Aug 28 2015

In the wrong place at the wrong time? You might end up on the no-fly list.

If you exercise your right to travel, will the US government use your past travel as the basis for denying you the right to travel in the future?

Reading between the lines of the redacted public versions of recent filings in one of the ongoing legal challenges to US government no-fly orders, the answer appears to be, “Yes”.

Merely having visited the “wrong” place at the “wrong” time (as subsequently and secretly determined by the precogs who devise the government’s algorithms for predicting future terrorist behavior) can be sufficient to get you put on the no-fly list.

Did you visit Yemen in 2009? Now you might be on the no-fly list — for that reason, and maybe that alone.

Read More

Jul 27 2015

Laura Poitras sues DHS et al. for records of her airport detentions and searches

Documentary filmmaker Laura Poitras, represented by the Electronic Frontier Foundation, has filed a lawsuit under the Freedom of Information Act (FOIA) against the Department of Homeland Security (DHS), the Department of Justice (DHS), and the Office of the Director of National Intelligence (ODNI, which includes the NSA). The winner of an Oscar and a Pulitzer Prize for her independent journalism, Poitras is seeking the release of records kept by the government about her travels, and about why she has been detained for hours at a time, searched, and interrogated at airports whenever she entered or left the US.

We welcome Ms. Poitras’ lawsuit, and we wish her and EFF all success. But we’ve been down this road before, and the results aren’t encouraging:

  • In 2006, Ms. Julia Shearson, Executive Director of the Cleveland Chapter of the Council on American Islamic Relations (CAIR), filed suit pro se against the DHS under the Privacy Act, seeking disclosure of records about why she was detained at gunpoint at the US-Canada border and falsely labeled as a terrorist in government blacklists. Despite years of litigation, Ms. Shearson still hasn’t received any information about why or by whom she was blacklisted as a terrorist, or any confirmation that any of the blacklist entries about her have been corrected.
  • In 2008, Ms. Sophie In ‘t Veld, a Member of the European Parliament from the Netherlands, also represented by EFF, sued the DHS under FOIA for records about her travel from the DHS “Automated Targeting System” (ATS). Although Ms. In ‘t Veld eventually received some excerpts from the DHS dossier about her travels, the pre-crime “risk assessment” scores assigned to her each time she traveled to or from the US were redacted and withheld, as was all information about the algorithms and the information used as the basis for those scores.
  • In 2010, Mr. Edward Hasbrouck, an award-winning travel journalist and a consultant to the Identity Project, represented by our parent organization the First Amendment Project, sued the DHS under both the Privacy Act and FOIA, seeking disclosure of records about himself and his travels from ATS, including risk assessments and rules used for determining them, and information about ATS search and data-mining functionality. Like Ms. In ‘t Veld, Mr. Hasbrouck eventually received some excerpts from the ATS files about his travels, but with all information about risk assessments and risk assessment algorithms redacted and withheld.  While Mr. Hasbrouck’s requests were pending, DHS exempted ATS from all of the access and disclosure accounting requirements of the Privacy Act, and a US District Court judge upheld the retroactive application of those exemptions to unanswered requests that Mr. Hasbrouck had made three years previously.  The judge also upheld the withholding of all information about DHS data-mining capabilities for ATS travel records, without even looking at any of the requested records.
  • In 2011, Mr. David House, a computer programmer associated with the Chelsea Manning (then Bradley Manning) Support Network, represented by the ACLU of Massachusetts, sued the DHS for wrongly searching and seizing Mr. House’s electronic devices and data at the airport when he returned to the US from a vacation abroad.  As part of a settlement of the lawsuit, the government eventually turned over some records from its files about Mr. House and about how the government used its travel surveillance capabilities to target him for his work to publicize Ms. Manning’s case and raise funds for her legal defense.  The records released to Mr. House give a partial picture of how the DHS uses manually-created flags (“lookouts”) to target travelers, but still doesn’t give any information about the algorithms or data inputs used for automated pre-crime profiling and “risk assessment” scores.
  • In 2013, Messrs. C.J. Chivers and Mac William Bishop, two reporters for the New York Times represented by the Times’ in-house legal department, sued the DHS under both FOIA and the Privacy Act for records about why the two journalists were targeted for unusually intrusive searches and interrogations at airports while leaving and returning to the US on reporting assignments for the Times. The Times hasn’t (yet) reported on what, if any, records they have received in response to the lawsuit. We presume that means that the government has yet to disclose any significant new information about its targeting of journalists and their travels. [In response to the lawsuit, DHS did release redacted portions of its TECS and Automated Targeting System (ATS) files about the journalists, including PNR data. But the codes indicating profiling results and reasons for DHS actions as well as some entire pages of ATS records were redacted.]

