Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Jun 23 2015

Supreme Court finds L.A. hotel guest surveillance law unconstitutional

The Supreme Court has found unconstitutional on its face a Los Angeles ordinance requiring operators of hotels and motels to demand specified personal information from and about each guest and their behavior (date and time of arrival and departure, license plate number of the vehicle in which they arrived, etc.), log this travel metadata, and make this log (“guest register”) available for warrantless, suspicionless inspection by police at any time, under penalty of immediate arrest and imprisonment of the hotelier, without possibility of judicial review before complying with a demand for inspection.

The Supreme Court rejected the contention that hotels are so instrinsically dangerous as to justify their treatment as a “closely regulated industry” subject to inspection (i.e. search) without probable cause: “[N]othing inherent in the operation of hotels poses a clear and significant risk to the public welfare.”  By implication, this is a significant rebuff to post-9/11 (and pre-9/11) arguments that travel or travelers are per se suspicious, and to claims that there is or should be some sort of travel (or travel industry) exception to the Fourth Amendment.

And lest anyone be tempted to say that travel services providers with legally-imposed duties to accommodate the public are somehow different when it comes to the applicability of the Fourth Amendment, the Supreme Court also found that, “laws obligating inns to provide suitable lodging to all paying guests are not the same as laws subjecting inns to warrantless searches.”  The same logic, of course, would appear to apply to common carriers, who are obligated by law to provide transportation to all paying passengers.

The ruling by the Supreme Court in Los Angeles v. Patel upholds an en banc decision last year by the 9th Circuit Court of Appeals in a lawsuit first brought seven years ago by hotel owners Naranjibhai Patel and Ramilaben Patel and by the Los Angeles Lodging Association, an association of Indian-American proprietors of the sort of budget hotels that might, if allowed to do so by the government, provide accommodations of last resort to people without government-issued ID credentials who would otherwise have to sleep on the streets or under bridges.

We again commend Messrs. Patel and the LA Lodging Association for doing the right thing and standing up for their customers, even as small business owners highly vulnerable to police harassment and retaliation for questioning authority.

The Supreme Court ruling addresses only the rights of hotel owners, not those of hotel guests, and does noting in itself to establish a right to obtain lodging without having or showing government-issued permission papers. Nor does it address the requirement for hotels to monitor and log their guests’ identities and activities — only the requirement to make those logs available to the government without any possibility of prior judicial review of government demands for access.

As others have noted, and as we discussed in relation to the 9th Circuit’s decision and the Supreme Court’s decision to review it, much of the logic of this decision is equally applicable to other dragnet travel surveillance schemes involving compelled compilation, retention, and government access to travel metadata held by third parties (in this case, hotels) rather than by travelers themselves.

But as we have also noted before, this remains the only case we are aware of in which any of those travel companies — not just hotels but also airlines and other types of travel companies– have gone to court to challenge government demands for information about their customers.

Especially in light of this decision by the Supreme Court, it should be apparent that there’s an Achilles heel for the government to the “third-party” doctrine that individuals have no standing to challenge government demands for information  provided to and held by third parties, because that information is owned by those third parties and not by the individuals to whom it pertains:  As this case makes clear, those third parties — not just hotels but also airlines and others — do have standing to challenge these demands, and have a good chance of success if they persevere.

The shame is on larger travel companies with deeper pockets for going along with government surveillance of their customers and guests without question, and leaving it to highly vulnerable small businesses with fewer resources to challenge this dragnet travel surveillance scheme.

In the wake of the Supreme Court’s decision in L.A. vs. Patel, there’s more reason than ever for travelers to demand that all travel companies make public, contractually binding commitments, in their tariffs or terms of service, not to disclose information about their customers to the government without challenging those demands and without seeking to notify their customers of those demands.

Jun 22 2015

Will the REAL-ID Act deny you access to Federal facilities?

As we’ve noted in our previous commentaries on the REAL-ACT in this blog and in our recent presentation at the Cato Institute, there are two components to the threats against individual residents of “noncompliant” states (and territories and the District of Columbia) that are being used by the DHS to try to induce reluctant state governments to incorporate their state drivers license and ID databases to the distributed national REAL-ID database by connecting them to the contractor-operated REAL-ID hub:

  1. Threatened denial of common carrier airline transportation to individuals who present drivers licenses or other ID credentials issued by noncompliant states; and
  2. Threatened denial of access to (certain) Federal facilities to these individuals.

