Apr 21 2021

DHS wants to put REAL-ID drivers licenses on smartphones

The Department of Homeland Security has published a Request For Information (RFI) from vendors and other stakeholders regarding standards for drivers licenses and other IDs stored on smartphones or other mobile devices to be considered compliant with the REAL-ID Act of 2005.

Responses to the RFI are due by June 18, 2021.

The amendments to the REAL-ID Act signed into law at the end of 2021 included provisions authorizing the DHS to certify digital ID credentials as “REAL-ID compliant”. That certification can’t happen, though, until the DHS promulgates new regulations.

The RFI published in the Federal Register this week is not formerly part of such a rulemaking, but appears to be part of the preparations for it.

A “mobile ID” would consist of a certificate digitally signed by a state department of motor vehicles. The RFI contemplates a process through which “individuals would electronically send identity verification information to the DMV to establish their identities and ownership of the target device.” No explanation or justification is provided for why or how a digitally-signed certificate would be, or should be, bound to a specific device, rather than simply provided as a file that can be stored on any digital device or storage medium.

It’s just as easy to loan a smartphone or other mobile device to another person whose appearance is similar as it is to loan a physical ID card to another person.

A drivers license rarely needs to be displayed, and in the form of a wallet-sized plastic card it  can be kept in a relatively secure pocket or compartment of a purse. A smartphone, in marked contrast, is likely to be frequently consulted and carried in a location on one’s person that is much more exposed and vulnerable to snatch-thieves than one’s wallet.

A smartphone is already, for many people, vulnerable as a single point of failure for identity and password management. Binding a digital ID to a specific smartphone appears likely to increase the risk and exacerbate the consequences of smartphone theft as a method of identity theft.

The RFI says that the DHS is considering incorporating the American Association of Motor Vehicle Administrators Mobile Driver License (mDL) Implementation Guidelines (April 2019) in the DHS standards and regulations, and the DHS seeks comments on those AAMVA guidelines. But those AAMVA guidelines are posted only on the “members-only” portion of the AAMVA website, and aren’t available to the public.

In the past, when we reposted specifications for the AAMVA’s national REAL-ID database that AAMVA had posted for years on the public portion of its website, AAMVA not only moved those specifications to to the members-only portion of its website, but asserted their copyright and threatened us with litigation to get us to take them off our site.

The DHS notice purporting to invite the public to submit comments on a secret document, not available to the public, that might be incorporated into DHS regulations, exemplifies everything that is wrong with both secret law and the outsourcing of “lawmaking” to entities such as AAMVA that are nominally private and not subject  to Federal or state freedom of information, public records, or open meetings laws.

There’s no indication in the RFI as to when or how the DHS plans to move forward with the separate rulemaking and approval procedures that will be required if it is to follow through on its threats to start turning away would-be air travelers at TSA checkpoints if they don’t have REAL-ID approved ID or don’t have or show any ID.

Apr 14 2021

More support for court challenge to TSA impunity

Two months ago, the last time we checked in on Sai v. TSA (now Sai v. Pekoske) —  the landmark challenge to the TSA’s attempt to avoid ever facing a Federal trial over its checkpoint procedures —  the disabled, pro se plaintiff had been given what seemed an impossibly short deadline by the 1st Cicruit Court of Appeals to file “hypothetical” objections to whatever “orders” the TSA might have issued that adversely affected them, without knowing what those orders might be.

Since then, we are pleased to report, things have been looking up for Sai and for all those who would subject the TSA to the rule of law.

Jonathan Corbett, Esq., who has brought a series of lawsuits against the TSA on his own behalf and that of his clients, stepped in to represent Sai pro bono, and got a small extension of time.

