Edward Hasbrouck – Page 31

Jun 07 2016

How hard was it for Amtrak to require names in reservations?

Since the start of the post-9/11 shift from case-by-case government access to travel reservations to dragnet surveillance of all reservations and pre-crime profiling of all travelers, the government has claimed repeatedly that the information to which it has demanded access was already “routinely” provided by travelers to airlines and other travel companies.

We’ve recently received some details of just how untrue those claims are, through the latest installment of a continuing trickle of responses by Amtrak to a Freedom Of Information Act request we made in 2014. (See our previous reports on government surveillance of Amtrak passengers.)

Anyone familiar with travel industry practices and reservation data has known all along that the government’s demands for data about airline, train, bus, and cruise ship passengers have exceeded what was needed by common carrier for commercial purposes. Until after September 11, 2001, walk-up customers could buy tickets for cash, for themselves or anyone else, at airline or Amtrak or Greyhound ticket counters, without providing any information at all except an (unverified) name. No address, phone number, or other identifying or contact information was required.

The government has demanded not just access to existing travel industry databases, but the logging of additional details about travelers that were never previously required. The travel industry worldwide has had to spend billions of dollars modifying every layer and component of their IT systems, and of all the systems that interact with them, to collect and store this additional information and deliver it to the government in standardized government-dictated formats.

Even names of travelers weren’t required for reservations, tickets, or travel. Space could be reserved for a group of travelers with only a group identifier or lead contact. Sometimes dummy or placeholder names would be entered for group members, but they could be and often were omitted.

The latest file we’ve received from Amtrak is a PDF of images of printouts or views of email messages (we haven’t received the raw “message source” files we requested, and will eventually be appealing Amtrak’s failure to release them) within Amtrak and between Amtrak, the big four CRS/GDS companies (Sabre, Amadeus, Worldspan, and Galileo/Apollo — then owned by Cendant) and possibly their contractors or other “partners” (names redacted).

These messages date from 2006, when Amtrak “voluntarily” decided to start sending data about all passengers on cross-border Amtrak trains and buses between the USA and Canada to the DHS Advance Passenger Information System (APIS). In order to populate the API data fields, Amtrak decided to make “Passenger ID” (PID) a required field in all Amtrak reservations. That took some work in itself, but it also caused a cascade of new problems for reservations without names, especially those for as-yet-unknown members of groups:

Apr 20 2016

EU mandates US-style pre-crime profiling of air travelers

The European Parliament has approved (press release, breakdown of votes, text as adopted) a directive requiring each “member state” (country) in the European Union to:

Establish or designate a new travel surveillance and control agency (“Passenger Information Unit”),
Require all airlines operating flights to or from places outside the EU to transmit complete copies of Passenger Name Records (PNRs) for all passengers to the government, and
Pass on any of this PNR data to any other EU member state on request.

The directive essentially commits the EU to join the US in “pre-crime” predictive mass surveillance and profiling of all air travelers. Not surprisingly, the vote by the European Parliament was welcomed by leading US advocates for the globalization of pre-crime travel policing, including former DHS Assistant Secretary for Policy Stewart Baker (previously general counsel of the NSA) and Deputy Assistant Secretary for Policy Paul Rosenzweig. Baker and Rozenzweig were responsible for DHS negotiating strategy with the EU on the PNR issue during the time when their boss, DHS Secretary Michael Chertoff, was lying repeatedly to the European Parliament about the state of both US and international law relating to PNR data.

Meanwhile, as reported elsewhere, the commercial data architecture for handling PNR data remains fundamentally insecure.

What will happen next?

The proposed directive must still be approved by the European Council (the national governments of the member states), but that approval seems assured.

The EU directive is not “self-effectuating”. Each EU member state is required to “transpose” the directive into national law within two years.

The directive can be, and probably will be, challenged in the European Court of Justice as violating human rights recognized by EU and international law. Implementing legislation can be, and probably will be in at least some countries, challenged in national courts as violating national Constitutional rights.

Now that the US has gotten the EU on board, the US is likely to increase its pressure on other countries and international organizations — primarily ICAO — to globalize the shift from targeted investigation and arrest of suspects to mass surveillance and predictive pre-crime profiling of travelers.

Airlines are likely to find it inconvenient and expensive to deal with 28 different EU Passenger Information Units with potentially different data content and format demands, in addition to the travel dataveillance regimes already in effect in the USA, Canada, Australia, and other countries. Airlines and the travel industry are thus likely to support US efforts to get ICAO to approve a global “security standard” requiring airlines to share PNR data in a standard format with all governments of countries served by their flights.

