the Department Of Government Efficiency (DOGE) is really concerned about identifying unnecessary and ineffective government programs to cut, they could start with the TSA.

Members of Congress could do their part by reintroducing the Freedom To Travel Act and working to abolish the TSA.

Most importantly, though, we the people can continue to resist these attacks on our freedom.

Thnaks to Alex Newman and his crew for giving us a chance to bring these issues to his listeners and viewers.

Feb 24 2025

Supreme Court reinstates new requirement for IDs and mug shots of corporate principals

The US Supreme Court has stayed the nationwide injunction against enforcement of a Federal law requiring owners or principals of all corporations to submit copies of ID documents, including photos, to the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury.

The Supreme Court’s ruling leaves business owners and officers, and FinCEN, scrambling to figure out what to do — at a moment when how the Federal government might use personal information in ways that weren’t anticipated when it was collected is a hot topic.

The original deadline for filing of Beneficial Owner InformatIon (BOI) with FINCEN was to be January 1, 2025. But by then, multiple lawsuits against the Corporate Transparency Act had been filed, and the judge in one of those caseS had issued a nationwide injunction against enforcement of the law while the lawsuits were pending.

The Supreme Court’s decision to overturn that injunction allows the lawsuits and appeals to continue, but in the meantime allows the government to enforce the filing requirement.

Following the stay of the District Court injunction pursuant to the Supreme Court’s decision, FinCEN announced a new deadline of March 21, 2025, for filing of BOI (including copies of IDs) for most companies. Another injunction from a different judge in a different Federal court district remains in effect, but it applies only to the plaIntiffs in that case.

FinCen estimates that collecting and submitting the required information will require, on average, 90 to 650 minutes per company. That’s a far from trvial burden for, for example, a sole proprietor with a personal LLC. The cost could be much higher for even a small business thta has to hire a lawyer to figure out who is considered a “beneficial owner” or officer subject ton the reporting requirement.

Those who search for information on the Web about BOI filing requirments are likely to be led to the flood of scam sites set up to rip off would-be BOI filers with excessive facilitation fees as intermediaries, while harvesting personal information for identity theft. What does it say about the purposrted justification for this rule that the requirements of the “Financial Crimes Enforcement Network” are providing a windfall for financial fraudsters?

The purported limitations and controls on access to and use of BOI filings ring hollow in light of the access to and use of personal information from Federal databases in unanticipated ways and by entities and by newly-created entities with ambiguous authority, such as the White House Department Of Government Efficiency (DOGE).

With concern growing about how this informaiton might be misused, legislation is pending in Congress to repeal the Corporate Transparency Act or postpone its effective date.

On February 10th, the House of Representatives approved H.R. 736, a bill to extend the BOI filing deadline until January 1, 2026, by a unanimous vote of 408 to 0. The same or a similar bill is likely to be introduced in the Senate. Postponement might give time for the pending appeals in the lawsuits challenging the law to play out, or for Congress to repeal the law.

A bill to repeal the Corporate Transparency Act and the BOI reporting requirement has been introduced in the House as H.R. 425 and in the Senate as S. 100, “Repealing Big Brother Overreach Act”. No action has yet been taken on this bill in either chamber.

Jan 28 2025

Surveillance as a service (SAAS)

[Infographic from WCC.]

Does SAAS stand for “software as a service” or “surveillance as a service”?

As we’ve reported previously, the UN Security Council and ICAO have illegally ordered all UN and ICAO members to create national agencies for surveillance of airline passengers and global sharing of airline reservations (PNR) and passenger manifest (API) data.

Through bilateral and multilateral efforts and the UN Countering Terrorist Travel program, the US and Dutch governments have made available ready-made software for creating and managing travel watchlists, blocklists, and profiling algorithms and rulesets.

These aren’t the only options, though, for national governments wanting or feeling pressured by the US, UN, and/or ICAO to get on the traveler profiling bandwagon.

Caitlin Chandler of Wired, in conjunction with Andrew Couts, Crofton Black, Ariadne Papagapitos, and Daniel Howden of the European nonprofit newsroom Lighthouse Reports, has a ground-breaking report putting the spotlight on four commercial providers of outsourced and privatized air travel surveillance, profiling, and control systems: Swiss-based SITA (an established joint venture formed by airlines to provide shared IT services) and Travizory, French-based Idemia, and Dutch-based WCC.

