Apr 02 2010

DHS shifting from national origin to ID-based passenger profiling

Today the DHS announced that it is partially replacing its practice of illegally profiling air travelers seeking to board flights destined to the US by national origin — the subject of our still-unanswered formal complaint — with a new scheme to illegally profile passengers individually, bsed on based on mining of commercial data in passenger name records (PNRs) obtained from airlines and other travel companies and on secret DHS dossiers about would-be passengers including their lifetime travel histories maintained in the illegal Automated Targeting System and other databases.

The consequences if you fit the secret profile would continue to include, as before, being subjected to “secondary screening” (more intrusive search and/or interrogation, with no publicly-disclosed rules governing which questions you are required to answer) or having the airline not be given “clearance” under the APIS permission system to allow you to board the flight.  (Under the APIS system already on the books, the default is “No fly” unless the airline receives an affirmative, individualized, per-passenger, per-flight “clearance to board” message from the DHS.)

The new profiles reportedly could include both individual identities and vaguer patterns of suspicion such as countries previously visited (a clear case of targeting based on activities protected by the First Amendment), association (a matching phone number in a PNR, such as from having reconfirmed flights form the name hotel as thousands of other travelers), or appearance (leaving room for continued racial and/or ethnic profiling).

The profiling and selection algorithm, the identity of the decision-makers, and the data on which they will base their determinations remain secret.  No mechanism for judicial review of these decisions, or of actions taken on the basis of them, was mentioned in the DHS press release or FAQ.

The new practice greatly increases the significance of the DHS’s decision in February of this year to exempt much of the information in PNRs, including derogatory personal information submitted by travel companies without travelers’ knowledge, from release to data subjects in response to requests under the Privacy Act. It also highlights the significance of the DHS’s routinely late, incomplete, and improper responses to requests for travel records, when they respond at all.

Some of our Privacy Act requests to the DHS for travel records are 6 months old with no response at all (a year is not unusual), while one of our appeals of an obviously incomplete and improper response has been pending for more 2 1/2 years without a decision.  Of the responses we have seen to requests for PNRs and ATS travel history records, all are obviously incomplete, and invoke inapplicable exemptions (such as invoking the broader exemptions applicable to third-part requests under FOIA in response to first-party requests under the Privacy Act, to which FOIA exemptions don’t apply).  None actually appear to have been processed under the Privacy Act, only under the more limited FOIA rules, even when the requests were explicitly made under the Privacy Act.

So far as we know, nobody has actually received the “accounting of disclosures” (access log) that the DHS is required to provide on request.  And none of the major computerized reservation systems (CRSs) to which airlines outsource hosting of their PNR databases maintains logs of access to PNRs, which would be necessary for CRSs or their airline and travel company subscribers to comply with “Safe Harbor”, European Union data protection law, and other international privacy norms.  Since CRSs keep no records, nobody knows who actually accesses PNRs.

There are also still unanswered questions as to the extraterritorial US claim of jurisdiction over actions related to boarding of foreign-flag aircraft at foreign airports, especially where international aviation treaties between the US and those countries require airlines to operate as “common carriers” and transport all passengers willing to pay the fare and comply with the rules in the published tariff.

Both Americans and foreigners — including members of the European Parliament who are currently debating whether to approve continued DHS access to European PNR data — should be outraged that the DHS is simultaneously increasing the weight given to commercial and other information in secret DHS dossiers about us, while hiding even more of that information from us, even if we specifically ask to see it.  We’ll be bringing this to their attention in meetings and testimony in Brussels and Strasbourg, and talks with European activists, over the next few weeks.

Mar 30 2010

Comments on passport fee increases re-opened through April 8

While cancelling its plans for a public hearing in response to the outcry against its plans to increase fees to travelers to pay for the RFID chips in passports, the State Department has re-opened the public comment period on the proposal through next Thursday, April 8th.

An uninformative supplemental notice (PDF) was published in the Federal Register on  March 24, 2010, with a new docket number (DOS-2010-0037) so that people searching or monitoring the original docket wouldn’t know that comments have been re-opened.

