Jun 19 2018

Coding Amtrak’s collaboration with US Customs and Border Protection

We’ve received and posted the latest installment in a continuing trickle of responses to a Freedom of Information Act request  we made in 2014 for records related to Amtrak’s collaboration with US and foreign law enforcement and “border control” agencies.

The most recent batch of records released by Amtrak consists mainly of email correspondence between Amtrak IT staff responsible for supporting ticket sales through travel agencies  (most of which occur through computerized reservation systems), programmers with Amtrak’s in-house ARROW  reservation system, and Amtrak’s technical contacts at  the four major CRSs used by travel agencies: Sabre, Apollo, Worldspan, and Amadeus.

Most of these exchanges relate to Amtrak’s decision in 2005 to start feeding information about all passengers on cross-border (USA-Canada and Canada-USA) Amtrak trains to US Customs and Border Protection, and to require all passengers on these trains to provide Amtrak with passport or travel document info to pass on to CBP.

This was not required by any US law or regulations,  but was a voluntary decision by Amtrak. Some travel agents complained about this, but we’ve still seen no indication that they were given any answer about why Amtrak was doing this or what travelers or travel agents who didn’t want to provide this information could do. Amtrak’s own programmers were falsely told that this was required by order of CBP.

The messages we have received show that requiring travel agents to enter names and details of ID documents in PNRs for Amtrak travel created in the CRSs, and getting this information to flow through in standardized form to ARROW records and transmissions to CBP, proved more difficult than had been expected.

Read More

Apr 06 2018

Transportation companies should not consent to police harassment of travelers

The ACLU is calling on Greyhound to stop giving the Border Patrol (US Customs and Border Protection) permission to board Greyhound buses and interrogate passengers.

According to a public letter sent to Greyhound by ACLU affiliates across the US:

Greyhound recently has said that the company believes it is “required” to “cooperate with [CBP] if they ask to board our buses.” We are aware of no such requirement. Rather, Greyhound has a Fourth Amendment right to deny CBP permission to board and search its buses without a judicial warrant…. [W]e urge Greyhound to change its policy and to refuse CBP permission to conduct invasive bus raids without a warrant.

Or, as a petition already signed by more than 30,000 people puts it more succinctly, “Your company has the right to say no to [the] Border Patrol — now is the time to do it.”

We wholeheartedly endorse this call on Greyhound to stop doing the wrong thing — and we extend the same call to all transportation companies including airlines and Amtrak.

Federal, state, and local police routinely collaborate to interrogate travelers on buses and trains and in bus and train stations and airports. The purpose of this questioning is typically not to obtain information, but to trick and/or intimidate travelers with a sufficient show of force  to get them to “consent” to searches of their belongings for drugs and/or cash, so that travelers’ cash and/or other valuables can be seized and forfeited to the police agencies involved. “Consensual” questioning and searches are also used as the basis for additional harassment, detention, and deportation of immigrants and other foreigners.

These sordid practices depend, we reiterate, on trickery and intimidation as well as on the willingness of the courts to countenance “consent” given under patently coercive conditions when armed police are blocking the aisle of a bus or train or the door of a compartment on a sleeping car, or surrounding a traveler in an airport waiting area.

But these practices also depend on the willingness of transportation companies to let these goons onto their buses and trains and into their stations and airports to conduct these looting expeditions for anything they can expropriate through civil forfeiture.

Greyhound buses are private property. Except in “hot pursuit” of a suspected criminal, police cannot board Greyhound buses without a ticket or permission from Greyhound.

Amtrak is a Federal government corporation, but nothing in its charter from Congress requires it to collaborate with, or consent to, warrantless searches of Amtrak property, including passenger coaches and sleeping cars, or questioning of Amtrak passengers.

(We are continuing to receive a foot-dragging trickle of responses to a FOIA request we made to Amtrak in 2014 for information about Amtrak’s sharing of information about passengers with the DHS and with foreign law enforcement agencies.)

Similarly, most airports and some bus and train stations are publicly operated, but free to refuse their consent to warrantless entry onto some or all of their premises, other than customs facilities leased to CBP, by agents of the DEA, CBP, or other law enforcement officers not involved in routine airport, train station, or bus station patrols and policing.

If you see police doing something you don’t like on a bus or train, in a bus or train station, or in an airport, say something to the company that “consented”  to this police activity.

Mar 09 2018

If you build a surveillance system, the police will come.

There’s a cautionary tale for people who travel by public transit in the latest report on collaboration with Canadian police by the Toronto regional transit agency, Metrolinx.

