Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Oct 16 2014

“Jetsetting Terrorist” confirms DHS use of NSA intercepts

We’ve been reading the Jetsetting Terrorist blog (highlighted last week by Boing Boing) to see what we can learn from the anonymous author’s chronicles of his experiences traveling on commercial airlines, within the U.S. and internationally, after being convicted of a nonviolent misdemeanor criminal offense the U.S. has since defined as “terrorism”:

Since 2009, I’ve been on the TSA’s “terrorist watch list” [because] years ago I was convicted of an activist-related property crime.  The government deemed it “terrorism.” My “weapon of mass destruction” was a small tool purchased at a hardware store for under $30. My crime resulted in a loss of profits to several businesses. No one was injured. And it wasn’t even a felony.

Some of what the Jetsetting Terrorist describes is unsurprising, such as the inconsistency and unpredictable of the TSA’s “There are no rules” operational practices (a/k/a, “We make up the rules as we go along”, or “The rules are whatever we say they are today”). Or the confusion of TSA and airport checkpoint contractor staff, accustomed to carrying out crude profiling on the basis of race, religion, and national origin, when they receive instructions to treat a white-skinned hipster techie U.S. native like the Jetsetting Terrorist as a second-class citizen.  We’ve heard many accounts like these from other travelers about the TSA’s real-world Standard Operating Procedures, as distinct from those contained in the secret written manuals for TSA staff and contractors.

Beyond that, several things stand out from our reading of the Jetsetting Terrorist blog:

  1. Anyone could be subjected to the same treatment as the “Jetsetting Terrorist”. Millions of people in the U.S. have been convicted, at some point in their lives, of some nonviolent property crime or other nonviolent misdemeanor.  There are no limits to what crimes the government can retroactively define as “terrorism”, and courts have enforced few constraints on what additional burdens, restrictions, and prohibitions can retroactively be imposed — by law or by extrajudicial administrative fiat — on anyone who has ever in their life been convicted of any crime.  Once someone has a criminal record, they are considered to “deserve” whatever they later get when additional administrative infirmities are later piled on to their long-ago-completed judicially-imposed sentence.  And it’s not just people convicted of crimes later defined as “terrorism”. Where will it end? “First they came for the terrorists.  Then they came for the drug dealers…. Then they came for you and me.”
  2. So-called “watchlists” are really blacklists. The word “watchlist” is an Orwellian euphemism which the government uses to minimize its infringement of the rights of people on these lists. Properly speaking, a “watchlist” implies a list used to target surveillance, and the consequences of being on a “watchlist” are limited to being watched, i.e. surveilled. A bad thing, but very difference from the consequences of being on a blacklist, on the basis of which the government actively interferes with one’s movements, lays hands on one’s body (calling genital groping by another minimizing euphemism, “patdown”), and rips open one’s luggage to paw through one’s possessions.
  3. DHS pre-crime profiling is not binary, and can lead to many levels of consequences. Most travelers  naively assume that unless you are “on the no-fly list”, there are only three levels of pre-crime “risk scores” and consequent levels of intrusiveness of DHS action against you at airports: the TSA Pre-Check line, the “normal” (in the post-9/11 sense of “normal”) screening line, and the “secondary screening” line for those “selectees” who get “SSSS” printed on their boarding passes. But as the experiences reported by the Jetsetting Terrorist remind us, not all “selecteees” are selected for like treatment.  As was made public in a government filing in the first no-fly trial last year, each entry on the “selectee” list is assigned a numeric “handling code”. The range of handling codes and their meanings remains secret, but while some “selectees” merely get the full monty (“enhanced patdown”), others like the Jetsetting Terrorist are prevented from proceeding through TSA checkpoints until the checkpoint staff phone the FBI to report their itinerary and get permission for them to travel. In the case of the Jetsetting Terrorist, everyone on the same plane is subjected to an additional guilt-by-proximity ID document check and luggage inspection at the gate, at the entrance to the jetway.
  4. DHS components are among the “customers” for NSA electronic surveillance. On a recent international trip, the Jetsetting Terrorist spent time, while he was abroad, with a friend from the US: “My friend went back one day before me. We didn’t arrive together. We didn’t leave together. We don’t live anywhere near each other. Separate itineraries, everything. But a few hours before I was to leave for the airport, I get an email. Customs got her. Details were sparse, but she said they’d detained her for over an hour, asked her a thousand questions, took her computer in the back room, and asked her about me. A lot about me.  What’s most interesting: Somehow, they knew we were traveling together. This could not be gleaned from airline records. In fact, it could only have been learned of from electronic surveillance.”  Assuming these facts are accurately reported, we agree. (The Jetsetting Terrorist blog is anonymous and unverifiable. But we have no reason to doubt its legitimacy.)  This isn’t the first report of DHS employees questioning a US citizen about information that could only have been obtained from surveillance of electronic communications: that’s part of the basis for an ongoing  lawsuit in federal court in Indiana.  We continue to believe, as we said when  we reported on that case earlier this year, that it’s more likely that the DHS is one of, and possibly the most frequent, “customer” and user of information obtained from the illegal NSA electronic communications dragnet than that the DHS is running its own parallel illegal surveillance scheme on the same scale.