Apr 12 2016

What’s at stake in the EU PNR debate?

This week the European Parliament is scheduled to debate (Wednesday) and vote (Thursday) on a resolution (PDF) to approve, with amendments, a proposed compromise on a directive “on the use of Passenger Name Record [PNR] data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.”

What does this mean, why does it matter, and why should this proposal be rejected?

To answer this question requires understanding (1) what PNRs are, (2) how PNRs and other travel data are already being used by European governments, (3) how this would change if the proposed EU PNR directive is approved, and (4) why and how the provisions in the proposed directive that are supposed to protect individuals’ rights would be ineffective. Read More →

Apr 06 2016

UN human rights office cites our concerns about migrants’ rights

The United Nations Office of the High Commissioner for Human Rights has released a new report prepared at the request of the UN Human Rights Council on the situation of migrants in transit and their human rights. The report cites with approval our submission to the OHCHR on the ways that the right to freedom of movement is violated by governments and by airlines and other common carriers:

Physical barriers to the movement of migrants in transit have been accompanied by a wide range of restrictive measures to restrict or deny access to territory, asylum procedures and other screening and identification procedures by migrants in transit, as well as accelerated or even summary returns. OHCHR has provided guidance to States to ensure the accountability of private transport companies and other private actors that are implementing entry restriction measures. OHCHR, Recommended Principles and Guidelines on Human Rights at International Borders, guideline 4.6. [“Ensuring the accountability of private transport companies and other private actors that are involved in implementing entry restriction measures such as pre-departure screening and decisions on access to transportation, and providing effective remedies for those unlawfully denied transport. Developing and encouraging the adoption of human rights-based codes of conduct for private actors in this regard that set out expected standards of behaviour and the consequences of failure to adhere to those standards.”] See also the contribution to the present study from the Identity Project (http://papersplease.org).

Much of the discussion of migrants in transit, and many of the concerns of other contributors to the OHCHR study, relate to treatment in intermediate countries (such as while passing through Mexico en route from other countries to the US, or though Greece or Malta en route from Africa or Asia to other countries in Europe) and/or the extreme hazards of “irregular” modes of transportation used by those who are unable to travel by common carrier.

But refugees and asylum seekers would not need to pass through intermediate countries or rely on human smugglers and irregular and unsafe means of transport (overcrowded and unseaworthy small boats, treks on foot through the desert, etc.) if they were allowed to travel directly from their countries of origin to countries of potential refuge and asylum by air or on other licensed, inspected, and regulated common carriers (ferries, railroads, etc.). As we noted:

Many eligible asylum seekers could afford to purchase airline tickets or tickets on other common carriers (ferries, trains, buses, etc.) to travel to countries where, on arrival, they would be eligible for asylum. They risk their lives as “boat people”, and some of them die, not for financial reasons, but because airlines or other government-licensed common carriers improperly refuse to sell them tickets or deny them boarding.

Most of the problems of migrants in transit are directly attributable to their illegal (but government-induced) exclusion from airlines and other common carriers, and could easily be avoided by eliminating government sanctions against common carriers that fulfill their duty to transport all would-be passengers (including refugees and asylum seekers), and respecting the human right to leave any country, including one’s own — by whatever route and means one chooses to leave, and irrespective of one’s identity (by definition, human rights are universal and independent of identity) or what, if any, documents issued by any government one may happen to possess (often none, in the case of legitimate asylum seekers who are often denied ID credentials by the governments they are seeking to flee).

“Carrier sanctions” are not a side issue to the migration crisis. They are the root cause of much of the suffering of migrants in transit, and a fundamental violation of the human rights to due process (carrier sanctions turn airline staff into unqualified de facto asylum judges of first and last resort) and freedom of movement.

In our submission to the OHCHR, we also noted that “screening” of passengers is a euphemism for “control” (passengers are “screened” to decide who will be allowed to travel, and who will not), and that algorithmic “screening” and permission-based travel control regimes are likely to result in systematic discrimination against refugees and asylum seekers:

Their nationality or place of origin in a conflict zone may cause them to be deemed “risky” according to the profiling and “risk scoring” algorithms. There may be limited, inconsistent, or nonexistent records pertaining to migrants in irregular situations in the databases used for profiling and risk scoring, and screening algorithms may equate uncertainty with risk. In order not to violate the right to freedom of movement, denial of transportation as part of “screening” or otherwise must be based on valid substantive grounds, and must be made by qualified officials through procedures that ensure due process and are subject to effective judicial review, taking into consideration the special difficulties that asylum seekers in countries where they are subject to persecution are likely to face in obtaining access to the courts of destination countries in which they want to seek asylum.