The first of these threats appears to be hollow. The TSA has consistently argued, when demands for ID from air travelers have been challenged in court, that no ID credentials at all are required to fly.

The TSA claims the right to subject any traveler to more intrusive search and interrogation, without probable cause, and may use this arbitrary power against residents of states that don’t comply with the REAL-ID Act. But the TSA appears to realize that it has no legal authority for outright denial of air travel to people who don’t have, or decline to carry or show to the TSA or its contractors, government-issued ID credentials, REAL-ID Act compliant or not.

With respect to its threat to deny access to Federal facilities, the DHS (in its usual fashion of rulemaking by press release) has posted an announcement on its website that this will be implemented in phases determined by the “Federal Security Level” (FSL) assigned to individual facilities.

But what are the facilities, if any, to which these levels have been assigned, and to which individuals with ID from noncompliant states will therefore be denied access? We’ve filed a series of Freedom of Information Act requests to find out.

The responses to our FOIA requests suggest that this prong of the REAL-ID Act enforcement cattle prod is, to mix metaphors, a paper tiger. We’ve been unable to find any Federal facility to which such an FSL has actually been assigned.

Read More

Jun 21 2015

More on Amtrak passenger data requirements

Amtrak has released a third batch of records (1st interim response, 2nd interim response) in response to our Freedom of Information Act (FOIA) request for information about Amtrak’s collection and “sharing” with the US and Canadian governments of information about Amtrak travelers on international routes between the US and Canada:

  1. Amtrak-FOIA-29OCT2014-signed.pdf (note that this file is actually in .doc format, and is not a copy of our request, as the filename might imply, but a collection of responsive records)
  2. date of birthAM.doc
  3. Function summary.doc
  4. IDPFOIARequest.pdf (another collection of responsive records, beginning with a list of all of Amtrak’s cross-border routes including both trains and Amtrak feeder buses)
  5. Regression User testing 9222305 (4).doc
  6. TheIdentityProject_InterimResponse3.pdf (cover letter from Amtrak’s FOIA office accompanying the interim response)
  7. wspBORDER.doc

The files with “.doc” filenames all appear to be from Amtrak’s IT department, and relate to the implementation by Amtrak of requirements for inclusion of passenger ID data desired by the US government in each Amtrak reservation for travel across the US-Canada border. As we have noted previously, this “requirement” was imposed internally and “voluntarily” by Amtrak, and was not a requirement of any law, regulation, or order from any other US or Canadian government agency.  It remains unclear from the records released to date whether anyone in Amtrak’s IT department was aware that this was solely an Amtrak requirement and not an externally imposed obligation.

According to these records, Amtrak began requiring a date of birth in the reservation, before a ticket could be issued, for each passenger on any international route, including infant passengers, beginning in November or December of 2000. (There are some inconsistencies in the dates in different records.)  Beginning in July or August 2005, Amtrak began also requiring a nationality and passport or other ID number in each such reservation, as part of Amtrak’s “voluntary” participation in the DHS “Advanced Passenger Information System” (APIS) also used by airlines.

These records include the formats used by Amtrak sales agents working directly in Amtrak’s own “ARROW” reservation system, as well as the formats used by travel agents making Amtrak reservations through each of the four major CRSs/GDSs: Amadeus, Galileo, Sabre, and Worldspan.  Amtrak’s software testing staff noted the complexity of these formats (which is indicative of how burdensome they are for the travel agents who have to learn and use them) and the likelihood of errors by travel agents. The Amtrak records include information provided to travel agents and travelers, describing these “requirements” but giving no clue that these requirements were voluntarily self-imposed by Amtrak itself.

The files linked above are posted here exactly as we received them by email from Amtrak’s FOIA office. The filenames are not indicative of the actual file contents, and some of the filename extensions don’t correspond to the file formats. One of the “.pdf” files, for example, is actually in MS-Word “.doc” format (also readable in Libre Office among other programs) rather than in PDF format.

