Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Aug 22 2016

Wanna be Facebook friends with U.S. Customs & Border Protection?

Today we submitted formal comments to U.S. Customs and Border Protection objecting to its proposal to start asking visitors to the USA to list all their “social media identifiers”. USCBP (a division of the Department of Homeland Security) proposes to add this question to the I-94W form for international visitors arriving in the U.S., and to the online ESTA (Electronic System for Travel Authorization) application form for vistors form countries in the U.S. Visa Waiver Program:

Please enter information associated with your online presence—Provider/Platform—Social media identifier.” It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.

We’ve previously argued that the entire ESTA scheme is an illegal de facto visa requirement that violates the rights of foreign visitors to the U.S. But this proposal would make it even worse.  Hundreds of individuals and more than two dozen organizations have already denounced this proposal. You can submit your own comments here until midnight tonight, Eastern time. If you agree with us that this is a terrible idea, feel free to endorse our comments or use them as a template:

We oppose this absurd and un-American questioning of foreign visitors to the U.S., and urge USCBP to withdraw this proposal.

Both freedom of speech and freedom of movement (“the right of the people… peaceably to assemble”) are recognized by the First Amendment to the U.S. Constitution. These rights are also recognized in Article 12 (freedom of movement) and Article 19 (freedom of expression) of the International Covenant on Civil and Political Rights (ICCPR), a treaty ratified by, and binding on, the U.S. In addition, Article 17 of the ICCPR recognizes a right to protection against “arbitrary or unlawful interference with … privacy … or correspondence.”…

The essence of human rights law is that these rights are recognized as universal rights to which all people are entitled regardless of their citizenship or nationality (if any). This proposal … treats foreign visitors to the U.S. as lacking these human rights, and thus implicitly as less than human… This would reinforce the impression around the world that the U.S. does not believe in or respect human rights, but regards these universal human rights as “privileges” granted by the government and enjoyed only by U.S. citizens. We do not want to live under such a government or in such a world…

Read More

Aug 19 2016

An apology from the State Department

We got a pleasant surprise this week: a phone call from Eric F. Stein, the head of the State Department’s FOIA-processing office.

Mr. Stein’s name and signature appeared on a bizarre letter we received last month, telling us that one of the unanswered Freedom Of Information Act requests we’d been bugging the State Department about for the last five years would be “dismissed” if we didn’t respond immediately to say that we were “still interested” in the records we had requested.  To make it harder to respond, there was no phone number or e-mail address in the letter.

“I want to apologize to you directly for that letter,” Mr. Stein said. “I’m sorry we sent you that letter. It was sent by somebody who had the authority to use my signature, but we should never have sent it to you. I’m still trying to find out why it was sent. Somebody is supposed to look at the file before they send out one of these letters. You laid it out very clearly in your letter, and you’re right: Nobody could have looked at that file, and everything you had done to follow up on your request, and thought that you weren’t interested in a response any more. I’ve just had an all-hands meeting of my department and told my staff not to send out any more ‘still interested’ letters until we can be sure that we are following the procedures we said we would follow.”

Read More

Aug 11 2016

Yes, we still want the State Department to answer our 5-year-old FOIA requests

In the latest episode of the FOIA follies, we recently received a bizarre letter letter from the U.S. State Department asking us whether we are “still interested” in receiving a response to one of several of our requests for State Department records that have each gone unanswered for more than five years.

The Department of Homeland Security is the leader in improper denial of FOIA requests and wrongful withholding and redaction of records, and has the largest backlog of unanswered requests. The State Department typically practices a different strategy of denial by delay, and has most of the oldest unanswered requests of any Federal department. A five-year wait for an answer from the State Department to a simple FOIA request is routine, although clearly illegal.

The latest letter we got from the State Department threatens to “close” one of our cases and take no further action on our request — in flagrant violation of the FOIA statute — unless we respond by fax (who still has a fax machine these days?) or snail-mail to confirm our continued interest in having the State Department fulfill its legal obligation to provide us with the records we’ve requested, including those about what happened to our complaints of human rights violations and the supplemental “long form” some passport applicants are asked to fill out, among other issues.

