Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Dec 02 2014

European court to rule on legality of air travel surveillance

The European Parliament has voted to refer a proposed agreement between the European Union and Canada concerning transfers from the EU to Canada of Passenger Name Record (PNR) data about air travelers to the European Court of Justice (ECJ) for the court’s opinion on whether the agreement is consistent with EU treaties and the EU Charter of Fundamental Rights.

This action might easily — and correctly — be dismissed as narrow, technical, evasive of legislators’ responsibility to consider the propriety and legality of their own actions (and to reject proposals outright if they think they would violate treaties or fundamental rights), and of no direct relevance to the US.

But this could, nevertheless, prove to be a significant setback to the efforts of the US “homeland-security” and surveillance establishment, and its allies in Europe and Canada, to globalize the PNR-based system of surveillance and control of travelers that has been put in place in the USA since 9/11.

Canada requires all international airlines to hand over passenger data to the Canadian government, and passengers on flights to, from, within, or overflying Canada are “vetted” against both Canada’s own no-fly list and the US government’s no-fly list.  Canadian data privacy law has been amended twice since 9/11 to allow cross-border transfers of data about airline passengers.  But while those requirements have some domestic support in Canada, they have been enacted somewhat reluctantly by the Canadian Parliament, mainly in order to avoid interference by the US with the large fraction of flights to, from, and within Canada that routinely pass through US airspace.  There has been opposition by some Members of the Canadian Parliament, by the Privacy Commissioner of Canada, and by Canadian NGOs such as the International Civil Liberties Monitoring Group / Coalition pour la surveillance internationale des libertés civiles.

There’s been extensive discussion of the issue of government access to airline PNR data in Europe as well, including by the European Parliament and by NGOs such as EDRi and NoPNR.

In April of 2012, the European Parliament approved — over objections from a  substantial minority of MEPs — an “agreement” to permit transfers of PNR data to the US.  But European opinion on this issue has shifted significantly since between then and this month’s debate on the EU-Canada PNR agreement, as a result of (1) Edward Snowden’s revelations about NSA spying, (2) growing recognition of the parallels between surveillance of communications metadata and surveillance of travel metadata, and (3) the ruling in April of 2014 by the ECJ that an EU directive mandating retention and government access to  communications, internet, and transaction metadata violates European law and fundamental rights.

The ruling by the ECJ has voided the EU data retention directive. The hope is that the EU-Canada PNR agreement will be the second domino to fall, with the EU-USA PNR agreement next in line.

Dec 01 2014

Judge insists on right to review “no-fly” order

Four years after the US government put Gulet Mohamed on its “no-fly” list, Mr. Mohamed is still waiting for his day in court. But he hasn’t given up, and he’s getting slowly closer to the first judicial review of the merits of a no-fly order.

Here’s some quick background and then an update on his recent legal travails:

Mr. Mohamed, a US citizen of Somali ancestry, was 18 years old and visiting family members in Kuwait when the US put him on the no-fly list.  When his visa expired, he ended up in a Kuwaiti immigration prison, where between sessions of torture he was interrogated by FBI agents who told him (as they have told other US citizens on the US no-fly list) that he would be allowed to go home to the US only if he became an FBI informer.

Eventually Mr. Mohamed was able to contact his family in Virginia, and they found him a lawyer from the Council on American-Islamic Relations. Faced with an order from U.S. District Court Judge  Anthony Trenga to show cause why the court shouldn’t issue an injunction prohibiting the government from interfering with Mr. Mohamed’s right to return to the US, the government let him fly back to the US, and then tried to get the court to dismiss his complaint as “moot”. But that initial attempt to get Mr. Mohamed’s case thrown out of court was unsuccessful, as were a series of motions and appeals by the government during the last four years on the grounds of standing, jurisdiction, and “state secrets”.

(The portion of the court docket freely available through PACER is here, and our previous reports on the case are here.  The most thorough coverage of recent legal developments has been by Steven Aftergood of the Federation of American Scientists’ Project on Government Secrecy.)

The last time we reported on Mohamed v. Holder, in September of this year, the government was still trying to persuade Judge Trenga to reverse his prior rulings and dismiss Mr. Mohamed’s case on the ground’s that, “There is no fundamental right to international travel.” The government was also asking Judge Trenga to reconsider his order that the government must allow him to review the allegedly secret evidence in camera before he decides whether it is, in fact, properly designated as “state secrets” and if so, whether he can decide the case without relying on any legitimately “secret” evidence.