The Jetsetting Terrorist is looking for help finding a way to film and/or record his interactions with the TSA, in spite of being separate from his belongings while he is being searched and interrogated.  Since he plans to distribute these recordings publicly, they would be protected from search (as would his other work product documents and data) by the federal Privacy Protection Act, 42 USC 2000aa.  Most journalists aren’t aware of this law.  But it has important implications at airports, and protects anyone with an intent to distribute information publicly — not just full-time professional journalists.

Oct 14 2014

U.S. citizen sues the State Department for a passport

A Yemeni-American U.S. citizen sued the U.S. State Department today, asking a federal court in Michigan, where he lives, to order the State Department to issue him a U.S. passport.

Ahmed Nagi was naturalized as a U.S. citizen twenty years ago.  In May of 2013, after his previous U.S. passport expired, Mr. Nagi applied to renew his passport. He went in person to the State Department’s Passport Office in Detroit, and paid the $60 extra fee for “expedited” passport renewal service.

Normally, a U.S. citizen who applies in person at a Passport Office on an expedited basis — especially if they have been issued a U.S. passport previously, and are applying for a renewal rather than a first-time passport — can pick up their new passport within a couple of days, even the same day if they have evidence of imminent planned international travel.

Mr. Nagi, however, is still waiting for a new passport, sixteen months after he submitted his application. In response to repeated inquiries, Mr. Nasgi and his lawyers have been told only that his passport application is still “pending”. The State Department has used the impossible-to-complete “long form” as a pretext to hold up processing of some disfavored passport applications, but hasn’t asked Mr. Nagi for any additional information or told him anything about why his application hasn’t been approved.

In the meantime, Mr. Nagi is legally prohibited from leaving the USA without a passport.

The U.S. government appears to have decided that there is no legitimate reason for any U.S. citizen to visit Yemen, whether as a tourist or to visit friends or relatives. In a blatant case of discrimination on the basis of national origin, all U.S. citizens of Yemeni birth or ancestry are being treated as presumptively terrorists and subject to de facto travel restrictions, even if they haven’t individually been placed on any U.S. government blacklists.  Hundreds of U.S. citizens are currently stranded in Yemen, unable to leave Yemen or return to the U.S., because the U.S. Embassy in Sana’a has been systematically seizing the passports of any Yemeni-Americans who go to the embassy to request consular services as U.S. citizens.

According to one of Mr. Nagi’s attorneys, Lena Masri of the Council on American-Islamic Relations, “The federal government has routinely delayed the processing of passport applications for Muslims of Yemeni origin for an indefinite period of time.”  By keeping passport applicants in indefinite limbo, the State Department hopes to exercise a “pocket veto” of passport issuance and international travel, without issuing formal decisions denying passport applications that would be subject to judicial review.  “This lawsuit will challenge the federal government’s unchecked practice of denying these individuals their constitutionally-protected right to travel without affording them their right to due process of law.”

Sep 30 2014

Argentina takes lead in Latin American air travel surveillance

Argentina has promulgated regulations which will require operators of all flights in or out of the country to send copies of both Advance Passenger Information (API) and Passenger Name Record (PNR) data for each passenger and crew member to the government before any flight departs.

The new regulations are to be fully implemented within six months, and apply to all international flights including charters and general aviation as well as airlines.