We’ve written back to the State Department (by snail-mail, since their letter included no phone number or email address) to tell them that yes, we really do want them to release the records we asked for five years ago — as they should know, since we already formally appealed their failure to answer our request within the time limit set by the law. (In response, they said they wouldn’t accept any administrative appeal until they answered our original request, making it impossible to challenge an illegal delay without filing a Federal lawsuit.) We’ve been making formal written requests at least annually since then for updates on the status of our requests and when the State Department estimates it will answer. (Each year, they set their estimated response dates back another year.) In the meantime, we made additional FOIA requests to the State Department on other subjects  in 2014 and 2015. We have yet to actually get an answer from the State Department to any of our FOIA requests, regardless of how long ago we made them.

The Freedom Of Information Act does not require periodic expressions of continued interest in receiving late responses. But even though it isn’t required, we have provided repeated, explicit written expressions of continued interest in each of our requests.  It would make no sense to allow a government agency to use the fact that it hasn’t responded to a request for government records within the legal deadline as an excuse never to respond at all.

In response to complaints from numerous advocates for government transparency, both the Department of Justice (OIP) and the FOIA ombudsman’s office (OGIS) of the National Archives and Records Administration have recently issued guidelines for the use of “still interested?” letters, if they are used at all.  In May 2016, OGIS wrote to the State Department urge it to  implement the OGIS recommendations regarding “still interested?” letters to FOIA requesters.

The State Department’s Chief FOIA Officer has claimed, both in her most recent annual report in March 2016 and in her response to OGIS in May 2016, that “we can assure you that DOJ guidance and OGIS recommendations are being thoroughly followed”.  As we discuss in our reply to the State Department , which we have also sent to OGIS, the “still interested?” letter we received makes clear that this isn’t true.

“Freedom of information” means nothing if government agencies can, with impunity, ignore the law. A government agency’s own delay in complying with the law shouldn’t be an excuse never to comply at all.

Aug 10 2016

DEA recruits airline & travel industry staff to inform on travelers

Brad Heath reports in USA Today that the Drug Enforcement Administration (DEA) has been recruiting airline and other travel industry staff to inform on travelers. The DEA has been using these tips from industry insider informers with access to travel reservations as the basis for searches, seizures, and “civil forfeiture” proceedings to confiscate cash from travelers on the basis of allegations that it was somehow associated with illegal drugs:

USA TODAY identified 87 cases in recent years in which the Justice Department went to federal court to seize cash from travelers after agents said they had been tipped off to a suspicious itinerary. Those cases likely represent only a small fraction of the instances in which agents have stopped travelers or seized cash based on their travel patterns, because few such encounters ever make it to court.

Those cases nonetheless offer evidence of the program’s sweep. Filings show agents were able to profile passengers on Amtrak and nearly every major U.S. airline, often without the companies’ consent. “We won’t release that information without a subpoena,” American Airlines spokesman Ross Feinstein said.

In almost none of these cases has the DEA actually brought any criminal charges against the travelers whose cash has been confiscated:

A DEA group assigned to Los Angeles’ airports made more than 1,600 cash seizures over the past decade, totaling more than $52 million, according to records the Justice Department uses to track asset seizures. Only one of the Los Angeles seizure records included an indication that it was related to a criminal indictment…. Of the 87 cases USA TODAY identified in which the DEA seized cash after flagging a suspicious itinerary, only two resulted in the alleged courier being charged with a crime. One involved a woman who was already a target of a federal money-laundering investigation; another alleged courier was arrested a month later on an apparently unrelated drug charge.

According to USA Today, “The DEA would not comment on how it obtains records of Americans’ domestic travel, or on what scale.” USA Today wasn’t able to identify any of the travel industry informers who have been tipping off the DEA about customers they thought might be carrying cash. But DEA spokesman Russ Baer said DEA agents “receive information from employees at ‘airlines, bus terminals, car rental agencies, … or other businesses.'”

Because airlines and computerized reservation systems don’t keep any access logs, it’s impossible for anyone to tell, after the fact, which travel industry personnel looked at a reservation and might have been DEA informers (or any other sort of attacker or threat: identity thief, stalker, industrial spy, etc.).

