Freedom To Travel – Page 22

Feb 24 2015

Must we choose between the right to travel and the right to remain silent?

When US citizen Jonathan Corbett checked in at Heathrow Airport in London for an American Airlines flight to New York last December, he was questioned by an airline employee or contractor (it’s often impossible to tell which are which) about his travel outside the US:

When questions changed from, “Where are you flying?” to “Was your trip for personal or business purposes,” and “Where were you since you left America,” I asked if the questions were necessary, and was told yes.

Mr. Corbett was eventually allowed to board his flight without answering these questions. But he followed up first with the airline, which referred him to the TSA, and then with the TSA itself.

Both AA and the TSA said that the questioning is part of a TSA-mandated “security program”. While AA and the TSA both claimed that most details of this program are secret, the TSA “Office of Global Strategies Communications Desk” (OGSCommunications@tsa.dhs.gov) told Mr. Corbett that answering the questions is a condition of boarding a flight to the US:

As part of its Transportation Security Administration (TSA)-approved security program, American Airlines is required to conduct a security interview of passengers prior to departure to the United States… If a passenger declines the security inteview, American Airlines will deny the passenger boarding. The contents of the security program and the security interview are considered Sensitive Security Information (SSI) … and its contents are not for public disclosure. Any security procedure performed by the airline would be because of a requirement in their program.

Yesterday, Mr. Corbett filed suit against the TSA in both the U.S. District Court for the Eastern District of New York (which has jurisdiction over Kennedy Airport in Queens, where his flight arrived in the US) and in the 11th Circuit Court of Appeals (which has jurisdiction over Florida, where Mr. Corbett resides). Perverse judicial precedents including those in Mr. Corbett’s own previous lawsuits require most lawsuits against TSA practices to be filed simultaneously in both District and Circuit Courts, to avoid a risk of being dismissed on jurisdictional grounds.

Mr. Corbett’s lawsuit directly challenges the requirement for a traveler to answer questions (i.e. to waive his or her Firth Amendment right to remain silent) as a condition of the exercise of the rifght to travel, specifically the right of a US citizen to return to the US.

Feb 23 2015

REAL-ID Act implementation, enforcement, and resistance

Is gradual implementation of the REAL-ID Act cooking us slowly, like frogs who, if the temperature of the water is increased gradually enough, don’t realize that they need to jump out of the pot until it’s too late?

Last month was another of the deadlines set by the Department of Homeland Security for “implementation” and “enforcement” of the REAL-ID Act. That also makes it time for stepped-up resistance to REAL-ID.

Understanding the meaning of this deadline, and the remaining deadlines to come, requires some background. Below is an overview of what the REAL-ID Act is, how and by whom it will be implemented and enforced, what it means to “comply” with the REAL-ID Act, what we can expect to happen next, and — perphaps most importantly — what we can do, now, to resist it.

[See this 15-minute video for an introduction to the REAL-ID Act, and the REAL-ID category in this blog for more recent updates.]

The REAL-ID Act of 2005 is a Federal law intended to mandate the creation of a distributed but integrated national database of personal identity records (including birth certificates or alternative “breeder documents” [sic]) linked to state-issued identity credentials. The REAL-ID Act also includes Federal standards for the physical ID cards, including drivers’ licenses or alternative non-driver ID cards, issued by US states and territories. But the real focus is on the database: what data will be included and how it will be normalized and made accessible through a single user query interface.

The Federal government can, and often does, bribe states with Federal funding to do things the way the Feds want. But the REAL-ID Act didn’t include funding for state-level implementation, and was based (like many other DHS programs, such as its multi-billion dollar mandates for modifications to airline IT systems to support surveillance and control of air travelers) on gross underestimates of its cost. In any event, some states strongly opposed the whole idea of a national ID scheme, and would probably have declined to participate even if the Feds had been willing to foot the bill.

The states already manage the issuance of drivers’ licenses and non-driver ID cards, which are most US citizens’ primary government-issued identity credentials. Setting up a Federally-administered ID credential system would have been vastly more expensive and politically controversial than leaving it to the states.

So the problem for the architects of “REAL-ID” was how to induce all the states and territories to “comply” with goals and standards that would neither be officially binding on the states, nor financed by the Feds.

The workaround for indirect coercion of state governments was to threaten Federal sanctions against individual residents of states that don’t comply with the REAL-ID Act. The sponsors of REAL-ID hoped that these threats would scare voters into lobbying their state legislators’ to bring their states into line with the Feds’ desires.