We’ve been involved as plaintiffs, attorneys, or consultants to plaintiffs and their counsel in all but one of these cases, and we support continued litigation on these issues.

Harassment of journalists and political activists and interference with their right to travel are only part of a bigger picture. Government surveillance and control of travel is a threat to everyone’s rights.  It’s important for the government to disclose what it’s been doing, but it’s equally important to expunge the government’s travel metadata surveillance archives and end the government’s pre-crime profiling and permission-based controls on who it “allows” to travel by common carrier or public right-of-way.

Jul 06 2015

Expert critique of European travel surveillance and profiling plans

Independent legal experts commissioned by the Council of Europe (COE) to assess proposals for surveillance and profiling of air travellers throughout the European Union have returned a detailed and perceptive critique of the proposed EU directive on government access to, and use of, Passenger Name Record (PNR) data from airline reservations.

Before the revelations by Edward Snowden and other whistleblowers about dragnet surveillance of telephone and Internet communications, few people appreciated the nature of the threat to freedom posed by government acquisition and use of PNR data for dragnet travel surveillance.

The expert report to the Council of Europe marks a breakthrough in the “post-Snowden” understanding of the nature and significance of government demands for PNR data. The report reframes the PNR debate from being an issue of privacy and data protection to being part of a larger debate about suspicionless surveillance and pre-crime profiling. The report also focuses the attention of European citizens, travellers, and policy-makers on the decisions made (in whole or in part) on the basis of PNR data: decisions to subject travellers to search, interrogation, or the total denial of transportation (“no-fly” orders).

The report specifically cites the Kafkaesque case of Dr. Rahinah Ibrahim as an example of the way that decisions made on such a basis tend to evade judicial review or effective redress.

The PNR directive under consideration by the European Union would require each EU member to establish a Passenger Analysis Unit (PAU), if it doesn’t already have one. These PAUs would function as new national surveillance and pre-crime policing agencies. Each PAU would be required to obtain PNR data for all air travellers on flights subject to its jurisdiction, “analyze” this data (i.e. carry out algorithmic pre-crime profiling of air travellers using PNR data as one of its inputs) and share the raw PNR data with its counterparts throughout the EU.

The United Kingdom already has such a Passenger Analysis Unit. It’s not clear which, if any, other EU members already have such units, although staff of the US Department of Homeland Security, based in Germany and elsewhere in Europe, already perform similar functions as “advisors” making “recommendations” to their European counterparts regarding the treatment of European travellers, based on US profiling of PNRs and other travel history and surveillance data.

The COE expert report on Passenger Name Records, Data Mining & Data Protection was commissioned by the COE Directorate General Human Rights and Rule of Law, and prepared by Douwe Korff (Emeritus Professor of International Law at London Metropolitan University, Associate at the Oxford Martin School of the University of Oxford, and currently Visiting Fellow at Yale University in the USA) and Marie Georges (independent expert formerly on the staff of the French national data protection authority, CNIL). The report was presented and discussed at a meeting last week of the “Consultative Committee of the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (T-PD)”.

According to the introduction to the report:

Much has been said and written about Passenger Name Records (PNR) in the last decade and a half. When we were asked to write a short report for the Consultative Committee about PNR, “in the wider contexts”, we therefore thought we could confine ourselves to a relatively straightforward overview of the literature and arguments.

However, the task turned out to be more complex than anticipated. In particular, the context has changed as a result of the Snowden revelations. Much of what was said and written about PNR before his exposés had looked at the issues narrowly, as only related to the “identification” of “known or [clearly ‘identified’] suspected terrorists” (and perhaps other major international criminals). However, the most recent details of what US and European authorities are doing, or plan to do, with PNR data show that they are part of the global surveillance operations we now know about.

More specifically, it became clear to us that there is a (partly deliberate?) semantic confusion about this “identification”; that the whole surveillance schemes are not only to do with finding previously-identified individuals, but also (and perhaps even mainly) with “mining” the vast amounts of disparate data to create “profiles” that are used to single out from the vast data stores people “identified” as statistically more likely to be (or even to become?) a terrorist (or other serious criminal), or to be “involved” in some way in terrorism or major crime. That is a different kind of “identification” from the previous one, as we discuss in this report.