In October, the government handed over the allegedly “secret” evidence to Judge Trenga (but not to Mr. Mohamed or his lawyers), while continuing to argue that it shouldn’t be required to do so.  After in camera review of the allegedly secret documents, Judge Trenga ruled that the case could go forward without the need to decide whether they were actually state secrets: “None of the documents are so related to plaintiff’s procedural due process claims as to prevent either the plaintiff or the defendant from presenting or defending against those claims without the use of any of these documents…. The state secrets privilege is a judicially created rule of evidence, not a doctrine of sovereign immunity or non-justiciability.”

Faced with the imminent prospect of a decision on the merits of Mr. Mohamed’s claim that he was denied due process of law when the government secretly ordered airlines not to transport him, the government asked for a “do-over”: a three-month postponement of the court case and a “remand” to the FBI to give the government time to develop a revised set of extrajudicial administrative “no-fly” decision-making procedures, and to subject Mr. Mohamed to this “kangaroo court version 2.0.”  This is essentially the same request that the government has made in another no-fly case, Latif v. Holder, in which U.S. District Judge Anna Brown has already found that the plaintiffs’ rights were violated.

According to Mr. Mohamed’s response, the government’s request for a do-over is, in effect, yet another attack on the authority of the court to order redress for violations of the Constitution by Federal agencies:

Defendants’ assertion that “the only appropriate result” of a ruling in Plaintiffs’ favor on their substantive claims would be a remand order to “apply new procedures in reaching a new substantive decision,” … misconstrues the nature of Plaintiffs’ claims and implies that the only remedy for a substantive due process violation is further agency proceedings. That is not the case. If, as Plaintiffs’ request, the Court finds that Defendants violated Plaintiffs’ substantive due process rights by placing them on the No Fly List, the Court plainly has the authority to order Plaintiffs to be removed from the List.

On November 20th, Judge Trenga denied the government’s motion for postponement and “remand”. That leaves Mr. Mohamed’s claims that his rights were violated on schedule for briefing, argument, and decision on their merits by Judge Trenga.

We look forward to seeing Mr. Mohamed finally, after four years of government obstruction and foot-dragging, receive his day in court, perhaps some time in early 2015.

Nov 19 2014

“What happens in Vegas, stays in Vegas.”

The U.S. Supreme Court has recognized that under U.S. law, once you have paid for a hotel room, your room is your home and your castle. You are entitled to the same protection against unwanted intrusions in a hotel room as you would be in the same room if you owned it outright as a condo.

As is often the case, however, the law is one thing and business norms are another. The difference is made clear in a fascinating and widely-misreported legal case involving a gambler arrested earlier this year in Las Vegas.

Paul Phua is a Malaysian businessman well known as a high-roller at casinos in Macau and in Las Vegas, where he has played in million-dollar-ante (U.S. dollars) televised poker games.

(Like nearby Hong Kong, Macau is an enclave that was formerly a foreign colony and is a now a “Special Administrative Region” of China.  Macau uses its special status to provide a haven for legal casino gambling, which is generally illegal elsewhere in China. Most Chinese citizens can’t get visas to travel to the U.S. or other countries, but can more easily get permission to travel to Macau from the rest of China. As a result, Macau has become the world’s largest legal casino gambling center: Significantly more money is bet and lost to casinos in Macau than in Las Vegas.)

Paul Phua and his son Darren Phua were arrested in July of this year, during the soccer World Cup, in a residential villa (a 10,000-square-foot hotel suite) at the Caesar’s Palace casino-hotel complex in Las Vegas. Gambling, including betting on the World Cup, is of course legal in Las Vegas. That’s how Caesar’s Palace makes its money, that’s why the Phuas were there, and that’s why Ceasar’s had provided the Phuas with the use of its villas. The Phuas have been charged with US Federal crimes, however, for allegedly using the Internet connection from their hotel villa in Las Vegas to send messages to unlicensed sports betting businesses in Macau and elsewhere.

What made the headlines earlier this month, and led to an editorial in the New York Times, was a motion filed by the Phuas’ lawyers arguing that the searches of the Phuas’ villas were unconstitutional.

