May 14 2018

Senators say US citizens shouldn’t have to submit to airport mug shots

Senators Mike Lee (R-UT) and Ed Markey (D-MA) have sent another joint letter to Secretary of Homeland Security Kirstjen Nielson renewing their objections to requiring US citizens to submit to mug shots (“facial recognition”) as part of a DHS “biometric exit” program for identifying and tracking international travelers departing from US airports and seaports.

The letter sent last Friday is a follow-up to an earlier letter six months ago, in which the Senators told the DHS that such a requirement for US citizens is “facially unauthorized”:

Most crucially, while Congress has repeatedly voted to authorize biometric entry-exit scanning of foreign nationals, it has never authorized biometric exit screening for U.S. citizens. In fact, Congress has pointedly neglected to authorize DHS to use the program on U.S. citizens for any purpose. Additionally, while airport infrastructure may not be conducive to separate boarding procedures for U.S. citizens and non-citizens, convenience should not be placed above congressionally mandated requirements. We are concerned that the use of the program on U.S. citizens remains facially unauthorized.

Read More

May 08 2018

TSA releases redacted ID verification procedures

Five years after we requested them under the Freedom Of Information Act, the TSA has released a redacted copy of its Identity Verification Call Center (IVCC) procedures for interrogation and “screening” of people who show up at TSA checkpoints without ID or with ID the TSA initially deems unacceptable.

Most of these people — 98% of them, according to summaries and logs eventually released to us by the TSA in response to our FOIA request — are eventually “allowed” by the TSA or TSA contractors to exercise their right to travel by common carrier, but only after being put through the TSA’s identity verification procedures.

The TSA’s Standard Operating Procedures for travelers without ID or with initially unacceptable ID include requiring them to complete and sign an (illegal) TSA Form 415, “Certification Of Identity” (COI), and playing a pointless game of 20 questions by telephone with the ID Verification Call Center to see if the traveler’s answers to questions match the information in the files secretly maintained by a commercial data broker, the Accurint division of LexisNexis (part of Reed Elsevier).

In 2013, we asked the TSA for its records of what happens to people who try to fly without ID or with ID that the TSA or its contractors initially deem unacceptable. As part of the same request, we asked for related email messages and policies.

The TSA dragged its feet for years, gradually releasing a trickle of redacted and scanned page-view images of derivative reports, but none of the email messages or reports.

A year ago, the TSA declared its munged partial response “complete”. We filed an administrative appeal, and six months later, the TSA’s appeal officer partially upheld our appeal and remanded our request for a further search for email messages and policies.

After eight more months, we’ve finally received a redacted image of the 2013 version (the version in effect when we first made our request) of the TSA’s ID Verification Call Center “Standard Operating Procedures”.

By the time the TSA finally looked for the email messages on which some of the reports were based, after our appeal was upheld, those messages had all been deleted:

No email messages pertaining to the responsive records were located. The email account utilized to prepare and distribute the TSOC reports was centralized into the National Transportation Vetting Center email account, and all emails created during that time associated with the TSOC reports already released to you have been deleted.

Ultimately, the  ID Verification SOP leaves the final decision on whether a would-be airline passenger is allowed to travel to the standardless discretion of the TSA staff person in charge for each airport, the Federal Security Director (FSD) or their designee.

There are some other curious statements between the redactions in the version of the  ID Verification SOP. released to us by the TSA.

According to the SOP:

Under these procedures, passengers are required to produce acceptable identification to a TSA Screening Representative (TSR) before proceeding to the security checkpoint. Passengers who do not produce acceptable identification and who fail to assist TSA personnel in adequately identifying their identity will be denied entry.

There is no indication of the legal basis, if any, for this TSA claim that airline passengers have an affirmative duty to  “produce acceptable identification” or “assist TSA personnel in adequately identifying their identity”, or what the basis would be for denial of passage.

The SOP also contains a bizarre assertion in section 2.5.9 of the SOP that the COI form (TSA Form 415), which travelers without ID or with unacceptable ID are required to complete and sign, is “Sensitive Security Information” (SSI) which is “not to be circulated to the public”and which passengers must surrender to checkpoint or TSA staff on demand. The SOP doesn’t say how this form could be held to constitute SSI.

TSA Form 415 has already been made public in response to another of our FOIA requests, and the Paperwork Reduction Act requires that forms used to collect information from the public be published for comment before they are approved.

In 2016, after using Form 415 and its unnumbered predecessor illegally for years, the TSA published a notice that it planned to apply for approval of this form (to which we objected). But the TSA has yet to apply for, much less receive, the approval it would need before using this form.