We show this relatively recent (although predicted) development with reference to the most recent developments in the USA, which we believe provide the model for what is being planned (or perhaps already begun to be implemented) also in Europe. In the USA, PNR data are now expressly permitted to be added to and combined with other data, to create the kinds of profiles just mentioned — and our analysis of Article 4 of the proposed EU PNR Directive shows that, on a close reading, exactly the same will be allowed in the EU if the proposal is adopted….

Yet it is obvious (indeed, even from the information about PNR use that we describe) that these are used not only to “identify” known terrorists or people identified as suspects in the traditional sense, but that these data mountains are also being “mined” to label people as “suspected terrorist” on the basis of profiles and algorithms. We believe that that in fact is the more insidious aspect of the operations.

The report develops these key points about government access to and use of PNR data as a suspicionless dragnet surveillance system and as part of predictive pre-crime policing (outside of normal mechanisms for penal sanctions or for review and redress for police action) in detail.

In addition, the report endorses and highlights the point we have been making for many years that because most PNR data for flights worldwide is hosted by, and communicated through, reservation databases accessible from the USA and worldwide without purpose or geographic access limitations or access logs, the USA and other governments can already obtain and use this data, entirely bypassing putative controls on access to PNRs directly from airlines.

The report specifically directs the attention of European officials to testimony by Edward Hasbrouck of the Identity Project at a European Parliament hearing in 2010 (hearing agenda and witness list, slides, video):

“Europe” must also examine the highly credible claims by Edward Hasbrouck … that the USA has been systematically violating previous agreements, and is still systematically by-passing European data protection law, by accessing the CRSs used in global airline reservation systems hosted in the USA to obtain full PNR data on most flights, including most European flights (including even entirely intra-European ones), outside of any international agreements….

[W]e believe that the supposed safeguards against such further — dangerous — uses of the data are weak and effectively meaningless, both in their own terms and because, as Edward Hasbrouck has shown, the USA can in any case obtain access to essentially all (full) PNRs, through the Computerized Reservation Systems used by all the main airlines, as described next.

Read More

Jun 23 2015

Supreme Court finds L.A. hotel guest surveillance law unconstitutional

The Supreme Court has found unconstitutional on its face a Los Angeles ordinance requiring operators of hotels and motels to demand specified personal information from and about each guest and their behavior (date and time of arrival and departure, license plate number of the vehicle in which they arrived, etc.), log this travel metadata, and make this log (“guest register”) available for warrantless, suspicionless inspection by police at any time, under penalty of immediate arrest and imprisonment of the hotelier, without possibility of judicial review before complying with a demand for inspection.

The Supreme Court rejected the contention that hotels are so instrinsically dangerous as to justify their treatment as a “closely regulated industry” subject to inspection (i.e. search) without probable cause: “[N]othing inherent in the operation of hotels poses a clear and significant risk to the public welfare.”  By implication, this is a significant rebuff to post-9/11 (and pre-9/11) arguments that travel or travelers are per se suspicious, and to claims that there is or should be some sort of travel (or travel industry) exception to the Fourth Amendment.

And lest anyone be tempted to say that travel services providers with legally-imposed duties to accommodate the public are somehow different when it comes to the applicability of the Fourth Amendment, the Supreme Court also found that, “laws obligating inns to provide suitable lodging to all paying guests are not the same as laws subjecting inns to warrantless searches.”  The same logic, of course, would appear to apply to common carriers, who are obligated by law to provide transportation to all paying passengers.

The ruling by the Supreme Court in Los Angeles v. Patel upholds an en banc decision last year by the 9th Circuit Court of Appeals in a lawsuit first brought seven years ago by hotel owners Naranjibhai Patel and Ramilaben Patel and by the Los Angeles Lodging Association, an association of Indian-American proprietors of the sort of budget hotels that might, if allowed to do so by the government, provide accommodations of last resort to people without government-issued ID credentials who would otherwise have to sleep on the streets or under bridges.

We again commend Messrs. Patel and the LA Lodging Association for doing the right thing and standing up for their customers, even as small business owners highly vulnerable to police harassment and retaliation for questioning authority.

The Supreme Court ruling addresses only the rights of hotel owners, not those of hotel guests, and does noting in itself to establish a right to obtain lodging without having or showing government-issued permission papers. Nor does it address the requirement for hotels to monitor and log their guests’ identities and activities — only the requirement to make those logs available to the government without any possibility of prior judicial review of government demands for access.