We requested that all records found in digital form be released as bitwise copies of the files as found in Amtrak’s filesystems, but some of the files we received appear to be derivative, modified versions of copies of the original files, in some cases in completely different formats.

Most of the the records responsive to our request that we believe are likely to exist have not yet been released. Amtrak is continuing to process our request, and we expect further responses.

Jun 16 2015

US again takes people off “no-fly” list to try to evade judicial review

Four days before a Federal judge was scheduled to hear arguments in a lawsuit brought by four Muslim US citizens who were placed on the US government’s “no-fly” list to try to pressure them into becoming informants for the FBI, the government has notified the plaintiffs in the case that all of them have been removed from the no-fly list.

The plaintiffs in Tanvir v. Lynch are continuing to press their claims, as are other US citizens challenging their placement on the no-fly list in retaliation for declining to inform on their friends, families, communities, and fellow worshippers.  But we expect that, as has been its pattern, the government defendants will now try to get the case dismissed as “moot“.

So far as we know, every other instance in which the US government has told anyone whether or not they are or were on the no-fly list, or that they have been removed from that list, has come after the victims of these no-fly orders have challenged them in Federal court.

Either (1) the government never had any reason to think any of these people posed a threat to aviation, but never bothered to assess the basis, if any, for belief that they posed such a threat until faced with the imminent need to defend their blacklisting to a Federal judge. Or (2) the government genuinely (although mistakenly and without any adequate basis) believed that they posed a threat, but saw the possibility of judicial review of no-fly decisions as a greater threat to the standard operating procedures of the TSA, DHS, and FBI. Or (3) both of the above.

We’ll take Door Number 3, if you please.

Jun 12 2015

If your travel history is “suspicious”, is that cause for search?

If the file about you the DHS has compiled from airline reservations, license-plate readers, and other travel surveillance data sources is deemed “suspicious”, does that constitute probable cause for a search of your home and business or seizure of your possessions?

That question has arisen in  the case of Albuquerque antique gun collector and dealer Bob Adams, argued in May 2015 and currently awaiting a decision by the 10th Circuit Court of Appeals in Denver.

On January 23, 2013, Mr. Adams’ home and business was raided by a SWAT team including DHS and other Federal and state agencies.  Various of his possessions, including his collection and inventory of firearms, were seized, damaged, and/or destroyed in the raid. On November 4, 2013, after Mr. Adams had filed suit to recover his property, he was indicted for various technical violations of Federal laws relating to firearms imports and dealer licensing and reporting.

Both the search warrant and the indictment were based, in part, on allegations by Federal law enforcement officers regarding the records of Mr. Adams’ international travel history in the DHS Automated Targeting System (ATS). In an affidavit supporting the application to a Federal magistrate for the search of Mr. Adams’ home and business, “Special Agent” Frank Ortiz of the New Mexico Attorney General’s Office claimed that ATS records showed that Mr. Adams had repeatedly flown to Canada without having return flight reservations to the US, and had subsequently re-entered the US as a passenger in a private car.  This, agent Ortiz opined (based on his purported “expertise” in interpreting such data) was evidence of a pattern of suspicious behaviour characteristic of Mr. Adams’ alleged modus operandi for unlawful firearms imports.

(There’s a long but generally undisclosed history of airlines “voluntarily” giving police access, without warrants, to PNR data, and of police using it as the basis for interrogations and searches.)

The Federal judge to which the criminal case against Mr. Adams was assigned first upheld the search warrant but then, on reconsideration, ordered all the evidence obtained from the search suppressed, on the basis of other materially false statements, made in apparent bad faith, in Agent Ortiz’s affidavit. The government, which would have no case against Mr. Adams without that evidence, has appealed that ruling to the 10th Circuit Court of Appeals.

The ruling by the District Court, the arguments to the Court of Appeals, and most of the publicity about the case have focused on questions related to firearms.  But what concerns us are the issues related to ATS and its use as a surveillance and suspicion-generating system.