If you build a system that keeps personally-indentifiable logs of when and where people go, eventually the police will want to exploit those logs for their own purposes — regardless of the original purpose for which the data was collected, or the policies that, at the time the data was collected, purported to restrict how it would later be used.

Read More

Dec 19 2017

“Border control” as pretext for drug dragnet

The latest so-called “Privacy Impact Assessment ” (PIA) made public by the US Department of Homeland Security, “CBP License Plate Reader Technology“, provides unsurprising but disturbing details about how the US government’s phobias about foreigners and drugs are driving (pun intended) the convergence of border surveillance and dragnet surveillance of the movements of private vehicles within the USA.

The main reason for the publication of the CBP License Plate Reader Technology PIA is to provide the public with “notice that CBP is partnering with the Drug Enforcement Administration (DEA) to leverage each other’s .. LPR [License Plate Reader] systems.”

Since at least 2007, US Customs and Border Protection (CBP) has had a network of license plate readers continuously monitoring and recording the license plate numbers and locations of vehicles near US borders. “Near” and “border” in this context are euphemisms: Federal regulations define the “border” zone for purposes of CBP authority as including anywhere within 100 miles of any US border or seacoast,  which puts roughly two-thirds of the US population within “border” regions.

Meanwhile, the DEA has compiled an aggregated database of geotagged and timestamped license plate records purchased from commercial sources, including records of vehicle locations far from what even the DHS considers the “border zone”.

CBP and DEA are already able to query and retrieve data from each other’s LPR databases. A DEA agent can also set a “TECS alert” flag in the DHS database for a specific license plate number, the same way they  can for a specific passport number, so that they will be notified automatically whenever that plate is spotted by a DHS camera.

What’s changing is that instead of providing LPR information to each other only in response to specific targeting requests, CBP and DEA plan to “stream” all of the data from their LPR networks to each other in real time. “CBP intends to provide DEA access to CBP LPR information… through a real-time streaming service.”  Each agency will have a complete copy of the data collected by the other, so that they can merge and mine it and use it for “pre-crime” profiling.

As is the trend with all DHS surveillance systems, the goal is to convert a targeted system for investigating suspects into a dragnet system that treats everyone as a suspect subject to continuous surveillance and “continuous screening” or “continuous vetting”.

Read More

Sep 19 2017

Amtrak lied to travel agents who questioned ID requirements

The encouraging disclosure in the latest installment of documents released by Amtrak in response to one of our Freedom Of Information Act (FOIA) requests is that some travel agents resisted Amtrak demands that they collaborate in surveillance, profiling, and control of train travelers by entering passport or ID numbers and details in each reservation for cross-border Amtrak travel.

According to an email message to Amtrak from a product manager at Worldspan (one of the major computerized reservation systems), “We have one subscriber [i.e. a travel agency that uses Worldspan] that has checked the Federal Register and is quoting ‘chapter and verse’ that it is not mandated … to provide the data”:

Some travel agents pushed back repeatedly, read the official notices and instructions to travel agents about the rail API program carefully (and correctly), and made a travel agency “policy decision of non-provision” of ID data about their customers:

Kudos to the unnamed travel agencies that refused to help the government spy on their customers and called Amtrak on its lies that this was required.

Read More

Oct 03 2016

How the DEA uses travel company spies to confiscate travelers’ cash

A report by the Office of the Inspector General (OIJ) of the U.S. Department of Justice (DOJ) sheds more light on how the Drug Enforcement Agency (DEA) pays workers for airlines, Amtrak, bus companies, and package delivery services to spy on their customers, troll through reservation and shipping records, and finger travelers and senders and recipients of packages to the DEA in exchange for a share of the cash which can be seized and “forfeited” to the government even if no drugs are found and no criminal charges are brought.

This practice was first reported in August 2016 by Brad Heath in USA  Today, based on case-by-case review of court filings describing the basis for DEA searches that led to “civil forfeiture” proceedings. And the DOJ OIG had released brief interim summaries of its investigations into DEA relationships with one Amtrak employee and one TSA employee who were paid to inform on travelers.

The new OIG report released last week provides much more detail about the scope of the DEA’s use of travel and transportation staff as paid “confidential sources” to target travelers and parcels for cash seizures on the basis of travel reservations and shipping records. The OIG found that the DEA is paying employees of Amtrak, airlines, bus companies, and other transportation companies millions of dollars for individual tips and copies of entire passenger manifests:

[DEA] Special Agents have various ways of receiving these “tips,” but generally receive the information on a daily basis via email or text message, some of which are sent to government accounts and others to non-government private accounts that are established and controlled by the Special Agents. Additionally, we found that although some Special Agents estimated receiving up to 20 “tips,” or passenger itineraries, per day from their… commercial airline confidential sources, the DEA does not maintain a record of receipt of the totality of the confidential source “tips.”….