Of necessity given the limited time and resources, the brief filed on Sai’s behalf on April 2nd greatly narrows the issues presented. But it continues to challenge the TSA’s claim that its checkpoint procedures can’t be challenged or brought to trial in U.S. District Court, but can only be “appealed” to Circuit Courts where no fact-finding can be conducted and what constitutes the “record” to be (deferentially) reviewed is defined by the TSA itself. Sai also continues to challenge the TSA’s attempt to withhold self-defined “Sensitive Security Information” from disclosure in response to Freedom of Information Act (FOIA) requests.

Further strengthening Sai’s case against TSA impunity from trial or judicial fact-finding, the Institute for Justice — which is moving forward with its own challenge to systematically lawless TSA practices — has intervened in Sai’s case against the TSA with a friend-of-the-court brief and a request to participate in oral argument before the Court of Appeals.

We fully endorse the latest arguments made by both Sai and IJ, and look forward to having them given the consideration they deserve by the 1st Circuit panel.

Apr 12 2021

Connecting the DHS to the airline industry

A Request For Information (RFI) posted on a website for Federal government contractors gives a glimpse into the degree to which the Department of Homeland Security (DHS) has embedded itself into the information technology infrastructure of the airline industry.

The RFI for Services to Electronically Transmit Airline Data was posted April 5, 2021, by US Customs and Border Protection (CBP). Responses from potential vendors are due by April 19, 2021.

CBP says it is “conducting market research to gain a greater understanding of the full range of available options for services for obtaining names and related information of passengers who are arriving and departing the U.S. on commercial airlines.” Although the RFI was put out by CBP, which surveils and controls international air travel and cargo transport to and from the US, it appears to contemplate integration with the parallel systems used by the Transportation Security Administration (TSA) for data-driven surveillance and control of domestic US air travel as well.

According to the RFI:

CBP is evaluating transmission options for air carriers to use in compliance with these requirements.

  • The vendor must have established connectivity with the airline community.
  • The vendor must be able to test and certify with the air carriers, the vendor, CBP and TSA as required.

For those unfamiliar with the “parallel universe” of airline IT and data communications networks, this RFI might best be conceptualized by analogy to the specifications for the equipment — revealed by whistleblower Mark Klein — that was installed in the facilities of AT&T and other telecommunications companies to provide real-time copies of message data to the National Security Agency (NSA).

While the NSA receives metadata about the movements of our messages in the form of telephone calls, email messages, Web browsing, and other Internet traffic, CBP receives metadata about the movements of our physical bodies, whenever we travel by air, in the form of, according to the RFI,  “Passenger Name Records (PNR), air cargo manifests, advance passenger information (API), passenger manifests, and other airline-related data.”

The TSA receives a similar but somewhat different dataset of all domestic airline flights in the form of Secure Flight Passenger Data (SFPD).

The RFI requests information from vendors that already have  “an available global private network primarily used by the aviation industry to enable the aviation industry to send/receive API, PNR, and other information to CBP and other entities.”

The gateways provided by these vendors would also, presumably, position these vendors to serve other governments wanting to surveil and control air travel while using common gateways to connect to airlines without having to connect to each airline separately.

As the NSA did with telecommunications companies, CBP embeds itself in vendors’ data centers and message switching hubs:

The contractor shall provide the following to permit the electronic transmission of airline data to CBP’s computer network and host systems:

Provide Ethernet Internet Protocol (IP) connections to the contractor’s private global network. CBP routers are located on vendor’s premises. Contractor provides physical space at their datacenter(s) to include ¼ communications rack to house DHS/CBP co-located equipment that connects to the contractor’s private global network.

Unlike the “black boxes” installed in AT&T and other telecommunications and Internet switching centers to send mirror copies of messages to the NSA, the CBP/DHS connection to the global airline reservation cloud is bidirectional. The role of the DHS is not limited to passive surveillance, which would require only a unidirectional data feed.  DHS exercises positive permission-based prior restraint and control of the issuance of each boarding pass, which requires reliable real-time transmission of Boarding Pass Printing Result (BPRR) permission messages from DHS to airline check-in counters and Web check-in systems worldwide.

