Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Mar 15 2017

Palantir, Peter Thiel, Big Data, and the DHS

San Francisco and Silicon Valley are among the centers of opposition to President Trump and his fascism, especially as it relates to restrictions on movement, border controls, immigration, and asylum.

Bay Area technology companies and their better-paid classes of employees like to think of themselves as building a better world that reflects the distinctive values that have attracted dreamers and futurists to this region  from across the country and around the world. But some of these companies are key developers and providers of “big data” tools for the opposite sort of “Brave New World“.

On Saturday, Edward Hasbrouck of the Identity Project was invited to speak to an ad hoc group of picketers outside the Pacific Heights mansion of Palantir Technologies founder and Trump supporter Peter Thiel (photo gallery from the SF Chronicle, video clip from KGO-TV; more photos from the East Bay Express).

As Anna Weiner reported in the New Yorker (“Why Protesters Gathered Outside Peter Thiel’s Mansion This Weekend“):

David Campos, a former member of the San Francisco board of supervisors, who emigrated from Guatemala, in 1985, stood on the brick stoop and raised a megaphone. “The reason we’re here is to call upon the people who are complicit in what Trump is trying to do,” he said. Clark echoed the sentiment. “If your company is complicit, it is time to fight that,” she said. Trauss, when it was her turn, addressed Thiel, wherever he was. “What happened to being a libertarian?” she asked. “What happened to freedom of movement for labor?”

Edward Hasbrouck, a consultant with the Identity Project, a civil-liberties group, took the stand, wearing a furry pink tiger-striped pussyhat. “The banality of evil today is the person sitting in a cubicle in San Francisco, or in Silicon Valley, building the tools of digital fascism that are being used by those in Washington,” he said. “We’ve been hearing back that there are a fair number of people at Palantir who are working really hard at convincing themselves that they’re not playing a role — they’re not the ones out on the street putting the cuffs on people. They’re not really responsible, even though they’re the ones who are building the technology that makes that possible.”

It’s easy to rationalize the creation of technological tools by saying that they can used for good as well as evil. But you can’t separate the work of tool-making from the ways those tools are being used. Palantir workers’ claims to “neutrality” resemble the claims made in defense of IBM and Polaroid and when they were making and selling “general purpose” computers, cameras, and ID-badge making machines to the South African government in the 1970s. None of this technology and equipment was inherently evil. But in South Africa, it was being used to administer the apartheid system of passbooks and permissions for travel, work, and residence.

The same goes for “big data” today. To understand what’s wrong with the work being done by Palantir for the US Department of Homeland Security, it’s necessary to look not just at what tools Palantir is building but at how and by whom they will be used; not just at the data tools but at the datasets to which they are applied, the algorithms they use, and the outcomes they are used to determine.

Read More

Mar 06 2017

Asylum seekers and the right to travel

“If you have a current valid visa to travel, we welcome you. But unregulated, unvetted travel is not a universal privilege.” (US Secretary of Homeland Security John Kelly, March 6, 2017)

Taking his words literally, Secretary Kelly got it half right. But fundamentally, he got it all wrong, in his statement today on the #MuslimBan 2.0 Executive Order signed today by President Trump. (Here’s a redlined comparison with the #MuslimBan 1.0 Executive Order which it replaces.)

Travel by asylum seekers isn’t a universal “privilege”. It’s a universal right.

Much can, and no doubt will, be said about other aspects of today’s Executive Order. Most of our comments on #MuslimBan 1.0 apply equally to #MuslimBan 2.0, which will continue to be enforced (illegally) primarily by airline and travel agency staff at ticket offices and check-in counters at foreign airports.

But as defenders of the right to travel and of the rights of refugees and asylum seekers, we want to make sure that Secretary Kelly’s denial of the existence of these rights doesn’t go unchallenged:

Read More

Feb 27 2017

What should you to do if you are asked for your password at a US airport or border?

Our work is cited in an article today by Kaveh Waddell in The Atlantic, “How Long Can Border Agents Keep Your Email Password? Some data gathered from travelers going through customs can stay in a Homeland Security database for 75 years.

The article in The Atlantic highlights several recent incidents in which international travelers have been asked or ordered to tell US Customs and Border Protection inspectors the passwords to their electronic devices and/or online accounts. As in many encounters with law enforcement officers or other government agents, the distinction between a request and a command at an airport or international border is often unclear.