We are pleased to see the interest of UN human rights bodies in these issues. We urge national and international authorities considering carrier sanctions or traveler “screening” proposals to consider the impact of these schemes on human rights.

Apr 05 2016

Class action challenges Federal blacklists (“watchlists”)

The broadest and most fundamental legal challenge to the waging of the US “War on Terror” through standardless, secret, extra-judicial government blacklists was filed today in the Federal court for the district in Virginia where the National Counterterrorism Center (NCTC), Terrorist Screening Center (TSC), and Transportation Security Administration (TSA) are headquartered. (Video backgrounder and interviews with plaintiffs and attorneys; more video interviews; PACER links)

Both an individual complaint (Elhady et al. v. Piehota at al.) and a class action complaint (Baby Doe et al. v. Piehota et al.) were filed. Presumably, that is so that that the individual complaint for injunctive and declaratory relief could go forward even if class action certification is denied, while the class action lawsuit could go forward even if the named plaintiffs are delisted. (An earlier, similar lawsuit was dismissed as moot after the plaintiffs were told they were no longer on blacklists.) Almost all of the individual complaint is repeated in the class action complaint, so if you are going to read just one, read the class action complaint which includes additional plaintiffs and their stories.

The case takes its name from the first of the listed representatives of the class of people on US government blacklists (“watchlists”):

Plaintiff Baby Doe is a four year old toddler.

He was seven months old when his boarding pass was first stamped with the “SSSS” designation, indicating that he had been designated at a “known or suspected terrorist.”

While passing through airport security, he was subjected to extensive searches, pat downs and chemical testing.

Every item in his mother’s baby bag was searched, including every one of his diapers.

Let’s get one thing straight from the start: as we’ve noted before, calling the “Terrorist Screening Database” (TSDB) and similar lists “watchlists” is at best misleading euphemism, and at worst Orwellian doublespeak.

The government uses the term “watchlist” to avoid the stigma deservedly associated with the label “blacklist”, with its connotations of McCarthyism and J. Edgar Hooverism. A “watchlist” suggests a list of people who are being watched, a component of a system of surveillance or investigation. “Watchlisting” might, one presumes, lead to eventual intervention such as the criminal prosecution or an application to a court for a restraining order or injunction. But inclusion on the TSDB occurs after, not before, a decision to intervene is (secretly) made, and the consequences of listing in the TSDB are not limited to mere passive surveillance or watching. Each listing on the TSDB includes a “handling code” which determines what happens to the people who are deemed (typically by automated pattern-matching algorithms) to match the listing.

As the litany of horror stories in the complaint in Baby Doe v. Piehota makes clear, and as we’ve seen in previous incidents, being “watchlisted” can trigger consequences ranging from denial of transportation by common carriers to freezing of bank accounts, inability to rent an apartment, or inability to get or keep a job, even with a private non-governmental employer. As when a jury must decide which of a progression of more and less serious offenses to convict a defendant of, without knowing what sentences are mandated for any of those offenses, it’s not clear whether the Federal administrative staff in the secret rooms reviewing the secret dossiers of derogatory information and deciding which secret lists to put people on, or which secret “action codes” to assign them, even know what the full panoply of collateral consequences of their decisions will be.

The US government doesn’t have to issue binding orders to convert “watchlisting” into de facto blacklisting. As the complaint filed today points out, “Defendants disseminated the the records pertaining to Plaintiffs from its terrorist watch list to foreign governments with the purpose and hope that those foreign governments will constrain the movement of the Plaintiffs in some manner.” We saw one of the ways that can work during the trial of Dr. Rahinah Ibrahim’s challenge to her placement on the no-fly list. The US government successfully used a “POSSIBLE NO BOARD REQUEST” message to induce a foreign airline to refuse to transport Dr. Ibrahim’s daughter, a US citizen, even though the US claimed that she was merely on a “watchlist” and not on the no-fly list.

It’s time to to reject the government’s “watchlist” doublespeak, and start calling the TSDB what it is: a government blacklist.

