May 20 2022

New reports on DHS surveillance and profiling

Two new reports from university think-tanks call attention to surveillance and profiling — including surveillance of, and action against, domestic and international travelers — by the Department of Homeland Security and its components.

A Course Correction for Homeland Security, a report by the Brennan Center for Justice at New York University, cites to some of our work and some examples of cases we have been involved with in its analysis of DHS data collection (surveillance), and “risk assessments” (algorithmic profiling and control), especially as they relate to travelers.

American Dragnet: Data-Driven Deportation in the 21st Century, a report by the Center on Privacy and Technology at Georgetown University Law School, focuses on DHS’s Immigration and Customs Enforcement (ICE) division, especially ICE access to facial images and other information obtained from drivers licenses and commercial data brokers.

A common theme of both reports is that DHS surveillance is more pervasive, more intrusive, and less visible than is generally recognized.

Airline reservations and demands for ID from travelers are used not merely to check for currently blacklisted would-be travelers, but are retained and used to build travel histories and social networks maps that are then used by suspicion-generating guilt-by-association algorithms to expand the web of surveillance, profiling, and extrajudicial blacklisting.

ICE represents itself as an agency with jurisdiction only over non-US citizens, but in fact runs photos and drivers license and location data about a large fraction of the entire population of US citizens through its profiling and enforcement algorithms. DHS lurks (usually invisibly) in the background, “ingesting” or obtaining access to personal information, when individuals pose for drivers license photos, make airline reservations, or interact with businesses that “share” data directly or indirectly with DHS.

What is to be done about this sorry state of affairs?

Both of these reports suggest that some reforms could be made by policy, at the direction of the President, the Secretary of Homeland Security, or the heads of DHS components.

However, given the thoroughly bipartisan continuity of support by both Democratic and Republican administrations for the continual expansion of DHS surveillance, especially of travelers and foreigners and most especially of border crossers, since its creation 20 years ago, we have little hope for reform from within DHS or at the behest of the White House.

Exposure of abuses is good, but more is needed than a change of administration policy.

While we welcome any additional attention paid to the problems with the DHS, we think they call for court action to uphold the Constitutional and treaty rights of travelers and other individuals, and Congressional action to effectuate those rights and to facilitate judicial review and redress for government actions that violate those rights.

The DHS, as these reports reveal, is an ever-growing dragnet surveillance agency, operating outside the rule of law. What are we going to do to alter or to abolish it?

Apr 19 2022

Photography and recording at US border crossings

Inquiring minds at the American Civil Liberties Union (ACLU) want to know if officers or agents of US Customs and Border Protection (CBP) or other components of the Department of Homeland Security (DHS) have tried to stop you from taking photographs, filming, or recording publicly-visible scenes and events at US land border crossing points.

As we’ve noted many times in this blog, and as as has been established in court cases in which we have participated, you have the right to photograph and record Transportation Security Administration staff and contractors at TSA checkpoints at airports.

We haven’t talked about land “ports of entry” as much as airports, but you also have the right to photograph and record at land border crossings, at least if you do so from places accessible to members of the public who aren’t crossing the border. (We don’t mean to suggest that you don’t also have the right to record or livestream what happens to you as you cross the border. We think you do, but that hasn’t yet been litigated as extensively.)

Read on for more about the state of the law, what you can do to reduce the chances that your right to photograph and record near borders  will be violated, and what to do if it is.

Read More

Apr 08 2022

Amtrak gave train reservations to the TSA for a profiling test

[“Secure Flight” process flow used by the TSA for airline passengers and being tested on Amtrak passengers. The red box at right center is the “black box” for algorithmic profiling, blacklist/blocklist enforcement, and fly/no-fly decision making.]

Amtrak has reportedly given the Transportation Security Administration several months of  archives of Amtrak passenger reservations and frequent rider profiles. At Amtrak’s request, the TSA has used these records to test the TSA’s ability to extend to Amtrak passengers the ID-based profiling and blacklisting algorithms the TSA already applies to air travelers.

If you aren’t allowed to travel by air, the right to travel by train is critical. And while all common carriers have an obligation to transport all would-be passengers, Amtrak as a government agency should be most strictly held to that obligation.

