Hacker and researcher Chris Paget has demonstrated the ability to read the globally unique serial numbers on RFID chips in passport cards and electronic drivers licenses in the purses and pockets of pedestians on the street from a passing car, at least 30 feet (9 m) away, and to make cloned copies that broadcast the same ID numbers, using a laptop computer and commercial surplus hardware bought on eBay for $250.
(Comments of the Identity Project at a workshop on “What’s on the agenda in the USA and Canada?” at the annual conference on Computers, Privacy, and Data Protection, Brussels, 16-17 January 2009)
Two major issues have emerged in the last year in relation to personal data about travel: (1) The overall goal of the government of the USA in its various policy initiatives on “travel security” has become increasingly clear. The USA is seeking to establish a global norm that:
Showing that they haven’t lost their ability to waste their stockholders’ and the taxpayers money by violating travelers’ rights, JetBlue Airlines and two TSA officials have paid $240,000 to a JetBlue passenger who they forced to cover up the message on his t-shirt as a condition of allowing him to fly home from New York to California.
Raed Jarrar, an Iraqi-American who works for the Nobel Peace prize-winning American Friends Service Committee, was prevented by both JetBlue and the TSA from boarding the plane until he covered up his shirt, which said “We will not be silent” in both English and Arabic.
JetBlue previously had to apologize to its customers for turning over its entire historical PNR database of records about everyone who had ever taken a JetBlue flight to a military contractor working on a profiling scheme linked to the Total Information Awareness program, prompting lawsuits by several groups of passengers.
Perhaps now that the TSA has settled with Mr. Jarrar, we can once again safely wear the “Suspected Terrorist” buttons that got John Gilmore and his traveling companion kicked off a British Airways flight in San Francisco.
Just in time for the launch tomorrow night (Tuesday, Jan. 6th) of the the new DHS “reality” television show, Michael Yon has a timely post about an aspect of DHS reality that the “embedded” television production crews probably won’t show us: Border Bullies: The Department of Homeland Security in Action. Read the whole story. The devil is in the details of how Michael’s friend was treated on arrivial in the USA (en route to spend money as a tourist at Disneyworld), but here are a few snippets:
While the U.S. Immigration officer named Knapp rifled through all her belongings, Aew sat quietly. She was afraid of this man, who eventually pushed a keyboard to Aew and coerced her into giving up the password to her e-mail address. Officer Knapp read through Aew’s e-mails that were addressed to me, and mine to her. Aew would tell me later that she sat quietly, but “Inside I was crying.” She had been so excited to finally visit America. America, the only country ever to coerce her at the border. This is against everything I know about winning and losing the subtle wars. This is against everything I love about the United States. We are not supposed to behave like this. Aew would tell me later that she thought she would be arrested if she did not give the password….
Knowing that Homeland Security officers are creating animosity and anxiety at our borders does not make me feel safer. How many truly bad guys slip by while U.S. officers stand in small rooms and pick on little women?…
I had intended to show Aew a bit of my country. But it’s taking a little while for her to get over her discomfort at being in America. She was treated better in China. So was I.
Giving new meaning to the epithet, “security theater”, the hit Australian reality-television show Border Security has been franchised to the USA in the form of Homeland Security USA.
The weekly hour-long “reality” program is scheduled to begin Tuesday night, January 6th, 2009, on ABC. Having seen the Australian predecessor, we can hardly wait to see how the DHS, with its growing focus on spin control and image management, wants to be seen.
The show boasts of the “full cooperation” of all DHS departments, without which it couldn’t be produced — and, therefore, who it can’t afford to offend if it wants to continue.
On Friday, December 19th, the Privacy Office of the U.S. Department of Homeland Security released A Report Concerning Passenger Name Record Information Derived From Flights Between The U.S. and the European Union.
