Papers, Please!

The Identity Project

Author Archives: Edward Hasbrouck

Dec 06 2010

“TSA case goes to trial tomorrow in Albuquerque”

Albuquerque’s Weekly Alibi reports today in their blog on the trial of “Freedom Flyer” Phil Mocek scheduled to begin Tuesday morning:

Phil Mocek’s trial in Bernalillo County Metro Court tomorrow might be the first of its kind in the country. He was arrested after refusing to present identification to the Transportation Security Administration….

Edward Hasbrouck is a consultant to the Identity Project in California…. “We were obviously disturbed to find that Mr. Mocek had been arrested and had been essentially framed on these charges,” Hasbrouck says in an interview with the Alibi.

He adds that the four charges leveled against Mocek are not the real reasons he was arrested. “The real reason he was arrested is that the TSA didn’t like what he was doing,” Hasbrouck says. “The real charge is questioning the illegitimate authority of the TSA. Now, why the local authorities are choosing to put themselves out on a limb, trumping up bogus charges just to keep the TSA [happy] is a question that you’d have to ask the prosecutor in Albuquerque.”

Neither Dan Rislove, the attorney representing the state, nor TSA spokesperson Luis Casanova have yet returned the Alibi’s calls.

Ironically, despite the nationally precedent-setting TSA resistance case about to go to trial, an airport spokesperson told Albuquerque’s KRQE-13 TV news last month that, with respect to TSA “screening” procedures at ABQ,  “We have not seen a lot of resistance locally here.”

We’ll be posting updates on the trial here.  But since no cell phones, laptops, pagers, or other electronic communications devices are allowed anywhere in the courthouse, don’t expect live-blogging or for us to be able to return phone calls or e-mail messages from the courthouse or until the end of each day of the trial.

Dec 01 2010

Testimony to the Canadian Parliament on US access to travel data

Edward Hasbrouck of the Identity Project testified yesterday on behalf of the Liberty Coalition at a hearing before the Canadian House of Commons’ Standing Committee on Transport, Infrastructure and Communities on Bill C-42, which — as we’ve discussed previously — would override Canada’s “Personal Information Protection and Electronic Documents Act” (PIPEDA) to permit airlines to give personal information about passengers to the government of any country whose airspace a flight would pass through, even if it didn’t land in that country.

Bill C-42 was proposed by the government, but is being opposed by some within Parliament as well as civil liberties and human rights activists and (along with the US Secure Flight scheme) by the Office of the Privacy Commissioner of Canada.

The English-language audio archive of the hearing is here; the complete transcript is here. Mr. Hasbrouck’s introductory statement is from 24:45 to 35:15 of the audio stream; he was also questioned extensively by the members of the Committee.

Because of the Thanksgiving holiday in the US, the invitation to testify arrived too late for the requisite translation into French of any written notes or supporting documents. For more background on the information architecture and cross-border data flows of the airline industry, see the slides from Mr. Hasbrouck’s more detailed testimony on related issues earlier this year at the European Parliament in Brussels.

Here’s the transcript of our introductory statement:

Read More

Nov 23 2010

What you need to know about your rights at the airport

  1. TSA “screeners” are not law enforcement officers. Despite wearing police-type uniforms and calling themselves “officers”, they have no police powers and no immunity from any state or local laws.  At some airports, notably San Francisco (SFO) and Kansas City (MCI), they aren’t government employees at all, but rent-a-cops employed by a private contractor. They cannot legally arrest or detain you (except as a citizen’s arrest, the same way you can arrest them if they commit assault or battery). All they can do is call the local police.
  2. You have the right to remain silent, including when questioned by TSA “Behavior Detection Officers.” Anything you say may be used against you.
  3. You have the 1st Amendment right to film, photograph, and record what happens in public areas of airports, including your interactions with TSA and screeners.  Photography and recording in airports and at TSA checkpoints violates no Federal law or TSA regulation. Any state or local laws that purport to prohibit this are likely to be unconstitutional. You have the right, for your own protection, to document what happens to you and what is done to you. In addition, the Federal “Privacy Protection Act of 1980” (42 USC 2000aa) forbids TSA staff or police from searching or seizing photographs, audio or video recordings, documents, or electronic data, if you possess these materials in connection with an intent to distribute them publicly, including online distribution such as posting them on Facebook, Youtube, etc. There are some exceptions to this law, including a limited exception for searches and seizures by customs inspectors (not the TSA) at international ports of entry (not domestic airports). But there is no general airport or TSA exception to this law.
  4. You have the right not to be assaulted or battered (sexually or otherwise), falsely arrested, unlawfully detained, or kidnapped. You may have the right to make a criminal complaint and/or a citizen’s arrest of someone who assaults you, and/or to sue them for damages.  You should consult the applicable laws, including local laws, and/or an attorney, if you plan to do any of these things.
  5. Under most airlines’ conditions of carriage, you have the right to a full and unconditional refund if the airline refuses to transport you because you won’t show ID or won’t “consent” to whatever they want to do to you in the name of “screening”. Read this first: Here’s what to do to protect your right to a refund.  If the airline refuses to give you a full refund, you can sue them for damages and request that the US Department of Transportation investigate and fine them.
  6. If an airline cancels your reservation or refuses to transport you, you may be entitled to collect damages, and you can request that the US Department of Transportation (and, if you were denied passage to the USA from another country, that country’s authorities) investigate and fine or impose other sanctions on the airline.
  7. You have the right to freedom of movement, guaranteed by the First Amendment (“the right of the people… peaceably to assemble”) and Article 12 of the International Covenant on Civil and Political Rights (ICCPR), a human rights treaty to which the US is a party: “Everyone lawfully within the territory of a State shall, within that territory, have the right to liberty of movement and freedom to choose his residence. Everyone shall be free to leave any country, including his own…. No one shall be arbitrarily deprived of the right to enter his own country.” Federal law (49 USC § 40101, part of the Airline Deregulation Act of 1978) requires the TSA to consider “the public right of freedom of transit” by air when it issues regulations.
Nov 23 2010

Airlines threaten illegal actions against travelers who opt out of groping

Can you get your money back if you opt out of the TSA’s assault on your freedom? Yes, but airlines don’t want to admit that.  (That’s nothing new.)  You may have to put up a fight.

Here’s what’s happening, and what you can do:

With National Opt-Out Day coming up, travel journalist Christopher Elliott contacted several airlines to see how they would handle requests for refunds from ticketed passengers who aren’t allowed to fly because they opt out of being x-rayed or groped.

Disturbingly, several airlines (American, Southwest, United/Continental, and US Airways) told Elliott that they would not give refunds to such passengers holding nonrefundable tickets.

Airlines can’t just make up new rules governing tickets and refunds after tickets are issued. Those rules are published in airlines’ tariffs and conditions of carriage, as filed with the Department of Transportation.

Almost all airlines’ conditions of carriage provide that, if an airline refuses to transport you, you are entitled to a full and unconditional “involuntary refund” of all fares, fees, and charges, even if the fare at which your ticket was issued  is otherwise completely nonrefundable.

American Airlines, for example, told Elliott:

“Our refund rules that are in place now, apply,” says a spokeswoman. “If the customer has a refundable ticket, then we will refund. If the customer has a non-refundable ticket, then we can offer a voucher.”

But American’s actual rules are contained in their conditions of carriage, as follows:

Involuntary Refunds

In the event the refund is required because of American’s failure to operate on schedule or refusal to transport, the following refund will be made directly to you –

  1. If the ticket is totally unused, the full amount paid (with no service charge or refund penalty), or
  2. If the ticket is partially used, the applicable fare for the unused segment(s).