The plans to run a batch of historical Amtrak reservations through the TSA’s “threat assessment” black box were disclosed in a Privacy Impact Assessment (PIA) quietly posted on the Department of Homeland Security website last December, and first noted in a news report by Mark Albert of Hearst Television earlier this week.

The PIA posted by the TSA in December 2021 said that Amtrak would give notice of the batch transfer of reservation archives to the TSA through an update to Amtrak’s privacy policy. That policy was last updated in November 2021, and doesn’t mention data sharing with the TSA. But a follow-up report today by Hearst Television quotes the TSA as saying that, “The collection of data and analysis has already occurred,” without the promised notice in Amtrak’s privacy policy.

What will this TSA’s test of Amtrak passenger profiling reveal? Of course some of the people who aren’t allowed to travel by air travel by train or bus instead. Amtrak and Greyhound are the long-distance carriers of last resort for undocumented and blacklisted travelers. So it’s to be expected that the TSA will find a disproportionate percentage of the people it has blacklisted from air travel on Amtrak passenger manifests.

Even more people will be forced to take Amtrak or Greyhound instead of flying if the TSA — as it has threatened — starts preventing people from flying if they don’t have, or don’t show, any ID, or ID the TSA deems to be compliant ID with the REAL-ID Act.

Does this mean that would-be terrorists are riding Amtrak trains? No. It means only that people blacklisted from air travel are riding trains. So far as we know, there have been no terrorist attacks on Amtrak trains. The false positives generated by the TSA’s “threat assessment” algorithms and precogs are evidence of what’s wrong with predictive profiling and why the right to travel by common carrier is so important.

The TSA and DHS have long wanted to extend their prior restraint of travel from airline passengers to all modes of travel including  trains and buses, but have lacked any legal basis to do so. Amtrak’s sharing of reservation  data with the DHS, even for passengers on international trains, has been represented as a “voluntary” action by Amtrak.

In the absence of any notice from Amtrak, it’s unclear what Amtrak claims as the legal basis for the recent “test” of TSA profiling of passengers on domestic Amtrak trains. Read More

Mar 29 2022

Asylum Requires Traveling to a Border

The US Department of Homeland Security (DHS) and the Department of Justice (DOJ) issued new interim rules today for the adjudication of asylum and other claims by a new class of “asylum officers” at US ports of entry, borders crossings, and airports.

These new rules won’t help most asylum seekers.

Did you ever wonder why desperate asylum seekers often travel on overcrowded and leaky boats or try to trek across waterless deserts, and regularly lose their lives?

It’s not because migrants can’t afford plane tickets. It’s because the government at their destination won’t let them buy a plane ticket or board a flight to a place of safety!

International treaties and US law only allow migrants to make asylum claims after they reach a destination country. You can’t apply for asylum in advance, the way you apply for a visa. You have to show up at the border or arrive at a destination airport before you can beg for asylum. And the US and the European Union work hard to prevent migrants from ever reaching a US or EU border or airport where they might make such a plea.

That’s why most migrants’ asylum claims are never “adjudicated”. Instead, they are denied before they get on a plane, by airline staff who have no training or competence to act as asylum judges. Most migrants never even try to travel by airline to a place where they could present their asylum claim, because they know that they will be turned away at the ticket counter or boarding gate. That’s why they end up trying to reach places of sanctuary by “irregular” means of transport, and drowning or dying of thirst in the desert.

Airlines should be helping migrants. Airlines have a legal obligation as common carriers to transport all would-be passengers. They have a financial interest in selling tickets to those passengers. But the US undermines international human rights and aviation treaties by imposing draconian “carrier sanctions” (currently $3,000 per passenger) on any airline that transports any person to the US who is denied asylum on arrival, or denied entry for any other reason. Many European countries do the same.

Airlines claim that they are denying passage to migrants because they “lack the required documents” for their desired destination in the US or elsewhere. But under international and US law, asylum seekers are not required to have or produce any specific documents in order to have valid asylum claims. There’s no such thing as an “asylum visa”. The migrant who arrives with just the clothes on their back and no documents often has a stronger claim to asylum than the one who brings passports, visas and other paperwork.