[S]ome Agents requested that sources provide them with suspicious travel itineraries that met criteria defined by the Agents, and in some cases requested entire passenger manifests almost daily….

Read More

Sep 27 2016

Proposed laws would expand travel controls from airlines to passenger railroads

Legislation has been introduced in both the USA and Belgium to subject rail travelers to the same sorts of travel surveillance schemes that are already being used to monitor and control air travelers.

If these proposals are enacted into law, passenger railroads would be required to collect and enter additional information such as passport or ID numbers and dates of birth (not currently required or routinely included in US or European train reservations) in Passenger Name Records (PNRs), and transmit rail travel itineraries and identifying information about passengers to the government, in advance.

As is already the case for all airline travel in the USA, including domestic travel, railroads would be forbidden to allow any passenger to board unless and until the railroad receives an explicit, affirmative, individualized, per-passenger, per-flight permission-to-board message (“Boarding Pass Printing Result”) from the government.

In both the USA and Belgium, the proposed legislation would create legal conflicts with civil liberties and human rights, and practical conflicts with railroad business processes and IT capabilities.

Read More

Aug 10 2016

DEA recruits airline & travel industry staff to inform on travelers

Brad Heath reports in USA Today that the Drug Enforcement Administration (DEA) has been recruiting airline and other travel industry staff to inform on travelers. The DEA has been using these tips from industry insider informers with access to travel reservations as the basis for searches, seizures, and “civil forfeiture” proceedings to confiscate cash from travelers on the basis of allegations that it was somehow associated with illegal drugs:

USA TODAY identified 87 cases in recent years in which the Justice Department went to federal court to seize cash from travelers after agents said they had been tipped off to a suspicious itinerary. Those cases likely represent only a small fraction of the instances in which agents have stopped travelers or seized cash based on their travel patterns, because few such encounters ever make it to court.

Those cases nonetheless offer evidence of the program’s sweep. Filings show agents were able to profile passengers on Amtrak and nearly every major U.S. airline, often without the companies’ consent. “We won’t release that information without a subpoena,” American Airlines spokesman Ross Feinstein said.

In almost none of these cases has the DEA actually brought any criminal charges against the travelers whose cash has been confiscated:

A DEA group assigned to Los Angeles’ airports made more than 1,600 cash seizures over the past decade, totaling more than $52 million, according to records the Justice Department uses to track asset seizures. Only one of the Los Angeles seizure records included an indication that it was related to a criminal indictment…. Of the 87 cases USA TODAY identified in which the DEA seized cash after flagging a suspicious itinerary, only two resulted in the alleged courier being charged with a crime. One involved a woman who was already a target of a federal money-laundering investigation; another alleged courier was arrested a month later on an apparently unrelated drug charge.

According to USA Today, “The DEA would not comment on how it obtains records of Americans’ domestic travel, or on what scale.” USA Today wasn’t able to identify any of the travel industry informers who have been tipping off the DEA about customers they thought might be carrying cash. But DEA spokesman Russ Baer said DEA agents “receive information from employees at ‘airlines, bus terminals, car rental agencies, … or other businesses.'”

Because airlines and computerized reservation systems don’t keep any access logs, it’s impossible for anyone to tell, after the fact, which travel industry personnel looked at a reservation and might have been DEA informers (or any other sort of attacker or threat: identity thief, stalker, industrial spy, etc.).

Some of the examples reported in USA Today relate to DEA access to Amtrak reservations. In court filings quoted in the USA Today story, DEA agents described their review of reservations for domestic Amtrak travel within the US as “routine”. From one of Amtrak’s responses to our FOIA requests, we know that Amtrak has a special “police GUI” for police to use in mining and reviewing data from Amtrak’s “Arrow” reservation system. We’ve asked Amtrak for all records pertaining to access to reservations by law enforcement agencies. After more than a year and a half, Amtrak is still continuing to process responsive records, as discussed in our previous articles about Amtrak. But Amtrak hasn’t yet disclosed anything to us about DEA access to Arrow or other Amtrak data.