In one of these incidents, a Canadian would-be visitor to the US provided CBP with the password to his phone, but balked at providing the password to his accounts with LGBT dating apps and websites. He forfeited his ticket, and left the US “preclearance” site at the airport in Vancouver without boarding his intended flight to the US. A month later, when he tried again to fly to the US, carrying the same phone with the password unchanged, he found that CBP had recorded his phone password in their permanent file about him in the CBP “TECS” lifetime international travel history database.

This sort of data collection and data retention is wrong, but it’s also routine and should be expected.

For more than a decade, since DHS first disclosed the existence of its “Automated Targeting System” database, we’ve been providing forms you can use to request the files about you from TECS and other government databases, helping travelers interpret the (redacted and incomplete) responses from CBP, and reporting on what we’ve seen in the responses and how these dossiers are used in pre-crime profiling and control of who is “allowed” to fly and how they treated when they fly.

We’ve sued to obtain our travel records from CBP and information about how these databases are mined and shared by CBP and other government agencies.

After ignoring our requests for three years, DHS exempted the system from most of the requirements of the Privacy Act, including limits on data retention, when the agency realized we were about to sue.

Any disclosure to us of the government’s permanent files about our travel is now a matter of “discretion”, not a right, if we are US citizens, and expressly forbidden by an Executive Order of President Trump for anyone other than US persons.  As we told The Atlantic:

“Any limits would have to be derived directly from the Constitution or international treaties, not from statutes or regulations,” said Edward Hasbrouck, a travel expert and consultant to The Identity Project. “I am not aware of any case law limiting retention of this sort of data.”

Here’s what our experience and our research confirms: CBP officers are not your friends, and their job is not to help you. They are law enforcement officers. Their job is to find evidence of violations of the law, and/or reasons to deny you entry to the US. Anything you say to them can be retained and used against you at any time in the future, just like anything you say to any other law enforcement officers. You should expect that anything you have with you, anything you say, and anything you do at an international border, airport, or CBP checkpoint can and will be recorded. That information can and will be retained by DHS for the rest of your life. You could be questioned about it in any future encounter with CBP or other law enforcement or government agents, even many years later, and have it used against you or anyone else in court at any time, perhaps in ways you could never anticipate.

We’ve seen all sorts of information — irrelevant, inappropriate, and potentially subject to derogatory interpretations or giving rise to guilt by association — in CBP travel dossiers. We’ve been questioned at a US border crossing, years later, about completely inconsequential and legal events at another airport years earlier, because those were being recorded in the TECS database even during primary screening on a routine entry to the US by a US citizen.

What can you do, and what should you do, if you are asked to tell CBP agents any of your passwords?

We agree with all the lawyers consulted by The Atlantic: US citizens should not voluntarily provide passwords to US border guards or inspectors at airports.

Read More

Feb 24 2017

“Border” search and ID demand from passengers on a domestic flight

Earlier this week at least two US Customs and Border Protection officers boarded a domestic Delta Air Lines flight from San Francisco when it arrived at JFK Airport in New York, stood at the doorway as passengers disembarked, and “requested” that each passenger hand over their identification “documents”.

CBP says that this was a “request“.  One passenger told Rolling Stone, “the Delta flight attendant alerted passengers, ‘You’ll need to show your papers to agents waiting outside the door.'” As shown in photos posted to Twitter by passengers here and here, the agents appear to have been between the passengers they were questioning and the exit, closing them in so that they couldn’t have left.

It’s often unclear whether a statement of what law enforcement officers “need” is a request or a demand. Another passenger, a photo editor for Vice News,  says passengers were given an order, not a potentially ambiguous statement of “need”: “We were told we couldn’t disembark without showing our ‘documents.'”

Many air travelers in the US have become inured to requests or demands for ID documents by airline clerks and TSA checkpoint staff and contractors before they are allowed to board domestic flights. But the presence of Customs and Border Protection officers on a domestic flight, and ID checks after an otherwise uneventful flight, have prompted many questions.

Is this normal? Is this legal? Should it be legal? And what should you do if this happens to you?

Read More

Feb 21 2017

The right to record police anonymously

The 5th Circuit Court of Appeals has joined other Courts of Appeals in finding that the First Amendment protects the right to make audio and video recording of police activities in public places, including recording police officers and vehicles outside a police station  from a public sidewalk.