If American or another airline with similar terms in its contractual conditions of carriage refuses to give you a full and unconditional refund (not merely a voucher), they are liable to you for damages if you sue them, and liable to enforcement action and fine by the Department of Transportation.

So what’s the best strategy if you already have a ticket and want to opt out of virtual strip-search and groping?

Read More

Nov 22 2010

Self-restraint is not the solution for the TSA

This morning on the “Today” show, TSA Administrator and former FBI agent John Pistole said that the TSA is “actively rethinking its policy” to require all travelers to submit to either an x-ray virtual strip search or vigorous groping of their breasts and genitals.

We aren’t reassured or appeased.  The process of “rethinking” described by Pistole, like the TSA procedures themselves, would remain entirely secret, internal, and extra-judicial.

The problem with the TSA is not with exactly how it has exercised its secret, standardless administrative “discretion,” but the fact that the TSA has been allowed to opt itself out of the rule of law.

Last Friday the New York Times editorialized that, “The government could start by making their screening guidelines clear.”  The government could do so — but the TSA won’t unless it is forced by direct orders from the President, the Congress, or the Federal courts.  We cannot rely on the TSA to restrain or reform itself.

There are no laws or published regulations defining what the TSA is allowed to do. The TSA has claimed in response to our requests that all of its procedures and directives for airport checkpoints are exempt from the Freedom of Information Act (FOIA). The DHS Privacy Office ordered the TSA not respond to our request for these documents without approval from the DHS “front office”, including the White House liaison. Apparently that approval has never been given. We’re still waiting.

When John Gilmore challenged the checkpoint practices in court, the DHS refused to show him the documents that they showed the judges “in camera” to persuade them to dismiss his case. The Supreme Court refused to consider his appeal of this secret lawmaking.

Former Secretary of Homeland Security Chertoff said repeatedly and publicly that administrative DHS “no-fly” decisions should be exempt from judicial review. Neither current DHS Secretary Napolitano nor President Obama have done anything to dissociate themselves from that position.

Now the ACLU and EPIC are both collecting reports and complaints about what happens at TSA checkpoints. But we have no confidence that public exposure of what is happening will in itself prompt any change in behavior by an agency whose motto appears to be, “We don’t care – we don’t have too.” Everyone already knows that the TSA is groping grandmothers, probing under diapers and sanitary napkins, and requiring removal and examination of breast and other prostheses.  All while threatening or even arresting those who try to protect themselves by documenting the process with photographs and/or recordings.

EFF has information on how to complain to the TSA and DHS.  But those complaints would also be dealt with, if they aren’t ignored, solely by secret procedures within those agencies.  What, if anything, is done as a result will remain unknown to the complainants and the public.

Clearly, the TSA has crossed the line of what the traveling public will tolerate. But the solution is not for the TSA to retreat slightly (and perhaps only temporarily) in response to public outrage. That will only leave us with endless scrimmages over where to draw the line, with the TSA not an iota less invasive than the most intrusive processes that they think they can get away with.

The real need is to put the TSA — for the first time in its existence —  clearly within the rule of law.  That’s why we think what’s most important about EPIC’s lawsuit against the TSA is not the specific issue of virtual strip searches (important though this is) but the fundamental complaint that the TSA has ignored formal petitions for rulemaking. EPIC’s central claim is that the TSA has refused to give public notice of proposed rules, accept public comments, and make a public determination that could be subjected to review by the Federal courts.

Liability, both organizational and personal, is also important. Talk to a lawyer about bringing a criminal complaint or civil lawsuit against any TSA employees or contractors who act illegally against you.  We’re pleased to see discussion of citizens’ arrests of overreaching (so to speak) TSA and contractor gropers. At least some local prosecutors are open to possibly pressing such charges. That’s especially significant at San Francisco International Airport (SFO), where the screeners are out on an especially thin limb of liability as private contractors rather than employees of the TSA or any other government agency.