Apr 27 2018

DHS still usings American Samoans as “REAL-ID” guinea pigs

When last we checked in on the status of DHS threats to harass residents of states and territories that haven’t been sufficiently “compliant” with the REAL-ID Act of 2005, the focus was on the territory of American Samoa.

The REAL-ID Act applies to the District of Columbia and five US territories as well as to the fifty US states. American Samoa is the most distant from the US mainland and one of the smallest in population of these US territories, and is the only place subject to the REAL-ID Act whose native-born residents are not US citizens. There are only two scheduled airline flights a week between American Samoa and any other US state or territory.

Perhaps for these reasons, the DHS in its infinite wisdom unreviewable discretion chose to make American Samoa the test of its threats to “enforce” the REAL-ID Act.

Every other state or territory was either certified as sufficiently compliant with the REAL-ID Act (even though few of them are) or given an extension of time to show a more compliant attitude. But the DHS invoked its REAL-ID “nuclear option” on American Samoa, announcing that  effective February 5, 2018, “a driver’s license or ID issued by American Samoa (AS) will no longer be an acceptable document to board a federally-regulated commercial aircraft.” Air travelers showing ID cards issued by the government of American Samoa are subject to additional “ID verification” and/or “screening” (searches).

So how has the DHS effort to make an example out of American Samoa fared? And what can other states and territories learn from this example?

Basically, (1) the sky didn’t fall, and (2) the DHS blinked (again). The message to other states is that they shouldn’t be panicked into “compliance” by empty DHS threats.

Read More

Apr 12 2018

Mapping #CheckpointAmerica

Our friends at the Cato Institute have launched a new  section of their Website in English and Spanish, Checkpoint: America — Monitoring The Constitution Free Zone. The new site provides annotated maps of the locations and details of known permanent checkpoints operated by U.S. Customs and Border Protection (CBP) to control internal travel on roads within the U.S.

CBP claims the “border” authority to operate permanent or temporary roadblocks and stop and question U.S. citizens without a warrant anywhere within 100 miles of any international border or coastline. Including the Atlantic and  Pacific coasts and Great Lakes shorelines, this “border” area includes the majority of the population of the U.S.

Cato compiled information about the checkpoints from non-governmental sources after CBP stonewalled a FOIA request for it: “A 2015 Freedom of Information Act request to CBP filed by Cato Policy Analyst Patrick Eddington for information on these checkpoints has been on administrative appeal for two years.”

The clickable map shows, “overhead and ground-level photography of the facilities, physical descriptions of the checkpoints, and … (where available) press accounts, administrative actions, and court proceedings involving a given checkpoint.”

The new Cato site also acknowledges and links to our friends at Roadblock Revelations (Checkpoint USA), who have been documenting and challenging these checkpoints for many years.

Apr 06 2018

Transportation companies should not consent to police harassment of travelers

The ACLU is calling on Greyhound to stop giving the Border Patrol (US Customs and Border Protection) permission to board Greyhound buses and interrogate passengers.

According to a public letter sent to Greyhound by ACLU affiliates across the US:

Greyhound recently has said that the company believes it is “required” to “cooperate with [CBP] if they ask to board our buses.” We are aware of no such requirement. Rather, Greyhound has a Fourth Amendment right to deny CBP permission to board and search its buses without a judicial warrant…. [W]e urge Greyhound to change its policy and to refuse CBP permission to conduct invasive bus raids without a warrant.

Or, as a petition already signed by more than 30,000 people puts it more succinctly, “Your company has the right to say no to [the] Border Patrol — now is the time to do it.”

We wholeheartedly endorse this call on Greyhound to stop doing the wrong thing — and we extend the same call to all transportation companies including airlines and Amtrak.

Federal, state, and local police routinely collaborate to interrogate travelers on buses and trains and in bus and train stations and airports. The purpose of this questioning is typically not to obtain information, but to trick and/or intimidate travelers with a sufficient show of force  to get them to “consent” to searches of their belongings for drugs and/or cash, so that travelers’ cash and/or other valuables can be seized and forfeited to the police agencies involved. “Consensual” questioning and searches are also used as the basis for additional harassment, detention, and deportation of immigrants and other foreigners.

These sordid practices depend, we reiterate, on trickery and intimidation as well as on the willingness of the courts to countenance “consent” given under patently coercive conditions when armed police are blocking the aisle of a bus or train or the door of a compartment on a sleeping car, or surrounding a traveler in an airport waiting area.

But these practices also depend on the willingness of transportation companies to let these goons onto their buses and trains and into their stations and airports to conduct these looting expeditions for anything they can expropriate through civil forfeiture.

Greyhound buses are private property. Except in “hot pursuit” of a suspected criminal, police cannot board Greyhound buses without a ticket or permission from Greyhound.