In 1939, officials in the US and Canada denied the passengers on the S.S. St. Louis “permission” to disembark, fating them to be returned to Europe where many were murdered by the Nazis. In recent years, US administrations have pursued policies designed to keep refugees from reaching US shores. These polices are designed to undermine the right to asylum. What the large print of international humanitarian law offers, the small print of “carrier sanctions” takes away.

It is, by definition, impossible for an asylum seeker to submit their claim or have it adjudicated before they reach the US. It is equally impossible for an airline, a “preclearance officer”, or anyone else to anticipate, before an asylum claim has been made, whether it will be granted. So to save the airline a possible “administrative fine” of $3,000 per passenger, airlines simply deny passage to all such people.

America didn’t use to be like this. People fleeing persecution in the Ukraine under Tsarist Russian rule could get to the US and apply, as long as they could reach a European port with enough money to pay for passage across the Atlantic. No passports or visas were required to buy a boat ticket and board a ship, nor were any required at Ellis Island.

It shouldn’t be harder today to reach asylum than it was a century ago. If the US and European governments were serious about allowing Ukranian refugees to claim asylum, they would repeal these “carrier sanctions”, rather than rearranging the deck chairs on the Titanic by adding a new class of administrative law judges to process the few asylum claimants who do somehow arrive at the border.

The rights of refugees and asylum seekers recognized in high-sounding treaties will become meaningful only when migrants have an actual right to travel to the border or arrival airport to make their claim. Passing the Freedom To Travel Act, now pending in Congress, or including its provisions in any asylum or immigration reform legislation, would be one way to restore that right. But a smaller change in the law to repeal the “carrier sanctions” against airlines that transport migrants would be a great start.

Feb 08 2022

Not another no-fly list

In a letter first reported by Reuters and first published in full by The Points Guy, CEO Edward Bastian of Delta Air Lines has called on Attorney General Merrick Garland to “support our efforts with respect to… putting any person convicted of an on-board disruption on a national, comprehensive,… ‘no-fly’ list that  would bar that person from traveling on any commercial air carrier.”

The latest letter from Delta steps up a lobbying campaign the airline began last fall, and which remains as misguided as ever. The letter highlights the urgent need for Congress to enact the Freedom to Travel Act (H.R. 6030) to make clear the rights of travelers, the duties of airlines and other common carriers, and the limitations on when, by what authority, on what grounds, and according to what procedures the right to travel can be restricted.

Read More

Nov 22 2021

“Freedom to Travel Act of 2021” introduced in Congress

On the 20th anniversary of the creation of the Transportation Security Administration, the Freedom to Travel Act of 2021 (H.R. 6030, “To protect the right to travel by common carrier”), has been introduced in the U.S. House of Representatives by Rep. Paul Gosar (R-AZ) and referred to the Committee on Transportation and Infrastructure and the Committee on Homeland Security.

If enacted into law, the Freedom to Travel Act would be the most significant step toward bringing the TSA within the rule of law since the creation of the TSA 20 years ago this week with the enactment of the Aviation and Transportation Security Act (ATSA) in 2001. It would rein in the TSA’s ability to substitute secret, extrajudicial edicts for court orders restricting American’s rights, and would remove key barriers that have stood in the way of judicial review of TSA actions and legal redress for those whose rights have been violated.

The 20th anniversary of the creation of the TSA is an apt moment for Congress to step back from the post-9/11 panic that drove the enactment of the ATSA, take a deep breath, consider what it has actually wrought, and begin to restore the historic right to travel that the TSA has been steadily chipping away at for the entire 20 years of its existence.

The Freedom to Travel Act would create no new rights, but would codify in Federal law an explicit right to travel by common carrier. Courts have recognized such a right, but have often struggled to find an explicit source for it or to assess its significance.

Given that human rights are inherent in our humanity and don’t depend on any statute or text, it shouldn’t be surprising that they aren’t always grounded in explicit statutory language. But ambiguity as to the source of the right to travel and the obligations of common carriers has made it easier for courts to brush off complaints of violations of that right as not having stated a cognizable claim, a claim that involves a fundamental (rather than a less significant) right,  or a claim for which the courts have the power to grant redress.

The Freedom to Travel Act would apply to interstate common carriers in all modes of passenger transportation: airlines, railroads including Amtrak, interstate buses, and ferries.