Nov 21 2010

Trial to begin December 7th in TSA checkpoint case

“Opting out” of TSA demands or questioning and photographing the TSA is not a crime!

We’ve reported before on the arrest of Phillip Mocek just over a year ago at a TSA checkpoint at the airport in Albuquerque, New Mexico, and his prosecution by local authorities on trumped-up criminal charges.

Phil Mocek

Now, after several postponements, Phil Mocek’s trial is scheduled to begin with jury selection on Tuesday morning, December 7th, 2010, in Albuquerque.  The trial is expected to last 2-3 days. There’s more information here.

(The trial has been postponed several times, and might be postponed again, but this date appears to be for real, and Mr. Mocek is making firm travel plans — by land, not by air — to be in Albuquerque.)

We encourage everyone who opposes the TSA’s lawless assault on our liberties to support Mr. Mocek. Spread the word about this case, especially to people you know in New Mexico. Contribute to Mr. Mocek’s legal defense. (He had to hire private lawyers to defend himself.)  Come to the trial in Albuquerque if you can. Pass out a leaflet.  Speak out and stand up to the TSA yourself.

This is the first TSA checkpoint resistance case to come to trial, and this trial comes during an unprecedented and spontaneous explosion of grassroots resistance to the TSA’s claim to unlimited authority. The outcome of Mr. Mocek’s trial will be critical to whether that resistance continues to snowball, or whether the TSA and its allies in authoritarianism can terrorize and intimidate law-abiding travelers into submission to their illegitimate authority.

There are no laws or published regulations defining what the TSA is allowed to do. In response to a Freedom of Information Act (FOIA) request from Mr. Mocek, the TSA has refused to release its secret procedures and directives for airport checkpoints.  And the DHS Privacy office has ordered the TSA not respond to our request for these documents without approval from the DHS “front office”, which apparently has never been given.

In these circumstances, only the courts can define the limits of TSA authority to search, interrogate, x-ray, and grope innocent travelers who are not suspected of any crime. So far as we know, Mr. Mocek’s case is the first time someone in the USA has been brought to trial on criminal charges for attempting to exercise their right to travel by air without showing ID or answering questions about themselves or their trip, or for photography or audio or video recording at a TSA checkpoint.

Read More

Nov 17 2010

What is to be done about TSA?

We’re pleased and excited to see the spontaneous outpouring of grassroots outrage at the latest TSA “Standard Operating Procedures”, which offer would-be air travelers a Hobson’s choice between forms of submission to secret rules, illegitimate authority, and invasion of personal privacy.

TSA wants us to choose between a virtual strip-search (x-ray or similar photography through your clothes, with the as-though-naked high-resolution photos viewed by a TSA agent or rent-a-cop out of your sight somewhere in a little porno booth in the bowels of the airport), versus vigorous manual groping of your entire body with special attention to your genitals and breasts.

We’re equally pleased and excited to see that outrage move beyond mere complaint to direct action and resistance, primarily by those “opting out” of both the “whole body imaging” and the groping, and calling on others to do the same.

We thank those who are taking action, even what we think may be ineffective or insufficient action, against TSA’s excesses. The public’s frustration with TSA’s ever-escalating demands was bound to explode eventually, and we hope that time has truly come. We just hope that the results will move us in the direction of real reform, rather than “concessions” that leave us worse off than before, or band-aids followed by more excesses after the public calms down.

For many years, TSA has been writing its own laws, in secret, in the form of “Security Directives” to airlines and “Standard Operating Procedures” for TSA employees and contractors. We’ve requested the directives and procedures that purport to say what travelers are required or prohibited from doing. That’s our right under the Freedom of Information Act (FOIA). To date, TSA has either refused our requests outright or ignored them. For months, until they were caught by the Associated Press, the most senior FOIA and “privacy” officer for DHS gave direct orders to the TSA not to provide us with any responses without express prior permission from DHS headquarters.