Amtrak is a Federal government corporation, but nothing in its charter from Congress requires it to collaborate with, or consent to, warrantless searches of Amtrak property, including passenger coaches and sleeping cars, or questioning of Amtrak passengers.

(We are continuing to receive a foot-dragging trickle of responses to a FOIA request we made to Amtrak in 2014 for information about Amtrak’s sharing of information about passengers with the DHS and with foreign law enforcement agencies.)

Similarly, most airports and some bus and train stations are publicly operated, but free to refuse their consent to warrantless entry onto some or all of their premises, other than customs facilities leased to CBP, by agents of the DEA, CBP, or other law enforcement officers not involved in routine airport, train station, or bus station patrols and policing.

If you see police doing something you don’t like on a bus or train, in a bus or train station, or in an airport, say something to the company that “consented”  to this police activity.

Apr 02 2018

Can US citizens entering the country opt out of CBP mug shots?

US Customs and Border Protection (CBP) has published a new Privacy Impact Assessment (PIA) for its Automated Passport Control (APC) kiosks and Mobile Passport Control (MPC) apps.  Unlike most PIA’s, this one does not say why it was prepared, or what, if anything, about the programs it assesses has changed. But it appears to be a response — although an inadequate and possibly still a factually inaccurate one — to some of our complaints.

At many international airports and some cruise ports  in the US, travelers — including US citizens — have to submit their mug shots to CBP through either an APC kiosk or the MPC smartphone app before they are allowed to proceed to CBP officers for customs, immigration, and agricultural inspections.  This requirement is enforced by “line minders” manning the velvet ropes and directing pedestrian traffic inside “sterile” arrival areas. These line minders are employed by the airline, airport, and/or their contractors or sub-contractors, making it easy for CBP to deny any responsibility for their actions.

In January of this year, we were part of a meeting between civil liberties and human rights organizations and CBP officials on the subject of these  “biometric entry/exit” schemes.

The CBP officials we met with in January denied that anyone is required to use the APC kiosks, contrary to our experience and that of other participants in the meeting.

When we complained that CBP hasn’t complied with even the minimal notice requirements of the Privacy Act and the Paperwork Reduction Act (PRA) for this sort of data collection, CBP’s Privacy Officer responded, “I do not consider this program to be operating in violation of the Privacy Act, therefore, I have nothing to investigate.”

But although CBP didn’t conduct an “investigation”, it does appear to have conducted a new “assessment” and published a new set of claims about what it is doing.

What does CBP now say about its mug shots of arriving travelers? And is it true?

We call B.S.

Read More

Mar 30 2018

State Department proposes more surveillance of social media, communications, and travel

(Excerpt from proposed US visa application form as posted at Regulations.gov)

Today the US Department of State published proposals in the Federal Register to expand its ongoing surveillance of social media, e-mail, and travel by applicants for immigrant and nonimmigrant (tourism and other temporary visits) visas:

The Department is revising the collection to add several additional questions for…  visa applicants. One question lists multiple social media platforms and requires the applicant to provide any identifiers used by applicants for those platforms during the five years preceding the date of application. The platforms listed may be updated by the Department by adding or removing platforms….

Other questions seek five years of previously used telephone numbers, email addresses, and international travel.

Questions about social media identifiers were added to the applications for visas and the ESTA form (electronic visa for citizens of countries in the US Visa Waiver Program) in 2016. But until now, the State Department has claimed that answering these questions was “voluntary”.

This expanded social media, telephone, and e-mail surveillance has all the problems we and other organizations have previously objected to, and more.

There has not previously been any requirement for would-be visitors or immigrants to the US to provide current or past telephone numbers, e-mail addresses, or a comprehensive list of which countries other than the US have been visited or when they have been visited.

The State Department will use these identifiers and share them with other Federal agencies such as DHS, including through the National Vetting Center, to target surveillance of foreign citizens, to mine its historical archives of dragnet surveillance, and to decide whether or not to allow foreigners to enter or remain in the US.  As part of “Visa Lifecyle Vetting” (formerly known as the “Extreme Vetting Initiative”) they will also be used for “continuous vetting”: ongoing suspicionless monitoring, profiling, and scoring by “pre-crime” algorithms purported to have robotic “pre-cognitive” abilities to predict future crimes based on what people say and who they associate with.

Read More

Mar 13 2018

Is the DHS using this Unisys pre-crime software?

A press release last week from Unisys gives a disturbing glimpse into the extent to which border guards — possibly including US Customs and Border Protection (CBP) and other components of the US Department of Homeland Security — are making decisions on the basis of automated “pre-crime” predictions of future bad actions or bad intentions.