As others have noted, and as we discussed in relation to the 9th Circuit’s decision and the Supreme Court’s decision to review it, much of the logic of this decision is equally applicable to other dragnet travel surveillance schemes involving compelled compilation, retention, and government access to travel metadata held by third parties (in this case, hotels) rather than by travelers themselves.

But as we have also noted before, this remains the only case we are aware of in which any of those travel companies — not just hotels but also airlines and other types of travel companies– have gone to court to challenge government demands for information about their customers.

Especially in light of this decision by the Supreme Court, it should be apparent that there’s an Achilles heel for the government to the “third-party” doctrine that individuals have no standing to challenge government demands for information  provided to and held by third parties, because that information is owned by those third parties and not by the individuals to whom it pertains:  As this case makes clear, those third parties — not just hotels but also airlines and others — do have standing to challenge these demands, and have a good chance of success if they persevere.

The shame is on larger travel companies with deeper pockets for going along with government surveillance of their customers and guests without question, and leaving it to highly vulnerable small businesses with fewer resources to challenge this dragnet travel surveillance scheme.

In the wake of the Supreme Court’s decision in L.A. vs. Patel, there’s more reason than ever for travelers to demand that all travel companies make public, contractually binding commitments, in their tariffs or terms of service, not to disclose information about their customers to the government without challenging those demands and without seeking to notify their customers of those demands.

Jun 22 2015

Will the REAL-ID Act deny you access to Federal facilities?

As we’ve noted in our previous commentaries on the REAL-ACT in this blog and in our recent presentation at the Cato Institute, there are two components to the threats against individual residents of “noncompliant” states (and territories and the District of Columbia) that are being used by the DHS to try to induce reluctant state governments to incorporate their state drivers license and ID databases to the distributed national REAL-ID database by connecting them to the contractor-operated REAL-ID hub:

  1. Threatened denial of common carrier airline transportation to individuals who present drivers licenses or other ID credentials issued by noncompliant states; and
  2. Threatened denial of access to (certain) Federal facilities to these individuals.

The first of these threats appears to be hollow. The TSA has consistently argued, when demands for ID from air travelers have been challenged in court, that no ID credentials at all are required to fly.

The TSA claims the right to subject any traveler to more intrusive search and interrogation, without probable cause, and may use this arbitrary power against residents of states that don’t comply with the REAL-ID Act. But the TSA appears to realize that it has no legal authority for outright denial of air travel to people who don’t have, or decline to carry or show to the TSA or its contractors, government-issued ID credentials, REAL-ID Act compliant or not.

With respect to its threat to deny access to Federal facilities, the DHS (in its usual fashion of rulemaking by press release) has posted an announcement on its website that this will be implemented in phases determined by the “Federal Security Level” (FSL) assigned to individual facilities.

But what are the facilities, if any, to which these levels have been assigned, and to which individuals with ID from noncompliant states will therefore be denied access? We’ve filed a series of Freedom of Information Act requests to find out.

The responses to our FOIA requests suggest that this prong of the REAL-ID Act enforcement cattle prod is, to mix metaphors, a paper tiger. We’ve been unable to find any Federal facility to which such an FSL has actually been assigned.

Read More

Jun 21 2015

More on Amtrak passenger data requirements

Amtrak has released a third batch of records (1st interim response, 2nd interim response) in response to our Freedom of Information Act (FOIA) request for information about Amtrak’s collection and “sharing” with the US and Canadian governments of information about Amtrak travelers on international routes between the US and Canada:

  1. Amtrak-FOIA-29OCT2014-signed.pdf (note that this file is actually in .doc format, and is not a copy of our request, as the filename might imply, but a collection of responsive records)
  2. date of birthAM.doc
  3. Function summary.doc
  4. IDPFOIARequest.pdf (another collection of responsive records, beginning with a list of all of Amtrak’s cross-border routes including both trains and Amtrak feeder buses)
  5. Regression User testing 9222305 (4).doc
  6. TheIdentityProject_InterimResponse3.pdf (cover letter from Amtrak’s FOIA office accompanying the interim response)
  7. wspBORDER.doc

The files with “.doc” filenames all appear to be from Amtrak’s IT department, and relate to the implementation by Amtrak of requirements for inclusion of passenger ID data desired by the US government in each Amtrak reservation for travel across the US-Canada border. As we have noted previously, this “requirement” was imposed internally and “voluntarily” by Amtrak, and was not a requirement of any law, regulation, or order from any other US or Canadian government agency.  It remains unclear from the records released to date whether anyone in Amtrak’s IT department was aware that this was solely an Amtrak requirement and not an externally imposed obligation.