This is a very important report for both US and European travelers, but not for the reasons the DHS claims:
The authors of the report conclude that DHS handling of Passenger Name Record (PNR) data is in compliance with both US law (particularly the Privacy Act) and the DHS-EU agreement on USA access to, and use of, PNR data related to flights between the EU and the USA.
In fact, the report contains multiple admissions that support exactly the opposite conclusion: The DHS has complied with neither the agreement with the EU, nor US law (especially, but not only, the Privacy Act), in its use of PNR data concerning US citizens as well as Europeans and other foreigners.
The DHS has legal obligations to US citizens and residents under the Privacy Act, and commitments to travelers from the EU under the PNR agreeement, to allow individuals timely access to PNR data about them held by the DHS. According to the report:
DHS policy allows persons (including foreign nationals) to access and seek redress under the Privacy Act to raw PNR data maintained in ATS-P.
Despite this, the DHS Privacy Office has now reported that:
To understand the full meaning and significance of the report, let’s quickly review the history of US government use of PNR data:
Continuing its “lame-duck” promulgation of rulings that will tie the hands of the new Presidential administration — or at least delay any efforts to reform DHS rules by requiring a new rulemaking process, or legislation, before they can be withdrawn — the DHS has published two new rules that will extend requirements for individualized pre-departure DHS permisison to international visitors seeking to enter the USA under the Visa Waiver Program (VWP) and to passengers and crew on international general aviation, private, non-scheduled, and non-airline flights to and from the USA:
Over the weekend Stewart Baker of the DHS posted an entry in the DHS “Leadership Journal” blog entitled U.S. and EU Agree on Data Protection Principles. Readers unfamiliar with the “back story” might conclude from this — as Baker and the DHS no doubt hope they will — that some sort of formal negotiations have been concluded, and that the USA and the European Union have actually worked out their differences on privacy and data protection.
Not so at all. Many details remain unclear, as has been typical of DHS international diplomacy. All the meetings of the previous so-called “EU US High Level Contact Group on information sharing and privacy and personal data protection” occurred in secret. But the joint statement by a new group of selected officials from US and EU executive agencies, released as an attachment to Baker’s blog post, indicates essentially the same impasse remains as existed when the “High Level Contact Group” made its final report in May 2008:
The Obama Administration promises change, and invites suggestions for their agenda.
Since they’ve asked, here are the first things we think the new administration should do to restore our right to travel, and to address the issues of ID requirements and identity-based government surveillance and control of travel and movement.
Some of these can be accomplished with the stroke of a pen on Inauguration Day in January, through Presidential proclamations and directives to Executive staff and agencies. Others can be ordered by the President, but will require a slightly longer process to comply with administrative notice and comment requirements for changes to (and, in many cases, withdrawal of) Federal regulations. Others will require legislation, which we urge the Presidential transition team and members of Congress to begin drafting so they can take action early in the new Congressional session. If asked, we would be available to advise and participate in this process. Finally, Senators should question nominees for Executive appointments —especially those nominated to be the new Secretary of Homeland Security and the Administrator of the TSA – about how they will address specific, important issues from the day they take office. These questions are detailed below (and also available here in PDF format).
Executive Orders:
Now that the TSA has released their final rule for the Secure Flight program, which would extend DHS control and surveillance of airline passengers to domestic flights, what happens next (after the final rule is published in the Federal Register, which normally happens within a week or so)?
Under the laws appropriating the funds for TSA and DHS operations, the next step should be review by the Government Accountability Office (GAO). Section 522 of the Homeland Security Appropriations Act 2005 provides:
None of the funds provided by this or previous appropriations Acts may be obligated for deployment or implementation, on other than a test basis, of the Computer Assisted Passenger Prescreening System (CAPPS II) or Secure Flight or other follow on/successor programs, that the Transportation Security Administration (TSA), or any other Department of Homeland Security component, plans to utilize to screen aviation passengers, until the Government Accountability Office has reported to the Committees on Appropriations of the Senate and the House of Representatives that: [10 specified criteria have been met]. Read More