Papers, Please!

The Identity Project

Category Archives: Cars, Buses, & Trains

Apr 01 2024

Tracking vehicles across state lines

As the number of women traveling across state lines to obtain abortions continues to grow (analysis of trends, statistics and map), recent reports have confirmed the reality of some of the ways we feared that motorists traveling for these or other purposes can be identified and tracked.

The ACLU of Northern California and Bob Egelko of the San Francisco Chronicle have reported that, despite a directive from the California Attorney General forbidding California state and local government agencies from sharing automated license plate recognition (ALPR) data with out-of-state entities, police in some California cities are continuing to share this location data with out-of-state police and/or interstate data brokers.

The order from the Attorney General was specifically intended to prevent other states from using ALPR data from California to identity or take action against abortion travelers.

Even if California police bring their practices into compliance with state law and the state Attorney General’s directive, that won’t stop police in other states from buying ALPR data collected by private entities in California — the owner or operator of a parking garage across from an abortion clinic, for example — and aggregated and resold by commercial data brokerages.

Meanwhile, in the New York Times, Kashmir Hill reveals that automobile manufacturers have been selling motor vehicle telemetry information, collected by onboard sensors and control systems and transmitted by cellular data transceivers embedded in euphemistically-named “infotainment” systems, to data brokers including Lexis-Nexis.

While the focus of Hill’s article is on the use of this data by auto insurance companies, law enforcement agencies including the TSA are customers of Lexis-Nexis.

Hill says the data sold in bulk by vehicle manufacturers and disclosed to vehicle owners by Lexis-Nexis in response to requests pursuant to the Fair Credit Reporting Act didn’t explicitly include vehicle location data.  But that doesn’t mean that location data isn’t available to vehicle manufacturers or police.

Most vehicles with embedded cellular data transceivers also have embedded GPS receivers. Enabling those systems to send GPS location pings to the manufacturer, if that isn’t being done already, would require only a remote software “upgrade”. As long as the manufacturer has the ability to push out software turning on location reporting, the manufactuerer could be compelled to do so by a court order such as has been used to force other companies to spy on and report travelers’ movements.

The only way to prevent this is not to build this capability into vehicles. But most vehicle purchasers or drivers don’t know that their car has a built-in self-surveillance system with its own wireless data transmitter that “phones home” to the manufacturer, much less what data it transmits or could be silently and remotely enabled to transmit.

That’s not the only threat model inherent in having an embedded SIM  and wireless data connectivity built into your vehicle. Because the telemetry system connects to the Internet over the wireless cellular data network, the network operator knows which cell tower the unique SIM in the vehicle is registered with whenever the telemetry system is active, which is generally whenever the vehicle is in operation — and could be switched to be always on.

Law enforcement agencies already use fishing-expedition “geofence” warrants to identify all cellphones in the vicinity of times and places of interest. As the percentage of new vehicles with embedded SIMs and always-on cellular modems continues to increase, they are likely to use similar warrants directed to wireless network operators to identify all the “connected cards”  that were registered on those networks in specific locations and times.

We’d welcome reports from anyone who has obtained a complete report of the data collected by either (a) the manufacturer of their vehicle or (b) the  operator of the mobile network uses by the vehicle telemetry system. (It may be easier for vehicle owners in Canada than in the USA to obtain this data through access requests under the Canadian PIPEDA law, which has no US counterpart.) We’d also welcome reports from anyone who has tried to opt your vehicle out of manufacturer telemetry or have the telemetry system removed, disabled, or placed under driver control.

Mar 25 2024

City ID and the right to travel

In recent overviews, we’ve discussed the barriers to getting a passport or state-issued driver’s license or ID card (especially in states that have chosen to participate in the national REAL-ID system and database) and the difficulties faced by travelers without ID.

Some cities, notably including New York and San Francisco, have attempted to mitigate the discrimination against their residents who are unable to get Federal or state ID by issuing municipal ID cards.

How useful are these city IDs for travelers without other ID? Do they solve the problem of demands by common carriers for ID to travel by bus, train, or plane?

The short answer is that these city ID cards succeed in mitigating the damage that results from demands for ID to travel, but they aren’t a real solution to the problem.

Here’s what happens if you want to travel with a city ID: Read More

Mar 18 2024

Buses, trains, and US domestic travel without ID

In our previous article, we looked at the state of ID requirements and the the right to international travel for U.S. citizens.

What about domestic travel within the USA without ID?

Flying? Domestic US airline passengers are subject to demands for ID by airlines and the TSA. These demands are of dubious validity, and have arbitrary secret exceptions. Many people fly without ID every day. But not everyone is able or willing to challenge these authoritative-seeming demands for ID to fly.