These are the companies that make presentations, lurk on the sidelines and in the booths, and negotiate public-private partnership agreements at the annual FTE Global trade show, ICAO’s annual TRIP symposium in Montreal, and similar regional events.

Each of these companies offers a turn-key solution, either user-installed or cloud-based, to governments that want to jump-start their air travel surveillance and control programs and “push their borders offshore”, as one of these vendors describes their service.

Another vendor quoted by Wired says that with their system and its interconnections, “Participating governments are then able to respond to the carrier … in real-time, authorizing or denying the boarding of each and every passenger.” These systems are also designed to interface with electronic travel authorization (departure permission) systems.

[SITA brochure on the “Exported Border”.]

Each of these systems supports drag-and-drop importing of watchlists and blocklists from other countries, creation and addition of entries to new watchlists and blocklists, and creation of new profiling and travel blocking algorithms and alerts. Each also allows government customers to enable the vendor’s preconfigured pre-crime and artificial unintelligence profiles and algorithms as part of their surveillance, blocking, and alert ruleset.

In interviews reported in Wired, these companies disclaim responsibility for how these tools are used by government customers or what rules customers add to their algorithms — a claim that is at best disingenuous, especially when government customers turn on pre-crime and AI profiling and scoring algorithms provided by the vendor as part of a black box.

It would be a mistake to focus too much on these surveillance-as-a-service providers, to the exclusion of the governments that have contracted and paid for their services. That governments and their commercial partners are illegally interfering with the right to freedom of movment, the right to leave any country, the right to travel by common carrier, and the right to asylum is more significant than the specific systems they are using to do so. But the report in Wired outing these companies and their role in travel surveillance and control is an important step. These vendors and their surveillance-as-a-service products, as well as the government agencies they work with, deserve continuing scrutiny and oversight from human rights activists and international human rights bodies alike.

Jan 20 2025

UK “Electronic Travel Authorization” sets a bad example

Effective January 8, 2025, the United Kingdom began requiring citizens of the USA and most other countries who previously could enter the UK without visas for short visits for tourism and some other purposes to obtain a so-called Electronic Travel Authorization (ETA) as a new precondition for admission to the UK for those purposes.

The UK ETA is significant both in its own right and as a case study in what’s wrong with similar requirements and systems already in effect in other countries, including the USA, Canada, Australia, and in preparation in many more countries including all members of the European Union.

The requirement for an ETA is intended for a pupose fundamentally contrary to international treaties on aviation and the rights of refugees, and has been implemented in ways that facilitate surveillance of ETA applicants and arbitrary control by a few private companies of who can and who can’t travel to the UK.

We hope the EU and other countries will learn from and avoid, not emulate, this bad example set by the UK.

The UK ETA system is not the first of its kind, but it’s the first that most US citizens, except those who have traveled to Australia, will encounter. US citizens don’t generally see what foreign citizens have to go through to enter the US, even as tourists or in transit. And US and Canadian citizens visiting each other’s countries are exempt from the electronic travel authorization requirements that their governments apply to visitors from other countries.

But while it may be a new experience for US citizens, the UK ETA is similar to what’s already required for most tourists and short-term business visitors to the USA, Canada, or Australia. And the UK ETA is similar to the system that the EU plans to roll out for citizens of the US, Canada, UK, and many other countries.

Australia pioneered this concept with its ETA system, beginning in 1996 (and modified several times since them). The USA launched its ESTA system, modeled on the Australian ETA, in 2009. Canada followed with its eTA system in 2016. Now the UK is rolling out its similar ETA system in 2025.

The EU EES and ETIAS schemes were planned to go into operation several years ago, sooner than the UK ETA, but have been postponed repeatedly. The most recent announcement by EU authorities is that EES — a system for collecting mug shots and fingerprints of visitors to the EU, as the US already does with visitors — will be launched sometime in 2025, and ETIAS — an electonic travel authorization like the US ESTA and the UK ETA — will go into effect six months after the EES launch. (The EU is also considering a related system for a “travel permission app” with problematic implications.)

Acronym soup and national variations aside, what’s an ETA? How do ETA requirements violate international law? What’s wrong with the way the UK has implemented its ETA program? Read More →

Papers, Please!

The Identity Project