A common carrier, by definition, has a duty to transport all would-be passengers, but the US Department of Transportation has been lax in enforcing that obligation. The Freedom to Travel Act would create an explicit new Federal cause of action against any common carrier, person, or Federal agency that denies or refuses transportation by common carrier to any individual except on the basis of (1) failure to pay the fare or comply with the conditions of carriage in the carrier’s published tariff; (2) failure or refusal to submit to an administrative search limited to a search for weapons, explosives, or incendiary devices likely to pose a threat to the safety of the conveyance, passengers, or crew; or (3) an order from a court of competent jurisdiction.

Read More

Sep 15 2021

DHS must explain failure to release e-mail files

In a victory for the Freedom Of Information Act (FOIA), an Administrative Law Judge (ALJ) has ruled that the Department of Homeland Security (DHS) must either disclose records of e-mail messages which we requested in the “native” file formats in which they are held on DHS servers or archival storage media, or must “demonstrate with sufficient justification that they cannot produce the documents in their original fully digital version.”

This ruling was made in response to an administrative appeal by the Identity Project of the DHS (non)-response to a FOIA request we made in 2016 for the reports submitted to the DHS each month on how may people attempted to enter Federal facilities without ID or with ID deemed “noncompliant” with the REAL-ID Act of 2005, and what happened to these people. How many were eventually allowed to enter, and how many were turned away?

Read More

Jul 23 2021

The right to international travel and the right to a U.S. passport

In late 2015, as we noted at the time, Congress voted — as part of an unrelated surface transportation bill — to authorize the Department of State to revoke and/or refuse to issue a U.S. passport to anyone against whom the IRS has assessed an administrative lien or levy (even in the absence of any judicial action) for $50,000 or more in tax debt.

This week, the first appellate court to review this law upheld it as Constitutional, although on limited grounds. In its “per curiam” opinion in Maehr v. Department of State, the 10th Circuit Court of Appeals upheld a decision by a U.S. District Court judge in Colorado dismissing a lawsuit by Jeffrey T. Maehr, one of almost half a million people who have been deemed subject to revocation or non-issuance of U.S. passports, and thus prohibited from legally leaving (or returning to) the U.S.,  for alleged tax debts.

Two judges wrote opinions in support of the “per curiam” decision, each joined in different parts by the third member of the three-judge panel.

All three judges found (wrongly, we think) that, although there is some sort of “right” to international travel by U.S. citizens, it is not such a “fundamental” right as to make restrictions on the exercise of the right to travel be subject to to what courts call “strict scrutiny”.

Read More

Jun 17 2021

DHS still evades review of no-fly orders

Two recent court cases, and follow-up articles and interviews with the plaintiffs and their lawyers, show how the highest priority for the U.S. government with respect to no-fly orders continues to be preventing judicial review of these government decisions, not preventing terrorism.

When an airline requests permission to allow an individual to board a flight, and the U.S. Department of Homeland Security (DHS) declines to give permission, that “Boarding Pass Printing Result” (BPPR) message is communicated only to the airline,  not the would-be traveler. Even the airline is not told the basis, if any, for the negative BPPR message. (The default is “No”, in the absence of affirmative, individualized government permission-to-board.)

Again and again and again, when people have challenged these no-fly orders in U.S. courts, the government has chosen not to disclose or defend the basis for its decisions that these people constitute a threat to aviation sufficient to justify restricting their right to travel.

Instead, the government has told the plaintiffs that they have been (although perhaps only temporarily) removed from “the no-fly list” (although with no assurance that they won’t again be prevented from traveling in the future), and then gotten their complaints dismissed in court as “moot”. Only rarely has it been possible to pursue these cases.

A special law restricting the jurisdiction of the Federal courts over “orders” of the Transportation Security Administration (TSA), 49 U.S.C. § 46110, has also been used to avoid fact-finding as to the basis, if any, for these orders. In our opinion this law is clearly unconstitutional. But the Constitutionality of this law has not yet been directly ruled on, and it has been the subject of little Congressional scrutiny.

If the government really thought these people were dangerous, it should have gone to court sooner to obtain injunctions or restraining orders restricting their freedom of movement. If challenged, it should have defended its actions before Federal judges in adversarial, evidence-based fact-finding proceedings.