The REAL-ID Act doesn’t officially “require” states or individuals to do anything. Its “enforcement” mechanism is a prohibition on acceptance for “Federal purposes” of drivers’ licenses or other ID credentials issued by states or territories that don’t comply with the requirements in the Federal law and the implementing regulations issued by the DHS.

There was still a problem for the DHS and the other backers of REAL-ID, however: How to make the threat of sanctions against residents of “noncompliant” states sufficiently harsh and sufficiently credible to get them to pressure their state governments to comply, without catalyzing a mass movement of grassroots resistance by outraged victims (or potential victims, or their supporters) of those sanctions.

The strategy adopted by the DHS has been to phase in the sanctions very gradually, over a period of many years, starting with those which would have the least significant consequences. The problem for the DHS is that those threats which are most intimidating are those which would be most likely to provoke blowback against the Feds, and lead to more pressure on Congress to repeal the REAL-ID Act. The result has been a decade-long game of chicken between the DHS and reluctant or resistant state governments.

The DHS won’t (and politically can’t) admit the possibility that states won’t kowtow to its demands. State legislators can’t believe that the DHS would really be able to get away with denying access to Federally-controlled facilities and programs (more on that below) to all residents of noncompliant states, as well as residents of compliant states who are unable and/or unwilling to satisfy the documentary prerequisites for issuance of a REAL-ID compliant ID card.

When states haven’t complied — because they didn’t want to, or because they couldnt’t afford to, or because it was taking longer than expected to develop the infrastructure for the distributed database — the DHS postponed the deadlines.

It’s been a decade since the REAL-ID act of 2005 was enacted, and most residents of “noncompliant” states have yet to be subjected to any Federal consequences for not having a REAL-ID card. The criterion for “compliance” is political obeisance and stated or inferred intent, not action. All states that said they intended eventually to comply were deemed to be “compliant”, and given extensions of time to get with the program in practice. Even some states which enacted state laws prohibiting state agencies from implementing REAL-ID procedures have been “certified” by the DHS to be in “constructive compliance” with the required intent to comply.

Is this DHS certiification wishful thinking? What will these states do as the deadlines approach? That remains to be seen, and depends primarily on what individual residents of those states do.

Feb 06 2015

Feds aggregating license-plate scans to track vehicles and people in real time

We’ve talked a lot about government surveillance and control of air travelers, and occasionally about its extension to bus and train travel. (Our FOIA request about this to Amtrak remains unanswered and several months overdue for a response.)

But can you avoid being tracked and watched by the government if you travel by private car? No:

A year ago, when the Department of Homeland Security cancelled a request for bids from commercial vendors to supply vehicle location logs compiled from automated (optical character recognition) license-plate readers, we pointed out that the DHS didn’t need to buy this information from commercial data aggregators, since it already had it available from government sources. In fact, as we noted then, the DHS had already given official notice of the inclusion of license-plate location logs in DHS databases about both US and foreign citizens (while claiming that a license plate number isn’t a “personal identifier”).

New documents released to the ACLU in response to FOIA requests and reported by the Wall Street Journal (paywalled article; NPR interview with the WSJ reporter on the story) confirm our suspicions: As early as 2009, a “National LPR Initiative” was compiling data from license-plate readers operated by the DHS and other Federal, state, and local government agencies to track both vehicles and their occupants in real time. (More background and additional documents from the ACLU’s previous FOIA requests regarding license-plate readers; related documents released to EPIC and to EFF.)

Many of the Federal government’s license-plate readers are operated by the Customs and Border Protection (CBP) division of the DHS, under its assertion of authority to conduct unlimited “border” searches anywhere within 100 miles of a US land border or seacoast. But the master database is being compiled and maintained by the Drug Enforcement Agency (DEA), and used primarily to intercept domestic commerce in drugs and to target vehicles, cash, and other property that can be seized under “civil forfeiture” laws.

This isn’t, of course, the first time we’ve seen CBP’s assertion of a “Constitution-free zone” in coastal and border regions where the majority of the US population lives misused as the basis for surveillance of, and interference with, domestic travel. Sadly, we don’t expect that this will be the last such instance, either.

Feb 05 2015

TSA supervisor perjured himself to justify false arrest by Philly police

A Federal civil rights lawsuit recently filed in Philadephia describes a pattern of facts that combine the worst aspects of several previous incidents of TSA and local police collaboration in mistreatment of insufficiently subservient travelers.

