Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Jan 17 2020

Is the TSA “screening” for threats to aviation, or for cash and drugs?

A class-action lawsuit filed this week in Pittsburgh by the Institute for Justice, Brown v. TSA, exposes the dirty non-secret that TSA checkpoints are used primarily as drug checkpoints  and as a revenue center for law enforcement agencies, not to protect aviation.

Warrantless, suspicionless dragnet administrative searches at TSA checkpoints are justified as measures to “screen” travelers for weapons, explosives, and other threats to aviation.

When the actions of TSA Transportation Security “Officers” are challenged in court, the TSA has claimed that its “Officers” are not the “officers” referred to in the Federal Tort Claims Act (“any officer of the United States who is empowered by law to execute searches, to seize evidence, or to make arrests for violations of Federal law”) ; conduct only limited administrative searches for weapons, explosives, and threats to aviation; do not have any authority to conduct searches for any other purpose; and neither have nor exercise authority to arrest or seize travelers.

In practice, however, the primary use of TSA checkpoints by the government is to “screen” travelers for drugs and cash, and to seize and expropriate illegal drugs, drug-related cash, and all “large” sums of cash being carried by airline passengers, regardless of the presence or absence of any evidence linking that cash to illegal drugs or any other illegal activity.

Read More

Jan 02 2020

Drivers’ license data sold to businesses, given to Feds

As we start the year of the once-a-decade US Census, it’s an appropriate time to start looking at some of the ways and the purposes for which data — including drivers license data — is used and shared by the Bureau of the Census.

State agencies that issue drivers’ licenses want us not to object to their demands for more and more personal information about matters unrelated to driving — digital photos, scans of birth certificates and social security cards, etc. — in order to obtain drivers’ licenses that comply with the Federal REAL-ID Act.

State driver licensing agencies say we shouldn’t worry — notwithstanding the requirement of the REAL-ID Act that drivers’ license and state ID data be made available electronically to all other states — because this data will only be shared “as permitted by law”.

But what does that mean? What sharing of this data does the law permit?

Recent reports show that drivers’ license data can be, and is, widely shared with both commercial entities and Federal agencies — including the Bureau of the Census, which will be conducting the decennial census in 2020 — for purposes unrelated to motor vehicle operation or drivers’ licenses. Both Federal and state agencies say that all of this is permitted by the Drivers Privacy Protection Act (DPPA).

Read More

Dec 17 2019

Airports of the future: surveillance by design

As we’ve seen in the ongoing debate over biometric identification of travelers at Sea-Tac Airport, and as we’ve seen before elsewhere, airlines and government agencies want to pretend that each of their initiatives to identify and track travelers is a discrete, limited project, not part of any common agenda for government and commercial surveillance.

Don’t believe a word of this soothing blather. These measures are part of a conscious, deliberate, and (in their internal communications) explicit plan to deploy pervasive, integrated common-use infrastructure and data sharing for government and commercial identification and tracking  purposes throughout airports and each step of an air traveler’s journey. The airline/airport/government consensus is on surveillance by design, not privacy by design.

Here’s our latest glimpse at the real thinking behind the curtain of propaganda: The leading provider of communications and IT infrastructure and services for air transportation has a guest commentary of end-of-the-year predictions for “airports of the future” on an industry news site:

Airports of the future: SITA’s 10 predictions for the next decade
by Benoit Verbaere, business development director, SITA
Passenger Terminal Today, December 12, 2019

Air transport IT provider SITA has unveiled 10 bold predictions about the technology shaping how passengers will move through the airport of the future. Benoit Verbaere, business development director, SITA, predicts major change in almost every aspect of the airport experience….

Security will be integrated into a frictionless journey.

Over the next decade, going through security will mean walking along a corridor…. Passengers and their bags will be recognized automatically as they go through automated checkpoints. Hard checkpoints will be replaced by sensor corridors….

In future airports, risk will be constantly assessed by specialist artificial intelligence (AI), using the passenger’s digital identity…. [G]overnments… will use automated collaborative systems to approve – or, in some cases, not approve – the various steps of the journey….

Everything will have tags: people, bags and cargo. And they will be tracked throughout their entire journey, whatever mode of transport they are using…

The airport will be highly connected.