First, ATS data is neither accurate nor complete, and should not be relied on. For example, even experts may be unable to tell, from a particular PNR, whether or not it corresponds to actual travel or issuance of a ticket. (Mr. Adams says some of the DHS records of flights he allegedly took to Canada don’t correspond to flights he actually took, which is an inevitable consequence of the DHS orders to airlines to transmit copies to DHS of all reservations for such flights, including reservations that were unticketed and/or cancelled.) And license plate readers and the associated optical character recognition systems are, of course, subject to an unknown but substantial percentage of errors. (Mr. Adams says he has never traveled in some of the private vehicles in which ATS records that he crossed the US-Canada border.) Most importantly, the DHS has itself exempted ATS from the requirements of the Privacy Act for accuracy and completeness, on the basis of a claim that it is necessary to include inaccurate and incomplete data. Having done so, the government should be “estopped” from suggesting that any court or jury rely on this data.

Second, if the purpose of the ATS dragnet of warantless, suspicionless travel surveillance is to develop or support suspicions of criminal activity, that is a general law-enforcement purpose that goes far beyond the scope of permissible administrative searches or seizures of personal information incident to air travel or for purposes of aviation security.

Third, the evidence presented to the court in support of the application for a search warrant, to the grand jury in support of the indictment, and to Mr. Adams as part of pre-trial discovery, appears to have included only excerpts from TECS records (entry/exit logs which are one of the components of ATS), but not the complete TECS records, and none of the Passenger Name Record (PNR) data also included in ATS.  Full TECS records would include indications of the source of the data, and PNRs might well have made clear whether airline reservations had actually been ticketed and used, or had been cancelled as Mr. Adams claims.

It seems likely that the complete contents of the ATS records about Mr. Adams’ travel, including full TECS records and all PNR data, constituted potentially exculpatory evidence known to, and in the possession of, the government, which it was required to disclose to the defense pursuant to the decision of the Supreme Court in Brady v. Maryland.

More generally, it would seem that a complete ATS file for any involved individual, including complete TECS and PNR data, would constitute potentially exculpatory evidence in virtually any prosecution in which international travel might be relevant: smuggling, facilitating unlawful immigration, etc. It would be almost impossible for the government to know in which cases such data might support an alibi, support or undermine the credibility of a witness, or support or refute some other testimony or claim. If the government doesn’t proactively produce this material (as it is required to do), defense attorneys should object to this as a violation of the Brady doctrine, and/or specifically include it in routine discovery motions.  (We are available to assist defense counsel in interpreting such disclosures, and/or in explaining to courts how they could be exculpatory.)

Having carried out this extensive (although unreliable) surveillance of travelers, DHS appears to be using it selectively, introducing only those excerpts, in those cases, which it thinks it can spin as suspicious — and not mentioning other portions of these files that might refute these or other government allegations.  We wonder how many other criminal prosecutions this has tainted.

Jun 02 2015

TSA statements to court reviewing interrogations of travelers

In a filing with the Court of Appeals reviewing a TSA mandate for airlines to interogate passengers on international flights before allowing them to board, the TSA has directly contradicted previous explicit written statements by an official TSA spokesperson as to whether passengers are required by the TSA to answer questions from airline staff about their travel purposes as a condition of being allowed to fly.

Equally if not more disturbingly, the TSA also claimed in the same filing with the 11th Circuit Court of Appeals that an airline licensed by the US government to operate as a common carrier has “independent discretion to deny boarding to any passenger about whom they have a concern.”

In an email message in January of this year to “professional troublemaker” and frequent traveler Jonathan Corbett, the TSA “Office of Global Strategic Communicationsa Desk” said:

American Airlines is required to conduct a security interview with passengers prior to departure to the United States from an overseas last point of departure airport. If a passenger declines the security interview, American Airlines will deny the passenger boarding. The contents of the security program and the security interview are considered Sensitive Security Information (SSI).

But when Mr. Corbett petitioned the 11th Circuit Court of Appeals to review the TSA’s secret orders to airlines containing this mandate, the TSA filed the following statement with the court:

Interviews are … intended only to determine screening protocols before a passenger may fly. TSA does not direct U.S. aircraft operators to refuse to carry a passenger who declines participation in the interview process.