“Get photographed as though naked or get groped” isn’t the only new TSA imposition. This month, apparently, TSA issued more secret orders to airlines as part of its illegal Secure Flight passenger surveillance and control scheme. The airlines have begun threatening to cancel reservations and deny transportation to paid and ticketed would-be passengers who haven’t provided the airlines (and thus the TSA) with their “full name”, gender, and date of birth. No law requires passengers to do so, but TSA is trying behind the scenes to force airlines to refuse to carry people who don’t.

So what is to be done? Real reform of TSA procedures would include:

Read More

Oct 29 2010

DHS Privacy Office ordered TSA not to answer our FOIA request

Records posted online by the DHS in response to one of our FOIA requests confirm that, as we suspected, DHS headquarters has been illegally blocking release of documents we have requested, and to which we are entitled, under the Freedom of Information Act, in order to subject them to higher-level political review and an illegal requirement for higher-level political approval prior to any response.

In an email message (pp. 24-26 of this larger PDF) to the Chief FOIA Officers of all DHS component agencies on December 23, 2009, Catherine Papoi, DHS Deputy Chief FOIA Officer and Director of Departmental Disclosure and FOIA, included one of our requests for information about TSA policies in a list of requests to be reported to the DHS White House liaison and reviewed by the “DHS HQ Front Office” prior to any response or release of records, regardless of the deadlines for responses and release of responsive records set by FOIA.

According to this email message, underlined and in boldface for double emphasis, “It is very important that your office not send the response to the requester until I notify you that the response has been reviewed and is cleared to be sent to the requester.”

Read More

Oct 18 2010

Airlines to cancel reservations and deny passage to travelers who won’t provide “Secure Flight” info

Airlines are moving rapidly toward global industry standards, effective November 1, 2010, that could lead to cancellation of reservations — including already ticketed reservations — without notice to travelers and in violation of the contractual conditions in effect when tickets were sold, and denial of transportation to would-be passengers in violation of airlines’ operating licenses and international aviation treaties that require them to operate as “common carriers”.

We’ve previously noted the impossibility of knowing how the TSA will enforce its Secure Flight passenger surveillance and control scheme, since the enforcement of “Secure Flight” demands for information will, presumably, be carried by airlines acting on secret TSA Security Directives.  And in one of their most recent non-responses to our FOIA requests, the TSA reiterates their claim that all such Security Directives are by definition exempt from disclosure, regardless of whether their disclosure would have any actual effect on safety or security.

But we’ve also noted the recent announcements by some airlines, apparently starting with American,  that they plan to cancel or inhibit the creation or ticketing of reservations that don’t contain the additional personal information that the TSA wants each traveler to provide to both the airline (who is free to retain, use, sell, or otherwise disclose it) and the TSA: “full name” (whatever that means — there’s no definition in the Secure Flight regulations), gender, and date of birth.

Now airlines are going even further, with more airlines announcing their intent to cancel ticketed reservations if passengers don’t, on their own initiative, come forward with Secure Flight passenger Data (SFPD), and the airline trade association (and sometimes cartel) IATA reportedly expected to pass a global standard this week mandating inhibition of ticketing of all reservations without SFPD.

Read More

Oct 17 2010

Europeans start asking questions about the role of reservation systems

We’re pleased to see that — perhaps as part of the fallout from publicity in Europe (see the links in these comments) for our lawsuit against the DHS — questions are finally being asked in the European press about the role of Computerized Reservation Systems (CRSs, also known as Global Distribution Systems or GDSs) in passing travel reservations to the US and other governments.

We’ve pointed out repeatedly that most airlines, travel agencies, and tour operators have outsourced their PNR database hosting to the major CRSs, including Sabre and Travelport (Galileo and Worldspan) in the USA and Amadeus in Europe.  Earlier this month the Süddeutsche Zeitung became the first major European news organization to publicly question Amadeus about its (illegal) role in granting DHS access to Passenger Name record (PNR) data stored with Amadeus. Amadeus falsely claimed that “We are not involved in the decision” to pass data from the EU to the DHS.  But that claim is unlikely to stand up to an inquiry such as the one we’ve been told the Article 29 Working Group of European national data protection officers is currently conducting.  And more and more other Europeans are beginning to ask similar questions as well.