This may seem surprising. Argentines remember the Dirty War and the ways that government dossiers about individuals were compiled and misused by the dictatorship. Argentina has been considered one of the leaders among Latin American governments in enacting legal protection for personal data. Argentina was the first country in Latin America to be certified by the European Union as providing adequate protection for personal data.  But things can be different in practice than in theory.

The excuses offered by Argentine officials for this ratcheting-up of travel surveillance are typically examples of (1) laundering of travel surveillance and control policies through international organizations and (2) use of “because terrorism and drugs”  as a pretext for measures actually intended and used for general law enforcement, tax collection, other government revenue generation, etc.

According to the regional English-language Latin American Herald Tribune:

Cabinet chief Jorge Capitanich and Tourism Minister Enrique Meyer on Friday rebuffed criticisms of a rule obliging airline operators to answer a questionnaire of 32 queries about passengers on international flights, ranging from their identity to their seating preferences to how many suitcases they carry.

Capitanich … said the questionnaire does not constitute an additional control on passengers.

“The requisites for trips abroad now are no different from what they were before – the database has simply been unified to comply with international regulations,” he said during his daily press conference.

The tourism minister also said that, … “In fact, the passenger has no say in this matter, they’re measures that the International Civil Aviation Organization is requiring of all countries,” he told Argentine radio.

In fact, no “international regulations” require the collection, retention, or provision to governments of any of this data — only rules of specific countries such as the USA and now Argentina.  The ICAO white paper on transfers of PNR data to governments, Document 9944, is explicitly a set of nonbinding “guidelines” suggesting how PNR transfers should be carried out, if they are required by specific countries.

And according to Argentina’s English-language newspaper of record, the Buenos Aires Herald:

The government said that the information will be used in the fight against “drug trafficking, international terrorism, human trafficking and illegal migration.”

Other observers immediately suggested that the real purpose of the new regulations is to control the outflow of hard currency prompted by the growing disparity between the official and black-market exchange rates of the Argentine peso, along with fears of further devaluation, another currency freeze, or more bank failures.

By taking a conspicuous leading role in adopting travel surveillance and control measures that the US has been trying to globalize (with little success until now, particularly in Latin America) as part of the “war on terror”, and labeling them as “counter-terrorist” measures, Argentina may be hoping to curry favor with the US and perhaps gain diplomatic capital that Argentina can use in negotiations with the US regarding Argentina’s default on its sovereign debt.

Sep 28 2014

First challenge to detention & arrest under Arizona “Papers, Please!” law

The first lawsuit challenging the legality of a detention and arrest as a consequence of Arizona’s “Papers, Please!” law (SB 1010) was filed this week by the ACLU of Arizona on behalf of  Ms. Maria del Rosario Cortes Camacho.

SB 1070, enacted in 2010, requires Arizona state and local law enforcement officers to make “a reasonable attempt …, when practicable, to determine the immigration status of the person” whenever an officer makes a “lawful contact” with any person “where reasonable suspicion exists that the person is an alien who is unlawfully present in the United States.”

Although portions of the law were found unconstitutional, this part of the law was upheld by the Supreme Court in 2012 on the basis that at least this part of the law could be applied Constitutionally, if and only if it was construed solely as creating an obligation on law enforcement officers to “attempt” to verify immigration status without committing other Constitutional violations in the process.

The Supreme Court declined to presume that this “attempt” would necessarily, or in practice, result in more prolonged detention than would otherwise be permitted, or in arrest that wouldn’t otherwise have been made:

There is a basic uncertainty about what the law means and how it will be enforced. At this stage, without the benefit of a definitive interpretation from the state courts, it would be inappropriate to assume §2(B) will be construed in a way that creates a conflict with federal law…. This opinion does not foreclose other preemption and constitutional challenges to the law as interpreted and applied after it goes into effect.

As we said at that time:

Close reading of the law and the Supreme Court opinion makes clear that the next step for opponents of the law is to test how, in practice, the state of Arizona will answer the questions asked by the Supreme Court: Will people in Arizona be detained, will their detentions be prolonged, or will their releases from custody be delayed (without, in each case, some other lawful basis) merely to check their immigration status?

If any of things happen to people in Arizona, the Supreme Court has explicitly left it open for them to bring new Constitutional challenges to those infringements of human rights.

