Papers, Please!

The Identity Project

Category Archives: Freedom To Travel

Oct 20 2016

DHS continues to threaten states that resist the REAL-ID Act

[Status of REAL-ID compliance as of October 17, 2016 (Source: AAMVA.org)]

Last week the Department of Homeland Security denied requests by five states for “extensions” of time to comply with the REAL-ID Act of 2005. The DHS denials of requests for extensions were accompanied by renewed threats of  restrictions on residents of those states: “Starting January 30, 2017, federal agencies and nuclear power plants may not accept for official purposes driver’s licenses and state IDs from a noncompliant state/territory without an extension,” said DHS spokesman Aaron Rodriguez in a statement.

Does this mean that a deadline is approaching? That every state except these five has “complied” with the REAL-ID Act? That these “holdouts” have no choice but to comply? That the sky will fall on these states, or their residents, if they don’t?

No, no, no, and no.

As we told the Washington Times:

Not everyone thinks states will, or should, be swayed by the federal government’s determination.

“These are not states that stand out because they are less compliant,” said Edward Hasbrouck, a spokesman for the privacy advocacy group The Identity Project.

He says Homeland Security is arbitrarily enforcing aspects of the Real ID Act by deeming states compliant even when they have not met every requirement, noting specifically few “compliant” states have met the requirement that they provide access to information contained in their motor vehicle database via electronic access to all other states.

“It’s a game of chicken, it’s a game of intimidation, and very little of it has to do with actual requirements or actual deadlines,” Mr. Hasbrouck said.

If Homeland Security, which repeatedly has pushed back compliance deadlines for Real ID, does go through with the commercial airline restrictions in 2018, Mr. Hasbrouck said he expects grounded passengers would eventually bring litigation challenging the law.

Let’s look at some of the questions skeptical citizens and state legislators ought to be asking about these DHS scare tactics:

    • How many states have complied with the REAL-ID Act? Noncompliant states are neither alone nor isolated. According to the Washington Times, “Homeland Security reports that 23 states and Washington, D.C., have met enough of the Real ID standards to be deemed in compliance with the law.” In fact, as we’ve reported previously and as we noted in the comments above, the most significant component of compliance with the REAL-ID Act is participation in the national ID database (the one the DHS keeps claiming doesn’t exist). That database, called SPEXS, is operated by a subcontractor to the American Association of Motor Vehicle Administrators (AAMVA) as a component of its S2S system. When last we checked, in February of this year, only 4 of 55 US jurisdictions (states, the District of Columbia, and US territories) had connected their state drivers license and ID databases to S2S. With the addition of the latest two states this month, the total of states participating in S2S is up to nine, as shown on the AAMVA map at the top of this article. We don’t know whether all nine of those states have implemented all the other requirements of the REAL-ID Act. But we do know that no state not participating in S2S is in compliance. So at most nine states are in compliance with the REAL-ID Act. The vast majority of jurisdictions are noncompliant. And at this rate, it will take many years, if it ever happens at all, for the DHS to whip the rest of them into line.

 

    • When is the deadline for states to comply with the REAL-ID Act? There is no deadline for compliance in the law itself. The DHS could set deadlines by promulgating regulations, but it could also change them in the same way, at any time, for any reason. In practice, the current DHS threats aren’t event based on DHS regulations, but on dates specified solely in DHS press releases and changeable at DHS whim.

 

    • What is required for DHS certification of material compliance or progress toward compliance by individual states? There are no criteria in the law. The law leaves this up to the “discretion” of the DHS, which in practice means that it can be standardless, secret, and arbitrary. DHS choices of which states to threaten are political and tactical choices about which states the DHS thinks it can intimidate, and in which order. They aren’t based, or required to be based,  on any actual measurement, checklist, or relative degree of compliance.