One of the lawyers on the brief for the Phuas is Tom Goldstein, founder of SCOTUSblog and, among many other cases on his resume, co-counsel for John Gilmore in his petition for certiorari to the Supreme Court in Gilmore v. Gonzales. The brief for the suppression of illegally obtained evidence against the Phuas is one of the best-written pieces of legal story-telling we’ve come across in a long time, even down to the legally irrelevant asides. (“Once they left the villas, the first comment of [agents] Lopez and Kung was to agree that the female butler was “pretty hot.” Ex. F., Trans. Disc 3, p. 39, lines 24-25. Turning back to the case, they…”)

The essence of the Phuas’ lawyers’ argument is that FBI agents and Nevada state law enforcement officers repeatedly cut off the Internet service to the Phuas’ villas, waited until the residents of the villas reported the outages, then came into the villas with hidden cameras and recorders but disguised as, and falsely claiming to be, repair technicians working for the hotel.

The police then used the information from these warrantless entries to apply for a search warrant for the Phuas’ villas as well as a another villa occupied by some alleged associates of the Phuas, claiming that the residents of the villas had “consented” to their coming inside.

The legal issue is whether you can be deemed to have “consented” to a search by the police if you let a person into your home who claims to be a repair technician, especially when the only reason you called for service is that the police had turned off your service.

This sounds like something out a comic-book story of surveillance in a tin-pot dictatorship, where the phone in your hotel room stops working (because the secret police have disconnected the line), and then the secret police show up at your door, pretending to be from the telephone company, and pretend to “fix” the phone while installing wiretapping devices.

There’s more to the malfeasance of the FBI and Nevada police in this case. They tried to hide from the judge the fact that they were the ones who had disconnected the DSL lines to the villas, prompting the residents’ service request to the hotel. They also claimed to the judge that the Phuas had been “free to leave” while they were being kept in handcuffs for more than five hours. Since the Phuas weren’t being detained, it wasn’t necessary to read them their rights or allow them to talk to their lawyer, who had shown up outside the villa and was turned away by police.

But what also interests us is the role of the hotel-casino management and staff.

The New York Times editorial, like much of the of the other news analysis, got this backwards:

During the 2014 World Cup, the agents suspected that an illegal gambling ring was operating out of several hotel rooms at Caesar’s Palace in Las Vegas, but they apparently did not have enough evidence to get a court-issued warrant. So they enlisted the hotel’s assistance in shutting off the Internet to those rooms, prompting the rooms’ occupants to call for help. Undercover agents disguised as repairmen appeared at the door, and the occupants let them in. While pretending to fix the service, the agents saw men watching soccer matches and looking at betting odds on their computers. There is nothing illegal about visiting sports-betting websites, but the agents relied primarily on that evidence to get their search warrant. What they failed to tell the judge was that they had turned off the Internet service themselves.

The voluminous court filings (those that are available without charge through RECAP are linked from this copy of the docket sheet) and other news reports about the underlying facts make clear that the actual chain of suspicion and illegal snooping went in the other direction:

Contrary to what the Times suggested, the police didn’t “enlist” the hotel in their investigation. Nor is it true, as the government implausibly claims in its response to the Phuas’ motion, that the hotel’s “contractor engaged in a private frolic outside of any … relationship with the agents.”  The initiative to invade guests’ rooms came not from the police (as the Times misreported) or the contractor (as the government now claims) but from the hotel.

The hotel initiated the investigation, enlisted the police to spy on its guests, gave the police full access to all the data it had already collected about these guests and all the surveillance tools it had already installed, and provided support without which the police wouldn’t have been able to trick the guests into letting in the cops disguised as Internet repairmen.

Reprehensible (and unconstitutional) as the cops’ actions were in this case, anyone who spends time in hotel rooms ought to be at least as outraged at the hotel’s role in spying on its guests.

Read More

Nov 03 2014

DHS adds discrimination by national origin to pre-crime profiling of US visitors

Secretary of Homeland Security Jeh Johnson announced this morning that, with immediate effect and with no advance notice or warning, foreign citizens “seeking to travel to the United States from countries in our Visa Waiver Program (VWP) will be required to provide additional data fields of information in the travel application submitted via the Electronic System for Travel Authorization (ESTA).”

The additional questions which have already been added to the newly “Enhanced” ESTA application include:

  • Other Names/Aliases
  • Other Citizenships
  • Parents name(s)
  • National Identification Number (if applicable)
  • U.S. Contact information (email, phone, points of contact)
  • Employment information (if applicable)
  • City of Birth

As discussed in our comments to DHS when it was first proposed, the ESTA is a a travel permission and exit-permit system of dubious legality. Prior application, payment of the ESTA fee (by credit card only, so that CBP has a credit card number on file to link the travel history of each ESTA applicant to a financial history), and receipt of ESTA approval is required by the US before boarding any flight departing from any other country in the world, with the intention of eventually traveling to the USA.