Our new era of connected airports will be driven by increasingly cheap sensors, less dedicated hardware and new data lakes, fed by every device….

Across every single journey, there are 10 or more different entities that are responsible for making the trip a reality. The only way to collect all the data to make this journey seamless is through close collaboration between everyone working at an airport: the airport itself, airlines, government agencies, ground handlers, restaurants, and shops. We also need collaboration across the entire ecosystem of connected airports….

The fast and frictionless journey to, and through, the airport will make some current revenue streams, for example, parking, weaker or obsolete. Airports will, therefore, need to find new ways to augment the travel experience to replace them. Personalization will be the key….

The future of airports lies in connected, highly-intelligent and efficient operations that offer passengers …  frictionless travel and rich, personalized experiences. Today’s … operational silos will dissolve, resulting in data sharing.

Is this point of view an outlier? No, just the opposite: SITA is jointly owned by airlines, and its agenda expresses its owners’ common agenda and the industry consensus.

SITA is a unique airline joint venture created by its airline owners to provide shared, common-use communications and IT infrastructure and services. SITA messaging has been for decades, and remains, the industry standard for reservations and operational communications between airlines, airport operators, contractors, and — increasingly — government agencies. Today most SITA messages are sent and received by ‘bots, via APIs, or through e-mail gateways, but airline and airport operations staff still have SITA addresses on their business cards along with, or instead of, e-mail addresses.

None of these predictions are new or considered controversial by airlines, airport operators, government agencies, and service providers including SITA and its competitors. Nor is this vision seen as dystopian — those who hold these views see the ability of governments and commercial entities to track each passenger in real time, and to seamlessly share data about travelers identities and movements between airlines, airports, and government agencies, as their utopia.

If we do not resist its implementation, this vision will be the future of travel.

Dec 12 2019

Port of Seattle to develop policies on use of biometrics to identify travelers

This week the Port of Seattle Commission — a special-purpose government body elected by the voters of King County, Washington, to administer both the Seattle-Tacoma International Airport and the maritime Port of Seattle — became the first airport operating or oversight body in the US to publicly discuss any policy for use of facial recognition and other biometrics to identify and track travelers.

Dozens of community members, technical experts, and members and representatives of local, national, and international civil liberties and human rights organizations including the Identity Project, the World Privacy Forum, the ACLU of Washington, the Japanese American Citizens League (JACL), Puget Sound Sage, the Seattle Privacy Coalition, cyber-security experts, and many others submitted written statements to the Port Commission or testified in person at the Port Commission meeting on December 10th in opposition to biometric tracking of travelers at Sea-Tac Airport and the Seattle cruise ship terminal.

The only testimony to the Port Commission in support of biometrics to identify travelers came from a representative of Alaska Airlines, who asked the airport to make available “common-use” biometric passenger identification infrastructure and systems that could be used by all airline tenants at Sea-Tac.

Contrary to some reports, the Port of Seattle Commission adopted neither a moratorium on current or additional deployments of biometric traveler identification systems at Sea-Tac and the Seattle cruise ship port, nor any binding rules for the continued or expanded use of biometrics.

Port Commissioners made explicit during this week’s public meeting that they have not yet made any decision on which current and/or proposed new or expanded biometric systems or uses, if any, or what regulations or contractual terms of airport leases to airline tenants related to biometrics the Port Commission will eventually approve.

The motion adopted by the Port Commission is a directive to Port staff who have approved years of biometrics deployments at Sea-Tac (including Automated Passport Control kiosks for biometric entry tracking of arriving international passengers) and the Seattle cruise ship port without, to date, any formal standards or meaningful assessment of their purpose,  justification, or impact. The Port Commission has now ordered what amounts to a “do over” by Port staff:

Through this motion, a port working group is established to develop further recommendations governing port policy related to use of public-facing biometric technology.

This working group is to be composed of Port staff and operate in line with general principles, procedural guidelines, and a schedule included in the Port Commission motion.