Unisys describes its “LineSight” (TM)  product as,

[N]ew software that uses advanced data analytics and machine learning to … enable border agents to make … on-the-spot decisions about whether to trigger closer inspection of travelers … before admitting them into a country…. The solution [sic] uses advanced targeting algorithms to continuously ingest and analyze high volumes of data from multiple sources and to flag potential threats in near real time. For travelers crossing borders, LineSight assesses risk from the initial intent to travel and refines that risk assessment as more information becomes available – beginning with a traveler’s visa application to travel, reservation, ticket purchase, seat selection, check-in and arrival.

Think about what this means: This is not a tool for investigation of illegal conduct or prosecution of people who have committed crimes. It presumes that government agencies will be sufficiently deeply embedded in travel industry infrastructure and have the surveillance capability to know as soon as you form an “initial intent to travel”. It’s being marketed to government agencies as a “pre-crime” system alleged to have “pre-cognitive” ability to predict intentions and future actions, and to generate its own algorithms for doing so:

“Many legacy border security solutions identify potentially risky travelers and cargo based on previously known threats – which is kind of like driving a car and only using your rear view mirror,” said Mark Forman, global head of Unisys Public Sector….

LineSight does not depend solely on pre-defined pattern matching rules; it also includes predictive analytics and machine learning that allow the system to learn from experience and automatically generate new rules and algorithms to continuously improve assessment accuracy over time.

Decisions about which travelers should be subjected to more intrusive searches should be be made on the basis of probable cause to believe that  crimes have been committed, not on the basis of fantasies of “pre-cognitive” pre-crime prediction.

It’s wrong to delegate judicial decisions to administrative agencies, wrong to further delegate those decisions to software ‘bots, and wrong to set those robots loose to make up their own rules to govern whch individuals are subjected to searches or other sanctions.

Read More

Mar 07 2018

FOIA request for information about DHS “Extreme Vetting”

Despite a “shell game” of changing program names, most recently “Visa Lifecycle Vetting”, the general intent of what the DHS and President Trump previously refered to as the “Extreme Vetting Initiative” is clear and has remained unchanged:

  1. To expand the ongoing unconstitutional warrantless and suspicious surveillance of refugees, asylum seekers, immigrants, foreign residents, and US citizens who travel internationally, so that this dragnet sureveillance will be carried on continuously rather than only in conjunction with specific controlled actions such as vsia issuance or  entering or leaving the US, as though international travel were per se probable cause for search and surveillance rather than the exercise of a right; and
  2. To convert the present systems for making decisions as to who is or is not issued a visa or electronic “travel authorization“, allowed to enter or leave the US, or allowed to exercise their right to travel by common carrier, which are already based on pre-crime profiling, into a system of continuous pre-crime policing under which DHS pre-cogs can assign extrajudicial adverse consequences at any time, not just when individuals are attempting to engage in specific controlled actions.

While the DHS has made its intent clear, it has provided few details about who would be subjected to this “vetting”, what data would be used as inputs to the pre-crime prediction system, what algorithms would be used to make predictions, or what procedures would be followed in assigning consequences. More of this information has been provided in “Industry Day” briefings to private contractors to which these extraducial functions would be outsourced than to the public.

In November 2017, we joined dozens of other organizations in a letter to the Secretary of Homeland Security opposing and requesting more information about this program.

The response to our letter was a cursory brush-off providing no further information.

So this month, as part of a coalition led by Muslim Advocates, we filed a request under the Freedom of Information Act (FOIA) for more information about these DHS programs, including infomation about outsourcing of “vetting” to private conteractors and about DHS monitoring of social media.

We requested expedited processing of our request, but we don’t expect a prompt response. The DHS has a dismal track record of noncompliance with FOIA deadlines. But we hope that this request will eventually help us learn more about DHS surveillance and control of immigrants, foreigners, and travelers, including which companies are building the infrastructure of this police state.

Feb 16 2018

Will “continuous vetting” include new demands for travel information?

Congress is currently considering multiple “immigration” bills containing provisions for “continuous screening” or “continuous vetting” of foreign residents, visitors, and would-be visitors to the US. As we have noted previuosly, “continuous screening” and “continuous vetting” are euphemisms for “continuous surveillance and control”.

These so-called “immigration” bills would not be limited to foreigners. Many of them would include US citizens exercising our right to leave our country, and to return, in pre-crime travel surveillance and control schemes.

One question that has been raised about some of these proposals is (1) whether they would require airlines to provide the DHS with additional informaiton about  air travelers, or require information about potential passengers to be provided further in advance of scheduled flights, and (2) if so, whether this would violate the US “agreement” with the European Union regarding US government use of PNR data obtained from airlines.

Here’s some background, and some analysis, of what “continuous vetting” might mean for US government use of data from airlines, and for the US agreement with the EU:

Read More