That is exactly what is now happening in Cortes v. Lakosky. According to the complaint, Ms. Cortes had applied for a special category of U.S. visa for certain victims of mental or physical abuse. That application was eventually granted, and Ms. Cortes lawfully remains in the U.S.   But when she was stopped and cited for minor, non-criminal traffic violations (which did not, in themselves, provide a basis for arrest), a Pinal County Sheriff’s deputy demanded evidence of her legal presence in the U.S., basing that demand on SB 10170.

Ms. Cortes actually had a copy of her pending visa application in the glove compartment of her car, but the sheriff’s deputies didn’t want to look at it. Rather than citing her on the spot and letting her go on her way as soon as that was done, the Instead, they detained her, handcuffed her, transported her in custody to an office of the Border Patrol, and turned her over to Border Patrol agents who held her for five more days.

No criminal charges and no allegations of illegal presence or other immigration law violations were ever filed against Ms, Cortes.  The sole basis for the prolongation of Ms. Cortes’ detention, her arrest, and her transportation to the Border Patrol office was an (unwarranted) suspicion of unlawful presence in the U.S.

The complaint seeks damages from the sheriff’s deputies, in their individual capacities.

Sep 26 2014

What happens if you fit the DHS profile even though you aren’t a threat?

In a self-assessment published this week by the DHS on the integration of DHS programs for surveillance, profiling, and control of airline passengers (the TSA’s Secure Flight for domestic flights and the CBP’s Automated Targeting System for international flights), the DHS says it is reducing to 15 years the length of time for which DHS will retain logs of people who were singled out for special treatment as “matches” on the basis of (secret) DHS profiling algorithms, but who were “ultimately determined not to be a threat.”

The DHS will still keep its TECS log entries for the trip itself, and will be able to retrieve a new copy of your PNR (airline reservation record) from the airline or CRS (database hosting company) at any time, even if DHS has deleted its previous mirror copy or copies.  But the DHS will purge its record of having wrongly flagged you as a suspect if you’ve stayed out of trouble for the subsequent 15 years:

Records created about an individual associated with a confirmed or possible match to a watchlist that require additional analysis in the ATS case management module ATS-Targeting Framework (TF) will be retained for 15 and seven years respectively in ATS if the individual is ultimately determined not to be a threat. However, COP information maintained only in ATS that is linked to a specific case or investigation will remain accessible for the life of the law enforcement matter to support that activity and other enforcement activities that may become related. In addition, CBP may include information in TECS on individuals who may need additional scrutiny.

The DHS privacy impact self-assessment confirms that the DHS has shifted from blacklist/whitelist matching to real-time profiling and scoring as its methodology for making fly/no-fly and “intrusiveness of search” decisions.  The self-assessment also makes explicit that the reason for long-term retention by DHS of mirror copies of the commercial airline records is to enable subsequent pre-crime data mining:

It is over the course of time and multiple visits that a potential risk becomes clear. Travel records (including historical records), are essential to assist CBP officers with their risk-based assessments of travel indicators and identifying potential links between known and previously unidentified terrorist facilitators. Analyzing these records for these purposes allows CBP to effectively identify suspect travel patterns and irregularities.

Sep 25 2014

11th Circuit Court of Appeals panel kowtows to TSA

By a vote of two judges to one, a panel of the 11th Circuit Court of Appeals has declined to consider a petition by Jonathan Corbett for review of the TSA’s use of virtual strip search machines and “enhanced patdowns” (genital groping), and has opined that if the court were to consider Mr. Corbett’s petition, it would deny it.

If that sounds irregular, it should. Normally, once a court has found a reason it doesn’t need to decide a case on its “merits”, but can resolve it on procedural or jurisdictional grounds, judicial economy dictates that the court won’t issue any opinion on issues it doesn’t have to reach.

In this case, the two judges in the panel majority went out of their way to erect as many barriers as possible to future court challenges to TSA actions, in contravention of normal principles of appellate adjudication and over a cogent dissent, on exactly these grounds, by the third member of the panel.

The ruling on the “merits” of the petition, while bad, is not unprecedented: Every other petition for Court of Appeals review of the TSA’s virtual strip-search practices has already been dismissed.  That’s largely because Congress has directed the Courts of Appeals to limit their “review” of TSA orders to the “administrative record” supporting the TSA’s actions, as provided to the court by the TSA itself, and to treat any “findings of fact” by the TSA, “if supported by substantial evidence” (and even if controverted by more persuasive evidence) as “conclusive”.