This isn’t the first time the TSA has told Federal judges that official TSA notices and public statements about what air travelers are “required” to do, as a condition of being “allowed” to exercise our right to travel, are false.

In 2006, the TSA told the 9th Circuit Court of Appeals panel reviewing the requirement for air travelers to show government-issued ID credentials in Gilmore v. Gonzalez that there is no such TSA requirement in the secret TSA security directives to airlines, despite notices still posted at TSA checkpoints (and, at the time, on the TSA website) that passengers are required to show ID. Most people who are unable and/or unwilling to show ID are allowed to fly, although some aren’t. There are no rules or publicly-disclosed criteria for who the TSA does or does not allow to fly.  The TSA’s orders to the airlines, and the airline policies approved by the TSA, are secret.

At a minimum, the TSA’s repeated disavowals in court of what it has publicly claimed or implied are TSA requirements mean that travelers cannot resoanably be expected to believe or rely on those official but not legally beinding TSA statements, and have good cause to demand that TSA explicitly state whether anything they ask is a legally-binding TSA “order”, a request, or an airline or or other private demand not mandated by the TSA. Noncompliance with requests not explicitly identified by TSA staff as TSA orders cannot reasonably construed as interference with, or refusal to submit to, TSA requirements.

The only way to reconcile the TSA’s statement to the court that “TSA does not direct U.S. aircraft operators to refuse to carry a passenger who declines participation in the interview process” with the agency’s previous statement to the public that, “If a passenger declines the security interview, American Airlines will deny the passenger boarding,” is that the airline — on its own initiative and inidepndently of the TSA-mandated and TSA-approved “security program” — has committed to the TSA that it will deny boarding to anyone whoi declines to answer the airline’s questions about their travels.

That possible interpretation is supported by the TSA’s further statement to the Court of Appeals:

While … carriers retain their independent discretion to deny boarding to any passenger about whom they have a concern, whether as a result of an interview or otherwise, that outcome is not dictated by the international security interview program.

The problems with this — aside from the TSA’s misleading statements to the public about the source of this “requirement” — are that an airline, by law, has no such discretion, and that the TSA is required by law (49 USC § 40101) to “consider … the public right of freedom of transit through the navigable airspace” in carrying out its responsibilities including approving airline policies.

The duty of the TSA, if it becomes aware of an airline policy or practice to exercise such unlawful “discretion” or claim the “right to refuse service”, is to disapprove the policy or practice. If an airline persists in such a practice, the duty of the TSA is to order the airline to discontinue to the practice or, if that is outside the TSA’s jurisdiction, to refer the airline to the Department of Transportation for the imposition of sanctions, which ultimately could include the revocation of the airline’s certification from the DOT to operate as a common carrier.

It’s bad enough that airlines are trying unilaterally to abrogate their responsibilities as common carriers. It’s far worse that the government is acquiescing in, much less encouraging, such practices.

May 18 2015

DHS still playing politics with FOIA requests

The latest response to one of our Freedom of Information Act (FOIA) requests confirms our suspicion that despite sworn testimony to the contrary to Congress by the DHS Chief FOIA Officer, the DHS has resumed, or never abandoned, its illegal practice of political interference and specially disfavored and delayed treatment of FOIA requests from journalists and activist organizations — including the Identity Project.

In 2005, the Associated Press discovered from the response to one of its FOIA requests for FOIA processing records that the DHS Chief FOIA Officer had ordered FOIA officers for the DHS headquarters and all DHS components (TSA, CBP, etc.) to flag all “significant” FOIA requests for special handling. “Significant” FOIA requests were to include, inter alia, any request on a controversial topic; likely to generate news coverage; or from a journalist, news organization, or activist organization (those terms being undefined in the order).

All planned actions on “significant” FOIA requests (acknowledgments of receipt, releases of responsive records, appeals, litigation, etc.) were to be reported in advance to the DHS “front office” for inclusion in a weekly report to the DHS White House liaison.  Crucially, both the general order and the memos accompanying the weekly reports when they were circulated to all DHS and component FOIA officers explicitly forbade the release of any records or any other response to a “significant” request without the express prior approval of the DHS “front office”.