ESTA approval is not a guarantee of admission to the US, and the US has consistently and explicitly claimed that ESTA is solely a travel-permission scheme, not a visa requirement.  (If it were deemed a visa requirement, US citizens would likely be subjected to reciprocal visa requirements to visit VWP countries.)  So the sole purpose of adding questions to the ESTA application form is to add them to the inputs to the pre-crime profiling process that determines whether to allow an applicant to travel to the US for the purpose of applying, on arrival at a US port of entry, for visa-free admission to the US as a visitor.

In other words, the only reason to ask citizens of VWP countries about their other or prior citizenship(s), if any, is for DHS to discriminate between citizens of the same WVP country, in making ESTA permission-to-travel decisions, on the basis of those VWP-country citizens’ prior national origins.

This is a disgraceful act of overt US government bigotry, and all citizens of both the USA and VWP countries should be outraged.  Why should the US think it can treat citizens of, say, the UK or Germany differently on the basis of their national origin, as evidenced by what other countries’ passports they also hold or previously held? Such blatant discrimination against  US citizens on the basis of their national origin would be illegal on its face, although it has been standard illegal operating procedure for the DHS.

DHS claims in its FAQ about today’s ESTA “enhancements” that it can mandate provision of this additional information through a Paperwork Reduction Act (PRA) notice of information collection, without needing to promulgate any new or revised regulations:

Why is DHS doing this under a Paperwork Reduction Act and not a regulation?

The relevant regulatory provision does not list the specific data elements that VWP travelers must provide in order to obtain an ESTA. Instead, the regulation states that “ESTA will collect such information as the Secretary [of Homeland Security] deems necessary to issue a travel authorization, as reflected by the I-94W Nonimmigrant Alien Arrival/Departure Form (I-94W).” Since there are no data elements listed in the regulation, there is no need to update the regulation. The revisions to the ESTA data elements fall under the Paperwork Reduction Act since DHS is amending an information collection (Form I-94W) and not amending a regulation.

The problem with this is that DHS has already added the new questions to the ESTA form, but doesn’t appear to have gotten the necessary approval from the Office of Management and Budget (OMB) for their inclusion.

DHS has a long history of ignoring the PRA and failing to get its forms approved by OMB. The PRA notice in the online ESTA application form refers to OMB approval control number 1651-0111, which was issued September 17, 2014. But the Federal Register notices and other documents submitted to OMB to support that approval don’t appear to have included the new questions added to the form today.

Oct 30 2014

Amtrak admits passenger profiling but not DHS collaboration

[Excerpt from DHS “TECS” travel history log showing API data extracted from the reservation for a passenger on Amtrak (carrier code 2V) train 69 from Penn Station, New York (NYP) to Montreal (MTR). “QYRSLT” redacted by DHS (at left on second line from bottom) is result of pre-crime risk score query to DHS profiling system. Click on image for larger version.]

Amtrak has admitted to profiling its passengers, while improperly withholding any mention of its transmission of railroad passenger reservation data to DHS for use in profiling and other activities.

In response to a Freedom Of Information Act (FOIA) request from the ACLU, Amtrak has disclosed profiling criteria that Amtrak staff are instructed to use as the basis for reporting “suspicious” passengers to law enforcement agencies.  As the ACLU points out in an excellent analysis in its “Blog of Rights”, pretty much everyone fits, or can be deemed to fit, this profile of conduct defined as “indicative of criminal activity”.

It’s suspicious if you are unusually nervous — or if you are unusually calm. It’s suspicious if you are positioned ahead of other passengers disembarking from a train — or if you are positioned behind them.

Normal, legal activities are defined as suspicious: paying for tickets in cash (Amtrak and Greyhound are the common carriers of last resort for the lawfully undocumented and unbanked), carrying little or no luggage (how many business day-trippers on the Acela Express are carrying lots of luggage?), purchasing tickets at the last minute (also the norm for short-haul business travelers), looking around while making telephone calls (wisely keeping an eye out for pickpockets and snatch thieves, as Amtrak police and notices in stations advise passengers to do), and so forth.