 

  • What will happen, and when will it happen, to residents of states that don’t comply sufficiently or quickly enough? Probably nothing. What the DHS will try to do, and when, is once again totally up to its discretion. There are no deadlines in the law. But as our analysis and the responses to our FOIA requests have shown, the threat to deny access to Federal facilities is a red herring.  Most workers at these facilities, for example, already have Federally-issued employee IDs, and don’t rely on state-issued IDs for entry. Members of the public generally enter these facilities to exercise various of their rights, which the DHS recognizes they have a right to do without any ID. If the DHS changes its tune, and tries to interfere with those rights, what the DHS can get away with will be determined by Federal judges in the inevitable lawsuits brought by residents of disfavored states (hopefully with the support of state governments) whose rights are interfered with on the basis of the REAL-ID Act.
Oct 14 2016

CDC proposes martial law in the guise of “medical quarantine”

In the guise of a proposal for “medical quarantine“, the U.S. Centers for Disease Control and Prevention (CDC) have proposed regulations that would give CDC employees sweeping martial-law powers of warrantless search, interrogation, tracking of movements, arrest, and extrajudicial mass detention (at the detainees’ own expense!) of individuals or entire groups of unlimited numbers of people for unlimited periods of time.

The proposal revives a dormant decade-old rulemaking initiated after the 2001 and 2005 anthrax scares in Washington, DC. But rather than finalizing the rules proposed (and widely criticized) in 2005, or responding to the comments submitted back then in response to the original proposal, the CDC has published a new and different but perhaps even more objectionable replacement proposal.  It’s unclear why this is happening now, but it seems likely that the CDC feels a political necessity to be seen as “doing something” to prepare for the possibility of another outbreak of Ebola virus disease.

As we say in comments we filed today with the CDC:

The NPRM [Notice of Proposed Rulemaking] describes the proposed rules as a medical quarantine program. But they go far beyond what is medically indicated, authorized by statute, or permitted by the Constitution.

The CDC’s proposal completely ignores existing medical and legal procedures for involuntary commitment of individuals determined to constitute a danger to themselves or others. Instead, the proposed rules include:

  1.  indefinite extrajudicial mass detention without due process,
  2. compelled responses by travelers to extrajudicial interrogation concerning their exercise of First Amendment rights including rights of movement and assembly, regardless of whether there is any current outbreak of any communicable disease, much less whether there is any basis for belief that any specific traveler subjected to this interrogation is infected with such a disease; and
  3. charging innocent detainees for the costs of their detention.

These misguided, unauthorized, and unconstitutional proposals should be withdrawn.

[Details: Complete comments of the Identity Project, all 13,000+ public comments on the CDC proposal.]

Oct 03 2016

How the DEA uses travel company spies to confiscate travelers’ cash

A report by the Office of the Inspector General (OIJ) of the U.S. Department of Justice (DOJ) sheds more light on how the Drug Enforcement Agency (DEA) pays workers for airlines, Amtrak, bus companies, and package delivery services to spy on their customers, troll through reservation and shipping records, and finger travelers and senders and recipients of packages to the DEA in exchange for a share of the cash which can be seized and “forfeited” to the government even if no drugs are found and no criminal charges are brought.

This practice was first reported in August 2016 by Brad Heath in USA  Today, based on case-by-case review of court filings describing the basis for DEA searches that led to “civil forfeiture” proceedings. And the DOJ OIG had released brief interim summaries of its investigations into DEA relationships with one Amtrak employee and one TSA employee who were paid to inform on travelers.

The new OIG report released last week provides much more detail about the scope of the DEA’s use of travel and transportation staff as paid “confidential sources” to target travelers and parcels for cash seizures on the basis of travel reservations and shipping records. The OIG found that the DEA is paying employees of Amtrak, airlines, bus companies, and other transportation companies millions of dollars for individual tips and copies of entire passenger manifests:

[DEA] Special Agents have various ways of receiving these “tips,” but generally receive the information on a daily basis via email or text message, some of which are sent to government accounts and others to non-government private accounts that are established and controlled by the Special Agents. Additionally, we found that although some Special Agents estimated receiving up to 20 “tips,” or passenger itineraries, per day from their… commercial airline confidential sources, the DEA does not maintain a record of receipt of the totality of the confidential source “tips.”….