Questioned about this before a Congressional oversight committee during the ensuing scandal, DHS Chief FOIA Officer Mary Ellen Callahan swore that these orders didn’t really mean what they appeared to say. This was merely an “awareness” or “notification” system, not really an approval system, Chief FOIA Officer Callahan claimed:

[T]o my knowledge, no information deemed releasable by the FOIA Office or the Office of the General Counsel has at any point been withheld.

The Chief FOIA Officer told Congress, under oath,  that the “notification” period had been reduced from indefinite to one day, and the default after one day, in the absence of “front office” action, had been changed from continued indefinite withholding to release of the response:

In fact, we continue to improve the system; DHS has now moved to a one-day awareness review for significant FOIA responses…. Significant FOIA releases are uploaded into a SharePoint system for a limited awareness review period – now one business day – and then automatically released by the relevant component FOIA office back to the requester.

But had anything really changed?  We got an answer last week, as we were attempting to find out when we should expect a response to one of our requests for information about the “Federal Security Level” (FSL) that determines the date of applicability of certain REAL-ID Act rules for access to Federal facilities.

We requested information about what, if any, FSL has been assigned to each of a sampling of Federal facilities in the San Francisco Bay Area, including symbolic targets and critical infrastructure (the Golden Gate and Bay Bridges), Federal courthouses and office buildings, and more. We’ll be publishing those responses, and our analysis of them, in a future article.

At its mid-point, the San Francisco-Oakland Bay Bridge passes (in a tunnel between the east and west high-level spans) through Yerba Buena Island, a Federal reservation which constitutes the US Coast Guard Station San Francisco. We asked for records about the FSL for Station San Francisco, including the Bay Bridge, and about the FSL for the (former?) NSA listening post at Two Rock Ranch in Sonoma County, which operates as USCG Training Center (“TRACEN”) Petaluma.

The Coast Guard is a partially military, partially civilian component of both the DHS and the Department of Defense. The DoD also has special rules for “significant” FOIA requests, but they are quite explicitly a notification system, not an approval system like the (former?) DHS system.  In any case, it appears that the Coast Guard generally processes FOIA requests in its civilian, DHS capacity.

Our request was submitted to USCG headquarters, but after some run-around was referred to local USCG FOIA Officers in San Francisco and Petaluma for their separate responses directly to us. So far, so good. We had several cordial conversations with Mr. Kevin Fong, the FOIA Officer for USCG Sector San Francisco. So far as we could tell, he seemed to be making a sincere effort to identify any records responsive to our request.

The week before last, Mr. Fong told us that he had been unable to identify any responsive records (which would seem to indicate that the Bay Bridge had never been assigned an FSL).  Mr. Fong said that he would be sending us formal notice of his failure to find any responsive records.

Since no responsive records had been found, there were no legal or interpretive issues that might have required higher-level consultation or decision-making regarding whether any of those records might be exempt from disclosure. No further “processing” of records was required, since there were no records to process. The statutory deadline for the Coast Guard’s response to our FOIA request had long since passed, and a response could and should have been provided immediately.

Instead, we got radio silence for another week. When we called Mr. Fong at the end of last week to find out what was holding up his response, he told us that our request had been designated as “significant”. No surprise there. We’re an educational and activist organization that takes an interest in controversial and newsworthy topics. So far as we know, all of our requests are designated as “significant” and included in the weekly reports to the DHS White House liaison.

Mr. Fong continued, however, that because our request was “significant” he had been required to submit his proposed response to national headquarters (whether of the USCG or of DHS wasn’t clear), and had been forbidden to provide his formal written response until he received approval from headquarters.  He had been waiting a week for that approval.

Assuming what Mr. Fong told us is true, this is exactly the practice that the DHS Chief FOIA Officer swore under oath before Congress had been ended five years ago.

We’ve called the attention both of Mr. Fong and of the USCG headquarters FOIA office to the discrepancy between the way our current request is being handled and the previous DHS claims about the alleged reform of the process for “significant” FOIA requests.

