Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Feb 05 2013

“TSA out of the MBTA!”

An ad hoc TSA out of the MBTA! group help a march and rally Saturday on Boston Common to protest the ongoing warrantless, suspicionless searches of passengers’ property on the Boston-area MBTA subway and streetcar system.  The protest was endorsed by groups including Occupy Boston and the Mass Pirate Party.

We’re encouraged to see growing resistance to the TSA’s mission creep in expanding its warrantless, suspicionless searches, interrogations, and seizures from air to surface transportation.  These searches on the “T” and other transit systems were illegitimate and unconstitutional when they started in 2004, and they remain so today.

If there’s a particular lesson here, it’s in the importance of resistance from the start of new encroachments on our rights.  No matter how “special” the circumstances in which new police programs are instituted, or how “temporary” they are claimed to be, the natural tendency is for them to become permanent.  “Enough is enough. We’ve been sleeping on this,” one participant in Saturday’s march and rally told the Boston Herald.

Checkpoints and dragnet searches on the MBTA were initiated in 2004, ostensibly as part of “special” and “temporary” security measures for the 2004 Democratic Party national convention in Boston.  They drew immediate protests which continued through the convention.

A Federal judge denied a request by the National Lawyers Guild for a preliminary injunction against the searches. Because the lawsuit had been framed in terms of the issues specific to the area around the convention, the lawsuit foundered after the convention delegates went home. But the searches continue.

Feb 04 2013

Update on Mocek v. Albuerque

On January 14, 2013, U.S. District Judge James O. Browning issued his first major ruling in Mocek v. Albuquerque, the Federal civil rights lawsuit brought for false arrest at a TSA checkpoint brought by Philip Mocek following his acquittal by a jury on trumped-up criminal charges.

Judge Browning dismissed Mr. Mocek’s complaints against the Federal (TSA) defendants.  The reasoning of that ruling is in marked conflict with several findings on the same issues by the 4th Circuit Court of Appeals in Tobey v. Jones, although that decision isn’t binding on the District Court hearing Mr. Mocek’s case since it’s in a different Federal judicial circuit.

According to the Albuquerque Journal, “Mary Lou Boelcke, Mocek’s attorney, said she expects to appeal the ruling, either before trial or after Browning decides other issues regarding the city.”

On February 1, 2013, the remaining Albuquerque defendants (the city, airport, and individual police officers) filed their own motion to dismiss the complaints against them.  That motion is now pending.

Feb 01 2013

4th Circuit say 1st Amendment still applies inside TSA checkpoint

Ruling last week in a case brought by a man who was falsely arrested for displaying the text of the 4th Amendment to the Constitution written on his chest during a “secondary inspection” by the TSA at the  Richmond, VA, airport (RIC), the 4th Circuit Court of Appeals rejected an appeal seeking the dismissal of a Federal civil complaint against TSA, DHS, and airport officials, police, and checkpoint staff.

The ruling means that the claims for damages by U. of Cincinnati architecture student Aaron Tobey (Tobey v. Jones et al., originally filed as Tobey v. Napolitano et al.) will go back to the District Court to proceed toward a trial. (Mr. Tobey is represented by attorneys from the Rutherford Institute.)

Even the dissent from the 2-1 decision (containing such gems as, “[I]t is sometimes necessary to make small sacrifices to achieve greater gains or, as in this case, to avoid catastrophic loss”, a bizarre statement given the lack of any allegation that Mr. Tobey, any of his actions, or the words written on his chest posed any but a political “threat”) admitted that, “TSA screening agents are not natural objects of affection…. TSA agents… can and do make mistakes, and there is always the chance that imbuing subordinate officials with a bit of authority can make them tyrants in their spheres.”

In rejecting the TSA and police appeal, and allowing Mr. Tobey’s case to go forward, the majority of the Circuit Court panel made several key rulings upholding travelers’ 1st Amendment rights and continuing and extending a line of decisions upholding personal liability on the part of individuals responsible for illegal actions at checkpoints: Read More

Jan 22 2013

TSA replaces “probable cause” with private profiling

The TSA has made explicit its intent to take the next logical but lawless step in the merger of (1) profiling of travelers and (2) privatization of judicial decision-making: outsourcing of decisions as to who should be subjected to what degree of intrusiveness of search to private contractors acting on the basis of commercial data.