Currently, each airline has the option of connecting directly to CBP for bi-directional  transmission of PNR and API data and receipt of BPPR messages through a virtual private network using CBP-specified protocols and vendors, or connecting to DHS through one of two vendors approved by CBP to act as intermediaries: ARINC or SITA.

Read More

Apr 08 2021

TSA posts video showing how you can fly without ID

For years Transportation Security Administration (TSA) and Department of Homeland Security (DHS) officials and their state government collaborators have been repeating the big lie that all airline passengers must have government-issued ID credentials. That lie has been included in TSA and DHS press releases, airport signage, and Tweets from the official DHS and TSA accounts.

This public relations lie has been disclaimed, over and over, in TSA and DHS court filings and sworn testimony. But now it has been contradicted on the TSA’s official Twitter feed.

Tonight the TSA Tweeted a video showing some of the ways you can fly without “acceptable” ID or without any ID at all.

If the TSA deems your ID “unacceptable”, you can still fly if you can show two or more pieces of suitable (according to the TSA’s ecret non-rules) although “unacceptable” ID.

The TSA video also shows that even if you have no ID at all, you can fly if your answers to questions relayed by phone by the TSA’s ID Verification Call Center match the information in the (secret) file of information that has been linked to you by the commercial data aggregator Accurint (originally part of the discredited “Total Information Awareness” program but now a division of Lexis-Nexis).

No ID at all, much less “acceptable” ID,  is actually required to fly. So changes in REAL-ID Act regulations or TSA/DHS orders to airlines as to what ID is “acceptable” are irrelevant to whether you have right to fly without ID. Nothing in the REAL-ID Act negates this right.

In the screengrab above (one minute in), the video) shows a traveler filling out a copy of TSA Form 415, “Certification of Identity”. The TSA has been using versions of this form illegally since at least 2008, without ever having obtained the approval from the Office of Management and Budget (OMB) required before any collection of information such as this by a Federal agency. The TSA has twice said it intends to seek approval from OMB for Form 415. But in the face of our objections, the TSA has yet to request, much less obtain, that approval. It’s unclear whether when the TSA will actually do so.

To avoid having to give public notice of its planned information collection or respond to our objections, the TSA tried to get Congress to enact a special airport exception from  the Paperwork Reduction Act (PRA). But Congress declined to do so.  It’s unclear whether and if so when the TSA will actually apply to OMB for the required approval, or what additional illegal actions it may try to take in the meantime.

All use of both Form 415 and the associated questioning of travelers continues to be in violation of the PRA. As we noted in 2008 when the TSA first started asking travelers to fill out the form later labeled Form 415, the PRA provides an absolute defense against any sanctions the TSA might try to impose for refusing to fill out this unapproved form or cooperate with the TSA’s “20 questions” game of ID verification security theater.

Travelers can and should say no. Fly without ID, and exercise your right to remain silent.

Apr 07 2021

4th Circuit panel rejects rights to travel and to due process

In one of the worst court decisions on the right to travel since Gilmore v. Gonzales,  a three-judge panel of the 4th Circuit Court of Appeals has reversed the decision of a U.S. District Court that  the U.S. government’s system of extrajudicial administrative blacklists (euphemistically and inaccurate called “watchlists” although the consequences for the people who are listed include much more then merely being “watched”) is unconstitutional.

The decision comes in a class-action lawsuit brought on behalf of blacklisted Muslim  American travelers in 2018 by the Council on American Islamic Relations (CAIR). It folows a disturbing trend of decisions in similar cases by courts in the 6th Circuit and the 10th Circuit.