DHS responses to others of our pending FOIA requests may be similarly blocked, but we can’t tell for sure. An otherwise-complete response to another of our FOIA requests, two years overdue, is also being held up pending “final review”. For this request, however — unlike the request referred to the Coast Guard discussed above — we don’t know whether the review that is delaying the response the additional review and approval by the DHS “front office” required because =our request was deemed “significant”, or some other review.

We’re still waiting for any comment, or any official response to our original FOIA request.

May 01 2015

“Secondary inspection” used as pretext for airport drug searches

Air travelers are expected to identify themselves truthfully to law enforcement officers and “screening” personnel at checkpoints and in “secure” areas of airports. But the reverse isn’t true, apparently, for the police and other personnel carrying out airport “screening”.

Members of drug interdiction “Task Force Groups” (TFGs) comprised of state and local police and agents of the federal Drug Enforcement Agency (DEA) have been representing themselves to air travelers in “secure” areas of airports (beyond the TSA checkpoints) as conducting “secondary inspections”. In fact, these TFGs were conducting warrantless, suspicionless searches for illegal drugs that can be seized and generate forfeiture revenue for the agencies participating in the TFGs.

When these searches were reported (sometimes no records were kept), they were represented as having been “consensual”, even though the use of the term, “secondary inspection” could reasonably have been interpreted by travelers as implying that the TFG members were conducting airport security “screening” to which travelers were required to submit. Similar misrepresentations may have been made at train and bus stations and other transportation facilities where TFGs operate as part of the DEA’s “Jetway” drug interdiction program.

The misrepresentations by DEA agents and other law enforcement officers were revealed in a report by the DEA Office of Inspector General (OIG), which has the role within the DEA that an “internal affairs” office might play in a local police department.

Read More

Apr 28 2015

Toll payment devices used to track vehicles on toll-free roads

Public records obtained by the ACLU from New York City and State agencies have confirmed the extensive use of RFID readers to track RFID toll payment devices on streets and roads where there are no tolls.

The ACLU’s report on the responses to its public records requests speaks for itself, but raises more questions about where else, by which government agencies, and for what purposes motor vehicle movements are being tracked, and whether vehicles without these RFID toll payment devices are also being tracked.

In New York, toll-tag RFID readers were systematically deployed on toll-free city streets for traffic monitoring. By logging the time and a unique vehicle identifier (broadcast by the RFID toll tag) for each vehicle passing each set of sensors, the system can calculate the most recent travel times between any tow sets of sensors.  That’s what’s used (at least in New York City) to generate the travel times displayed on road signs, and for other traffic management and traffic signal control optimization purposes.

The problem is that measuring the time required for an individual vehicle to travel between any two points in the road network requires uniquely identifying each vehicle and logging the time it passes each sensor.  It’s unclear from the documents obtained by the ACLU how long these logs are retained, to whom they are accessible, or how they are used.

The E-ZPass toll tags used in New York and other states in the Northeast and Midwest use the same long-range RFID technology, with the same potential for surveillance use, as FasTrak in California, SunPass in Florida, and RFID toll payment systems in many other states including (we are not making this up) Freedom Pass for toll roads in Alabama.

The RFID transponders in these toll payment devices are designed, of course, to be read from above or alongside the road, even when the device is inside the vehicle.  These RFID transponders are promiscuous: they will respond with their unique ID number to a query from any RFID reader.  In general, no license, permit, or consent is required to operate an RFID reader.  Anyone can legally buy an off-the-shelf RFID reader, install it wherever they want — near a road, or in a vehicle — and start logging the time, location, and unique ID of each toll tag that comes within range. They can use or sell these logs without restriction.

Most motorists, of course, have no idea how the travel times on highway signs are estimated, and these vary from place to place. The state of Washington, for example, has experimented with a homebrewed system for tracking vehicles through the unique MAC addresses broadcast by in-vehicle Bluetooth systems.

Most toll-collection agencies provide foil bags in which RFID toll tags can be kept when they aren’t in use. But it’s a nuisance at best, and potentially dangerous for someone driving alone, to remove the toll tag from the foil bag while driving, and replace it in the bag after passing each toll payment point. Most people leave these ID-broadcasting devices permanently mounted and exposed on the sun visor, windshield, or dashboard of their vehicle.