The TSA already delegates on-the-spot “discretionary” decisions about searches (“screening”) to private contractors at airports like SFO, and relies for its profiling (“prescreening” and “no-fly”) decisions on commercial data contained in airline Passenger Name Records (PNRs).

Now a request for proposals quietly posted by the TSA early this month among the “Federal Business Opportunities” at FBO.gov, and spotted by the ACLU, gives notice that the TSA is considering “Third Party Prescreening” of travelers: TSA contractors would decide in advance (secretly, of course, on the basis of secret dossiers from private data aggregators) which travelers would be “invited” to proceed through the less-intrusive-search “Pre-Check” security lanes, and which would be subjected to “ordinary”, more intrusive groping of their bodies, opening of carry-on baggage and belongings, interrogation, etc.

In effect, “Third Party Prescreening”, as the concept is defined in the TSA notice to would-be contractors, would replace probable cause with private profiling as the basis for determining who among us would be legally obligated, as a condition of the exercise of Constitutional civil liberties and internationally recognized human rights, to submit to exactly what degree of intrusiveness of search of our persons and property.

The by-invitation-only TSA “Pre-Check” profiling scheme is already entirely arbitrary, as travelers have discovered when they have tried to find out how to obtain an invitation to the less-mistrusted-traveler club or why they haven’t been invited. “Don’t call us, we’ll call you” if we want to invite you, say airlines and the TSA.  There are no publicly-disclosed substantive or procedural standards for invitation or inclusion.

“Third Party Prescreening” would extend that arbitrariness to advance decisions that particular travelers must submit to heightened “screening” (or are not to be allowed to proceed through lighter screening, which amounts to the same thing) before they will be “allowed” to exercise their right to travel.

Such a particularized decision, in advance, conditioning travel by a specific traveler on submission to a specific type or degree of intrusiveness of search is not what was contemplated in judicial decisions upholding “administrative” searches at airports.   Rather, this is the sort of search that the Constitution demands be justified by probable cause, as articulated to and approved by a judge.

Private contractors are not judges. Fitting the profile, based on a secret commercial dossier, as determined by a secret algorithm, is not probable cause. No “Third Party Prescreening” could create a lawful basis for a search, or for interference with the right to travel of those who decline to submit to such a search.

Jan 18 2013

US cites ICCPR in its lobbying against reform of EU privacy law

The US government has been lobbying hard in Brussels and Strasbourg against proposals to strengthen European Union (EU) rules protecting personal information, including information “shared” with the US and other governments for law enforcement, surveillance, profiling, and other purposes.

The European Digital Rights initiative (EDRi), to which we are an accredited observer, has posted a leaked lobbying document being distributed to EU decision-makers by the US mission to the EU.

As discussed in EDRi’s excellent analysis, the US position paper explicitly references the International Covenant on Civil and Political Rights as part of the common foundation of US and EU privacy principles. That curious, since (1) the US has previously avoided or ignored all attempts (such as those by the European Parliament in its 2010 resolution on airline Passenger Name Records) to include the ICCPR in the terms of reference for US-EU negotiations, and (2) the US is in flagrant violation of the provisions of the ICCPR related to, among other issues, privacy rights and freedom of movement.

It’s especially odd for the US to bring the ICCPR into the EU debate just now, as the UN Human Rights Committee is beginning its periodic, treaty-mandated review of US compliance with the ICCPR.

We hope the EU will take up the US invitation to bring the ICCPR into the debate, and will conduct its own inquiry into US compliance with its treaty obligations as well as paying close attention to the UNHRC review.

Jan 09 2013

Judge refuses to look at secret “no-fly” evidence, reaffirms that travel is a right

What’s been most noteworthy in DHS legal arguments in “no-fly” and other related  cases isn’t that the government has tried to argue in defense of intrusive and repressive surveillance and control of travel.

Instead, the consistent strategy of the DHS has been to argue (1) that it doesn’t have to give any arguments or evidence in support of these practices, because they are exempt from judicial review, and (2) that if it does have to give the courts any evidence or arguments, it can do so in secret, so that opposing parties and their lawyers are unable to know, or respond to, the government’s secret arguments and secret evidence.