Some of the examples reported in USA Today relate to DEA access to Amtrak reservations. In court filings quoted in the USA Today story, DEA agents described their review of reservations for domestic Amtrak travel within the US as “routine”. From one of Amtrak’s responses to our FOIA requests, we know that Amtrak has a special “police GUI” for police to use in mining and reviewing data from Amtrak’s “Arrow” reservation system. We’ve asked Amtrak for all records pertaining to access to reservations by law enforcement agencies. After more than a year and a half, Amtrak is still continuing to process responsive records, as discussed in our previous articles about Amtrak. But Amtrak hasn’t yet disclosed anything to us about DEA access to Arrow or other Amtrak data.

The story in USA Today notes that the DEA isn’t supposed to have access to the information about travelers on domestic flights that airlines are required to transmit to the TSA before they can get permission to issue boarding passes. The TSA has defended the Secure Flight passenger surveillance and control scheme as an administrative search for the limited purpose of aviation safety. But we’ve heard rumors that the TSA is under pressure from other law enforcement agencies to open up the Secure Flight database of domestic air travel itineraries for general law enforcement uses. Those uses would likely include both arrest warrants and lookouts derived from NCIC, and profiling for forfeiture targeting by the DEA.

 

Jul 06 2016

Watchlist Soup

nofly-nogun

Congress  is again debating the proposals we wrote about last year to deny firearms licenses or permits to anyone “suspected of supporting” terrorism.

We stand by our earlier analysis and our condemnation of this proposal as (1) another step from sanctions against criminal conduct to pre-crime predictive policing, and (2) an expansion of the collateral consequences of secret, unconstitutional, extra-judicial, administrative blacklisting decisions.

But there seems to be a lot of confusion about what is really being proposed. This diagram shows what is already happening with the “No-Fly” and “No-Gun” lists, and what it would mean to merge them.

The proposed “No-Fly, No Buy” law currently under debate in Congress would add the TSDB as a third source (yellow arrow at center right of flow chart) of entries in “No-Gun” list in NCIC, in addition to Federal and state felony convictions and certain misdemeanor crimes of domestic violence. Everything else on this diagram except the one yellow line already exists and would remain the same.

Click the image above for a larger version, or click here for a full-page PDF of the flow chart with a key to all the acronyms.

Jul 05 2016

How travel restrictions turn refugees into criminals

It’s not a crime to flee from persecution, to try to get to a place of refuge, or to apply for asylum once you get there.

The case of a man who walked 30 miles from France to England through the tunnel under the Channel shows how wrong-headed restrictions on airlines, railroads, ferry operators, and other common carriers turn righteous refugees into common criminals in the eyes of the law.

Thousands of refugees seeking to get to the UK to apply for asylum have congregated in squatter camps and tent cities around the mouth of the Chunnel in Calais, France. Every night, hundreds of them try to get over, under, or through the barricades around the rail yard, and hide on freight trains bound for what they hope will be freedom and asylum on the other side of the Channel.  Most of them are stopped at the barriers, and most of those few people who make it into the tunnel, whether on foot or hidden in or on trains, are crushed by high-speed trains, electrocuted on the live wires that power the electric trains, or suffocated in enclosed containers.

Abdul Rahman Haroun was one of the few lucky ones, perhaps the first, to make it alive, in August of last year, through the Chunnel to England — where he was arrested on arrival and charged under the UK “Malicious Damage Act” with criminal interference with trains.

When he arrived in the UK and was arrested, Mr. Haroun applied for asylum. UK authorities eventually determined that he had a well-founded fear of persecution in Sudan, from which country he had fled, and granted him asylum and the right to remain in the U.K.

But he was still prosecuted on criminal charges and spent four months behind bars for walking through the Chunnel to get to the UK.

Why didn’t Mr. Haroun take a train, plane, or ferry? Because that was prohibited by UK law — even for refugees who are legally entitled to asylum in the UK.

Even while it has been part of the European Union, the UK has never been a party to the Schengen Treaty, under which most border checkpoints and controls on movement within the Schengen Zone have been eliminated. UK immigration officers (like the US “pre-clearance” officers at airports in Canada) check the passports and visas of all Eurostar passengers in France or Belgium before they are allowed to board UK-bound trains.