Driving? States that choose to participate in the national REAL-ID system are making it harder and harder to get driver’s licenses or state IDs. It’s easier for a US citizen to get a passport or passport card than to get a driver’s license in some states. But you can’t legally drive in the US without a driver’s license issued by a state, US territory, or foreign government.

Unless you walk, ride a horse or bicycle, or get a ride in a car driven by someone else, that leaves buses and trains as the primary modes of long-distance travel for people in the U.S. without ID.

Can you take a long-distance bus or train in the US without ID? And if not, what could or should be done to guarantee that right? Read More

Sep 04 2023

Transit payment systems and traveler tracking

Last week 404 Media published a report by Joseph Cox on how the New York Metropolitan Transit Agency’s website can be used as a remote stalking tool: anyone who knows a credit card number that was used to purchase or add value to an OMNY transit farecard could view a historical log of the last seven days of trips taken using the card, including the dates, times, and locations where the card was read at subway entrances or boarding buses.

Less than 24 hours after this report was published, this “feature” was removed from the MTA website.

But that doesn’t solve the problem.

The main problem with the MTA payment system — and similar systems in other cities — isn’t that anyone could access your trip history by typing in your credit card number (which every waiter you ever bought a meal from with that credit card has access to,  and every domestic violence abuser in your household also knows).

The real problem is that the MTA transit system is building a permanent database of all your trips, period. The MTA is still logging transit passengers’ movements, and those logs are still available to the MTA itself, police, anyone the MTA chooses to share them with, or anyone who hacks into the TSA’s records.

If the MTA didn’t collect this data in the first place, there would be no way for anyone to abuse it.

Read More

Feb 04 2023

A blacklist is not a basis for search or seizure

A lawsuit filed last week in Federal court in Oklahoma City by the Council on American-Islamic Relations on behalf of Oklahoma native Saadiq Long challenges unconstitutional searches and seizures (sometimes at gunpoint) and interference with freedom of movement on city streets and highways on the unlawful basis of a combination of warrantless dragnet surveillance and arbitrary extrajudicial blacklists.

According to Mr. Long’s application for a temporary restraining order and preliminary injunction to protect his rights and his life while the case proceeds:

In the span of only two months, Saadiq Long has been repeatedly pulled over, arrested twice, held at gunpoint, and had his car searched by Oklahoma City Police Department officers. It is not because Saadiq is a criminal or suspected of being one. Mr. Long is an American citizen and Air Force veteran who has never been indicted, tried, or convicted of any kind of violent crime.

There is a different reason behind these obvious Fourth Amendment violations. That reason involves the intersection of two different dystopian webs: the vast network of cameras and computers maintained by the Oklahoma City Police Department and a secret, racist list of Muslims that the FBI makes available to Chief Wade Gourley and his officers.

That secret FBI list—variously called the federal terror watchlist, the Terrorism Screening Database (TSDB), and most recently the Terrorist Screening Dataset (TSDS)—is a list of more than a million names, almost all of them Muslim and Arab. The FBI adds whatever names it likes, without meaningful review and in accordance with secret processes and standards, for a stunning array of flimsy reasons. Government suspicion of ongoing criminal activity is not a prerequisite to being listed.

The FBI distributes its list, via the National Crime Information Center (NCIC) Database, to the Oklahoma City Police Department. That is all that the FBI distributes: a list of names. The FBI keeps its reasons and evidence about the placement to itself. Because of this, the Department knows that the FBI put Saadiq Long on a watchlist but the Department has no idea why.

Mr. Long’s mistreatment by the US government — the government of the country where he was born and of which he was and still is a citizen — began when, while serving in the US Air Force from 1987-1998 and living in Turkey, he converted to Islam and applied for discharge from the Air Force as a conscientious objector on the basis of his new beliefs.

The Air Force denied his application for conscientious objector status, gave him an “other than honorable” discharge — and, unbeknownst to Mr. Long at the time, had him put on the US government’s No-Fly List as a “known or suspected terrorist”.

After leaving the Air Force, Mr. Long moved with his family first to Egypt and later to Qatar, where he found work as a teacher of English. He discovered that he was blacklisted by the US government almost a decade later when he tried to come back to the US to visit his terminally ill mother in Oklahoma City.

Read More

Sep 22 2022

Freedom to travel to get an abortion

[Arrows indicate populations of states where abortion is, or is likely to become, illegal, and directions and distances to the nearest states where abortion is legal. Note that some of the routes shown are more likely to be followed than others, since abortion is more or less heavily restricted in some states where it is shown on this map as legal. Diagram by Bloomberg News based on data from the Guttmacher Institute.]