You can submit comments by e-mail to fees@state.gov with “RIN 1400-AC57 and 1400-AC58” in the subject line until 5 p.m. Washington time on Thursday, April 8, 2010.  You can use our comments (also available in OpenOffice .odt and MS-Office .doc formats) as a model if you need ideas for what to say.

The supplemental notice claims that comments can also be submitted through the Regulations.gov Web site, but because the notice wasn’t linked to the original docket and was mis-categorized as “non-rulemaking”, that isn’t currently possible.

[Update: Not surprisingly, in light of the problems with the online docket, few additional comments were submitted. The most significant are from United Airlines and the U.S. Travel Association, calling for the State Dept. to suspend the rulemaking until it discloses the cost basis for the proposed fee increases, holds a public meeting to explain them, and provided a new notice and comment period.]

Mar 27 2010

Second TSA nominee withdraws

Robert A. Harding, President Obama’s second nominee to head the TSA, has become the second such nominee to withdraw himself from consideration in response to questions about the ethics of his previous activities.

Earlier, Erroll Southers withdrew himself as nominee for TSA Administrator after it became public that he had abused his connections and access to police databases to try to dig up dirt on his ex-wife’s new lover.

After he retired from the U.S. Army as a Major General, Harding founded a company that provided services under contract to the his former buddies in the military, DHS, and TSA, in the typical revolving-door fashion of the military-industrial complex.

There are conflicting reports in separate articles in the Washington Post today about Harding’s withdrawal.

One story suggests that it was related to his successful claim to qualify for preferential treatment in applying for military and government contracts as a “”service disabled veteran” on account of sleep apnea, a serious ailment but one not considered likely to be related to a military desk job.

A second story points to questions about possible over-billing for services rendered by Harding’s company in providing “interrogators assigned to Iraqi prisons”.

Without knowing anything about whether any of these allegations are true, we’re glad that the TSA won’t be handed over to a “leader” whose model for Israeli-style “engagement” and questioning of citizens is the sort of interrogation practiced in Iraqi prisons, even down to compelling citizens, when questioned by airline staff or travel agents or while under detention at airports like SFO where “screening” has been outsourced, to answer questions from private contractors rather than actual law enforcement officers.

Mar 27 2010

Heathrow body scanner operator: “‘I love those gigantic tits”

Even as the TSA continues to claim that virtual strip-search machines (body scanners, “whole body imaging”, or in the latest TSA euphemism “advanced imaging technology”)  at airport and other checkpoints don’t reveal excessively intimate physical detail of subjects’ bodies, and that the images can’t be captured, and less than two months after similar scanners were introduced in the UK, a screener at Heathrow Airport in London was spotted taking a photo of a scanner image and overheard talking about the detail it revealed of the woman’s breasts.

I’m sure you’ll all be reassured to hear that the screener has been “warned” by the police and might be (but hasn’t yet been) fired.

Ironically, the screener was caught only because his victim was a fellow airport worker.  An ordinary traveler probably wouldn’t have been in position to see or overhear what had happened, or have realized what it meant.

The TSA says that the capability to store and transmit images, which the TSA has required to be built into the scanners, is “disabled” on the scanners when they are in use.  But the TSA has declined to comment on whether these TSA-required features are disabled in hardware or software, what would be needed to re-enable them, who is authorized to re-enable them, or how those authorizations are carried out or controlled.

Mar 23 2010

Rules of engagement for the TSA

The U.S. Senate Committee on Commerce, Science, and Transportation held a desultory hearing this morning on the nomination of retired U.S. Army Major General Robert A. Harding to be Administrator of the Transportation Security Administration and an Assistant Secretary of the U.S. Department of Homeland Security.

Despite the nominee’s exclusively military background and total lack of experience with the rights of civilian U.S. citizens, domestic civil liberties, or law enforcement, neither any of our questions nor any others about the limits of TSA authority were asked.  Despite some questions about how quickly General Harding has gone back and forth through the military-industrial-government revolving door since his retirement, founding and selling a military “intelligence” consulting contractor and then serving as advisor to a venture capital firm investing in similar companies, Committee members from both sides of the aisle generally praised the nominee’s background.