“Suspicion” based on this everyone-encompassing profile is used to justify interrogations and searches of Amtrak passengers, primarily for drugs but also for general law-enforcement fishing expeditions.  Suspicion-generation is a profit center for Amtrak and its police partners: The documents obtained by the ACLU from Amtrak include agreements with state and local police for “equitable sharing of forfeited assets” seized from passengers or other individuals as a result of such searches.

The ACLU requested, “procedures, practices, agreements, and memoranda governing the sharing of passenger data with entities other than Amtrak, including but not limited to… other… federal… law enforcement agencies;” and, “Policies, procedures, practices, agreements, and memoranda regarding whether and how passenger data is shared with any law enforcement agency.”

But Amtrak’s response included no records whatsoever concerning the provision of passenger data obtained from Amtrak reservations to DHS or any other government agency.

We know that DHS obtains information from Amtrak about all passengers on all international Amtrak trains.  DHS has disclosed this in public reports, and we have confirmed it from DHS responses to FOIA and Privacy Act requests.  The example at the top of this article is of a DHS “TECS” travel history log showing Advance Passenger Information (API) data extracted from a record in Amtrak’s ARROW computerized reservation system for a passenger traveling on Amtrak (carrier code 2V) train number 69 in the outbound direction from the US (“O”) from Penn Station, New York (station code NYP) to Montreal (MTR). The entry in the “QYRSLT” column redacted by DHS is the result for this passenger and trip of the pre-crime risk score query to the DHS profiling system.

Read More

Oct 20 2014

Supreme Court to review Constitutionality of warrantless police access to hotel guest logs

Today the US Supreme Court agreed to review whether — as was decided en banc by the 9th Circuit Court of Appeals last year — a Los Angeles city ordinance requiring hotel-keepers to identify guests, log their identities and the details of their hotel stays, and open those log books to police inspection at any time, without advance notice, any basis for suspicion, or a warrant or subpoena — is, on its face, in violation of the Fourth Amendment to the US Constitution.

It’s interesting that hotels are the context in which the Supreme Court has chosen to consider service providers’ Fourth Amendment objections to warrantless, suspicionless compelled police access to business transaction metadata about their customers’ identities, locations, and activities at particular times and dates.  The Supreme Court has yet to accept any cases dealing with such objections by telecommunications, air transportation, or internet service providers, despite the essentially similar issues in those industries.

The key difference is that few providers of other services have challenged the government’s demands in court, as hotel owners did in the case now known at the Supreme Court as City of Los Angeles v. Patel.

The Los Angeles hotel registry ordinance mandates exactly the same three essential elements, for example, as the Federal government’s system for outsourced dragnet surveillance and control of air travelers:

  1. Presentment to private service providers of government-issued ID credentials (to enable log entries to be compiled into, linked with, and mined from personal travel history dossiers).
  2. Recording by service providers of transaction metadata including locations, time, date, and customer ID information.
  3. Warrantless, suspicionless, “open book” police root access to these metadata logs at any time.

So far as we know, however, not one airline, travel agency (online or offline), or computerized reservations service (including Google, which now operates an airline reservations hosting service) has challenged any of the government’s dragnet demands for customer transaction, location, chronology, and ID metadata.

In its (successful) argument to the Supreme Court to take the case, the city of L.A. argues that state and local laws mandating identification, logging, and police access to logs of hotel guest information are “ubiquitous”, and that by the logic of the 9th Circuit decision all these laws could be found to be unconstitutional on their face. That’s true. Hotel guests (“outsiders”) have long been deemed per se suspicious persons, and hotel registry laws are among the oldest and most pervasive of (unconstitutional) laws mandating businesses to compile and maintain metadata about their customers’ and their activities and make it available to police, without warrant or suspicion for data mining or gumshoe fishing expeditions. That’s exactly why it’s so important for the Supreme Court to uphold the decision of the Court of Appeals.

The hotel owners challenged only the requirement for warrantless open-book police access to hotel registries, and not the requirements for hotels to maintain such registries or for hotel guest to show ID. That’s still an important challenge, though, and one that goes further than other businesses (certainly further than any other travel businesses) have done to defend their customers’ rights not to treated as suspects.

We continue to commend the hotel owner plaintiffs/respondents in this case for their stand. Other businesses in the travel, communications, and Internet industries could and should bring similar court challenges when they are presented with similar (and similarly unconstitutional) government demands.  They cannot excuse their actions in spying on their customers by saying, “The government made us do it, and we had no choice,” if they never asked a court to rule on whether that “demand” was legally valid.