Conclusory declarations by TSA employees, not subject to cross-examination and allegedly based on secrets not in the record (“if you knew the secrets we know but can’t reveal, you’d agree with us”) are almost always deemed sufficient to constitute “substantial” evidence for this purpose.

In other words, the TSA gets to tell the Court of Appeals which evidence to consider, and what factual conclusion to draw from it.  Given that the TSA is allowed to make up the facts to suit its own interests, and submit them to the court in secret, it’s scarcely surprising that the decisions made by the Courts of Appeal on the basis of those “conclusive” factual claims by the TSA are almost invariably in the TSA’s favor.

If you think that’s unjust, ask Congress to change this law and support those who argue to the courts, especially the Supreme Court, that this law is unconstitutional.

Read More

Sep 23 2014

TSA finalizes fine of “Naked American Hero”

The TSA has issued a final order assessing a $500 civil penalty (administrative fine) against John Brennan, the “Naked American Hero” who took off all his clothes at a TSA checkpoint at the Portland, Oregon airport.

The authority to make the TSA’s final decision in this weighty matter was delegated by the Administrator of the TSA to his second-in-command, Deputy Administrator Melvin Carraway.  Mr. Carraway agreed with lower-level TSA staff that Mr. Brennan’s nudity “interfered” with the ability of TSA staff to “screen” him.

Only now — after a kangaroo-court administrative hearing, a decision by a so-called Administrative Law Judge (not actually a judge), and an administrative appeal to the designated TSA decision-maker — is Mr. Brennan eligible to seek his day in court.

All of the proceedings to date have been purely administrative and internal to the TSA’s decision-making process.  TSA staff are not — at least according to TSA administrative rules — allowed to consider, in carrying out these administrative decision-making functions, whether the TSA rules and procedures they have been hired to carry out are unconstitutional or otherwise illegal.

In an effort to frustrate judicial review of TSA actions, Congress requires the victims of TSA orders to exhaust administrative remedies, as Mr. Brennan has now done, before they are eligible to seek review of the TSA’s final orders by judges who are allowed to consider the Constitutionality of the TSA’s actions.

Mr. Brennan has 60 days from the date of the TSA’s final order, September 19, 2014 (i.e. until November 18, 2014) to file a petition for review of the TSA’s decision in either, at Mr. Brennan’s choice, the 9th Circuit Court of Appeals or the District of Columbia Circuit Court of Appeals.

We’ve received no response to our May 2013 FOIA request for the TSA’s records of its administrative actions and proceedings against Mr. Brennan.   The most recent estimate provided by the TSA was that they didn’t expect to provide any response until February 2015.

Contributions toward Mr. Brennan’s legal expenses, or offers of pro bono legal assistance, can be made directly to Mr. Brennan at NakedAmericanHero.com.

Sep 22 2014

GAO audit confirms TSA shift to pre-crime profiling of all air travelers

A Congressional hearing last week on the so-called “Secure Flight” system for “screening” domestic air travelers confirmed that the TSA has completed a shift from blacklist and whitelist matching to a comprehensive real-time pre-crime profiling system that assigns each air traveler a  “risk assessment” score on the four-step scale we’ve previously described and which is illustrated above in the latest GAO report.

Redacted versions of three audit reports on Secure Flight by the Government Accountability Office (1, 2, 3) were made public in conjunction with GAO testimony at the hearing.  According to one of those reports, “Secure Flight” started out as a blacklist and whitelist matching system:

Since implementation began in January 2009, the Secure Flight system has identified high-risk passengers by matching SFPD [against the No Fly List and the Selectee List, subsets of the Terrorist Screening Database (TSDB), the U.S. government’s consolidated watchlist of known or suspected terrorists maintained by the Terrorist Screening Center, a multiagency organization administered by the Federal Bureau of Investigation (FBI)…. To carry out this matching, the Secure Flight system conducts automated matching of passenger and watchlist data to identify a pool of passengers who are potential matches to the No Fly and Selectee Lists. Next, the system compares all potential matches against the TSA Cleared List, a list of individuals who have applied to, and been cleared through, the DHS redress process.