According to Gadeir Abbas, the CAIR attorney who has led the national campaign of lawsuits (many others of which are still pending) against post-9/11 blacklists, CAIR plans to petition for “rehearing en banc” by the 4th Circuit Court of Appeals:

A three-judge panel on the Fourth Circuit reversed a historic U.S. District Court decision that declared the entirety of the watchlist unconstitutional. In doing so, the judges ignored the dire consequences experienced by American citizens placed on the watchlist and took a dim view of what the Constitution requires. We are disappointed in this decision, but we remain undeterred. The fight is not over. CAIR will now ask the entire Fourth Circuit to review the case.

The 4th Circuit panel gets off on the wrong foot by declaring that it is reviewing a challenge to a “system vital to public safety”, despite the absence of any finding by the District Court to that effect or any evidence in the record to support such a claim. In fact, watchlists/blacklists are based on anything but actual dangerousness. If an individual were actually demonstrably dangerous, the government could and should either arrest them or apply to a court for an injunction restricting their dangerous actions. But the government has never done that with any of the people it has blacklisted.

The 4th Circuit panel opinion is dismissive of almost every aspect of the right to travel or of due process. It finds that government-imposed travel delays of hours or perhaps even days aren’t sufficient interference with the right to travel to constitute a legally-cognizable infringement of the right to travel, and that denial of air transport is Constitutionally insignificant because, “Plaintiffs can travel internationally by boat.”

Despite acknowledging that the blacklists/watchlists were “created by executive order” and not by any Congressional action, and that the Terrorist Screening Center “receives around 113,000 nominations annually and around 99% are accepted,” the 4th Circuit panel finds that no judicial review of these decisions is necessary.

Relying on an outdated history of entry and exit procedures when an intercontinental journey took weeks, and a delay of hours or days would only lengthen the journey time by a small percentage, the 4th Circuit panel brushes off the detention (in many cases at gunpoint), interrogation, and search of the plaintiffs. “Delays and inconveniences at the borders are… as old as the nation itself…. The experiences alleged by plaintiffs do not rise to the level of constitutional concern…. Given the government’s broad power to control movement across the nation’s borders, the burdens experienced by plaintiffs are not infringements of  ‘liberty’ within the meaning of the Due Process Clause.”

We join CAIR in looking forward to en banc rehearing and reversal of this ill-founded decision.

 

 

Apr 05 2021

Can TSA checkpoints be used as a general law enforcement dragnet?

Airline travelers who were searched at Transportation Security Administration (TSA) checkpoint for cash and other items unrelated to any threat to aviation are entitled to their day in court, according to the first significant ruling by a Federal judge in Pittsburgh in a class action lawsuit filed a year ago.

The class action complaint in Brown v. TSA was brought by the Institute for Justice on behalf of all air travelers whose cash was seized at TSA checkpoints. It charges that searches at TSA checkpoints for “general law enforcement purposes” that aren’t limited to searches for weapons, explosives, and incendiaries that could pose a danger to aviation are (1) “ultra vires”,  that is, outside the scope of any authority granted by law to TSA checkpoint staff, and (2) unconstitutional as warrantless, unreasonable searches and seizures prohibited by the 4th Amendment.

The TSA and Drug Enforcement Administration (DEA) defendants tried to get the court to dismiss the complaint on such specious grounds as that the dozens of incidents of seizures of air travelers’ cash described in the complaint were merely “isolated incidents” unlikely to be repeated, and that a Federal law that has often frustrated judicial review of TSA actions, 49 U.S.C. § 46110, denies any Federal District Court jurisdiction to even consider such a complaint.

After review of initial recommendations by a Federal Magistrate, U.S. District Judge Marilyn Horan has denied most of the government’s motions to dismiss the class action complaint, allowing the case to move forward toward a decision on the merits.

As we noted when we first reported on the filing of this lawsuit, its importance extends well beyond the specific issues of searches and seizures of cash. This is one of two key pending lawsuits (along with one filed by Sai that’s pending in the 1st Circuit Court of Appeals with friend-of-the-court briefs due to be filed by the end of this week) challenging the TSA’s attempt to expand its checkpoints from limited special-purpose administrative searches for items posing a hazard to aviation to general law enforcement checkpoints like the “4th Amendment-free zones” at international borders and points of entry.