Overly simplistic usage of the term “European PNRs” has contributed to an erroneous conflation with “PNRs for flights operated by European airlines”, and an even more erroneous conflation with “PNRs stored in Europe”. PNRs are, by design, globally accessible in ways similar to that of data “in the cloud”, so this is a largely meaningless concept.  In practice, a single PNR routinely contains data collected in multiple locations. EU data protection laws apply to all PNRs that include data collected in the EU, even PNRs for flights within the USA if the reservations are made, or some of the data is entered, by travel agencies or tour operators in the EU or by European ticket offices of USA-based airlines.  Those laws apply equally to Amadeus and its USA-based competitors Sabre and Travelport, each of which has thousands of airline, travel agency, and tour operator subscribers in the EU.

As we pointed out in our testimony at the European Parliament in April, Amadeus’ location of its main servers in Erding, Germany (Europe’s largest private data center)  doesn’t mean that it complies with EU data protection law or shields its PNRs from US or other authorities (or other threats) outside the EU. In fact, Amadeus offices as well as Amadeus subscribers (including airlines, travel agencies, and tour operators) in the USA and around the world have full access to Amadeus reservation data including data collected in Europe.

There are no access logs in PNRs, so neither Amadeus nor its subscribers actually know who has retrieved PNRs, or from which countries.  But we’ve seen a growing number of examples, as we first reported more than three years ago, of DHS records of flights within the EU, operated by EU-based airlines, that could only have been obtained through “root” access by the DHS to the CRSs.

For example, portions of a PNR showing root access to the Galileo CRS by DHS/CBP were reproduced on page 5 of our initial 2007 report on our research into DHS travel records. This was a real PNR for a real person obtained from the DHS. The traveller went from the USA (SFO) to Berlin (TXL) on United Airlines. She stayed six days in Berlin. Then she went from Berlin to Prague to London on Czech Airways (IATA code “OK”). Then she stayed for another 6 days in London. Then she returned from London to SFO on United. The flights on Czech Air were entirely within the EU. They did not connect to or from flights to or from the US, or on a US airline. The PNR shows that travel agent issued a separate ticket, and a separate fare, for the Czech Air flights — they weren’t on same ticket with the United flights. But the travel agent followed standard travel agency procedures and made all the reservations for the entire journey in the same CRS, in this case Galileo (the CRS used by United). When DHS pulled the PNR, they didn’t just pull the portion on United, but pulled the entire travel agency PNR, including the flights on Czech Air. This confirms that DHS had root access to Galileo, not just access through United, since United would not have been able to see the details of the Czech Air flights and ticket.

Meanwhile, the US government is growing increasingly worried that the European Parliament might no longer capitulate to their bullying.  In a recent white paper, former CBP director Jayson Ahern, now an influence-peddler working with his former boss Michael Chertoff oas a lobbyist for various DHS contractors, pleads with European parliamentarians not to “pull back” from continuing to give DHS/CBP free access, in violation of EU law, to PNR data collected in the EU.  Ahern says that, “In 2009 … PNR data together with APIS helped identify one-third of all known and suspected terrorists ultimately denied entry to the US.”  But since none of those denials were ever reviewed by any US judge, it’s impossible to tell whether this statistic is evidence of the successful use of PNR data… or of the number of PNR-based violations of travelers fundamental human and civil rights.

[Update: While Amadeus offices and subscribers in the USA and around the world already have unlogged access to data stored on Amadeus servers in the USA, Amadeus is reportedly considering opening a data center in the USA, which would make it even more difficult to comply with EU law.]