General Harding, in turn, praised Secure Flight and Israeli-style vetting of would-be travelers, which typically involves both intrusive searches and compulsory responses to open-ended questioning:

We should move even more to an Israeli model where there’s more engagement with passengers.

Harding didn’t define ‘engagement’, although he used the term repeatedly.  In context, though, it was clear that it would include approaching and questioning travelers.

The problem with that, of course, is that that there are no rules of engagement for TSA agents at checkpoints.  No statute or regulation spells out what the TSA is allowed to demand, or what questions a would-be traveler can be required to answer as a condition of the exercise of their right to travel.  Without that, the greater “engagement” that Harding wants is an unconstitutionally open-ended all-purpose general administrative warrant for search and interrogation of people who are neither suspected nor accused of any crime, have received no Miranda warnings, and are not free to leave once they enter the TSA checkpoint.  Once can see why a soldier might like that, but that’s not the way civilians are supposed to be dealt with by civilian law enforcement agencies in the USA.

And near the end of his testimony, Harding gave a clue as to the importance being placed by the DHS on international lobbying:

International [air] carriers will meet in Canada in September.  If I’m confirmed, the Secretary [of Homeland secuirty] would send me to that.

It’s not clear whether he was referring to IATA or ICAO — both have their secretariats in Montreal and Geneva — but the rest of the world shouldn’t be talked into imposing a US-style permission-based travel control regime just because some old soldiers from the U.S. Army like Harding think that’s the way to run the civilian travel world.

Mar 23 2010

State Dept. backs away from public hearing on passport fees

As we noted earlier this month, the State Department told United Airlines that they planned to hold “a public meeting sometime in April or May of 2010” to explain the cost basis of their proposal to increase fees for passports, visas, and other international travel permissions and credentials.

We contacted the State Department as soon as we read this in United’s comments, to try to find out when and where the meeting would be.  At first, a State Department spokesperson said they had “no knowledge of any meeting being organized”.  After we pointed out the statement in United’s comments, they backpedaled, and told us they were “working out the details on whether there will be a public meeting”.  Then this week they  admitted that there had been a plan for a public meeting, but there no longer is. Instead, they now say the State Deaprtment will publish a new notice in the Federal Register next week (probably in this docket folder), with more background on the  “Cost of Service Study”, and re-open public comments for an additional 15 days.

We take it as a sign that the State Department has gotten the message:  So many people oppose this scheme to charge us more for an improper prerequisite to the exercise of our right to travel that the agency responsible for the proposal realizes that any public hearing would provide a forum for the opposition.

The good news is that if you missed the original comment period, you’ll get a second chance.   Comments are currently closed, but get them ready to send as soon as the window re-opens next week.  You can use our comments (also available in OpenOffice .odt and MS-Office .doc formats) as a model if you need ideas for what to say.

[Update: An uninformative supplemental notice (PDF) was published in the Federal Register on  March 24, 2010, with a new docket number (DOS-2010-0037) so that people searching the original docket wouldn’t know that comments have been re-opened.  You can submit comments by e-mail to fees@state.gov with “RIN 1400-AC57 and 1400-AC58” in the subject line until 5 p.m. Washington time on Thursday, April 8, 2010.  The supplemental notice claims that comments can be submitted through the Regulations.gov Web site, but because the notice wasn’t linked to the original docket and was mis-categorized as “non-rulemaking”, that isn’t currently possible.  In the most important of the follow-up comments, which wasn’t posted to the online docket until a month after it was filed, United Airlines and the U.S. Travel Association jointly argue that the State Department still hasn’t provided sufficient information to allow the public to judge whether the fee increases are justified.]

Mar 19 2010

Obama endorses DNA database, considers biometric national ID

Yesterday President Obama met again with Senators Chuck Schumer (D-NY) and Lindsey Graham (R-SC), the sponsors of the “immigration reform” bill we reported on yesterday, which has as its first “pillar” a mandatory biometric national worker ID card.  In conjunction with his meeting with the Senate sponsors of this scheme, President Obama issued a statement which didn’t mention the national ID card specifically, but praised the overall proposal as “a promising, bipartisan framework which can and should be the basis for moving forward.”