There have been, and continue to be, strong pressures from within the Department of Homeland Security and from other law enforcement agencies to use TSA checkpoints for an even wider range of general law enforcement purposes. That would create a new airport exception to the 4th Amendment, based on treating travel as presumptively grounds for suspicion (and thus subject to search and/or seizure) rather than the exercise of a right.

We are pleased to see this case go forward as an important test of the limits to the TSA’s authority, the meaning of the 4th Amendment, and the existence of a right to travel.

Mar 30 2021

Expanding travel policing beyond no-fly lists (and the Fourth Amendment)

According to an article in POLITICO based on interviews with unnamed “law enforcement officials,” the US Department of Homeland Security (DHS) is considering expanded use of airline reservation data  to target travelers  for more intrusive searches:

The department could begin analyzing the travel patterns of suspected domestic extremists, monitor flights they book on short notice and search their luggage for weapons, a senior law enforcement official told POLITICO. There have also been discussions about putting suspected domestic violent extremists — a category that includes white supremacists — on the FBI’s No Fly List, the official said. When suspected extremists travel internationally, officials may be more likely to question them before they pass through customs and to search their phones and laptops.

A second law enforcement official told POLITICO that conversations about monitoring domestic extremists’ travel have involved multiple federal agencies at the interagency level, including the FBI.

We’ve recently discussed what’s wrong with the no-fly lists (there are several, created and maintained by different, although interlocking, entities, for different ostensible purposes) and why they shouldn’t be used like this or in most of the other ways that they are now used.

As Gary Leff puts it in his View from  the Wing travel blog:

Denying the freedom of travel, without trial, is precisely the mob rule outside of the rule of law that we’re supposed to be pushing back on after the events of January 6th. Having the government ban travel on all airlines without judicial review is frightening in a democracy.

The latest article in POLITICO suggests tactics that go well beyond no-fly lists. It’s important to understand what’s being talked about, and how it would differ from previously-disclosed practices and exceed what is permitted by current law.

It’s crucial to recognize that, in this proposal, the DHS is testing the waters not for an expansion of existing authority, but an entirely new category of exception to the Fourth Amendment: a “pre-crime” search that is based on neither a warrant nor probable cause, but that — unlike an administrative search — targets individuals selectively.

Read More

Mar 18 2021

Laundering Federal funding for the national ID database

The latest response to one of our Freedom Of Information Act (FOIA) requests shows the lengths to which the Federal government has gone to obscure its underwriting of the construction of a national ID database.

Supporters of  a national ID database know that there is resistance to exactly that idea. So they try to pretend that there is no such thing.

They can’t credibly claim that the SPEXS database doesn’t exist, so they try to pretend (1) that this isn’t a national database but merely a distributed national network of state drivers license and ID databases (which it could be, but isn’t, since it includes a national “pointer” database with a record of personal information for each drivers’ license or state-issued ID card), (2) that this State-to-State  network isn’t mandated by Federal law (a clearly false claim, since the Federal REAL-ID Act of 2005 requires that to be “compliant”, each state  must “Provide electronic access to all other States to information contained in the motor vehicle database of the State”), and (3) that this network and database are being built by states, not by the Feds.

The problem with this third and last line of rhetorical defense against opposition to the creation of a national ID database is that much of the funding actually is coming from the Federal government. But the Feds have gone to great lengths to obscure their role in funding the creation of the infrastructure for a national ID scheme.

Here’s how it works:

Read More

Mar 05 2021

Court says you can sue TSA agents who don’t let you film them

Judge John A. Gibney, Jr. of the US District Court for the Eastern District of Virginia has ruled that TSA checkpoint staff can be sued (and, potentially, held personally liable for damages) for stopping a traveler from recording video with his cellphone of them searching (“patting down”) his wife, and ordering him to delete the video.

