Feb 21 2017

The right to record police anonymously

The 5th Circuit Court of Appeals has joined other Courts of Appeals in finding that the First Amendment protects the right to make audio and video recording of police activities in public places, including recording police officers and vehicles outside a police station  from a public sidewalk.

The Court also found that Texas Penal Code § 38.02, interpreted in light of the decision of the US Supreme Court in Hiibel v. Nevada, does not and could not Constitutionally authorize an arrest solely for refusal to identify oneself, in the absence of some predicate basis for legitimate suspicion of violation of some other law.

In the 5th Circuit, it is now clearly established law that you can record the police anonymously in public places, without fear of arrest unless there is probable cause to believe that you have violated some other law.

The ruling in  Turner v. Driver et al.  is the the second decision this month by different three-judge panels of the 5th Circuit interpreting the Constitutional limits on Texas ID law, as applied to people engaged in activities protected by the First Amendment in public places. An earlier decision upheld the right to anonymity for a protester standing along a highway (where the sidewalk would have been, if there had been a sidewalk) adjacent to the parking lot of a strip of businesses.

Read More

Feb 16 2017

Executive Orders, lawsuits, and the right to travel

[D]ue process requires… notice and a hearing prior to restricting an individual’s ability to travel.

(9th Circuit Court of Appeals, Order on Motion for Stay, February 9, 2017, State of Washington and State of Minnesota v. Trump)

President Trump’s Executive Orders prohibiting entry to the US by citizens of specified blacklisted countries and cutting off all Federal grants to designated “sanctuary jurisdictions” that decline to spend their local funds and direct their employees to enforce certain Federal immigration laws have prompted a wave of litigation by individuals and, significantly, by states and cities across the US.

We welcome the increased public interest in Federal government attempts to control the free movement of free people, the new activism on the issues of freedom to travel, and the new willingness of states and municipalities to challenge restrictions on their residents’ right to travel.

There’s been much discussion and analysis of the implications of these lawsuits for these specific Executive Orders. Relatively little attention has been paid, however, to the implications for litigation over other ongoing and emerging issues of freedom to travel of what is being said, and by whom, in the litigation over the recent Executive Orders.

Here are some of our thoughts, from the trenches of more than 15 years of legal and political struggle for the right to travel, on what these cases may portend:

Read More

Feb 15 2017

Searches at airports and US borders

President Trump’s Executive Order expanding the pre-existing and ongoing #MuslimBan from foreign airports to US points of entry, by forbidding entry to the US by citizens of specified blacklisted countries,  doesn’t say anything explicit about searches or interrogation of people entering or leaving the US.

But this Executive Order seems to have been interpreted by US Customs and Border Protection officers at US borders and international airports and at “preclearance” sites abroad as giving them a green light for intensified questioning and searches (“extreme vetting”) of  travelers including searches and demands for passwords to laptops, cellphones, and other digital devices.

In response to this wave of digital harassment and snooping at airports and borders, several news outlets, civil liberties organizations, and free press and journalists’ rights organizations have posted technical and legal advisories about how journalists and ordinary travelers can protect their data when they travel.

We welcome this attention to airport and border search law, and these efforts to educate travelers.

We want to add one potentially significant law that few travelers (or CBP officers or TSA checkpoint staff) are aware of, and that isn’t mentioned in any of the advice to travelers about airport and border searches that we’ve seen recently: The Privacy Protection Act of 1980.

We’ve written about the Privacy Protection Act several times before, especially in the context of border searches of activists and journalists. But the protection offered by this law isn’t limited to journalists. Here’s an unfortunately necessarily refresher on what this law means and what you can do to take advantage of it:

Read More

Feb 14 2017

The right to anonymous pedestrian travel and protest

In a victory for the right to anonymous pedestrian travel and protest, the 5th Circuit Court of Appeals has reinstated a civil rights lawsuit brought by a protester who was arrested while holding a sign alongside a road in Stafford, Texas (near Houston), and charged with violating  Texas Penal Code § 38.02:

Sec. 38.02.  FAILURE TO IDENTIFY.  (a)  A person commits an offense if he intentionally refuses to give his name, residence address, or date of birth to a peace officer who has lawfully arrested the person and requested the information.

The opinion of the 5th Circuit panel in Jonathan Davidson v. City of Stafford, et al. breaks no new ground, but it’s an important reminder to the public and to police of the right to protest, the right to walk the streets and highways, the right to do so anonymously — and the potential liability of police who abridge those rights.

State and local ID laws vary greatly, and it’s important to know the law in your jurisdiction. We reiterate the importance of knowing the law in your jurisdiction and seeking legal advice in advance (this blog is not legal advice) if you anticipate being questioned by police.

As we read this decision, however, the key lesson it reinforces is that laws  like Texas Penal Code § 38.02 which require people who are arrested to identify themselves can’t be used to bootstrap a general requirement for anyone on the street to identify themselves to police on demand. Such a law imposes an obligation to identify oneself only if there is probable cause for police to believe that some other law was violated.

Without some other lawful basis for an arrest, such an ID-if arrested law creates no obligation for a pedestrian or protester to identify herself to police.