The first of the named defendants, Christopher Piehota, is the Director of the Terrorist Screening Center (TSC), an inter-agency entity responsible for the TSDB and nominally under the control of the FBI.

Most of the previous attempts to challenge actions taken against individuals as a result of their being listed in the TSDB have foundered on an elaborate shell game of buck-passing between businesses and government agencies. Airlines that refuse to transport blacklisted people (or those with similar names) say that they are only following (secret) orders from the government. Normal judicial review of actions by the TSA and CBP, the components of the DHS that issue no-fly orders (or refuse to issue permission for boarding pass issuance — the default is now “No,” not “Yes”) is precluded by a special law, 49 U.S.C. § 46110. No trials are allowed, and appellate courts are allowed to review these decisions only on the basis of the “administrative record” created by the DHS itself, which will show only that the DHS action was based on “watchlist” status as determined by the TSC, and not the basis (if any) for the FBI’s “watchlisting” decision.

The only previous cases in which District Courts have been able to consider no-fly decisions, and the only trial in a no-fly lawsuit, have been when the FBI, and not just the DHS or DHS components, has been named as a defendant. Today’s cases follow in that line, challenging the blacklisting decisions by the FBI.

To head off lawsuits of exactly this sort, the government has recently shifted nominal final authority over no-fly decisions from the FBI to the TSA. In theory, the government claims, the TSA could now decline to issue a no-fly order, even after the FBI has put someone on the no-fly list. It’s unclear, however, whether this has ever happened, or in what circumstances or on what basis it might happen. The possibility seems remote: Even the FBI, in practice, acts as a rubber-stamp for the decisions of FBI and DHS agents who make effectively final blacklisting decisions when they “nominate” people for listing in the TSDB. According to today’s complaint, 98.96% of the 468,749 people “nominated” for Federal “watchlists” in 2013 were added to those lists by the TSC.

The plaintiffs in the lawsuits filed today are represented by Gadeir Abbas, Lena Masri, and co-counsel from the Council on American-Islamic Relations, who have been leading the legal campaign against US government blacklisting, harassment, and interference with the rights and freedoms of Muslim and other Americans.

Mar 30 2016

How does your bank know your dog’s not a terrorist?

The curious incident of the dog named “Dash” has spotlighted a type of outsourced surveillance and control of our everyday activities that typically operates invisibly but that is much more pervasive than most people in the USA imagine.

We were contacted last week by KTVU News to help explain what happened to Bruce Francis, a disabled San Francisco man whose online request to send a check to pay the person who walks his service dog was refused by Chase Bank. The memo line on the check read, “for Dash”, Dash being the name of Mr. Francis’ dog.

Chase initially accepted the check request. Later, however, the bank told Mr. Francis that it had declined to issue the check, and refused to do so unless and until Mr. Francisco provided a satisfactory explanation and/or evidence (satisfactory to Chase, that is) that the check wasn’t intended for an illegal purpose or entity.

Why would a bank refuse to honor a check request? Are bank customers required to justify to our bankers why, or to whom, we want to send our money?

Under U.S. law, the surprising answer is that banks and other financial institutions are required to act as police informers, profiling transactions and reporting customers to a little-known but financially powerful Federal law enforcement agency on mere suspicion of even unwitting violation of an array of Federal laws imposing sanctions on various entities including alleged “drug kingpins”, contributors of “material support” to terrorism (including such seemingly non-material forms of support as legal services, Web sites, and propaganda), and entities associated (in different ways depending on the country) with governments or entire countries disfavored by the U.S., including Cuba and Iran.

Banks (or contractors to which they outsource this work) scan all manner of financial transactions, from debit and credit card payments, electronic funds transfers, and paper checks to automobile and home loan and new-account applications. As with airline reservations, these transactions are scored according to secret profiling algorithms that take into consideration government-supplied and commercial blacklists and watchlists, identity-based transaction histories and other databases, phonetic and other “fuzzy matching” rules, and other rules embodying security, fraud, “pre-crime“, and risk management criteria.

In the case of Mr. Francis’ check request, these robots flagged the name of his dog on the memo line (“for Dash”) as vaguely similar to “Daesh”, one of several English transliterations of a crude phonetic rendering of an Arabic acronym for a name sometimes applied to — although rejected and denounced by — one grouping of the Islamic State in Iraq and Syria (ISIS).

As Mr. Francis told KTVU, stopping payment of any check identified on the memo line as being “for ISIS” would amount to, “Stopping the world’s stupidest terrorist.”