According to these records, Amtrak began requiring a date of birth in the reservation, before a ticket could be issued, for each passenger on any international route, including infant passengers, beginning in November or December of 2000. (There are some inconsistencies in the dates in different records.)  Beginning in July or August 2005, Amtrak began also requiring a nationality and passport or other ID number in each such reservation, as part of Amtrak’s “voluntary” participation in the DHS “Advanced Passenger Information System” (APIS) also used by airlines.

These records include the formats used by Amtrak sales agents working directly in Amtrak’s own “ARROW” reservation system, as well as the formats used by travel agents making Amtrak reservations through each of the four major CRSs/GDSs: Amadeus, Galileo, Sabre, and Worldspan.  Amtrak’s software testing staff noted the complexity of these formats (which is indicative of how burdensome they are for the travel agents who have to learn and use them) and the likelihood of errors by travel agents. The Amtrak records include information provided to travel agents and travelers, describing these “requirements” but giving no clue that these requirements were voluntarily self-imposed by Amtrak itself.

The files linked above are posted here exactly as we received them by email from Amtrak’s FOIA office. The filenames are not indicative of the actual file contents, and some of the filename extensions don’t correspond to the file formats. One of the “.pdf” files, for example, is actually in MS-Word “.doc” format (also readable in Libre Office among other programs) rather than in PDF format.

We requested that all records found in digital form be released as bitwise copies of the files as found in Amtrak’s filesystems, but some of the files we received appear to be derivative, modified versions of copies of the original files, in some cases in completely different formats.

Most of the the records responsive to our request that we believe are likely to exist have not yet been released. Amtrak is continuing to process our request, and we expect further responses.

Jun 16 2015

US again takes people off “no-fly” list to try to evade judicial review

Four days before a Federal judge was scheduled to hear arguments in a lawsuit brought by four Muslim US citizens who were placed on the US government’s “no-fly” list to try to pressure them into becoming informants for the FBI, the government has notified the plaintiffs in the case that all of them have been removed from the no-fly list.

The plaintiffs in Tanvir v. Lynch are continuing to press their claims, as are other US citizens challenging their placement on the no-fly list in retaliation for declining to inform on their friends, families, communities, and fellow worshippers.  But we expect that, as has been its pattern, the government defendants will now try to get the case dismissed as “moot“.

So far as we know, every other instance in which the US government has told anyone whether or not they are or were on the no-fly list, or that they have been removed from that list, has come after the victims of these no-fly orders have challenged them in Federal court.

Either (1) the government never had any reason to think any of these people posed a threat to aviation, but never bothered to assess the basis, if any, for belief that they posed such a threat until faced with the imminent need to defend their blacklisting to a Federal judge. Or (2) the government genuinely (although mistakenly and without any adequate basis) believed that they posed a threat, but saw the possibility of judicial review of no-fly decisions as a greater threat to the standard operating procedures of the TSA, DHS, and FBI. Or (3) both of the above.

We’ll take Door Number 3, if you please.

Jun 12 2015

If your travel history is “suspicious”, is that cause for search?

If the file about you the DHS has compiled from airline reservations, license-plate readers, and other travel surveillance data sources is deemed “suspicious”, does that constitute probable cause for a search of your home and business or seizure of your possessions?

That question has arisen in  the case of Albuquerque antique gun collector and dealer Bob Adams, argued in May 2015 and currently awaiting a decision by the 10th Circuit Court of Appeals in Denver.

On January 23, 2013, Mr. Adams’ home and business was raided by a SWAT team including DHS and other Federal and state agencies.  Various of his possessions, including his collection and inventory of firearms, were seized, damaged, and/or destroyed in the raid. On November 4, 2013, after Mr. Adams had filed suit to recover his property, he was indicted for various technical violations of Federal laws relating to firearms imports and dealer licensing and reporting.

Both the search warrant and the indictment were based, in part, on allegations by Federal law enforcement officers regarding the records of Mr. Adams’ international travel history in the DHS Automated Targeting System (ATS). In an affidavit supporting the application to a Federal magistrate for the search of Mr. Adams’ home and business, “Special Agent” Frank Ortiz of the New Mexico Attorney General’s Office claimed that ATS records showed that Mr. Adams had repeatedly flown to Canada without having return flight reservations to the US, and had subsequently re-entered the US as a passenger in a private car.  This, agent Ortiz opined (based on his purported “expertise” in interpreting such data) was evidence of a pattern of suspicious behaviour characteristic of Mr. Adams’ alleged modus operandi for unlawful firearms imports.