Increasing variations between state laws related to abortion are prompting an increase in the already large numbers of women who travel across state lines to obtain abortions.

For women in many states, bans on abortion are making the right to interstate travel an essential prerequisite to the right to obtain an abortion.

Both anti-abortion vigilantes and state laws criminalizing actions related to abortion, including facilitating abortion-related travel, are prompting women seeking abortions as well as those who support abortion rights to think about how to protect abortion travelers and their supporters against identification, surveillance, stalking, harassment, or legal sanctions.

In this context, the right to anonymous travel has acquired new importance and urgency. If you’ve wondered, “Why would anyone want to travel anonymously?” now you know one of the reasons.  But what’s needed is “right to travel” legislation, not just “privacy” legislation. Current Federal “privacy” bills would do little to protect abortion travelers.

What are the patterns of abortion-related travel? How could state authorities or private vigilantes identify or track the travels of these women — whether they drive or take buses, trains, planes, or automobiles? What, if anything, can women traveling across state lines to obtain abortions do to protect themselves against being identified, tracked, and potentially prosecuted or subjected to retaliation, harassment, or other sanctions?  What could the Federal government do to protect these women’s right to travel, and to do so privately and safely?

As discussed in detail below, the possibilities for technical self-defense against threats to the right to travel are limited. Congress needs to act to include protection for the right to travel — regardless of the purpose for which you  travel — in any abortion rights legislation.

Read More

Apr 08 2022

Amtrak gave train reservations to the TSA for a profiling test

[“Secure Flight” process flow used by the TSA for airline passengers and being tested on Amtrak passengers. The red box at right center is the “black box” for algorithmic profiling, blacklist/blocklist enforcement, and fly/no-fly decision making.]

Amtrak has reportedly given the Transportation Security Administration several months of  archives of Amtrak passenger reservations and frequent rider profiles. At Amtrak’s request, the TSA has used these records to test the TSA’s ability to extend to Amtrak passengers the ID-based profiling and blacklisting algorithms the TSA already applies to air travelers.

If you aren’t allowed to travel by air, the right to travel by train is critical. And while all common carriers have an obligation to transport all would-be passengers, Amtrak as a government agency should be most strictly held to that obligation.

The plans to run a batch of historical Amtrak reservations through the TSA’s “threat assessment” black box were disclosed in a Privacy Impact Assessment (PIA) quietly posted on the Department of Homeland Security website last December, and first noted in a news report by Mark Albert of Hearst Television earlier this week.

The PIA posted by the TSA in December 2021 said that Amtrak would give notice of the batch transfer of reservation archives to the TSA through an update to Amtrak’s privacy policy. That policy was last updated in November 2021, and doesn’t mention data sharing with the TSA. But a follow-up report today by Hearst Television quotes the TSA as saying that, “The collection of data and analysis has already occurred,” without the promised notice in Amtrak’s privacy policy.

What will this TSA’s test of Amtrak passenger profiling reveal? Of course some of the people who aren’t allowed to travel by air travel by train or bus instead. Amtrak and Greyhound are the long-distance carriers of last resort for undocumented and blacklisted travelers. So it’s to be expected that the TSA will find a disproportionate percentage of the people it has blacklisted from air travel on Amtrak passenger manifests.

Even more people will be forced to take Amtrak or Greyhound instead of flying if the TSA — as it has threatened — starts preventing people from flying if they don’t have, or don’t show, any ID, or ID the TSA deems to be compliant ID with the REAL-ID Act.

Does this mean that would-be terrorists are riding Amtrak trains? No. It means only that people blacklisted from air travel are riding trains. So far as we know, there have been no terrorist attacks on Amtrak trains. The false positives generated by the TSA’s “threat assessment” algorithms and precogs are evidence of what’s wrong with predictive profiling and why the right to travel by common carrier is so important.

The TSA and DHS have long wanted to extend their prior restraint of travel from airline passengers to all modes of travel including  trains and buses, but have lacked any legal basis to do so. Amtrak’s sharing of reservation  data with the DHS, even for passengers on international trains, has been represented as a “voluntary” action by Amtrak.

In the absence of any notice from Amtrak, it’s unclear what Amtrak claims as the legal basis for the recent “test” of TSA profiling of passengers on domestic Amtrak trains. Read More

Feb 23 2020

Greyhound withdraws consent to warrantless searches

Just a week after the publication of a memo from the U.S. Border Patrol confirming that it’s up to bus companies to decide whether to allow law enforcement officers onto their buses to search and/or question passengers, Greyhound has yielded to longstanding pressure and agreed to withdraw its consent for warrantless bus boardings by police.