[S]ome Agents requested that sources provide them with suspicious travel itineraries that met criteria defined by the Agents, and in some cases requested entire passenger manifests almost daily….

Read More

Sep 27 2016

Proposed laws would expand travel controls from airlines to passenger railroads

Legislation has been introduced in both the USA and Belgium to subject rail travelers to the same sorts of travel surveillance schemes that are already being used to monitor and control air travelers.

If these proposals are enacted into law, passenger railroads would be required to collect and enter additional information such as passport or ID numbers and dates of birth (not currently required or routinely included in US or European train reservations) in Passenger Name Records (PNRs), and transmit rail travel itineraries and identifying information about passengers to the government, in advance.

As is already the case for all airline travel in the USA, including domestic travel, railroads would be forbidden to allow any passenger to board unless and until the railroad receives an explicit, affirmative, individualized, per-passenger, per-flight permission-to-board message (“Boarding Pass Printing Result”) from the government.

In both the USA and Belgium, the proposed legislation would create legal conflicts with civil liberties and human rights, and practical conflicts with railroad business processes and IT capabilities.

Read More

Aug 29 2016

Restriction of movement is a punishment like banishment

A Federal Court of Appeals has found that the latest version  of Michigan’s “Sex Offender Registration Act” (SORA), including restrictions on where registrants can live, work, or “loiter”, constitutes a form of punishment intended to inflict pain or unpleasant consequences. “More specifically, SORA resembles, in some respects at least, the ancient punishment of banishment,” according to the 6th Circuit Court of Appeals.

Both Federal and state governments have enacted a variety of misleadingly misnamed “sex offender registration” laws.

Despite being labeled as applying to “offenders”, these laws typically apply also to ex-offenders who have completed their entire sentence of incarceration, parole, and /or probation. These ex-offenders are subject to few legal restrictions except those of the “sex offender registration” laws and the no-gun list.

And while they are described as “registration” laws, these laws almost invariably require more than mere registration.  This parallels the government’s typical euphemistic use of the term “watchlists” for what are, in fact, blacklists or blocklists.

“Registration” laws typically restrict and regulate the exercise of First Amendment rights and rights recognized by international human rights law, including the rights to freedom of speech and freedom of movement, of people who are required to register.  In several states, these laws restrict free speech by prohibiting use of unregistered Internet access accounts or “identifiers” (whatever that means) by ex-offenders who are subject to these laws.  In a growing number of states, these laws restrict freedom of movement and residence by prohibiting registrants from living or working within a specified distance of any school — a distance which, in a populated area with neighborhood schools, can prohibit registrants from legally living anywhere in a municipality or community, or force them to live in wilderness or wasteland encampments without water, sewer, or electric service in order to stay far enough away from any school.

As we have reported, a Federal District Court judge has issued a preliminary injunction prohibiting California from enforcing its requirement for registration of Internet service accounts and identifiers, and that injunction has been upheld by the 9th Circuit Court of Appeals. The lawsuit challenging the California law drags on, however, while the court keeps giving the state more time for its legislature to try to “fix” the law to make it Constitutional.

But in contrast to this judicial rejection of some “registration” laws that restrict ex-offenders’ free speech on the Internet, courts have upheld restrictions on registrants’ residency, employment, and movement against a variety of challenges. So we were especially pleased that last week’s opinion by the 6th Circuit  in Does v. Snyder recognizes that both the restrictions on movement and those on Internet speech in the Michigan SORA amount to “punishment”:

SORA resembles, in some respects at least, the ancient punishment of banishment. True, it does not prohibit the registrant from setting foot in the school zones…  But its geographical restrictions are nevertheless very burdensome, especially in densely populated areas. Consider, for example, this map of Grand Rapids, Michigan, prepared by one of Plaintiff’s expert witnesses:

GRR

Sex Offenders are forced to tailor much of their lives around these school zones, and, as the record demonstrates, they often have great difficulty in finding a place where they may legally live or work. Some jobs that require traveling from jobsite to jobsite are rendered basically unavailable since work will surely take place within a school zone at some point.