The story in USA Today notes that the DEA isn’t supposed to have access to the information about travelers on domestic flights that airlines are required to transmit to the TSA before they can get permission to issue boarding passes. The TSA has defended the Secure Flight passenger surveillance and control scheme as an administrative search for the limited purpose of aviation safety. But we’ve heard rumors that the TSA is under pressure from other law enforcement agencies to open up the Secure Flight database of domestic air travel itineraries for general law enforcement uses. Those uses would likely include both arrest warrants and lookouts derived from NCIC, and profiling for forfeiture targeting by the DEA.

 

Jun 07 2016

How hard was it for Amtrak to require names in reservations?

Since the start of the post-9/11 shift from case-by-case government access to travel reservations to dragnet surveillance of all reservations and pre-crime profiling of all travelers, the government has claimed repeatedly that the information to which it has demanded access was already “routinely” provided by travelers to airlines and other travel companies.

We’ve recently received some details of just how untrue those claims are, through the latest installment of a continuing trickle of responses by Amtrak to a Freedom Of Information Act request we made in 2014. (See our previous reports on government surveillance of Amtrak passengers.)

Anyone familiar with travel industry practices and reservation data has known all along that the government’s demands for data about airline, train, bus, and cruise ship passengers have exceeded what was needed by common carrier for commercial purposes. Until after September 11, 2001, walk-up customers could buy tickets for cash, for themselves or anyone else, at airline or Amtrak or Greyhound ticket counters, without providing any information at all except an (unverified) name.  No address, phone number, or other identifying or contact information was required.

The government has demanded not just access to existing travel industry databases, but the logging of additional details about travelers that were never previously required. The travel industry worldwide has had to spend billions of dollars modifying every layer and component of their IT systems, and of all the systems that interact with them, to collect and store this additional information and deliver it to the government in standardized government-dictated formats.

Even names of travelers weren’t required for reservations, tickets, or travel.  Space could be reserved for a group of travelers with only a group identifier or lead contact. Sometimes dummy or placeholder names would be entered for group members, but they could be and often were omitted.

The latest file we’ve received from Amtrak is a PDF of images of printouts or views of email messages (we haven’t received the raw “message source” files we requested, and will eventually be appealing Amtrak’s failure to release them) within Amtrak and between Amtrak, the big four CRS/GDS companies (Sabre, Amadeus, Worldspan, and Galileo/Apollo — then owned by Cendant) and possibly their contractors or other “partners” (names redacted).

These messages date from 2006, when Amtrak “voluntarily” decided to start sending data about all passengers on cross-border Amtrak trains and buses between the USA and Canada to the DHS Advance Passenger Information System (APIS).  In order to populate the API data fields, Amtrak decided to make “Passenger ID” (PID) a required field in all Amtrak reservations.  That took some work in itself, but it also caused a cascade of new problems for reservations without names, especially those for as-yet-unknown members of groups:

Read More

Feb 23 2016

US border guards have root access to all Amtrak domestic reservations

The latest installment in Amtrak’s response to one of our FOIA requests confirms our suspicion that Amtrak has given US Customs and Border Protection (CBP) access to all Amtrak reservations including those for purely domestic passengers and trains — but in an additional and harder-to-track manner than we had previously been aware of.

In October 2014, we asked Amtrak for its records related to data-sharing and other collaboration with the Department of Homeland Security (DHS) and other US and foreign law enforcement agencies. Amtrak is still in the process of searching for and censoring responsive records, more than a year after the legal deadline for its full response. In the mean time, however, Amtrak has been providing intermittent “interim” responses, which we’ve been analyzing and reporting on as we receive them. Because Amtrak is a Federal government entity subject to FOIA, unlike commercial airlines or bus lines, we’ve been able; to find out much more about Amtrak collaboration with DHS and other law enforcement agencies than about the parallel practices of private transportation carriers.

We’ve learned that Amtrak’s own police — who are commissioned by individual states, but have unusual multi-state jurisdiction — have root access to Amtrak’s “ARROW” computerized reservation system, and even a special “Police GUI” (graphical user interface) to mine passenger reservations for police purposes.

We’ve also learned about Amtrak’s transmission to DHS of information about all passengers on Amtrak trains that cross the US-Canada border.

What we didn’t know, until the latest interim release of Amtrak documents this month, was whether DHS or any other Federal police agency also has access to complete reservation details for the much larger number of passengers on domestic Amtrak trains within the US.

Now we know: Agents of US Customs and Border Protection (CBP) have the same access to all Amtrak reservations as Amtrak onboard train conductors, in such a way that their access evades ever being logged or associated with CBP, but appears to Arrow and Amtrak as though it was carried out by Amtrak staff.

It works like this:

Read More