What about those motorists who don’t carry these RFID-based toll payment and tracking devices in their vehicles?  Many toll roads are moving to “all electronic tolling” (AET) in order to eliminate toll booths and any possibility of on-the-spot payment of tolls.  At least as currently being deployed in the US, most if not all of these AET systems use automated license plate readers in each lane to identify each motor vehicle without an RFID toll payment device. A bill for the toll is then mailed to the registered owner of the vehicle.  One way or another, either by RFID tag serial number or license plate number, every vehicle is uniquely identified and the time, location, and direction of its passage is logged by the toll agency or its contractors.  These all electronic tolling and vehicle tracking systems are already in use on bridges, tunnels, and toll roads from the Mystic/Tobin Bridge in Boston to the Golden Gate Bridge in San Francisco.

License plate readers are increasingly widely deployed, but RFID readers are a cheaper and more versatile technology for vehicle tracking than LPRs, at least at present.  A separate, properly positioned LPR camera is typically required for each lane, and optical character recognition software is needed to extract license plate numbers from raw imagery.  A single, cheaper, RFID reader can cover multiple lanes, from a wider range of placement locations.

Vehicles without toll payment devices have other promiscuous RFID chips that broadcast unencrypted unique identifiers. New motor vehicles sold in the US are required to have automated tire pressure monitoring systems (TPMS), most of which rely on sensors and transponders attached to, or embedded in, new tires.  There are no legal controls on tracking or logging of vehicle movements by means of these tire tags, and no way for ordinary motorists to know when, where, or by whom their position has been recorded, who has logs of past vehicle movements, or how those logs might be used in the future. Similar (and similarly uncontrolled) but shorter-range unique-numbered RFID chips are used as stored-value transit fare payment devices in many major metropolitan areas, so even non-drivers are at risk of being covertly tracked.

Apr 24 2015

Feds pay $40K to settle claim for false arrest at airport

The US government has paid $40,000 as part of the settlement of a lawsuit by a traveler who was falsely arrested by Federal agents and local police when a Frontier Airlines flight she was on arrived at the Detroit airport in 2011, arrive, taken off the plane in handcuffs, locked in a cell for four hours, and strip searched (in a cell with a video camera).

All of this happened without probable cause for an arrest, before any attempt was made to question her, and before any attempt was made by any of the police, airline, airport, or TSA staff to determine whether there was any basis for any of their actions. No criminal or administrative charges were ever filed against her.

The traveler, Ms. Shoshana Hebshi, sued the Federal government, the airline, and named and unknown Federal law enforcement agents, TSA employees, and Wayne County Airport Authority police.

Ms. Hebshi’s lawsuit was dismissed earlier this week on the basis of a settlement, after the Federal judge hearing the case rejected the defendants’ claims of “qualified immunity” with respect to Ms. Hebshi’s complaints of both discrimination and false arrest. “There is no ‘suspected terrorist activity exception’ to the probable cause requirement of the Fourth Amendment,” the judge had ruled.

The details of the settlement were not included in court filings, but the ACLU, which represented Ms. Hebshi, disclosed the $40K payment by the Feds in a public statement about the settlement.

No specific Federal agency or individual took responsibility. The lawsuit named “the United States of America” as a defendant, rather than any specific Federal agency or agencies, and multiple Federal agencies (TSA, FBI, ICE, CBP, etc.) were named in the complaint as having been involved in mistreating Ms. Hebshi.  We don’t know whether others of the defendants (the airport, the airline, or any of the individual defendants) paid money to Ms. Hebshi as part of the settlement, in additional to the $40K from the US Treasury.

The dollar value of the settlement is obviously inadequate to deter similar misconduct by government, airline, and airport personnel in the future. But we are pleased by several aspects of the preliminary rulings by US District Court Judge Terrence G. Berg which led to the settlement.

First, Judge Berg was willing to let the case against the airline, airport, and Federal government, and their employees, go to trial. We’ve talked before about how difficult it can be to overcome claims of “qualified immunity” if the court’s sympathies lean toward the defendants in a case like this — or, to put it another way, how easy it is for  a judge to let government defendants and their private accomplices off the hook.

Read More