(There’s a long but generally undisclosed history of airlines “voluntarily” giving police access, without warrants, to PNR data, and of police using it as the basis for interrogations and searches.)

The Federal judge to which the criminal case against Mr. Adams was assigned first upheld the search warrant but then, on reconsideration, ordered all the evidence obtained from the search suppressed, on the basis of other materially false statements, made in apparent bad faith, in Agent Ortiz’s affidavit. The government, which would have no case against Mr. Adams without that evidence, has appealed that ruling to the 10th Circuit Court of Appeals.

The ruling by the District Court, the arguments to the Court of Appeals, and most of the publicity about the case have focused on questions related to firearms.  But what concerns us are the issues related to ATS and its use as a surveillance and suspicion-generating system.

First, ATS data is neither accurate nor complete, and should not be relied on. For example, even experts may be unable to tell, from a particular PNR, whether or not it corresponds to actual travel or issuance of a ticket. (Mr. Adams says some of the DHS records of flights he allegedly took to Canada don’t correspond to flights he actually took, which is an inevitable consequence of the DHS orders to airlines to transmit copies to DHS of all reservations for such flights, including reservations that were unticketed and/or cancelled.) And license plate readers and the associated optical character recognition systems are, of course, subject to an unknown but substantial percentage of errors. (Mr. Adams says he has never traveled in some of the private vehicles in which ATS records that he crossed the US-Canada border.) Most importantly, the DHS has itself exempted ATS from the requirements of the Privacy Act for accuracy and completeness, on the basis of a claim that it is necessary to include inaccurate and incomplete data. Having done so, the government should be “estopped” from suggesting that any court or jury rely on this data.

Second, if the purpose of the ATS dragnet of warantless, suspicionless travel surveillance is to develop or support suspicions of criminal activity, that is a general law-enforcement purpose that goes far beyond the scope of permissible administrative searches or seizures of personal information incident to air travel or for purposes of aviation security.

Third, the evidence presented to the court in support of the application for a search warrant, to the grand jury in support of the indictment, and to Mr. Adams as part of pre-trial discovery, appears to have included only excerpts from TECS records (entry/exit logs which are one of the components of ATS), but not the complete TECS records, and none of the Passenger Name Record (PNR) data also included in ATS.  Full TECS records would include indications of the source of the data, and PNRs might well have made clear whether airline reservations had actually been ticketed and used, or had been cancelled as Mr. Adams claims.

It seems likely that the complete contents of the ATS records about Mr. Adams’ travel, including full TECS records and all PNR data, constituted potentially exculpatory evidence known to, and in the possession of, the government, which it was required to disclose to the defense pursuant to the decision of the Supreme Court in Brady v. Maryland.

More generally, it would seem that a complete ATS file for any involved individual, including complete TECS and PNR data, would constitute potentially exculpatory evidence in virtually any prosecution in which international travel might be relevant: smuggling, facilitating unlawful immigration, etc. It would be almost impossible for the government to know in which cases such data might support an alibi, support or undermine the credibility of a witness, or support or refute some other testimony or claim. If the government doesn’t proactively produce this material (as it is required to do), defense attorneys should object to this as a violation of the Brady doctrine, and/or specifically include it in routine discovery motions.  (We are available to assist defense counsel in interpreting such disclosures, and/or in explaining to courts how they could be exculpatory.)

Having carried out this extensive (although unreliable) surveillance of travelers, DHS appears to be using it selectively, introducing only those excerpts, in those cases, which it thinks it can spin as suspicious — and not mentioning other portions of these files that might refute these or other government allegations.  We wonder how many other criminal prosecutions this has tainted.

Jun 02 2015

TSA statements to court reviewing interrogations of travelers

In a filing with the Court of Appeals reviewing a TSA mandate for airlines to interogate passengers on international flights before allowing them to board, the TSA has directly contradicted previous explicit written statements by an official TSA spokesperson as to whether passengers are required by the TSA to answer questions from airline staff about their travel purposes as a condition of being allowed to fly.

Equally if not more disturbingly, the TSA also claimed in the same filing with the 11th Circuit Court of Appeals that an airline licensed by the US government to operate as a common carrier has “independent discretion to deny boarding to any passenger about whom they have a concern.”

In an email message in January of this year to “professional troublemaker” and frequent traveler Jonathan Corbett, the TSA “Office of Global Strategic Communicationsa Desk” said:

American Airlines is required to conduct a security interview with passengers prior to departure to the United States from an overseas last point of departure airport. If a passenger declines the security interview, American Airlines will deny the passenger boarding. The contents of the security program and the security interview are considered Sensitive Security Information (SSI).