Fortunately, some judges seem to be running out of patience with these claims that the executive branch of government is above the law.

We’re particularly encouraged by the latest order issued December 20, 2012 in the case of Ibrahim v. DHS, which continues to appear likely to result in the first review of a no-fly order, on its merits, by any court.

Since 2005, when she was refused boarding and detained by police when she tried to board a flight at San Francisco International Airport, Rahinah Ibrahim has been trying to find out who put her on the “no-fly” list and why, get off the “no-fly” lost, and obtain damages from the government agencies, contractors, and individuals responsible for her false arrest and the interference with her right to travel.

The city and county of San Francisco (responsible for the airport police) eventually paid Dr. Ibrahim $225,000 to settle her claims against them.  But the federal government defendants have continued to try to get the case dismissed before any discovery, fact finding, or trial on the merits of Dr. Ibrahim’s claims.

The 9th Circuit Court of Appeals has twice rejected the government’s appeals of preliminary rulings allowing the case to go forward and allowing Dr. Ibrahim’s lawyers to proceed with discovery.  But even after the federal defendants’ latest appeal was rejected, the government again moved the District Court to stay any discovery and dismiss the complaint.

In support of their latest motion to dismiss, the government went beyond filing evidence and legal arguments with the court “under seal” for in camera review by the judge (but not Dr. Ibrahim or her lawyers).

Instead, the government called the judge’s chambers to advise that a courier was on his way from Washington to the courthouse in San Francisco with some secret documents, which he proposed to show the judge, alone in chambers, and then take back to Washington so that there would be no record with the court, even in a “sealed” file, that would enable the court of appeals to review the basis for the judge’s decision.

Judge William Alsup of the U.S. District Court for the Northern District of California told the courier not to darken his door, and refused to look at any of the secret evidence, even in camera. Then he delivered a smackdown to the government in his ruling dismissing its motions.

Read More

Jan 08 2013

Identity Project tells UN Human Rights Committee that US violates the right to travel

It’s that time, as it is every five years, for the U.N. Human Rights Committee (UNHRC) to review the status in the U.S of the rights protected by the International Covenant on Civil and Political Rights (ICCPR) — including the right to travel.

The Identity Project is taking part in this process by informing the UNHRC about the ways the US has violated the right to travel, and making recommendations for issues related to the right to travel which the UNHRC should raise with the US during its review.

On December 28, 2012, as part of a joint submission to the UNHRC by the U.S. Human Rights Network, the Identity Project submitted our recommendations for issues related to freedom of movement that we think the UNHRC should take up with the U.S., questions that should be asked by the UNHRC, and recommendations that the UNHRC should make to the US in its concluding observations:

  1. Handling of complaints of violations of U.S. obligations pursuant to the ICCPR
  2. Requirements for government-issued travel documents
  3. Detention, interrogation, and search of travelers (co-signed by the Consumer Travel Alliance)
  4. Permission-based government controls on air and surface travel
  5. Surveillance and monitoring of travelers (co-signed by the Consumer Travel Alliance)

Read More

Dec 17 2012

Should sex offenders have to wear a “scarlet letter” on the Internet?

In the novel The Scarlet Letter, Hestor Prynne was required to wear a prominent badge on her clothes, for life, to identify her publicly with the crime she had been convicted of: violating the sexual mores decreed as law by the fundamentalist religious and political leaders of the Massachusetts Bay Colony.

Today a Federal court heard arguments on whether Californians convicted of certain sex-related crimes can similarly be prohibited for life from speaking or acting anonymously on the Internet, and required to declare to the local police, within 24 hours, each of their Internet service providers or “Internet identifiers” (email addresses, user names, etc.).

California’s Proposition 35, enacted by popular vote in October 2012 (can the majority vote to revoke the rights of a disfavored minority?), adds the following provisions (among others) to state law:

Every person described in subdivision (c), for the rest of his or her life while residing in California, or while attending school or working in California, shall be required to register with the chief of police of the city in which he or she is residing, or the sheriff of the county if he or she is residing in an unincorporated area or city that has no police department,… within five working days of coming into, or changing his or her residence within, any city, county, or city and county, or campus in which he or she temporarily resides, and shall be required to register thereafter in accordance with the Act.