As for travel by air or sea, airlines and ferry operators are subject to a fine of 2,000 pounds (about US$3,000) for each passenger they transport to the UK from any other country who is later found to be inadmissible or who lacks the documents “required” for admission, whatever that means. Carriers are fined millions of pounds a year for violating this law. These carrier sanctions create, as they are intended to do, a compelling financial incentive for carriers to err on the side of denial of transportation (for which there is, in practice, no judicial review and no sanction) in case of any doubt about admissibility to the UK.

It’s impossible to request asylum in the UK, or to obtain a definitive ruling as to whether such a request will be approved, until after one arrives in the UK. There is no document that would prove, before one arrives in the UK, that one will be granted asylum and allowed to maintain. There is no possible way to satisfy the demand of an immigration officer or airline check-in clerk for documents “proving” that one is entitled to asylum in the UK  No such documents exist.

In other words, it’s illegal for a legitimate refugee qualified for asylum and right of permanent residency in the UK to board any type of common carrier that might provide transportation to the UK. Unless a refugee has their own boat to cross the Channel to the UK, or can get to the Irish Republic and then walk across the land border into Northern Ireland, the only legal way to get to the UK as a place of refuge from persecution is to swim across the English Channel or walk through the tunnel under the Channel.

It should be no surprise that some people in this situation choose to try to dodge the trains through the Chunnel as the best of a bad lot of choices. This is the choice forced on them by laws that deny them access to any mode of common carrier and leave them no legal route to asylum.

Should this be a crime, especially when they are found to be qualified for asylum and entitled to remain in the UK? Of course not.

If the UK doesn’t want people trying to walk through the Chunnel, the obvious solution is to stop denying asylum-seekers access to safe and legal transport by common carrier.

Lest we be accused of unfair criticism of the UK, we should make clear that the same is true of the US, which has a similar law (8 USC 1322) imposing a similar penalty of US$3,000 per passenger on any person or company that transports anyone whose asylum application is later denied.

As we pointed out last year to the UN Office of the High Commissioner for Human Rights:

Many eligible asylum seekers could afford to purchase airline tickets or tickets on other common carriers (ferries, trains, buses, etc.) to travel to countries where, on arrival, they would be eligible for asylum. They risk their lives… and some of them die, not for financial reasons, but because airlines or other government-licensed common carriers improperly refuse to sell them tickets or deny them boarding.

No documents are or can be required of refugees, who have often lost any papers, documents, or other possessions in the course of their flight from persecution. Carriers should be required to carry all fare-paying passengers, not sanctioned for fulfilling their duties as common carriers.

Jun 30 2016

National REAL-ID database replicates problems with FBI rap sheets

Previously unpublished information we’ve recently obtained from the contractor that developed the SPEXS database at the center of state “compliance” with the REAL-ID Act — the national database of drivers license and state ID details that the DHS and supporters of the REAL-ID Act keep claiming doesn’t exist — shed new light on how the system will work.

Unfortunately, these new documents and statements show that SPEXS will replicate many of the worst problems of poor data quality and lack of accountability of the NCIC database used by the FBI to store criminal history “rap sheets” of warrants, arrests, and dispositions of criminal cases: convictions, diversions, withdrawals, dismissals, acquittals, appellate decisions, etc.

Like SPEXS, NCIC aggregates data sourced from agencies in every state, the District of Columbia, and the US territories of Puerto Rico, the U.S. Virgin Islands, American Samoa, Guam, and the Northern Mariana Islands.  The FBI operates the aggregated database, but disclaims any responsibility for the accuracy of the data it stores, indexes, and distributes.

As we noted in our previous post, the FBI has exempted NCIC records from the requirements of the Privacy Act for accuracy, relevance to a lawful purpose, access by data subjects, and correction of errors.  That should mean that NCIC records can’t be relied on, but the Supreme Court has ruled that an entry in NCIC provides sufficient legal basis for an arrest.