Oct 17 2014

“Travelers, say bon voyage to privacy”

We talked at length with Watchdog investigative reporter Dave Lieber for his column in today’s Dallas Morning News: Travelers, say bon voyage to privacy.

Lieber hits the nail on the head by calling out how few travelers realize that the U.S. government is keeping a permanent file of complete mirror copies of their reservations:

Did you know that when you buy an airline ticket and make other travel reservations, the government keeps a record of the details?

If airlines don’t comply, they can’t fly in the U.S., explains Ed Hasbrouck, a privacy expert with the Identity Project who has studied the records for years and is considered the nation’s top expert.

Before each trip, the system creates a travel score for you…. Before an airline can issue you a boarding pass, the system must approve your passage, Hasbrouck explains….

The idea behind extensive use of PNRs [Passenger Name Records], he says, is not necessarily to watch known suspects but to find new ones.

Want to appeal? “It’s a secret administrative process based on the score you don’t know, based on files you haven’t seen,” Hasbrouck says….

Hasbrouck says: “You can’t keep files on everybody in case you want some dirt on them. That’s what J. Edgar Hoover did. We’ve been through this before in this country. Think of all the ways those files targeted innocent people and were misused. People’s lives were destroyed on the basis of unfounded allegations.

“Do we want to go back to that?”

For those whose curiosity has been piqued, here are links to more about this issue:

The FAQ, What’s in a Passenger Name Record (PNR)?, includes links to examples of PNR data, templates to request your travel history and PNR files from DHS, and information about our lawsuit against DHS to try to find out what files it has about us and how it has used and “shared” them.

Requirements for airlines to send passenger data to the government, and receive individualized (per-passenger, per-flight) permission from the government before issuing a boarding pass, are contained in two separate sets of DHS regulations: Secure Flight for domestic flights and the Advance Passenger Information System (APIS) for international flights. (More about the APIS regulations.)

The system of “pre-crime” profiling and assigning scores to all air travelers was discussed in recent government audit reports and at a Congressional hearing last month, and in a front-page story in the New York Times, in which we were quoted, last year.

There’s a good overview of the government’s travel surveillance and control process in a talk by Edward Hasbrouck of the Identity Project that was broadcast on C-SPAN</a> last year. The slides from that talk include diagrams of the system and examples of PNR data and other government files about travelers.

Oct 16 2014

“Jetsetting Terrorist” confirms DHS use of NSA intercepts

We’ve been reading the Jetsetting Terrorist blog (highlighted last week by Boing Boing) to see what we can learn from the anonymous author’s chronicles of his experiences traveling on commercial airlines, within the U.S. and internationally, after being convicted of a nonviolent misdemeanor criminal offense the U.S. has since defined as “terrorism”:

Since 2009, I’ve been on the TSA’s “terrorist watch list” [because] years ago I was convicted of an activist-related property crime.  The government deemed it “terrorism.” My “weapon of mass destruction” was a small tool purchased at a hardware store for under $30. My crime resulted in a loss of profits to several businesses. No one was injured. And it wasn’t even a felony.

Some of what the Jetsetting Terrorist describes is unsurprising, such as the inconsistency and unpredictable of the TSA’s “There are no rules” operational practices (a/k/a, “We make up the rules as we go along”, or “The rules are whatever we say they are today”). Or the confusion of TSA and airport checkpoint contractor staff, accustomed to carrying out crude profiling on the basis of race, religion, and national origin, when they receive instructions to treat a white-skinned hipster techie U.S. native like the Jetsetting Terrorist as a second-class citizen.  We’ve heard many accounts like these from other travelers about the TSA’s real-world Standard Operating Procedures, as distinct from those contained in the secret written manuals for TSA staff and contractors.

Beyond that, several things stand out from our reading of the Jetsetting Terrorist blog:

  1. Anyone could be subjected to the same treatment as the “Jetsetting Terrorist”. Millions of people in the U.S. have been convicted, at some point in their lives, of some nonviolent property crime or other nonviolent misdemeanor.  There are no limits to what crimes the government can retroactively define as “terrorism”, and courts have enforced few constraints on what additional burdens, restrictions, and prohibitions can retroactively be imposed — by law or by extrajudicial administrative fiat — on anyone who has ever in their life been convicted of any crime.  Once someone has a criminal record, they are considered to “deserve” whatever they later get when additional administrative infirmities are later piled on to their long-ago-completed judicially-imposed sentence.  And it’s not just people convicted of crimes later defined as “terrorism”. Where will it end? “First they came for the terrorists.  Then they came for the drug dealers…. Then they came for you and me.”
  2. So-called “watchlists” are really blacklists. The word “watchlist” is an Orwellian euphemism which the government uses to minimize its infringement of the rights of people on these lists. Properly speaking, a “watchlist” implies a list used to target surveillance, and the consequences of being on a “watchlist” are limited to being watched, i.e. surveilled. A bad thing, but very difference from the consequences of being on a blacklist, on the basis of which the government actively interferes with one’s movements, lays hands on one’s body (calling genital groping by another minimizing euphemism, “patdown”), and rips open one’s luggage to paw through one’s possessions.
  3. DHS pre-crime profiling is not binary, and can lead to many levels of consequences. Most travelers  naively assume that unless you are “on the no-fly list”, there are only three levels of pre-crime “risk scores” and consequent levels of intrusiveness of DHS action against you at airports: the TSA Pre-Check line, the “normal” (in the post-9/11 sense of “normal”) screening line, and the “secondary screening” line for those “selectees” who get “SSSS” printed on their boarding passes. But as the experiences reported by the Jetsetting Terrorist remind us, not all “selecteees” are selected for like treatment.  As was made public in a government filing in the first no-fly trial last year, each entry on the “selectee” list is assigned a numeric “handling code”. The range of handling codes and their meanings remains secret, but while some “selectees” merely get the full monty (“enhanced patdown”), others like the Jetsetting Terrorist are prevented from proceeding through TSA checkpoints until the checkpoint staff phone the FBI to report their itinerary and get permission for them to travel. In the case of the Jetsetting Terrorist, everyone on the same plane is subjected to an additional guilt-by-proximity ID document check and luggage inspection at the gate, at the entrance to the jetway.
  4. DHS components are among the “customers” for NSA electronic surveillance. On a recent international trip, the Jetsetting Terrorist spent time, while he was abroad, with a friend from the US: “My friend went back one day before me. We didn’t arrive together. We didn’t leave together. We don’t live anywhere near each other. Separate itineraries, everything. But a few hours before I was to leave for the airport, I get an email. Customs got her. Details were sparse, but she said they’d detained her for over an hour, asked her a thousand questions, took her computer in the back room, and asked her about me. A lot about me.  What’s most interesting: Somehow, they knew we were traveling together. This could not be gleaned from airline records. In fact, it could only have been learned of from electronic surveillance.”  Assuming these facts are accurately reported, we agree. (The Jetsetting Terrorist blog is anonymous and unverifiable. But we have no reason to doubt its legitimacy.)  This isn’t the first report of DHS employees questioning a US citizen about information that could only have been obtained from surveillance of electronic communications: that’s part of the basis for an ongoing  lawsuit in federal court in Indiana.  We continue to believe, as we said when  we reported on that case earlier this year, that it’s more likely that the DHS is one of, and possibly the most frequent, “customer” and user of information obtained from the illegal NSA electronic communications dragnet than that the DHS is running its own parallel illegal surveillance scheme on the same scale.

The Jetsetting Terrorist is looking for help finding a way to film and/or record his interactions with the TSA, in spite of being separate from his belongings while he is being searched and interrogated.  Since he plans to distribute these recordings publicly, they would be protected from search (as would his other work product documents and data) by the federal Privacy Protection Act, 42 USC 2000aa.  Most journalists aren’t aware of this law.  But it has important implications at airports, and protects anyone with an intent to distribute information publicly — not just full-time professional journalists.

Oct 14 2014

U.S. citizen sues the State Department for a passport

A Yemeni-American U.S. citizen sued the U.S. State Department today, asking a federal court in Michigan, where he lives, to order the State Department to issue him a U.S. passport.

Ahmed Nagi was naturalized as a U.S. citizen twenty years ago.  In May of 2013, after his previous U.S. passport expired, Mr. Nagi applied to renew his passport. He went in person to the State Department’s Passport Office in Detroit, and paid the $60 extra fee for “expedited” passport renewal service.

Normally, a U.S. citizen who applies in person at a Passport Office on an expedited basis — especially if they have been issued a U.S. passport previously, and are applying for a renewal rather than a first-time passport — can pick up their new passport within a couple of days, even the same day if they have evidence of imminent planned international travel.