The Court also found that Texas Penal Code § 38.02, interpreted in light of the decision of the US Supreme Court in Hiibel v. Nevada, does not and could not Constitutionally authorize an arrest solely for refusal to identify oneself, in the absence of some predicate basis for legitimate suspicion of violation of some other law.

In the 5th Circuit, it is now clearly established law that you can record the police anonymously in public places, without fear of arrest unless there is probable cause to believe that you have violated some other law.

The ruling in  Turner v. Driver et al.  is the the second decision this month by different three-judge panels of the 5th Circuit interpreting the Constitutional limits on Texas ID law, as applied to people engaged in activities protected by the First Amendment in public places. An earlier decision upheld the right to anonymity for a protester standing along a highway (where the sidewalk would have been, if there had been a sidewalk) adjacent to the parking lot of a strip of businesses.

Read More

Feb 16 2017

Executive Orders, lawsuits, and the right to travel

[D]ue process requires… notice and a hearing prior to restricting an individual’s ability to travel.

(9th Circuit Court of Appeals, Order on Motion for Stay, February 9, 2017, State of Washington and State of Minnesota v. Trump)

President Trump’s Executive Orders prohibiting entry to the US by citizens of specified blacklisted countries and cutting off all Federal grants to designated “sanctuary jurisdictions” that decline to spend their local funds and direct their employees to enforce certain Federal immigration laws have prompted a wave of litigation by individuals and, significantly, by states and cities across the US.

We welcome the increased public interest in Federal government attempts to control the free movement of free people, the new activism on the issues of freedom to travel, and the new willingness of states and municipalities to challenge restrictions on their residents’ right to travel.

There’s been much discussion and analysis of the implications of these lawsuits for these specific Executive Orders. Relatively little attention has been paid, however, to the implications for litigation over other ongoing and emerging issues of freedom to travel of what is being said, and by whom, in the litigation over the recent Executive Orders.

Here are some of our thoughts, from the trenches of more than 15 years of legal and political struggle for the right to travel, on what these cases may portend:

Read More

Feb 15 2017

Searches at airports and US borders

President Trump’s Executive Order expanding the pre-existing and ongoing #MuslimBan from foreign airports to US points of entry, by forbidding entry to the US by citizens of specified blacklisted countries,  doesn’t say anything explicit about searches or interrogation of people entering or leaving the US.

But this Executive Order seems to have been interpreted by US Customs and Border Protection officers at US borders and international airports and at “preclearance” sites abroad as giving them a green light for intensified questioning and searches (“extreme vetting”) of  travelers including searches and demands for passwords to laptops, cellphones, and other digital devices.

In response to this wave of digital harassment and snooping at airports and borders, several news outlets, civil liberties organizations, and free press and journalists’ rights organizations have posted technical and legal advisories about how journalists and ordinary travelers can protect their data when they travel.

We welcome this attention to airport and border search law, and these efforts to educate travelers.

We want to add one potentially significant law that few travelers (or CBP officers or TSA checkpoint staff) are aware of, and that isn’t mentioned in any of the advice to travelers about airport and border searches that we’ve seen recently: The Privacy Protection Act of 1980.

We’ve written about the Privacy Protection Act several times before, especially in the context of border searches of activists and journalists. But the protection offered by this law isn’t limited to journalists. Here’s an unfortunately necessarily refresher on what this law means and what you can do to take advantage of it:

Read More

Feb 14 2017

The right to anonymous pedestrian travel and protest

In a victory for the right to anonymous pedestrian travel and protest, the 5th Circuit Court of Appeals has reinstated a civil rights lawsuit brought by a protester who was arrested while holding a sign alongside a road in Stafford, Texas (near Houston), and charged with violating  Texas Penal Code § 38.02:

Sec. 38.02.  FAILURE TO IDENTIFY.  (a)  A person commits an offense if he intentionally refuses to give his name, residence address, or date of birth to a peace officer who has lawfully arrested the person and requested the information.

The opinion of the 5th Circuit panel in Jonathan Davidson v. City of Stafford, et al. breaks no new ground, but it’s an important reminder to the public and to police of the right to protest, the right to walk the streets and highways, the right to do so anonymously — and the potential liability of police who abridge those rights.