(c)  The following persons shall be required to register: Any person who, since July 1, 1944, has been or is hereafter convicted [of specified offenses].

(a) Beginning on his or her first birthday following registration or change of address, the person shall be required to register annually, within five working days of his or her birthday, to update his or her registration…

(b)  If any person who is required to register pursuant to the Act adds or changes his or her account with an Internet service provider or adds or changes an Internet identifier, the person shall send written notice of the addition or change to the law enforcement agency or agencies with which he or she is currently registered within 24 hours….. The registration shall consist of all of the following:…

(4)  A list of any and all Internet identifiers established or used by the person.

(5)  A list of any and all Internet service providers used by the person….

For purposes of this chapter, the following terms apply:

(a) “Internet service provider” means a business, organization, or other entity providing a computer and communications facility directly to consumers through which a person may obtain access to the Internet….

(b)  “Internet identifier” means an electronic mail address, user name, screen name, or similar identifier used for the purpose of Internet forum discussions, Internet chat room discussions, instant messaging, social networking, or similar Internet communication.

The day after the election, the Electronic Frontier Foundation (EFF) and the ACLU of Northern California filed a class-action challenging the new law as unconstitutionally vague (nobody can tell with certainty which “identifiers” or “services” have to be disclosed to the police, or might result in criminal prosecution if they aren’t disclosed) and unconstitutionally “overbroad” (no matter how it is interpreted, its plain language would restrict rights protected by the First Amendment).

Judge Thelton Henderson of the U.S. District Court for the Northern District of California immediately approved a temporary restraining order preventing the law from being implemented.

Today in San Francisco, Judge Henderson heard almost three hours of argument by lawyers from EFF, the ACLU, the California Attorney General’s office (the defendant in the lawsuit), and the sponsors of Proposition 35 (Chris Kelly, who funded the “Yes on Prop. 35” campaign, was present in court) on whether the court should issue a “Preliminary Injunction” continuing the prohibition on enforcement of the law until the federal court’s final decision in the case, which could take months or years.

While the meaning of “Internet identifier” is vague, all parties to the case (and the would-be intervenors) agreed in response to Judge Henderson’s questions about a list of examples — user IDs for banking websites. BestBuy.com, Amazon.com, World of Warcraft, etc. — that a user ID used to read the New York Times online would need to be registered with the government, if the user ever posted any comments about news stories.  And the proponents of the law stressed that the purpose of the registration requirement is not to warn the public about registered users of Internet services, but to facilitate police surveillance and investigation of potential future crimes, including “covert” (sting) operations.

As Michael Risher of the ACLU pointed out, “There’s no historical precedent for stripping people of 1st Amendment rights [after the completion of their sentence] on the basis of their having previously been convicted of a crime.”  But this law, if upheld, would set an important precedent of its own.

The registration requirement and the prohibition on using an unregistered user ID or alias don’t depend on any relationship between the Internet and the crime of which someone was convicted. Nor does anything in the proponents’ arguments for this provision of the law depend on the specific nature of the crimes.  If this provision of the law is upheld as applied to people convicted of crimes related to sex, anyone convicted of any crime, ever, could be subjected to a categorical lifetime ban on anonymous online speech.

As Hanni Foukhoury of EFF has pointed out, a similar thing has already happened with DNA testing: First required in California for people convicted of murder and rape, it has since been gradually extend to people convicted of other specified violent crimes, then to people convicted of all felonies, then to anyone arrested for any felony (including possession of any amount of marijuana with “intent to sell”).

Judge Henderson promised a ruling on the motion for a preliminary injunction “as soon as possible”. In the meantime, the temporary injunction against enforcement of the IISP and Internet ID registration rules remains in effect.

Dec 05 2012

The DHS FOIA Office “is not in service”

We’ve been waiting for years for responses to some of our FOIA requests to the TSA and DHS, including a request for records of what happened to our earlier FOIA requests that were subjected to a special program  of political review and reporting to the White House, a request for records that were previously improperly withheld under a claimed FOIA “exemption” which the Supreme Court eventually ruled didn’t exist, and a request for any records of the TSA having sought or obtained OMB approval for its Certification of Identity form.