Port staff are to “engage active participation from an advisory group [to be named later by Port staff] composed of community partners, travelers, maritime and aviation industry partners, and other impacted stakeholders”. The Port Commission will only then decide whether, and if so on what terms, the Port will allow continued and/or expanded use of biometric systems to identify travelers on Port premises. “Policy recommendations shall be delivered to the commission by the end of the first quarter of 2020…. The commission … expects a policy governing the use of public-facing biometric technology to be delivered to the commission by the end of the second quarter of 2020.”

As we explained in our written testimony to the Port Commission, and in person near the start of the public comment period at the Port Commission meeting on December 10th, there’s a malign convergence of interest between airlines’ desire to use facial recognition for business process automation and personalization, and government agencies’ desire to use the same systems for profiling, surveillance, and control of travelers.

The unfortunate result has been the development of integrated common-use systems of commercial and government biometric tracking.

Read More

Dec 05 2019

DHS postpones plan for mug shots of innocent US citizen travelers

Press releases issued today by US Customs and Border Protection (CBP) and Sen. Edward Markey suggest that CBP and its parent agency, the Department of Homeland Security (DHS), have cancelled or postponed, at least for now, their plans to require mug shots of all US citizens leaving, or returning to, the US.

But rather than admit that it has partially backed down or postponed some of its most offensive and intrusive plans in the face of public and Congressional outrage, CBP has sent reporters a statement alleging that our report breaking the story and others that followed contained “incorrect claims” about CBP plans:

We stand by our story.

Until this Monday, when we called attention to the official DHS/CBP notice, the officially-approved and officially-stated intent of the DHS and CBP was to propose rules requiring U.S. citizens on international flights to be photographed.

If “there are no current plans” for mandating mug shots of US citizens, that’s becuuse DHS and CBP plans changed this week in response to public and Congressional outrage and the likelihood that pursuing these plans now would derail DHS and CBP hopes for approval of its current facial recognition programs by airport authorities such as the Seattle Port Commission, which will consider the issue next Tuesday (and which had been misleadingly told by the CBP official responsible for the planned rulemaking that facial recognition would not be mandatory for US citizens).

The official DHS/CBP notice of planned rulemaking meant what it said. It was issued through a formal process of agency review. It wasn’t  a typo, a mistake, or issued by a “rogue” employee.

We vigorously contest the CBP assertion that our story contained any “incorrect claim”.

Such DHS and CBP allegations, in response to truthful reporting, only further discredit the DHS and CBP, and lower whatever little credibility they may have had.

Was this a trial balloon to find out whether the DHS had finally reached the limits of our willingness to be treated like criminals whenever we fly? And if so, has the DHS partially backed off, at least for now? Maybe.

Read More

Dec 03 2019

Seattle Port Commission to consider rules for airport facial recognition

We’ll be in Seattle on December 10, 2019, to give public comments (see our detailed written testimony submitted in advance) at a meeting of the Port of Seattle Commission concerning a proposed resolution on use of facial recognition by airlines at the Seattle-Tacoma International Airport (SEA).

This will be the first time that any operator of a US airport has publicly considered any policies to govern use of facial recognition by airlines or on airport property.

The public authorities that operate almost all major US airports have a key role to play in oversight of traveler surveillance systems deployed on their premises by their tenants.

Read More

Dec 02 2019

DHS plans to require mug shots of U.S. citizen travelers

Buried in the latest Fall 2019 edition of an obscure Federal bureaucratic planning database called the Unified Agenda of Regulatory and Deregulatory Actions is an official notice from the U.S. Department of Homeland Security (DHS) that:

To facilitate the implementation of a seamless biometric entry-exit system that uses facial recognition … DHS is proposing to amend the regulations to provide that all travelers, including U.S. citizens, may be required to be photographed upon entry and/or departure [to or from the U.S.].

According to the latest version of the “Unified Agenda”, the DHS plans to publish a “Notice of Proposed Rulemaking” (NPRM) in approximately July 2020 to make mug shots mandatory for U.S. citizens leaving  or returning to the U.S.

The laws cited in the “Unified Agenda” as providing the statutory basis for the proposed rule pertain to searches of aliens (non-U.S. citizens) and the obligation for U.S. citizens entering or leaving the U.S. to have U.S. passports (a requirement of questionable and largely untested Constitutionality). It’s not obvious how the DHS will twist this into purported authority to require mug shots of all U.S. citizens who travel internationally.