The John and Mary Doe plaintiffs in the Michigan lawsuit were convicted before the SORA law was enacted. The court found that, because the law imposed imposed retroactive “punishment” on the plaintiff, it was an unconstitutional ex post facto law as applied to the plaintiffs:

We conclude that Michigan’s SORA imposes punishment. And while many (certainly not all) sex offenses involve abominable, almost unspeakable, conduct that deserves severe legal penalties, punishment may never be retroactively imposed or increased…. As the founders rightly perceived, as dangerous as it may be not to punish someone, it is far more dangerous to permit the government under guise of civil regulation to punish people without prior notice. Such lawmaking has “been, in all ages, [a] favorite and most formidable instrument[] of tyranny.” The Federalist No. 84, supra at 444 (Alexander Hamilton)…. The retroactive application of SORA’s 2006 and 2011 amendments to Plaintiffs is unconstitutional, and it must therefore cease.

The court didn’t reach the question of whether the law would be Constitutional as applied to people convicted after its enactment, but did express strong doubts about how it would rule in such a case:

As we have explained, this case involves far more than an Ex Post Facto challenge. And as the district court’s detailed opinions make evident, Plaintiffs’ arguments on these other issues are far from frivolous and involve matters of great public importance. These questions, however, will have to wait for another day because none of the contested provisions may now be applied to the plaintiffs in this lawsuit, and anything we would say on those other matters would be dicta. We therefore reverse the district court’s decision that SORA is not an Ex Post Facto law and remand for entry of judgment consistent with this opinion.

 

Aug 22 2016

Wanna be Facebook friends with U.S. Customs & Border Protection?

Today we submitted formal comments to U.S. Customs and Border Protection objecting to its proposal to start asking visitors to the USA to list all their “social media identifiers”. USCBP (a division of the Department of Homeland Security) proposes to add this question to the I-94W form for international visitors arriving in the U.S., and to the online ESTA (Electronic System for Travel Authorization) application form for vistors form countries in the U.S. Visa Waiver Program:

Please enter information associated with your online presence—Provider/Platform—Social media identifier.” It will be an optional data field to request social media identifiers to be used for vetting purposes, as well as applicant contact information. Collecting social media data will enhance the existing investigative process and provide DHS greater clarity and visibility to possible nefarious activity and connections by providing an additional tool set which analysts and investigators may use to better analyze and investigate the case.

We’ve previously argued that the entire ESTA scheme is an illegal de facto visa requirement that violates the rights of foreign visitors to the U.S. But this proposal would make it even worse.  Hundreds of individuals and more than two dozen organizations have already denounced this proposal. You can submit your own comments here until midnight tonight, Eastern time. If you agree with us that this is a terrible idea, feel free to endorse our comments or use them as a template:

We oppose this absurd and un-American questioning of foreign visitors to the U.S., and urge USCBP to withdraw this proposal.

Both freedom of speech and freedom of movement (“the right of the people… peaceably to assemble”) are recognized by the First Amendment to the U.S. Constitution. These rights are also recognized in Article 12 (freedom of movement) and Article 19 (freedom of expression) of the International Covenant on Civil and Political Rights (ICCPR), a treaty ratified by, and binding on, the U.S. In addition, Article 17 of the ICCPR recognizes a right to protection against “arbitrary or unlawful interference with … privacy … or correspondence.”…

The essence of human rights law is that these rights are recognized as universal rights to which all people are entitled regardless of their citizenship or nationality (if any). This proposal … treats foreign visitors to the U.S. as lacking these human rights, and thus implicitly as less than human… This would reinforce the impression around the world that the U.S. does not believe in or respect human rights, but regards these universal human rights as “privileges” granted by the government and enjoyed only by U.S. citizens. We do not want to live under such a government or in such a world…

Read More

Jul 05 2016

How travel restrictions turn refugees into criminals

It’s not a crime to flee from persecution, to try to get to a place of refuge, or to apply for asylum once you get there.