The initial decision in the case of Dyer v. Smith is likely to be appealed to the Court of Appeals for the 4th Circuit. But Judge Gibney’s ruling is an important step toward holding the TSA accountable to the 1st Amendment (freedom of speech and of the press) and 4th Amendment (freedom from unreasonable search and seizure) to the US Constitution.

In particular, Judge Gibney not only (1) recognized that members of the public have a Constitutional right to film at TSA checkpoints, and not to have their recordings seized, but also (2) rejected the claim that this right was not “clearly established” and thus that TSA checkpoint staff should have “qualified immunity” from lawsuits, and (3) allowed the lawsuit against the TSA to go forward, under the so-called “Bivens doctrine” already recognized by courts in other contexts, even though there is no specific law (other than the Constitution itself, which ought to suffice) providing for lawsuits against TSA staff who violate travelers’ Constitutional rights.

We are particularly pleased that Judge Gibney recognized that the Constitutional right to film the TSA is “clearly established,” contrary to the court finding in 2015 in Phil Mocek’s lawsuit against TSA checkpoint staff and Albuquerque Police that, while Mr, Mocek’s rights had been violated, the right to film at TSA checkpoints was not (yet) clearly established — so Mr. Mocek was not entitled to any redress through the courts for the violation.

The plaintiff, Dustin Dyer, is himself a lawyer, but served only as pro se local counsel to civil rights attorney Jonathan Corbett, one of whose specialties is TSA wrongdoing.

(Mr. Corbett is also, we are pleased to report, representing Sai in his challenge to the Constitutionality of 49 USC § 46110, the Federal law which establishes special and especially limited procedures and criteria for judicial review of “orders” issued by the TSA.)

As with Mr. Mocek, Mr. Dyer was able to recover the “deleted” video, although it’s not clear how important that may have been in deterring the TSA from making up stories about what happened, as the TSA and police did (unsuccessfully, in the face of video and audio evidence falsifying their official reports) with respect to Mr. Mocek.

It’s worth reading both Mr. Corbett’s brief in support of his client Mr. Dyer, and the amicus brief by Constitutional law professors Brandon Hasbrouck of Washington and Lee School of Law and Katherine Mims Crocker of William and Mary Law School (where Judge Gibney is also an adjunct professor). As friends of the court, these law professors note that “The logic of the single decision [the defendants] cite [Mocek v. Albuquerque] is quite strained.” Judge Gibney seems to have agreed.

Feb 25 2021

Precog in a Box

[Flowchart of “goTravel” software package developed by the government of the Netherlands and offered to U.N. members through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT)]

National governments of all members of the United Nations are being pressured to implement new U.N. mandates for surveillance, profiling,  and control of air travelers.

These unprecedented mandates for the creation and deployment of new surveillance and “pre-crime” policing systems in every U.N. member state  are the result of a successful twenty-year campaign carried out by the US and its allies through the U.N. Security Council and the International Civil Aviation Organization (ICAO) as policy laundering proxies.

This U.N. mandate is illegal: it contravenes provisions of the International Covenant on Civil and Political Rights, to which almost all U.N. members are parties. It’s immoral: it goes against basic principles of justice, including the presumption of innocence and punishment for criminal actions rather than for inferred criminal states of mind. And it’s wrong: it presumes the existence of human and/or robotic “precogs” that can predict future crimes.

U.N. members that haven’t yet set up “pre-crime” police agencies to surveil and profile air travelers are being pushed by Security Council and ICAO directives, and pulled by offers of  their choice of free “Precog in a Box” software and other training and support from US Customs and Border Protection (CBP) through the World Customs Organization (WCO), or from the government of the Netherlands through the Countering Terrorist Travel Programme of the U.N. Office of Counter-Terrorism (UNOCT).

But how did we get here? What’s going on? And what’s wrong with this picture?

Read More