But when Mr. Corbett petitioned the 11th Circuit Court of Appeals to review the TSA’s secret orders to airlines containing this mandate, the TSA filed the following statement with the court:

Interviews are … intended only to determine screening protocols before a passenger may fly. TSA does not direct U.S. aircraft operators to refuse to carry a passenger who declines participation in the interview process.

This isn’t the first time the TSA has told Federal judges that official TSA notices and public statements about what air travelers are “required” to do, as a condition of being “allowed” to exercise our right to travel, are false.

In 2006, the TSA told the 9th Circuit Court of Appeals panel reviewing the requirement for air travelers to show government-issued ID credentials in Gilmore v. Gonzalez that there is no such TSA requirement in the secret TSA security directives to airlines, despite notices still posted at TSA checkpoints (and, at the time, on the TSA website) that passengers are required to show ID. Most people who are unable and/or unwilling to show ID are allowed to fly, although some aren’t. There are no rules or publicly-disclosed criteria for who the TSA does or does not allow to fly.  The TSA’s orders to the airlines, and the airline policies approved by the TSA, are secret.

At a minimum, the TSA’s repeated disavowals in court of what it has publicly claimed or implied are TSA requirements mean that travelers cannot resoanably be expected to believe or rely on those official but not legally beinding TSA statements, and have good cause to demand that TSA explicitly state whether anything they ask is a legally-binding TSA “order”, a request, or an airline or or other private demand not mandated by the TSA. Noncompliance with requests not explicitly identified by TSA staff as TSA orders cannot reasonably construed as interference with, or refusal to submit to, TSA requirements.

The only way to reconcile the TSA’s statement to the court that “TSA does not direct U.S. aircraft operators to refuse to carry a passenger who declines participation in the interview process” with the agency’s previous statement to the public that, “If a passenger declines the security interview, American Airlines will deny the passenger boarding,” is that the airline — on its own initiative and inidepndently of the TSA-mandated and TSA-approved “security program” — has committed to the TSA that it will deny boarding to anyone whoi declines to answer the airline’s questions about their travels.

That possible interpretation is supported by the TSA’s further statement to the Court of Appeals:

While … carriers retain their independent discretion to deny boarding to any passenger about whom they have a concern, whether as a result of an interview or otherwise, that outcome is not dictated by the international security interview program.

The problems with this — aside from the TSA’s misleading statements to the public about the source of this “requirement” — are that an airline, by law, has no such discretion, and that the TSA is required by law (49 USC § 40101) to “consider … the public right of freedom of transit through the navigable airspace” in carrying out its responsibilities including approving airline policies.

The duty of the TSA, if it becomes aware of an airline policy or practice to exercise such unlawful “discretion” or claim the “right to refuse service”, is to disapprove the policy or practice. If an airline persists in such a practice, the duty of the TSA is to order the airline to discontinue to the practice or, if that is outside the TSA’s jurisdiction, to refer the airline to the Department of Transportation for the imposition of sanctions, which ultimately could include the revocation of the airline’s certification from the DOT to operate as a common carrier.

It’s bad enough that airlines are trying unilaterally to abrogate their responsibilities as common carriers. It’s far worse that the government is acquiescing in, much less encouraging, such practices.

May 18 2015

DHS still playing politics with FOIA requests

The latest response to one of our Freedom of Information Act (FOIA) requests confirms our suspicion that despite sworn testimony to the contrary to Congress by the DHS Chief FOIA Officer, the DHS has resumed, or never abandoned, its illegal practice of political interference and specially disfavored and delayed treatment of FOIA requests from journalists and activist organizations — including the Identity Project.

In 2005, the Associated Press discovered from the response to one of its FOIA requests for FOIA processing records that the DHS Chief FOIA Officer had ordered FOIA officers for the DHS headquarters and all DHS components (TSA, CBP, etc.) to flag all “significant” FOIA requests for special handling. “Significant” FOIA requests were to include, inter alia, any request on a controversial topic; likely to generate news coverage; or from a journalist, news organization, or activist organization (those terms being undefined in the order).

All planned actions on “significant” FOIA requests (acknowledgments of receipt, releases of responsive records, appeals, litigation, etc.) were to be reported in advance to the DHS “front office” for inclusion in a weekly report to the DHS White House liaison.  Crucially, both the general order and the memos accompanying the weekly reports when they were circulated to all DHS and component FOIA officers explicitly forbade the release of any records or any other response to a “significant” request without the express prior approval of the DHS “front office”.