The government has chosen to do neither, and has consistently responded to no-fly lawsuits by taking almost everyone with the means and will to pursue extended litigation off the not-fly list. This reflects the reality that the DHS sees judicial oversight of its actions, not terrorism, as the greater threat to its standard operating procedures. The top DHS priority is to be able to continue its practice of extrajudicial secret decision-making — disconnected from facts and based instead on fantasies of “pre-crime” predictive ability — about who is, and who is not, allowed to exercise their Constitutional rights.

The stories of Ahmad Chebli and Ashraf Maniar illustrate how this plays out in real life —  and how it wrecks real people’s lives and livelihoods.

Read More

Apr 12 2021

Connecting the DHS to the airline industry

A Request For Information (RFI) posted on a website for Federal government contractors gives a glimpse into the degree to which the Department of Homeland Security (DHS) has embedded itself into the information technology infrastructure of the airline industry.

The RFI for Services to Electronically Transmit Airline Data was posted April 5, 2021, by US Customs and Border Protection (CBP). Responses from potential vendors are due by April 19, 2021.

CBP says it is “conducting market research to gain a greater understanding of the full range of available options for services for obtaining names and related information of passengers who are arriving and departing the U.S. on commercial airlines.” Although the RFI was put out by CBP, which surveils and controls international air travel and cargo transport to and from the US, it appears to contemplate integration with the parallel systems used by the Transportation Security Administration (TSA) for data-driven surveillance and control of domestic US air travel as well.

According to the RFI:

CBP is evaluating transmission options for air carriers to use in compliance with these requirements.

  • The vendor must have established connectivity with the airline community.
  • The vendor must be able to test and certify with the air carriers, the vendor, CBP and TSA as required.

For those unfamiliar with the “parallel universe” of airline IT and data communications networks, this RFI might best be conceptualized by analogy to the specifications for the equipment — revealed by whistleblower Mark Klein — that was installed in the facilities of AT&T and other telecommunications companies to provide real-time copies of message data to the National Security Agency (NSA).

While the NSA receives metadata about the movements of our messages in the form of telephone calls, email messages, Web browsing, and other Internet traffic, CBP receives metadata about the movements of our physical bodies, whenever we travel by air, in the form of, according to the RFI,  “Passenger Name Records (PNR), air cargo manifests, advance passenger information (API), passenger manifests, and other airline-related data.”

The TSA receives a similar but somewhat different dataset of all domestic airline flights in the form of Secure Flight Passenger Data (SFPD).

The RFI requests information from vendors that already have  “an available global private network primarily used by the aviation industry to enable the aviation industry to send/receive API, PNR, and other information to CBP and other entities.”

The gateways provided by these vendors would also, presumably, position these vendors to serve other governments wanting to surveil and control air travel while using common gateways to connect to airlines without having to connect to each airline separately.

As the NSA did with telecommunications companies, CBP embeds itself in vendors’ data centers and message switching hubs:

The contractor shall provide the following to permit the electronic transmission of airline data to CBP’s computer network and host systems:

Provide Ethernet Internet Protocol (IP) connections to the contractor’s private global network. CBP routers are located on vendor’s premises. Contractor provides physical space at their datacenter(s) to include ¼ communications rack to house DHS/CBP co-located equipment that connects to the contractor’s private global network.

Unlike the “black boxes” installed in AT&T and other telecommunications and Internet switching centers to send mirror copies of messages to the NSA, the CBP/DHS connection to the global airline reservation cloud is bidirectional. The role of the DHS is not limited to passive surveillance, which would require only a unidirectional data feed.  DHS exercises positive permission-based prior restraint and control of the issuance of each boarding pass, which requires reliable real-time transmission of Boarding Pass Printing Result (BPRR) permission messages from DHS to airline check-in counters and Web check-in systems worldwide.

Currently, each airline has the option of connecting directly to CBP for bi-directional  transmission of PNR and API data and receipt of BPPR messages through a virtual private network using CBP-specified protocols and vendors, or connecting to DHS through one of two vendors approved by CBP to act as intermediaries: ARINC or SITA.

Read More