But that’s not how it works any more. According to the same GAO report:

Since January 2009, the Secure Flight program has changed from one that identifies high-risk passengers by matching them against the No Fly and Selectee Lists to one that assigns passengers a risk category: high risk, low risk, or unknown risk. Specifically, Secure Flight now identifies passengers as high risk if they are matched to watchlists of known or suspected terrorists or other lists developed using certain high-risk criteria, as low risk if they are deemed eligible for expedited screening through TSA Pre-Check — a 2011 initiative to preapprove passengers for expedited screening — or through the application of low-risk rules, and as unknown risk if they do not fall within the other two risk categories. To separate passengers into these risk categories, TSA utilizes lists in addition to the No Fly and Selectee Lists, and TSA has adapted the Secure Flight system to perform risk assessments, a new system functionality that is distinct from both watchlist matching and matching against lists of known travelers.

We’ve said from the start that Secure Flight would not be limited to “list matching” and would assign risk scores to all travelers. Now that’s been confirmed by GAO auditors.  When the TSA talks about “risk-based screening”, what they mean is “pre-crime profiling” of all air travelers — part of a larger pattern of “predictive” pre-crime policing through surveillance and profiling.

The diagram at the top of this article shows what the GAO says the current “Secure Flight” profiling process, and its consequences, look like. Note the references to “risk assessments” and “rules-based lists”, although in fact these are real-time scoring systems and there are no publicly-disclosed “rules”.

Read More

Sep 19 2014

EFF: “Secret Law is Not Law”

Our friend Cindy Cohn, legal director for the Electronic Frontier Foundation, has an important article this week on a theme that’s long been central to our work: “Secret Law is Not Law“:

One of the many ways that the NSA’s mass surveillance violates the human rights of both Americans and others around the world is that it teeters on a huge pile of secret law.

Let’s be clear. Under international human rights law, secret “law” doesn’t even qualify as “law” at all….

The Human Rights Committee confirms that law is only law if people know it exists and can act based on that knowledge.  Article 19 of the ICCPR, protecting the freedoms of opinion and expression, requires that “to be characterized as a “law,” [a law] must be formulated with sufficient precision to enable an individual to regulate his or her conduct accordingly and it must be made accessible to the public….”

This is a basic and old legal requirement: it can be found in all of the founding human rights documents….  It avoids the Kafkaesque situations in which people, like Joseph K in The Trial and the thousands of people on the secret No Fly Lists, cannot figure out what they did that resulted in government scrutiny, much less clear their names….

Just how far has the US strayed from this basic principle in its mass surveillance practices? Very far.

Read the whole article here.

The Constitutionality of secret law is precisely the issue the Supreme Court declined to consider in 2006 in Gilmore v. Gonzales. EFF’s longstanding opposition to secret law is clearly visible in the brief submitted by EFF and other friends of the court in support of the petition for certiorari in that case.

EFF’s latest commentary on this issue is part of a group of articles by a coalition human rights organizations around the world on the first anniversary of the issuance of a joint statement of principles on the application of international human rights law to mass surveillance.  EFF and other members of this coalition joined us in Geneva this March at the UN Human Rights Committee’s review of US (non)compliance with the ICCPR.

The coalition’s principles of necessity and proportionality refer explicitly to communications surveillance. But as we’ve pointed out before, the same principles apply to metadata about the movement of our bodies (i.e. travel metadata) as to metadata about the movement of our messages.  And as the comments from Ms. Cohn of EFF about the No-Fly List quoted above make clear, the same principles also apply to government decisions based, in whole or in part, on the fruits of that metadata surveillance.

We agree wholeheartedly with EFF: Secret law is not “law”.

Sep 18 2014

LA police lie about whether you have to show them ID

Last week a Los Angeles police officer detained the movie actress Danielle Watts and told her, “I have every right to ask for you ID…. You do not have a right to say ‘No’…. Somebody called, which gives me the right to be here, so it gives me the right to identify you by law.”

In the aftermath, the Los Angeles Police Protective League (LAPPL) has posted a false and misleading so-called “public service announcement” on the subject of Providing ID To Police Officers.

What happened to Ms. Watts, and what is our reading of the case law on these issues?

Read More