The DHS has already given notice of its intention to solicit bids for systems to capture photos of all air travelers, including U.S. citizens, and is working with airlines and airports on schemes to share the photos, so that airlines and airports will be able to use data collected under government coercion for their own commercial business-process-automation and price-personalization purposes.

In November 2019, the U.S. Customs and Border Protection (CBP) component of DHS declared that its “test” of facial recognition on travelers crossing the US-Mexico border on foot had become a “permanent fixture” at certain pedestrian border crossings.

Meanwhile, the DHS continues to try to reassure travelers by claiming that U.S. citizens can and will be able to opt out of being photographed at airports or land border crossings — even though we continue to get reports, as we have told DHS officials directly, from travelers who were told by U.S. Customs and Border Protection officers and/or by line-minders at airports and borders that photography is mandatory .

Can you opt out? All current statutory and regulatory provisions for biometric entry and/or exit are explicitly applicable only to non-U.S. citizens. They provide no legal basis for photography of U.S. citizens leaving or returning to the U.S. But current law also provides no guarantee of a right for U.S. citizens to opt out, and no specification of procedures for opting out or for redress for U.S. citizens who aren’t allowed to opt out. That will all become moot if the DHS succeeds in promulgating regulations requiring all travelers to submit to mug shots, the courts uphold them, and travelers acquiesce.

Just say no.

Nov 21 2019

What will the REAL-ID Act mean for Californians?

[Steve Gordon, Director of the California Department of Motor Vehicles]

The director of a $9 million state publicity campaign to persuade Californians that they will be “turned away at the TSA checkpoint” if they try to fly without ID and that “you will need to show federally-compliant identification in order to board a domestic flight within the U.S.” admits that he knows you can fly without any ID, and he’s flown without ID himself.

That admission by Steve Gordon, Director of the California Department of Motor Vehicles (DMV), came following a hearing in Los Angeles yesterday at which we also testified (written testimony, video starting at 1:10:23) before the California Assembly Budget Subcommittee responsible for oversight of the DMV.

California DMV Director Gordon said the DMV has an “overall budget north of $9 million” for an “awareness and motivational campaign” in all media — billboards, online keyword advertising buys , etc. — to “drive people to action” to apply for REAL-ID cards.

Gordon said that the DMV had changed its message from “You can apply for either a REAL-ID ‘compliant’ or ‘noncompliant’ drivers license or ID card” to, “You should get a REAL-ID card,” because it was “too confusing” to tell people they have a choice.

Read More

Oct 22 2019

9th Circuit upholds “no-fly” procedures & criteria

A 3-judge panel of the 9th Circuit Court of Appeals has upheld the government’s procedures and criteria for issuing “no-fly” orders against a complaint that the criteria (which are essentially “pre-crime” criteria based on predictions of future bad actions) are too vague to provide fair notice of what actions might lead to a “no-fly” order, and that the procedures do not provide the degree of procedural due process (notice of the accusations, an opportunity to see the evidence and cross-examine witnesses, etc.) required by the Constitution.

While the 9th Circuit panel left open the possibility of a challenge to the substantive grounds for a specific no-fly order, it upheld the government’s effort, in mid-litigation, to change the procedures for no-fly orders to keep challenges to no-fly orders out of U.S. District Courts and preclude any trial or adversarial or judicial fact-finding in such cases.

The 9th Circuit panel found that no-fly orders issued by the TSA under the current revised procedures are excluded from the jurisdiction of U.S. District Courts. TSA no-fly orders can be “reviewed” by a Circuit Court of Appeals only on the basis of a self-serving “administrative record” created by the TSA, and on the basis of a deferential standard that presumes the validity of the TSA’s fact-finding. The 9th Circuit panel did not address the Constitutionality of the applicable jurisdiction-stripping law, 49 U.S.C. § 46110, which is currently being challenged in the 1st Circuit in Sai v. Pekoske (originally Sai v. Neffenger).

The decision announced yesterday in Kashem v. Barr may be the worst appellate court decision against freedom of travel since the 2006 decision by the 9th Circuit Court in Gilmore v. Gonzales.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More