State and local ID laws vary greatly, and it’s important to know the law in your jurisdiction. We reiterate the importance of knowing the law in your jurisdiction and seeking legal advice in advance (this blog is not legal advice) if you anticipate being questioned by police.

As we read this decision, however, the key lesson it reinforces is that laws  like Texas Penal Code § 38.02 which require people who are arrested to identify themselves can’t be used to bootstrap a general requirement for anyone on the street to identify themselves to police on demand. Such a law imposes an obligation to identify oneself only if there is probable cause for police to believe that some other law was violated.

Without some other lawful basis for an arrest, such an ID-if arrested law creates no obligation for a pedestrian or protester to identify herself to police.

Read More

Feb 01 2017

Carrier sanctions kill. Airlines collaborate.

[Sign carried by Dan Malashock at San Francisco International Airport, January 29, 2017. Photo by Ruth Radetsky.]

Since the start of our work against restrictions on freedom to fly, well before September 11, 2001, we’ve been wondering what further outrage it would take to provoke mass protests at airports, and when that would finally happen.

Now we know. Thousands of protesters (including at least one of President Trump’s fellow billionaires) filled international airports across the country for several days and nights starting last weekend, in reaction against President Trump’s executive order to detain and deport any arriving non-US citizen known to be a citizen (even a dual citizen) of one of seven publicly blacklisted Muslim-majority countries: Iraq, Iran, Libya, Somalia,  Syria, Sudan, and Yemen.

We’ve been talking about related issues for years. Now that they are out in the open, the question is what the outraged public will do, at whom the outrage will be directed, and how airlines — yes, airlines, and not just governments — will respond.

For what it’s worth, it’s unclear whether this executive order would apply to an asylum seeker who renounces their original citizenship in one of the blacklisted countries, even one who makes that renunciation at the check-in counter or in flight, and thereby arrives in the US stateless.  This may seem a far-fetched scenario, but it is common for stateless asylum seekers to use “invalid”, forged, or fraudulent documents to board flights, and then to destroy those documents in flight so as to arrive without papers. Deportation of any stateless person, and most of all a stateless asylum seeker, is especially problematic under international human rights law. But that’s the least of the problems with President Trump’s executive order.

Here are some key things we’ve learned from our work over the last 20 years that people — including those just now beginning to think about the right to fly, especially as it relates to immigrants, refugees, and asylum seekers — need to understand about what is happening, who is responsible, what will happen next, and what can be done:

Read More

Jan 29 2017

Trump repudiates agreement with EU on PNR data

In a panel discussion Wednesday at the Computers, Privacy, and Data Protection conference in Brussels, Edward Hasbrouck of the Identity Project pointed out that that both the so-called Privacy Shield and the EU-US agreement on transfers of Passenger Name Record (PNR) data from the European Union to the US government depend on non-treaty “promises”, “commitments”, “undertakings”, and executive orders by the Obama Administration.

These are not binding on President Trump, and there is no reason to expect Trump do anything just because Obama said he would do it.

Quite the contrary: President Trump has no intention of continuing many of President Obama’s policies, and every intention of reversing many of them — even if Trump continues others, such as mass surveillance, profiling of US citizens and foreigners, and reliance on executive orders to avoid the need for Congressional approval of his program, which Trump presumably will continue.

“As of this week, with Trump’s inauguration, the EU-US PNR agreement and Privacy Shield are dead letters. The only question is whether the Trump administration will officially renounce them, or whether it will simply ignore them,” Hasbrouck told the audience at CPDP.

The answer came just a few hours later the same day, when President Trump issued an executive order including the following:

Sec. 14.  Privacy Act.  Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.

The US recognized privacy as a human right when it ratified the International Covenant on Civil and Political Rights:

Article 17

1. No one shall be subjected to arbitrary or unlawful interference with his privacy, family, home or correspondence….

2. Everyone has the right to the protection of the law against such interference or attacks.

But as we have complained to the relevant UN treaty bodies, the US has flouted its obligations under this and other provisions of the ICCPR related to freedom of movement as a human right, and has provided no effective means of redress for these violations.

Instead, on this and other issues the US has acted as though there are no human rights, only privileges of US citizenship. President Trump’s executive order on privacy is only the latest official restatement of this longstanding and bipartisan US government position.

With this Presidential decree, the EU-US PNR agreement is dead.

The next question is when EU institutions will recognize this legal fact, and what they will do about it.

Read More