Is this the way Congress intended Federal sanctions laws to work? Maybe, maybe not. But Chase Bank’s refusal to pay Mr. Francis’ dog-walker because the bank’s robotic profiling algorithm flagged his dog’s name as “suspicious” is typical of how these laws do (or don’t) work in practice.

Federal financial blacklists and requirements for banks to block blacklisted entities and activities are enforced by the Office of Foreign Assets Control (OFAC), a division of the Department of the Treasury that has long been notorious for its heavy-handed practices and lack of transparency or accountability.

Banks are themselves under heavy financial pressure from OFAC to err on the side of refusing to execute “suspicious” transactions, to reverse the presumption of innocence, and to put the burden of proof on the customer — as Chase did with Mr. Francis — to explain who we want to pay, and to justify what we want to do with our money. In 2006, for example, J.P. Morgan Chase — the parent company of Chase Bank — agreed to pay $88 million in civil penalties in a settlement with OFAC for processing electronic funds transfers “directly or indirectly for the benefit”, in whole or in part, of entities on various OFAC blacklists, and for failing to provide “complete information relative to any transaction” about which OFAC requested details. That’s real money, even for a bank as big as Chase.

It’s scarcely surprising, given the potential cost of offending OFAC, that no bank has challenged OFAC’s demands for policing of customers and our activities.

By inducing banks to take these actions, OFAC achieves a more intrusive level of financial surveillance and control than the government would have legal authority to carry out directly, while avoiding transparency (banks’ actions aren’t subject to the Freedom of Information Act or the Privacy Act) or direct accountability, and maintaining a degree of plausible deniability.

If banks’ and other financial institutions’ profiling and payment-blocking practices or demands for customers to explain and justify ourselves are challenged, OFAC can claim that it isn’t responsible for how banks decide which customers, payees, or transactions to block. OFAC just imposes crushing fines on any bank that allows transactions that OFAC determines, after the fact, to have violated any of the complicated, often ambiguous, and sometimes contradictory sanctions laws. The only rational business decision for a for-profit corporation is that the risk of running afoul of OFAC is many times the potential liability for an improperly blocked transaction.

The default becomes, “No”. Once Mr. Francis’ check was “flagged” by automated processing, payment was stopped until a human looked at the check request and manually overrode the “hold” to authorize payment. Automated processing operated not as an “alert” system, but as an interlock with de facto authority delegated to robots to freeze the entire bank account without notice, at any time, on the basis of secret algorithms and datasets.

Like the “no-fly” list and other DHS “watchlists” (blacklists), OFAC’s list of “Specially Designated Nationals” subject to financial sanctions contains common names, ambiguous and imprecise translations and transliterations, and incomplete identifying information about many listed entities.The inevitable result is that innocent people find their everyday financial activities blocked, and constantly face the impossible challenge of proving their innocence and/or proving that they or those with whom they are trying to do business aren’t other unrelated people or entities about which they may know nothing.

While there are statutory criteria for the designation of entities subject to financial sanctions (unlike the no-fly list and related watchlists/blacklists, for which the standards, if any, are officially secret), the laws and regulations imposing these sanctions are complex and confusing. It can be impossible for anyone to determine, in advance, which transactions will provoke OFAC to impose sanctions on the parties making, receiving, and/or processing a payment. You can request an opinion in advance from OFAC as to the legality of a specified action, but it can take a year or more to get an answer, by which time the answer may be moot. Even communicating about possible transactions can be deemed by OFAC to constitute proscribed “facilitation” of sanctions violations.

What happened to Mr. Francis and his unpaid dog-walker is relatively minor. The check was eventually issued after the check request and Mr. Francis’ explanation of his dog’s name was reviewed by a human. But it’s the tip of an iceberg of the larger problem of OFAC overreach and injustice, as described in these 2007 and 2014 reports from the Lawyers’ Committee for Civil Rights of the San Francisco Bay Area. And the problem of OFAC is in turn just part of an even larger pattern of outsourced surveillance, algorithmic profiling, and control by what the ACLU has aptly labeled the “Surveillance-Industrial Complex” of private and commercial actors conscripted by government carrots and sticks.