The case of a man who walked 30 miles from France to England through the tunnel under the Channel shows how wrong-headed restrictions on airlines, railroads, ferry operators, and other common carriers turn righteous refugees into common criminals in the eyes of the law.

Thousands of refugees seeking to get to the UK to apply for asylum have congregated in squatter camps and tent cities around the mouth of the Chunnel in Calais, France. Every night, hundreds of them try to get over, under, or through the barricades around the rail yard, and hide on freight trains bound for what they hope will be freedom and asylum on the other side of the Channel.  Most of them are stopped at the barriers, and most of those few people who make it into the tunnel, whether on foot or hidden in or on trains, are crushed by high-speed trains, electrocuted on the live wires that power the electric trains, or suffocated in enclosed containers.

Abdul Rahman Haroun was one of the few lucky ones, perhaps the first, to make it alive, in August of last year, through the Chunnel to England — where he was arrested on arrival and charged under the UK “Malicious Damage Act” with criminal interference with trains.

When he arrived in the UK and was arrested, Mr. Haroun applied for asylum. UK authorities eventually determined that he had a well-founded fear of persecution in Sudan, from which country he had fled, and granted him asylum and the right to remain in the U.K.

But he was still prosecuted on criminal charges and spent four months behind bars for walking through the Chunnel to get to the UK.

Why didn’t Mr. Haroun take a train, plane, or ferry? Because that was prohibited by UK law — even for refugees who are legally entitled to asylum in the UK.

Even while it has been part of the European Union, the UK has never been a party to the Schengen Treaty, under which most border checkpoints and controls on movement within the Schengen Zone have been eliminated. UK immigration officers (like the US “pre-clearance” officers at airports in Canada) check the passports and visas of all Eurostar passengers in France or Belgium before they are allowed to board UK-bound trains.

As for travel by air or sea, airlines and ferry operators are subject to a fine of 2,000 pounds (about US$3,000) for each passenger they transport to the UK from any other country who is later found to be inadmissible or who lacks the documents “required” for admission, whatever that means. Carriers are fined millions of pounds a year for violating this law. These carrier sanctions create, as they are intended to do, a compelling financial incentive for carriers to err on the side of denial of transportation (for which there is, in practice, no judicial review and no sanction) in case of any doubt about admissibility to the UK.

It’s impossible to request asylum in the UK, or to obtain a definitive ruling as to whether such a request will be approved, until after one arrives in the UK. There is no document that would prove, before one arrives in the UK, that one will be granted asylum and allowed to maintain. There is no possible way to satisfy the demand of an immigration officer or airline check-in clerk for documents “proving” that one is entitled to asylum in the UK  No such documents exist.

In other words, it’s illegal for a legitimate refugee qualified for asylum and right of permanent residency in the UK to board any type of common carrier that might provide transportation to the UK. Unless a refugee has their own boat to cross the Channel to the UK, or can get to the Irish Republic and then walk across the land border into Northern Ireland, the only legal way to get to the UK as a place of refuge from persecution is to swim across the English Channel or walk through the tunnel under the Channel.

It should be no surprise that some people in this situation choose to try to dodge the trains through the Chunnel as the best of a bad lot of choices. This is the choice forced on them by laws that deny them access to any mode of common carrier and leave them no legal route to asylum.

Should this be a crime, especially when they are found to be qualified for asylum and entitled to remain in the UK? Of course not.

If the UK doesn’t want people trying to walk through the Chunnel, the obvious solution is to stop denying asylum-seekers access to safe and legal transport by common carrier.

Lest we be accused of unfair criticism of the UK, we should make clear that the same is true of the US, which has a similar law (8 USC 1322) imposing a similar penalty of US$3,000 per passenger on any person or company that transports anyone whose asylum application is later denied.