NCIC is the poster child for the evil consequences of reliance on “garbage in, garbage out” aggregated and unverified data as a basis for government decision-making. Inevitably, NCIC records are riddled with errors. Law enforcement agencies are quick to report arrests and newly-issued warrants to NCIC, but have nothing to gain by ever reporting when charges are dismissed or a warrant is quashed. Who knows when some other police agency might find it convenient to rely on an NCIC record of a long-since-quashed warrant as a basis for authority to arrest and search someone who they would otherwise have to let walk away?

We know from long and bad experience with NCIC just where this leads. Innocent people are arrested every day in every state on the basis of erroneous NCIC records. SPEXS replicates the “garbage in, garbage out” unverified multi-source data aggregation model of NCIC, and will replicate its data quality and accountability problems along with its architecture.

Like NCIC, SPEXS is intended to be relied on as the basis for government decisions, specifically, enforcement of the requirement of the REAL-ID Act that a person may not have more than one valid REAL-ID Act compliant drivers license or ID at a time. We fail to see any valid purpose to this provision of the law. Given that states have different and independent licensing requirements, what harm is done by a person having independently satisfied the requirements to operate motor vehicles in more than one state, and having independently been issued credentials by these several states attesting to this fact?  But regardless of the rationale for this law, the justification for the existence of SPEXS is to enable states to refuse to issue a drivers license or state ID to a person if SPEXS shows a record of an outstanding license or ID in any other state or territory for a person believed (according to a secret SPEXS matching algorithm) to be the same person as the applicant.

The inevitable outcome is that some people’s applications for new or renewal drivers licenses or state IDs will be denied by state authorities on the basis of erroneous data in SPEXS records. Perhaps they have been mis-matched with a person in another state with the same or a similar name and date of birth. Perhaps an identity thief has used their name, DOB, and Social Security number to get a license or ID in another state. Perhaps they cancelled their license or ID in another state, but that fact wasn’t reported by that state to SPEXS, or the cancellation message wasn’t received by the SPEXS operator or wasn’t properly processed into the SPEXS database. Perhaps the expiration date of their old license or ID was mis-reported or improperly recorded. Perhaps a record was mis-coded, such as by mis-attributing a record to the wrong state. Perhaps a record of a license or ID that has since been cancelled was left in SPEXS by a state or territory that has withdrawn from SPEXS participation.

What recourse will any of these people have? Not much, not easily, and in some cases none at all.

Read More

Jun 28 2016

Supreme Court gives us more reasons not to show ID

Some people ask us, “What’s wrong with showing ID to police? If you are innocent and have nothing to hide, just show your ID, and you can be on your way.”

In the real world, however, showing ID can be a bad idea even if you are innocent. And the decision of the Supreme Court last week in Utah v. Strieff provides a case study in why you should never voluntarily identify yourself to police, and should avoid having any identification on your person if you don’t need it.

As we discussed when Utah v. Strieff  was argued in February, the sequence of events that led to this case was as follows: Police looking for drugs illegally stopped and detained a pedestrian without any articulable basis for suspecting him of any crime. While illegally detaining Mr. Strieff, the police asked (or demanded) that he identify himself, and he told the police his name.  The police ran a check on his name and found a record of a warrant for his arrest for a minor traffic violation.

Based on this warrant, the police re-classified the man already in their custody from “detainee” to “arrestee”, searched him “incident to his arrest”, and found — surprise — illegal drugs, which they had been hoping all along to find, but had lacked any legal basis to search for.

Strieff argued that he wouldn’t have been searched, but for the original stop and detention, which the police conceded was illegal, and therefore that the police shouldn’t be allowed to use the drugs they found as evidence against him. The Supreme Court upheld the legality of the arrest and search, despite the illegal stop and detention, and allowed the evidence to be used against Mr. Strieff.

Most of the commentary on the Supreme Court’s decision has focused on Justice Sotomayor’s dissent:

The Court today holds that the discovery of a warrant for an unpaid parking ticket will forgive a police officer’s violation of your Fourth Amendment rights. Do not be soothed by the opinion’s technical language: This case allows the police to stop you on the street, demand your identification, and check it for outstanding traffic warrants — even if you are doing nothing wrong. If the officer discovers a warrant for a fine you forgot to pay, courts will now excuse his illegal stop and will admit into evidence anything he happens to find by searching you after arresting you on the warrant….