Mar 07 2016

The cost of requiring ID for library cards

To: Julie Holcomb, Abigail Franklin, Darryl Moore, Jim Novosel, Winston Burton, City of Berkeley <bolt@ci.berkeley.ca.us>
From: Eric Neville
Subject: The cost of requiring ID for library cards
Date: Mon, 7 Mar 2016 09:05:15 -0800
Dear Board of Library Trustees:

Sometimes the cost of how we do things sneaks up on us. I grew up visiting the Berkeley Public Main Library, but I was concerned recently when I was required to provide picture identification to renew my library card.

I don’t actually recall how long this has been policy. The reference librarian, who had a few years on me, said it’s been policy for as long as he remembers. But I also know that previously I personally had occasion to return a four-inch-thick law book that had apparently been taken from Main’s reference section, and which I found on the street a few blocks away, so current policy is certainly not a perfect protection for library resources. Indeed, no policy can be perfect, but can at best be struck to balance costs. These costs become more challenging to reckon with when the they are intangible, as they are for principles.

But principles do matter, such as when librarians opposed portions of the USA PATRIOT Act:

[American Library Association] introduces “Radical, Militant Librarian” button

My concern stems from the intersection between the ill-founded presumption that identity documents ensure against abuse and the surreptitious cost to society that presumptive ID expectation inflicts.

What’s Wrong With Showing ID?

Feb 25 2016

Why the Judicial Redress Act is worthless

Yesterday President Obama signed the Judicial Redress Act into law. European Union Commissioner for Justice Věra Jourová described the new law as, “a historic achievement [that] will ensure that all EU citizens have the right to enforce data protection rights in U.S. courts…. The entry into force of the Judicial Redress Act will pave the way for the signature of the EU-U.S. Data Protection Umbrella Agreement.”

Is the Judicial Redress Act really so historic? And will it actually “ensure that all EU citizens have the right to enforce data protection rights in U.S. courts”?

Sadly, no.

Europeans should not be fooled by statements such as those from Commissioner Jourová or her counterparts in other EU institutions. As we know from our own experience in court as US citizens, there are almost no real-world cases in which the Judicial Redress Act will provide any actual protection or enforceable legal rights to citizens or residents of the EU, or anywhere else.

The Judicial Redress Act gives some foreign citizens some of the rights that US citizens currently have, with respect to some of the uses and misuses by the US government of their personal information. But in no case will any foreigner have more rights under the Judicial Redress Act than US citizens have under the Privacy Act.

Serious scrutiny of the terms of the Privacy Act, and of the history of attempts by US citizens to use the Privacy Act to protect themselves against misuse of our personal information by the US government, has been largely absent from the debate about the Judicial Redress Act. But from our experience as parties to one of the key lawsuits attempting to assert Privacy Act claims by US citizens in relation to one of the most controversial categories of personal information being transferred from the EU to the US — passenger name records (PNRs) for international airline flights — we have learned an important lesson that Europeans need to know: the Privacy Act is so limited and riddled with exceptions that it is almost worthless. It is because the Privacy Act is useless, not because the US government follows fair personal information practices in its dragnet surveillance, that there are so few examples of successful litigation against the US government by US citizens under the Privacy Act.

All of the limitations and exceptions that always rendered the “protection” of the Privacy Act inadequate — even for US citizens — will continue to render the protection of the Judicial Redress Act inadequate for foreigners, in all of the same ways, and in additional ones.

What are these exceptions and limitations? In order to make sense out of the Judicial Redress Act, it’s essential to understand the exemptions in the Privacy Act, as courts have interpreted them.

Federal agencies can exempt themselves from almost all of the requirements of the Privacy Act with respect to “investigatory material compiled for law enforcement purposes,” a catch-all category that has been applied to records of dragnet surveillance and other information compiled and used for “pre-crime” profiling, even when the data subjects have never been accused or suspected of any crime. All an agency has to do to opt-out is to publish a notice in the Federal Register that a particular system of records has been declared exempt by the agency that maintains the records. An agency can wait to promulgate such a notice until after it receives a request for access to records, a request for an accounting of disclosures, or a request for correction of records.

Feb 24 2016

The real state of compliance with the REAL-ID Act

[As of February 2016, only the 4 states colored green on the map above are compliant with the REAL-ID Act. Map courtesy of Clerus Solutions, contractor for S2S.]

How many states have actually complied with the REAL-ID Act of 2005? Only four out of fifty-six states and US territories, we’ve recently learned.

The US Department of Homeland Security is trying hard to convince reluctant state governments that resistance to the REAL-ID Act is futile, because most of the other states and US territories have already complied or agreed to do so.