Read More

Feb 01 2017

Carrier sanctions kill. Airlines collaborate.

[Sign carried by Dan Malashock at San Francisco International Airport, January 29, 2017. Photo by Ruth Radetsky.]

Since the start of our work against restrictions on freedom to fly, well before September 11, 2001, we’ve been wondering what further outrage it would take to provoke mass protests at airports, and when that would finally happen.

Now we know. Thousands of protesters (including at least one of President Trump’s fellow billionaires) filled international airports across the country for several days and nights starting last weekend, in reaction against President Trump’s executive order to detain and deport any arriving non-US citizen known to be a citizen (even a dual citizen) of one of seven publicly blacklisted Muslim-majority countries: Iraq, Iran, Libya, Somalia,  Syria, Sudan, and Yemen.

We’ve been talking about related issues for years. Now that they are out in the open, the question is what the outraged public will do, at whom the outrage will be directed, and how airlines — yes, airlines, and not just governments — will respond.

For what it’s worth, it’s unclear whether this executive order would apply to an asylum seeker who renounces their original citizenship in one of the blacklisted countries, even one who makes that renunciation at the check-in counter or in flight, and thereby arrives in the US stateless.  This may seem a far-fetched scenario, but it is common for stateless asylum seekers to use “invalid”, forged, or fraudulent documents to board flights, and then to destroy those documents in flight so as to arrive without papers. Deportation of any stateless person, and most of all a stateless asylum seeker, is especially problematic under international human rights law. But that’s the least of the problems with President Trump’s executive order.

Here are some key things we’ve learned from our work over the last 20 years that people — including those just now beginning to think about the right to fly, especially as it relates to immigrants, refugees, and asylum seekers — need to understand about what is happening, who is responsible, what will happen next, and what can be done:

Read More

Jan 29 2017

Trump repudiates agreement with EU on PNR data

In a panel discussion Wednesday at the Computers, Privacy, and Data Protection conference in Brussels, Edward Hasbrouck of the Identity Project pointed out that that both the so-called Privacy Shield and the EU-US agreement on transfers of Passenger Name Record (PNR) data from the European Union to the US government depend on non-treaty “promises”, “commitments”, “undertakings”, and executive orders by the Obama Administration.

These are not binding on President Trump, and there is no reason to expect Trump do anything just because Obama said he would do it.

Quite the contrary: President Trump has no intention of continuing many of President Obama’s policies, and every intention of reversing many of them — even if Trump continues others, such as mass surveillance, profiling of US citizens and foreigners, and reliance on executive orders to avoid the need for Congressional approval of his program, which Trump presumably will continue.

“As of this week, with Trump’s inauguration, the EU-US PNR agreement and Privacy Shield are dead letters. The only question is whether the Trump administration will officially renounce them, or whether it will simply ignore them,” Hasbrouck told the audience at CPDP.

The answer came just a few hours later the same day, when President Trump issued an executive order including the following:

Sec. 14.  Privacy Act.  Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.

The US recognized privacy as a human right when it ratified the International Covenant on Civil and Political Rights:

Article 17

1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence….

2. Everyone has the right to the protection of the law against such interference or attacks.

But as we have complained to the relevant UN treaty bodies, the US has flouted its obligations under this and other provisions of the ICCPR related to freedom of movement as a human right, and has provided no effective means of redress for these violations.

Instead, on this and other issues the US has acted as though there are no human rights, only privileges of US citizenship. President Trump’s executive order on privacy is only the latest official restatement of this longstanding and bipartisan US government position.

With this Presidential decree, the EU-US PNR agreement is dead.

The next question is when EU institutions will recognize this legal fact, and what they will do about it.

Read More

Jan 20 2017

Inspector General: TSA uses secrecy to avoid embarrassment

A report on the security of TSA operational IT and communications systems released last month by the DHS Office of the Inspector General (OIG) is prefaced with a scathing critique of the redactions demanded by the TSA in the censored public version of the report.

The OIG report found a pervasive lack of basic security measures and consciousness at TSA airport facilities: doors propped open or with locks taped off, unmonitored entrances, lack of logs of physical access to communication nodes and servers, lack of redundancy, etc.

But the TSA tried to keep the OIG from reporting on even those problems that at already been publicly reported, after TSA review and permission, in earlier OIG reports or other pages of the same report. The real point of the TSA’s censorship is not security but avoidance of public and Congressional debate and oversight.

Here’s what the DHS’s own internal auditor reported:

I must lodge an objection regarding the way that TSA has handled information in the report it considered Sensitive Security Information (SSI). Specifically, we issued the draft report, Summary Report on Audits of Security Controls for TSA Information Technology Systems at Airports, to the Department on September 16, 2016.

[W]e asked for agency comments, including a sensitivity review, within 30 days of receipt of the draft. On October 7, 2016, the Chief of the SSI Program provided the results of its sensitivity review, marking as SSI various passages in the report. The redactions are unjustifiable and redact information that had been publicly disclosed in previous Office of Inspector General (OIG) reports. I am challenging TSA’s proposed redactions to our summary report….