Questioned about this before a Congressional oversight committee during the ensuing scandal, DHS Chief FOIA Officer Mary Ellen Callahan swore that these orders didn’t really mean what they appeared to say. This was merely an “awareness” or “notification” system, not really an approval system, Chief FOIA Officer Callahan claimed:

[T]o my knowledge, no information deemed releasable by the FOIA Office or the Office of the General Counsel has at any point been withheld.

The Chief FOIA Officer told Congress, under oath,  that the “notification” period had been reduced from indefinite to one day, and the default after one day, in the absence of “front office” action, had been changed from continued indefinite withholding to release of the response:

In fact, we continue to improve the system; DHS has now moved to a one-day awareness review for significant FOIA responses…. Significant FOIA releases are uploaded into a SharePoint system for a limited awareness review period – now one business day – and then automatically released by the relevant component FOIA office back to the requester.

But had anything really changed?  We got an answer last week, as we were attempting to find out when we should expect a response to one of our requests for information about the “Federal Security Level” (FSL) that determines the date of applicability of certain REAL-ID Act rules for access to Federal facilities.

We requested information about what, if any, FSL has been assigned to each of a sampling of Federal facilities in the San Francisco Bay Area, including symbolic targets and critical infrastructure (the Golden Gate and Bay Bridges), Federal courthouses and office buildings, and more. We’ll be publishing those responses, and our analysis of them, in a future article.

At its mid-point, the San Francisco-Oakland Bay Bridge passes (in a tunnel between the east and west high-level spans) through Yerba Buena Island, a Federal reservation which constitutes the US Coast Guard Station San Francisco. We asked for records about the FSL for Station San Francisco, including the Bay Bridge, and about the FSL for the (former?) NSA listening post at Two Rock Ranch in Sonoma County, which operates as USCG Training Center (“TRACEN”) Petaluma.

The Coast Guard is a partially military, partially civilian component of both the DHS and the Department of Defense. The DoD also has special rules for “significant” FOIA requests, but they are quite explicitly a notification system, not an approval system like the (former?) DHS system.  In any case, it appears that the Coast Guard generally processes FOIA requests in its civilian, DHS capacity.

Our request was submitted to USCG headquarters, but after some run-around was referred to local USCG FOIA Officers in San Francisco and Petaluma for their separate responses directly to us. So far, so good. We had several cordial conversations with Mr. Kevin Fong, the FOIA Officer for USCG Sector San Francisco. So far as we could tell, he seemed to be making a sincere effort to identify any records responsive to our request.

The week before last, Mr. Fong told us that he had been unable to identify any responsive records (which would seem to indicate that the Bay Bridge had never been assigned an FSL).  Mr. Fong said that he would be sending us formal notice of his failure to find any responsive records.

Since no responsive records had been found, there were no legal or interpretive issues that might have required higher-level consultation or decision-making regarding whether any of those records might be exempt from disclosure. No further “processing” of records was required, since there were no records to process. The statutory deadline for the Coast Guard’s response to our FOIA request had long since passed, and a response could and should have been provided immediately.

Instead, we got radio silence for another week. When we called Mr. Fong at the end of last week to find out what was holding up his response, he told us that our request had been designated as “significant”. No surprise there. We’re an educational and activist organization that takes an interest in controversial and newsworthy topics. So far as we know, all of our requests are designated as “significant” and included in the weekly reports to the DHS White House liaison.

Mr. Fong continued, however, that because our request was “significant” he had been required to submit his proposed response to national headquarters (whether of the USCG or of DHS wasn’t clear), and had been forbidden to provide his formal written response until he received approval from headquarters.  He had been waiting a week for that approval.

Assuming what Mr. Fong told us is true, this is exactly the practice that the DHS Chief FOIA Officer swore under oath before Congress had been ended five years ago.

We’ve called the attention both of Mr. Fong and of the USCG headquarters FOIA office to the discrepancy between the way our current request is being handled and the previous DHS claims about the alleged reform of the process for “significant” FOIA requests.

DHS responses to others of our pending FOIA requests may be similarly blocked, but we can’t tell for sure. An otherwise-complete response to another of our FOIA requests, two years overdue, is also being held up pending “final review”. For this request, however — unlike the request referred to the Coast Guard discussed above — we don’t know whether the review that is delaying the response the additional review and approval by the DHS “front office” required because =our request was deemed “significant”, or some other review.

We’re still waiting for any comment, or any official response to our original FOIA request.