Meanwhile, President Obama has strongly and explicitly endorsed mandatory DNA sampling of everyone arrested (not convicted, arrested — people who are presumed to be innocent) and retention of DNA records in a national database. “It’s the right thing to do… This is where the national registry becomes so important,” the President said [transcript] in an on-camera interview.  We hope he reconsiders, and that his views on a national DNA database aren’t an indication of his leanings on a national biometric ID card.

Whichever way they are leaning now, the President and the Senate need to hear from the public, right away, what you think of these ideas — and that you won’t go along with unconstitutional restrictions on your rights.

Mar 18 2010

New excuses for state and Federal ID laws and databases

Heads up, Arizona readers: Your state legislature is on the verge of enacting a REAL-ID type national ID requirement in the guise of “immigration reform”.  And a heads up to readers elsewhere: Congress is also considering an ID mandate as part of an  “immigration reform” bill.

For a while after 9/11, the excuse offered by proponents of a national ID card was that it would somehow prevent terrorism.  We all know that there’s never any terrorism in police states, right?  With that excuse wearing thin, the old bugaboo of illegal immigration is emerging (or reemerging) as the rationale for a national ID requirement and database.

In Arizona, SB1070/HB2632 is under consideration on the floor of the state House of representatives today, and could be voted on at any time.  The Campaign for Liberty has a detailed analysis of the provisions of this bill. We don’t know why the state of Arizona needs any legislation on “ENFORCEMENT OF IMMIGRATION LAWS”, since those are Federal laws normally enforced by the Feds, not by state authorities.  But in the guise of an amendment to those “immigration” provisions of Arizona law, the bill would require not merely state law enforcement officers but all state and local agencies to make “a reasonable attempt … to determine the immigration status of the person” in a wide range of circumstance. As part of that attempt to determine the person’s status, “The person’s immigration status shall be verified with the federal government pursuant to 8 United States code section 1373(c).”  And checks of ID against Federal immigration databases would be allowed as a condition of virtually any state or local public services.

In Congress, “Lawmakers working to craft a new comprehensive immigration bill are proposing a new national biometric ID card that would be required of all U.S. workers… Under the potentially controversial plan still taking shape in the Senate, all legal U.S. workers, including citizens and immigrants, would be issued an ID card with embedded information, such as fingerprints, to tie the card to the worker”, according  to a report in the Wall Street Journal quoting Senators Chuck Schumer (D-NY) and Lindsey Graham (R-SC).

As one commentator put it, “Every worker would have to ask permission from the federal government to get a job. American workers shouldn’t have to beg or plead to anybody to get permission to work.”  Nor should they have to have their fingerprints in a national database that, to work as designed, would have to be open to verification queries form every potential employer in the country.  (Never mind what would happen to remote workers or contractors who’ve never met their employers in the flesh for them to be able to verify their fingerprints.)

But the key problem with any of these schemes isn’t the excuse that is offered to justify their creation, but the potential they create for abuse and the inevitability that they will be used in ways that the public never imagined when they allowed them to be created — such as, for example, the historic “mission creep” of Social Security numbers.

A national ID card or database or identification requirement is wrong, regardless of whether it is created through state or local law, and regardless of the “excuse du jour” proffered as its rationale.

Mar 17 2010

Long reach of “Secure Flight” angers Canadians

On September 11, 2001, Canada followed the US in closing its airspace and grounding all aircraft, stranding tens of thousands of passengers on flights to and from the US (mostly on inbound flights from Europe and Asia) at airports like Gander and St. John’s, Newfoundland.  The Canadian welcome and hospitality for these travelers became the stuff of legend.  But ever since, Canada has struggled to retain sovereignty over its airspace in the face of US “security” demands.