A DHS map shows only five “noncompliant” states that are the target of current DHS threats, while the DHS list of the Current Status of States/Territories alleges that 22 states and the District of Columbia “are compliant with the REAL ID Act.”

Are any of these DHS claims true? No.

The REAL-ID Act requires any state or territory that wants to issue driver’s licenses or state ID cards acceptable for “Federal purposes” to, “Provide electronic access to all other States to information contained in the motor vehicle database of the State.” A state that does not give other states full access to its database of drivers and ID cardholders is not “compliant” with the Federal law.

As we’ve previously reported, the only system currently available (or likely to be made available, given the cost and complexity of developing an alternative) for states to make their driver’s license and ID databases accessible to other states is the S2S system operated by the AAMVA. This included the SPEXS “pointer” database — the centrally-located national ID database the DHS keeps claiming doesn’t exist — with information about all REAL-ID compliant licenses, ID cards, drivers, and cardholders.

How many states actually participate in S2S and SPEXS? Unable to find any published information about this, we asked Chrissy Nizer (Maryland’s Motor Vehicle Administrator) and Nancy Carlson (Senior Business Analyst for Clerus Solutions, the prime contractor to AAMVA for the development of the S2S and SPEXS system), who were until recently identified publicly as points of contact for S2S and SPEXS.

In response to our last blog post about REAL-ID, which included diagrams and the list of the fields in the national REAL-ID database from the SPEXS specifications, AAMVA moved the SPEXS specifications and the entire “State-to-State” section of its website behind a login firewall. AAMVA also blocked the S2S software download directory of their website from Web crawlers.

But we did, somewhat to our surprise, eventually receive a polite response from Ms. Carlson, providing us with the S2S status map at the top of this article and some additional information about the national “pointer” database. To quote Ms. Carlson:

In August 2015, Wisconsin was the first state to participate in S2S. North Dakota joined in November 2015. Maryland joined in early February 2016 and Indiana joined in February 2016. We have a total of 15 states that have signed Letters of Intent to participate in S2S. All 15 pilot states plan to implement the service by December of 2016.

The map [above] shows the current status of the states with respect to S2S.

The S2S pointer index is operated by the American Association of Motor Vehicle Administrators (AAMVA) at a datacenter located in Virginia. AAMVA is providing these services under contract to the Mississippi Department of Public Safety (MSDPS).

States and territories that aren’t compliant with the REAL-ID Act are in good company, and should stand firm. Fifty-two of the total of 56 states, US territories, and the District of Columbia are not yet making their state databases available to other states, as will eventually be required if they choose to comply.

Feb 23 2016

US border guards have root access to all Amtrak domestic reservations

The latest installment in Amtrak’s response to one of our FOIA requests confirms our suspicion that Amtrak has given US Customs and Border Protection (CBP) access to all Amtrak reservations including those for purely domestic passengers and trains — but in an additional and harder-to-track manner than we had previously been aware of.

In October 2014, we asked Amtrak for its records related to data-sharing and other collaboration with the Department of Homeland Security (DHS) and other US and foreign law enforcement agencies. Amtrak is still in the process of searching for and censoring responsive records, more than a year after the legal deadline for its full response. In the mean time, however, Amtrak has been providing intermittent “interim” responses, which we’ve been analyzing and reporting on as we receive them. Because Amtrak is a Federal government entity subject to FOIA, unlike commercial airlines or bus lines, we’ve been able; to find out much more about Amtrak collaboration with DHS and other law enforcement agencies than about the parallel practices of private transportation carriers.

We’ve learned that Amtrak’s own police — who are commissioned by individual states, but have unusual multi-state jurisdiction — have root access to Amtrak’s “ARROW” computerized reservation system, and even a special “Police GUI” (graphical user interface) to mine passenger reservations for police purposes.

We’ve also learned about Amtrak’s transmission to DHS of information about all passengers on Amtrak trains that cross the US-Canada border.

What we didn’t know, until the latest interim release of Amtrak documents this month, was whether DHS or any other Federal police agency also has access to complete reservation details for the much larger number of passengers on domestic Amtrak trains within the US.

Now we know: Agents of US Customs and Border Protection (CBP) have the same access to all Amtrak reservations as Amtrak onboard train conductors, in such a way that their access evades ever being logged or associated with CBP, but appears to Arrow and Amtrak as though it was carried out by Amtrak staff.

It works like this:

Papers, Please!

The Identity Project