I can only conclude that TSA is abusing its stewardship of the SSI program. None of these redactions will make us safer and simply highlight the inconsistent and arbitrary nature of decisions that TSA makes regarding SSI information. This episode is more evidence that TSA cannot be trusted to administer the program in a reasonable manner.

This problem is well-documented. In addition to my previous objection to the handling of one of our reports, the House Committee on Oversight and Government Reform in 2014 issued a bipartisan staff report finding that TSA had engaged in a pattern of improperly designating certain information as SSI in order to avoid its public release because of agency embarrassment and hostility to Congressional oversight.

Read More

Jan 09 2017

IDP comments on TSA proposal to require ID to fly

Today the Identity Project and the Cyber Privacy Project filed comments with the Transportation Security Administration opposing a stealthy TSA proposal to start requiring ID to fly.

The TSA has long harassed people who try to fly without being required to show their “Papers, Please!” at TSA checkpoints.

But the TSA’s official position in court has always been that ID is not required to fly: “You don’t have to show ID to fly. You can fly without ID. We have a procedure for that.”

You can fly without ID, if you (1) fill out and sign the obscure TSA Form 415, (2) satisfy the TSA with your answers to a bunch of questions about what’s the file about you obtained by the TSA from the commercial data broker Accurint, and (3) submit to more intrusive than standard search (“secondary screening”) as a “selectee”.

That’s the way it is, and that’s the way it’s been for years.

Now, as we reported in November of last year, the TSA is contemplating a new pattern and practice of preventing anyone from passing through a TSA checkpoint or getting on an airline flight unless either  they have ID the TSA deems acceptable, or they reside in a state that the TSA deems sufficiently compliant with the REAL-ID Act.

Read More

Dec 25 2016

Obama Admin’s parting gift to foreign visitors: social media surveillance

In the Obama Administration’s parting gift to foreign visitors, the Office of Management and Budget (OMB) has approved the collection of social media IDs from foreign visitors to the US.  As part of the online Electronic System for Travel Authorization (ESTA), tourists, business travelers, and foreign citizens visiting friends and relatives in the US are now being asked whether they have accounts on any social media platforms, and if so, their user names or IDs.

Read More

Dec 21 2016

“AFI” is the latest DHS name for “extreme vetting”

We’ve heard a lot of talk in recent months about “extreme vetting” of immigrants, Muslims, and foreign visitors to the US. But what does “extreme vetting” really mean?

“Vetting” of both domestic and international travelers — making predictive pre-crime decisions as to whether or not to allow them to travel — is already extreme, and already routine.

“Vetting” means examining people and deciding who to allow, and who not to allow, to do something.

Under DHS procedures that have been in place for a decade, no airline operating to, from, or within the US is allowed to issue a boarding pass or let you on a plane unless and until it has sent your personal information to DHS and received an individualized, per-passenger, per-flight “Boarding Pass Printing Result” (BPPR) message giving the airline “permission” to “allow” you to exercise your right to travel by common carrier. The default if DHS doesn’t respond is “no”, and both the algorithms used for the decision and the data put into that algorithmic black box are secret.

What could be more “extreme”? Manual strip searches for all travelers, instead of just virtual strip searches using as-though-naked imaging machines?

But as President-Elect Trump’s “extreme” rhetoric suggests, the government’s desire for surveillance and control of our movements is insatiable. It’s always possible to make yet another mirror copy of the government’s warehouse of metadada about our movements, disseminate it more widely, and pile on another layer of pre-crime profiling algorithms. More is always better, right — especially if you call it “intelligence”?

The latest replication and propagation of travel data, and the latest layer of traveler “vetting” tools, is the so-called “Analytical Framework for Intelligence” (AFI) operated by, or under contract to, US Customs and Border Protection (CBP).  As we told Spencer Woodman of The Verge for his story today about AFI:

“When Trump uses the term ‘extreme vetting’, AFI is the black-box system of profiling algorithms that he’s talking about,” says Edward Hasbrouck of the Identity Project, a civil liberties initiative that focuses on the rights of travelers. “This is what extreme vetting means.”

DHS in general, and CBP in particular, have been playing a shell game for many years with their travel surveillance and control systems.

Government copies of airline reservations (Passenger Name Records) were first claimed to be part of a system of records called TECS, then declared to be part of a “new” system of records called the Automated Targeting System (ATS), although still stored in the TECS database. (Huh?)  Now an additional mirror copy of all this PNR data (still stored in TECS and still also deemed part of ATS) is being created as part of another “newer” system of records known as AFI.

AFI is one several new user interfaces and front-ends to TECS data being developed for use by multiple DHS components including US Customs and Border Protection (CBP) and Immigration and Customs Enforcement  (ICE) as part of a long-term “TECS modernization” project.

If you’re confused by all the acronyms and name changes, and don’t know which government files you should ask for or worry about, that’s exactly what DHS wants.

AFI itself has changed fundamentally and for the worse in the last few months, at least if we can believe what DHS says. It’s always been a suspicion-generating and guilt-by-association machine, but now it’s a much more powerful one. More powerful, to be clear, does not mean “better” or “more accurate”. It means, “capable of placing more people under suspicion” based on more intrusive data aggregation, data mining, and profiling. Here’s how:

Read More