According to the Associated Press:

In an emailed statement, the company said it would notify the Department of Homeland Security that it does not consent to unwarranted searches on its buses or in areas of terminals that are not open to the public — such as company offices or any areas a person needs a ticket to access.

Greyhound said it would provide its drivers and bus station employees updated training regarding the new policy, and that it would place stickers on all its buses clearly stating that it does not consent to the searches.

It’s clearly established law that warrantless dragnet searches or entries to private property require consent. So Border Patrol agents or other DHS law enforcement officers who disregard the new stickers and board buses without consent risk personal liability.

Greyhound has now (finally) done the right thing. Other common carriers including bus and rail operators and airlines can and should do likewise, without further delay.

Feb 18 2020

It’s time for Greyhound to say no to police harassment of bus riders

A memo from the Border Patrol component of US Customs and Border Protection (CBP) first reported last Friday by the Associated Press confirms what critics of Greyhounds’s collaboration with the US Border Patrol and other police have been saying for years: unless they have a warrant or in exigent circumstances, CBP agents can’t board Greyhound’s buses without Greyhound’s permission.

Greyhound has defended itself by claiming that it has no legal right to keep Border Patrol agents from boarding buses and questioning passengers. But those claims — which we’re pretty sure Greyhound’s lawyers have always known to be false — have now been shown to be directly contrary to the instructions given to all Border Patrol field supervisors:

When transportation checks occur on a bus at non-checkpoint locations, the agent must demonstrate that he or she gained access to the bus with the consent of the company’s owner or one of the company’s employees.

It’s time for Greyhound to stop making excuses or blaming the government for its corporate choices. Greyhound could and should decline to consent to police boarding its buses, and explicitly prohibit its employees and agents from giving such consent.

Read More

Oct 02 2019

Do I need ID to ride a train?

We’ve been trying for years to find out what the real story is with respect to ID requirements for travel by train, especially on Amtrak.

Amtrak and Greyhound ID policies and practices are of paramount importance to the mobility of undocumented people and people who, whether or not they are eligible for or have chosen to obtain government-issued ID credentials, don’t want to show their papers to government agents as a condition of exercising their right to freedom of movement.

Amtrak and Greyhound policies and practices will become even more important if the government and/or airlines further restrict air travel by people who don’t have, or don’t show, ID credentials that comply with the REAL-ID Act.

The latest responses to our requests for Federal and state public records reveal more about passenger railroad policies and practices, but still don’t give a clear answer.

What we can say at this point, based on the records disclosed to us to date, is that:

  1. There are substantial discrepancies and contradictions between what the TSA has told Amtrak to do, what Amtrak tells its own staff about what is required, what Amtrak tells travelers about what is required and the basis for those requirements, and what Amtrak staff actually do. Those variations make it impossible to determine unambiguously what “the rules” are for Amtrak travel, or what is “required”.
  2. Some of Amtrak’s claims, including its claim that passengers are required by the TSA to have and to show ID to travel by Amtrak, are blatant lies.
  3. TSA Security Directive RAILPAX-04-02, cited by Amtrak in its employee manual as the basis for demanding that passengers show ID, requires Amtrak to “request” (not demand) that passengers show ID, but does not purport to require passengers to respond to such requests and does not prescribe any sanctions on passengers for failure, refusal, or inabiity to show ID.
  4. Amtrak has instructed its staff that “If the customer responds they are 18 or older and do not have valid identification, … the Amtrak police must be notified by the quickest available means away from the customer,” but also that, “Failure to possess the proper photo identification is not, by itself, sufficient reason to have the customer removed from the train.” Amtrak has not yet responded to our FOIA request for Amtrak Police policies and staff directives for what to do in such cases.
  5. Although Amtrak is unquestionably an instrumentality of the Federal government, and transportation by Amtrak is unquestionably a Federal government activity, the list of ID credentials deemed acceptable by Amtrak does not correspond to the list of forms of ID deemed by the DHS to be acceptable for “Federal purposes” pursuant to the REAL-ID Act of 2005.  Amtrak says it accepts several forms of ID that do not comply with the REAL-ID Act. None of Amtrak’s ID policies, procedures, or staff directives disclosed to date mention the REAL-ID Act or when or how it might be implemented by Amtrak, although records of such policies or of discussions related to them would be responsive to soem of our pending FOIA requests.

Where does this leave undocumented long-distance travelers, including those who turn to Amtrak as a government-operated common carrier of last resort?

Read More