As we pointed out last year to the UN Office of the High Commissioner for Human Rights:

Many eligible asylum seekers could afford to purchase airline tickets or tickets on other common carriers (ferries, trains, buses, etc.) to travel to countries where, on arrival, they would be eligible for asylum. They risk their lives… and some of them die, not for financial reasons, but because airlines or other government-licensed common carriers improperly refuse to sell them tickets or deny them boarding.

No documents are or can be required of refugees, who have often lost any papers, documents, or other possessions in the course of their flight from persecution. Carriers should be required to carry all fare-paying passengers, not sanctioned for fulfilling their duties as common carriers.

Jun 09 2016

How does the TSA decide if you are who you say you are?

An ongoing trickle of still-incomplete responses by the TSA to a Freedom Of Information Act (FOIA) request we made in June 2013 continues to shed more light on the TSA’s procedures for air travelers who don’t have ID credentials the TSA deems satisfactory.

It’s difficult to compile statistics from files in the image format in which the TSA has released them, but we can make some anecdotal observations about what happens to people who try to fly without “acceptable” ID. Read More

Apr 20 2016

EU mandates US-style pre-crime profiling of air travelers

The European Parliament has approved (press release, breakdown of votes, text as adopted) a directive requiring each “member state” (country) in the European Union to:

  • Establish or designate a new travel surveillance and control agency (“Passenger Information Unit”),
  • Require all airlines operating flights to or from places outside the EU to transmit complete copies of Passenger Name Records (PNRs) for all passengers to the government, and
  • Pass on any of this PNR data to any other EU member state on request.

The directive essentially commits the EU to join the US in “pre-crime” predictive mass surveillance and profiling of all air travelers.  Not surprisingly, the vote by the European Parliament was welcomed by leading US advocates for the globalization of pre-crime travel policing, including former DHS Assistant Secretary for Policy Stewart Baker (previously general counsel of the NSA)  and Deputy Assistant Secretary for Policy Paul Rosenzweig.  Baker and Rozenzweig were responsible for DHS negotiating strategy with the EU on the PNR issue during the time when their boss, DHS Secretary Michael Chertoff, was lying repeatedly to the European Parliament about the state of both US and international law relating to PNR data.

Meanwhile, as reported elsewhere, the commercial data architecture for handling PNR data remains fundamentally insecure.

What will happen next?

The proposed directive must still be approved by the European Council (the national governments of the member states), but that approval seems assured.

The EU directive is not “self-effectuating”. Each EU member state is required to “transpose” the directive into national law within two years.

The directive can be, and probably will be, challenged in the European Court of Justice as violating human rights recognized by EU and international law.  Implementing legislation can be, and probably will be in at least some countries, challenged in national courts as violating national Constitutional rights.

Now that the US has gotten the EU on board, the US is likely to increase its pressure on other countries and international organizations — primarily ICAO — to globalize the shift from targeted investigation and arrest of suspects to mass surveillance and predictive pre-crime profiling of travelers.

Airlines are likely to find it inconvenient and expensive to deal with 28 different EU Passenger Information Units with potentially different data content and format demands, in addition to the travel dataveillance regimes already in effect in the USA, Canada, Australia, and other countries. Airlines and the travel industry are thus likely to support US efforts to get ICAO to approve a global “security standard” requiring airlines to share PNR data in a standard format with all governments of countries served by their flights.

Apr 12 2016

What’s at stake in the EU PNR debate?

pnr

This week the European Parliament is scheduled to debate (Wednesday) and vote (Thursday) on  a resolution (PDF) to approve, with amendments, a proposed compromise on a directive “on the use of Passenger Name Record [PNR] data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime.”

What does this mean, why does it matter, and why should this proposal be rejected?

To answer this question requires understanding (1) what PNRs are, (2) how PNRs and other travel data are already being used by European governments,  (3) how this would change if the proposed EU PNR directive is approved, and (4) why and how the provisions in the proposed directive that are supposed to protect individuals’ rights would be ineffective. Read More