Unfortunately, the de facto policy of the Department of Homeland Security is not just to ignore any FOIA requester who isn’t already suing it, but to make it impossible even to communicate with it or obtain proof of having made requests.

As we’ve noted before, the DHS uses a contractor who often fails either to deliver their mail or return the return receipts, making it impossible to prove they have received requests. Recipients have told us that the mail is often so browned and burnt by the contractor’s high-intensity x-ray screening that mail that is eventually delivered to DHS, after a delay of a week or so, is often illegible.

Despite huge expansion, changes, reorganizations, and relocations of DHS offices, the DHS FOIA Regulations and what is required by law to be the definitive list of DHS FOIA contacts hasn’t been updated since 2003, despite our repeated protests. Today, many of those addresses lead only to the dead-letter office.

Many DHS and component offices don’t disclose their physical locations. Even if you can find where their offices are, the doors are barred to those without appointments and government-issued photo ID.

And it’s getting worse.  Now the main phone number for the DHS FOIA Requester Service Center (and, if you want to complain about their unresponsiveness, the DHS FOIA “Public Liaison” as well), has been disconnected or taken out of service. Not that it was usually answered by a human being, or that voicemail messages were usually returned, but turning off the phones entirely (or using only some other undisclosed phone numbers at their undisclosed location) is really a new low.

If you go to the Where to Make a FOIA Request page on FOIA.gov, and choose “Department of Homeland Security” and then either “Headquarters and Privacy Office” or “I don’t know which office”, you are directed to call (703) 235-0790.  (Click the image above for a larger version of the Web page.) Call that number, and you get the recorded message, “Sorry. The number you have reached is not in service.”

We knew the DHS FOIA Office was “not in service”, or at least not serving us. But we didn’t realize that they had gotten the phone company to put a recording on their line telling that to anyone who tries to call.

[Update: The TSA and DHS claim that the “FOIA.gov” website is maintained by the Department of Justice and beyond the control of the DHS. But the same wrong number appears on DHS.gov at http://www.dhs.gov/check-status-your-foia-request as the number to call to find out the status of a FOIA request, along with a self-referential hyperlink for FOIA status information that links back to the same page.]

Dec 02 2012

TSA updates its “notice” of Secure Flight records

The TSA published a revised System of Records Notice in the Federal Register on November 19th, updating its disclosures of what information about our “travel histories” it collects, retains, and uses through its Secure Flight program for airline passenger surveillance and control.

The new notice is both better and worse than it might appear at first glance. The new “Secure Flight” SORN describes some disturbing TSA practices that were not explicitly disclosed in the previous “Secure Flight” SORN published in 2008.

In particular, the new SORN discloses that if you are turned down or predetermined to be ineligible for the TSA’s “Pre-Check” or other “Registered Traveler” (a/k/a “Possibly Slightly Less Mistrusted Traveler”) programs, you can be placed on a new watchlist, as a result of which logs of your air travel will be retained by the TSA for 99 years. That’s especially problematic because applicants for the Pre-Check program aren’t told that being turned down could leave them worse off than if they had never applied, and subject to lifetime TSA air travel monitoring and itinerary logging.

Bad as this is, however, it isn’t really a change in what data TSA claims the right to collect, or how long it claims the right to retain and use it. These practices were already covered under “catch-all” clauses of the prior SORN, which are retained in the revised SORN, and that actually purport to authorize a much wider range of even worse practices.

Specifically, the “Secure Flight” SORN already disclosed that “Secure Flight” records might contain:

Records obtained from the TSC [Terrorist Screening Center] of known or suspected terrorists in the TSDB [Terrorist Screening Database] and records regarding individuals identified on classified and unclassified governmental watch lists

There’s no definition or limitation on the sources or purposes of these additional “watch lists”. But it’s clear from the description quoted above that these are watch lists other than those of suspected terrorists: lists of people who are to be watched, and whose air travel itineraries are to be logged for life, for (secret, unrestricted) reasons other than that they are suspected of terrorism. Read More