Mr. Nagi, however, is still waiting for a new passport, sixteen months after he submitted his application. In response to repeated inquiries, Mr. Nasgi and his lawyers have been told only that his passport application is still “pending”. The State Department has used the impossible-to-complete “long form” as a pretext to hold up processing of some disfavored passport applications, but hasn’t asked Mr. Nagi for any additional information or told him anything about why his application hasn’t been approved.

In the meantime, Mr. Nagi is legally prohibited from leaving the USA without a passport.

The U.S. government appears to have decided that there is no legitimate reason for any U.S. citizen to visit Yemen, whether as a tourist or to visit friends or relatives. In a blatant case of discrimination on the basis of national origin, all U.S. citizens of Yemeni birth or ancestry are being treated as presumptively terrorists and subject to de facto travel restrictions, even if they haven’t individually been placed on any U.S. government blacklists.  Hundreds of U.S. citizens are currently stranded in Yemen, unable to leave Yemen or return to the U.S., because the U.S. Embassy in Sana’a has been systematically seizing the passports of any Yemeni-Americans who go to the embassy to request consular services as U.S. citizens.

According to one of Mr. Nagi’s attorneys, Lena Masri of the Council on American-Islamic Relations, “The federal government has routinely delayed the processing of passport applications for Muslims of Yemeni origin for an indefinite period of time.”  By keeping passport applicants in indefinite limbo, the State Department hopes to exercise a “pocket veto” of passport issuance and international travel, without issuing formal decisions denying passport applications that would be subject to judicial review.  “This lawsuit will challenge the federal government’s unchecked practice of denying these individuals their constitutionally-protected right to travel without affording them their right to due process of law.”

Sep 30 2014

Argentina takes lead in Latin American air travel surveillance

Argentina has promulgated regulations which will require operators of all flights in or out of the country to send copies of both Advance Passenger Information (API) and Passenger Name Record (PNR) data for each passenger and crew member to the government before any flight departs.

The new regulations are to be fully implemented within six months, and apply to all international flights including charters and general aviation as well as airlines.

This may seem surprising. Argentines remember the Dirty War and the ways that government dossiers about individuals were compiled and misused by the dictatorship. Argentina has been considered one of the leaders among Latin American governments in enacting legal protection for personal data. Argentina was the first country in Latin America to be certified by the European Union as providing adequate protection for personal data.  But things can be different in practice than in theory.

The excuses offered by Argentine officials for this ratcheting-up of travel surveillance are typically examples of (1) laundering of travel surveillance and control policies through international organizations and (2) use of “because terrorism and drugs”  as a pretext for measures actually intended and used for general law enforcement, tax collection, other government revenue generation, etc.

According to the regional English-language Latin American Herald Tribune:

Cabinet chief Jorge Capitanich and Tourism Minister Enrique Meyer on Friday rebuffed criticisms of a rule obliging airline operators to answer a questionnaire of 32 queries about passengers on international flights, ranging from their identity to their seating preferences to how many suitcases they carry.

Capitanich … said the questionnaire does not constitute an additional control on passengers.

“The requisites for trips abroad now are no different from what they were before – the database has simply been unified to comply with international regulations,” he said during his daily press conference.

The tourism minister also said that, … “In fact, the passenger has no say in this matter, they’re measures that the International Civil Aviation Organization is requiring of all countries,” he told Argentine radio.

In fact, no “international regulations” require the collection, retention, or provision to governments of any of this data — only rules of specific countries such as the USA and now Argentina.  The ICAO white paper on transfers of PNR data to governments, Document 9944, is explicitly a set of nonbinding “guidelines” suggesting how PNR transfers should be carried out, if they are required by specific countries.

And according to Argentina’s English-language newspaper of record, the Buenos Aires Herald:

The government said that the information will be used in the fight against “drug trafficking, international terrorism, human trafficking and illegal migration.”

Other observers immediately suggested that the real purpose of the new regulations is to control the outflow of hard currency prompted by the growing disparity between the official and black-market exchange rates of the Argentine peso, along with fears of further devaluation, another currency freeze, or more bank failures.

By taking a conspicuous leading role in adopting travel surveillance and control measures that the US has been trying to globalize (with little success until now, particularly in Latin America) as part of the “war on terror”, and labeling them as “counter-terrorist” measures, Argentina may be hoping to curry favor with the US and perhaps gain diplomatic capital that Argentina can use in negotiations with the US regarding Argentina’s default on its sovereign debt.