Canadian privacy law was amended, under US pressure, to allow “sharing” with the US government of information contained in reservations for flights between Canada and the US.  But most Canadians assumed that the role of the US in determining who is permitted to fly is limited to flights to and from the US.

This month a four-part series by Kevin Dougherty in the Montreal Gazette, syndicated across Canada in the Canwest newspaper chain, has broken open that Canadian complacency about the long reach of US claims to passenger information and “fly/no-fly” decision-making authority:

The series raises serious questions as to the legal basis for denying boarding to passengers on Canadian-flag aircraft not landing in the US on the basis of secret blacklists or decisions by the black-box Secure Flight system in the US.

Since publication of the Canwest series about “Secure Flight”, letters to the editor, op-ed colums, and editorials across Canada have denounced the application of the Secure Flight scheme to Canadian airlines and travelers.  Many have pointed out the hypocrisy: As was made evident when all those flights were grounded on September 11th, almost all trans-Atlantic and many trans-Pacific flights to and from the US pass over Canada, but Canada demands no information about who is on those planes and asserts no authority to control who is allowed to be.

On top of all this, there’s another shoe still to fall:  Canadians remain unaware that the vast majority of travel agencies, and tour operators in Canada subscribe to computerized reservation systems (CRSs) based in the US.  That means all their passenger name records (PNRs) and customer profiles are stored in the USA, even for flight that go nowhere near the US.  These travel agencies, tour operators, and other travel companies don’t tell their customers that they have outsourced their travel records to the USA, where the government could get them secretly from the CRS with a “National Security Letter”.

That’s a flagrant violation of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). Canadians should complain to their Privacy Commissioner and demand that she take action against companies — of which travel agencies are leading examples — that outsource their customer data to the US without their customers’ knowledge or consent, and without any way to know what’s done with that data once it is in the hands of CRSs in the US.

Mar 12 2010

Airlines, travel agencies, Congress join public outcry against passport fees

We don’t think it’s fair or legal for the government to charge you a fee to exercise your rights under the First Amendment and international human rights treaties to enter or leave the USA.  Those rights are all but absolute, and rules that restrict or burden them, such as by imposing fees, are subject to strict scrutiny.

Judging from the response to the government’s latest proposal to increase passport fees (in order to cover the increased costs of including a uniquely-numbered remotely-readable RFID chip in each passport), we aren’t alone in our views.

More than a thousand people filed comments with the Department of State by yesterday’s deadline to oppose the proposed passport fee increases.  In addition to the comments filed by individual citizens and travelers and by the Identity Project, Consumer Travel Alliance, and Center for Financial Privacy and Human Rights, comments objecting to the proposed fee increases were filed by United Airlines, the American Society of Travel Agents, and the Interactive Travel Services Association.  United Airlines told the State Department, as we did, that the proposed rules would violate the Administrative Procedure Act, and demanded that the Department reveal the cost analysis that they claim supports the fee increases and extend the comment period for responses to it before finalizing any fee increase. ASTA (which represents brick-and-mortar travel agencies) and ITSA (which represents online travel agencies), have generally been at each other’s throats; we’re not sure we’ve ever seen them file joint comments in a Federal rulemaking.  The overall picture painted by the industry comments is of the extent to which the proposed fee increases would, in fact, impose a meaningful burden on international travel.

Members of Congress, particularly from border districts, have also objected, with Rep. Chris Lee of New York writing to Secretary of State Clinton that the fee increase would “further burden American travelers,” and fellow Rep. Brian Higgins, also from upstate New York (along the busiest sector of the Canadian border), issuing a statement that, “Creating financial barriers to the international traffic flow will cost our national economy and this community greatly in the long run.”

According to its filing, “Given its questions, and the importance of access to fairly priced travel documents to support international travel, United has sought a copy of or further details on the CoSS [Cost of Service Study] on March 9, 2010. United was advised that the CoSS is not a study or a report, but rather a model which the Department plans to demonstrate during a public meeting sometime in April or May of 2010.”

We’ll keep you posted of any announcement we hear of an extension of the comment period or a public hearing on the proposal to raise passport fees to pay for RFID chips in passports.