We share Justice Sotomayor’s outrage. But what are the lessons we should take away from the majority opinion?

First, we can’t count on the police to tell us our rights. It’s not clear whether the police represented their “request” that Mr. Strieff identify himself as mandatory, or whether, while under police detention and not free to leave (and without having been read his Miranda rights), he knew that he had the right to remain silent and not give his name. But whatever happened, the Supreme Court majority doesn’t seem to have been much interested in these issues. Know your rights, and exercise them. By the time the police read you your rights, if they do so at all, it’s often too late.

Second, you should always exercise your right to remain silent when questioned by police — even if all they ask you is, “What’s your name?” Mr. Strieff’s detention would have remained illegal, and any evidence obtained by (illegally) searching him would have remained inadmissible, if he hadn’t told the police his name so that they could run a check for warrants.  This case shows that when police say, “Anything you say may be used against you,” that includes your name and any other identifying information you might disclose. Don’t tell police your name, and don’t voluntarily show them anything that might identity you. If you don’t need to have it with you, you are better off not having any ID on your person that might be found if you are searched on some other pretext.

Third, if you are tempted to think that you don’t need to worry because there isn’t a warrant out for arrest, think again. There are warrants out for millions of people in the US. Until they are busted, many people don’t know that there is a warrant for their arrest. Are you sure that every time you have ever gotten a traffic ticket, your check was received by the court and properly processed? If a bench warrant had already been issued by the time your payment was received and processed, was the warrant quashed? Was that fact reported to the FBI, and was the original record of the bench warrant removed from the NCIC database? Have you gotten your NCIC file recently to confirm this?  If not, there’s a non-trivial chance that there’s a warrant for your arrest, or that NCIC shows that there’s a warrant for your arrest. NCIC is riddled with errors, and the FBI has exempted it from the accuracy requirement of the Privacy Act. But the Supreme Court has said that an NCIC record of a warrant is enough to make an arrest legal, even if the data in NCIC is incorrect. You should always assume that NCIC might show a warrant for your arrest that any cop who runs a check on your name or ID will find. If you know this and still choose to identify yourself to police, you are practically asking to be arrested. If police stop or question you, they are looking for an excuse to arrest and/or search you. The only way — and the easy way, fortunately — to avoid giving police the basis to arrest and search you that they are looking for is not to tell them who you are and not to show them any ID.

Jun 16 2016

How the DHS practices “transparency”

realid-nonresponsive [A “complete” response from DHS to a FOIA request, with “no deletions”. Click image for larger version.]

A Freedom of Information Act request we made to the Department of Homeland Security hasn’t told us much about what we asked about, but has given us an object lesson in how the DHS practices “transparency”.

An August 2015 document posted on the DHS.gov website revealed that the DHS is systematically collecting data on how many people have been denied access to Federal facilities because they were unable or unwilling to show ID credentials deemed to “comply” with the REAL-ID Act:

Your agency should also have a process for recording the number of encounters of individuals presenting driver’s licenses from noncompliant states for purpose of accessing Federal facilities. This data should be sent monthly to DHS (OSIIS@hq.dhs.gov) for collection no later than the tenth day of each month. DHS will use this data to evaluate the impact of REAL ID enforcement on the public. See Appendix E for a sample report template.

In January of 2016, we submitted a FOIA request to the DHS to the DHS for these reports.  Five months later, after repeated follow-up inquiries, we finally received this mockery of a “response”. It was dated in May, but we didn’t receive it until June, because it was sent to a mis-typed email address and our repeated email and voicemail messages requesting information on the status of the request were ignored. Our request was submitted by email, so it’s not clear why the address on the response was retyped rather than being sent as a “reply” to our message.  But that’s the least of the problems with the DHS response to our request.

Read More

Jun 09 2016

How does the TSA decide if you are who you say you are?

An ongoing trickle of still-incomplete responses by the TSA to a Freedom Of Information Act (FOIA) request we made in June 2013 continues to shed more light on the TSA’s procedures for air travelers who don’t have ID credentials the TSA deems satisfactory.

It’s difficult to compile statistics from files in the image format in which the TSA has released them, but we can make some anecdotal observations about what happens to people who try to fly without “acceptable” ID. Read More