Roger Vanderklok was falsely arrested at a TSA checkpoint at the PHL airport on January 26, 2013, “Because a TSA Supervisor did not like something Mr. Vanderklok said to him and because Philadelphia Police personnel failed to perform their duties and arrested him without probable cause.”

Mr. Vanderklok was on his way to Miami to run in a marathon, and had some “Power Bars” (essentially a cross between candy bars and granola bars marketed to athletes), in their original sealed and labeled packaging, and a sports watch with a heart rate sensor in his carry-on luggage.

Mr. Vanderklok has described the circumstances of his arrest in the complaint initiating his Federal lawsuit, and in interviews with the Philadelphia Daily News and the Associated Press.

You don’t have to take Mr. Vanderklok’s word for what happened, or for whether the TSA testified truthfully against him. You can judge for yourself. Compare the airport and/or TSA video included in this television news report (showing Mr. Vanderklok standing peacefully with his hands clasped in front of himself, at belt level, around his laptop computer) with the lies in the TSA supervisor’s testimony at Mr. Vanderklok’s trial, as reported in Mr. Vanderklok’s Federal complaint:

Under oath in Municipal Court, the TSA supervisor testified that his attention was directed to Mr. Vanderklok when Mr. Vanderklok became “irate” and started angrily waving his arms and hands in the air. The TSA supervisor demonstrated this for the Court. The TSA supervisor testified that he approached Mr. Vander clock, who eventually stated: “Let me tell you something — I’ll bring a bomb through here any day that I want … you’ll never find it.”…

The TSA supervisor testified that “the passenger [Mr. Vanderklok] put his finger in my face.” He went on to demonstrate for the court. He testified that Mr. Vanderklok’s finger came within six to eight inches of his face. He testified that Mr. Vanderklok moved his finger towards and away from his face approximately six times.

It’s clear from the video that Mr. Vanderklok made no such movements or gestures. It’s also clear that the Philadelphia police took him into custody as soon as they arrived, without further ado.

Needless to say, this TSA perjury to try to justify the unlawful arrest of a disfavored traveler reminds us of the (equally unsuccessful, fortunately) frame-up of Phil Mocek by Albuquerque police and TSA staff, just as Mr. Vanderklok’s Federal lawsuit reminds us of Mr. Mocek’s ongoing lawsuit against the ABQ police and TSA. (Oral argument on Mr. Mocek’s appeal is scheduled for March 17th in Denver.)

Feb 04 2015

Hearing March 17th in Denver on “Freedom Flyer” Phil Mocek’s appeal

Oral arguments on “Freedom Flyer” Phil Mocek’s appeal of the dismissal of his Federal civil rights lawsuit against the TSA employees and Albuquerque police responsible for falsely arresting him at a TSA checkpoint at the Albuquerque airport in 2009 have been scheduled for Tuesday, March 17th, in Denver, Colorado.

The 10th Circuit Court of Appeals hearing will be (sort of) open to the public, with caveats as discussed below.

Mr. Mocek was arrested — valid boarding pass in hand — in retaliation for trying to exercise his First Amendment rights to (a) travel by licensed interstate common carrier and (b) film and record what happened when he tried to fly without having government-issued ID credentials in his possession.

Despite the inept efforts of the police to destroy the evidence against themselves (Mr. Mocek’s audio and video recording of his false arrest, which he was able to recover) and their equally inept efforts to lie about what had happened in their written reports and in their testimony at Mr. Mocek’s criminal trial, Mr. Mocek was acquitted by an Albuquerque jury on January 21, 2011, of all of the charges that were trumped up after the fact to try to justify his arrest.

On November 14, 2011, Mr., Mocek sued the TSA, the city of Albuquerque and its police, and the individual TSA employees and police officers responsible for depriving him of his civil rights.

In pre-trial rulings on January 24, 2013 and February 28, 2014, a Federal District Court judge in Albuquerque dismissed all of Mr. Mocek’s complaints against the various Federal government, local government, and individual defendants on the grounds that:

The TSA and its employees were not responsible for what happened to Mr. Mocek after they called the police. The TSA swears that its checkpoint staff have no authority to arrest anyone or tell the police to do so. But this issue is now the subject of an explicitly acknowledged dispute between the 4th Circuit (“It is an undoubtedly natural consequence of reporting a person to the police that the person will be arrested; especially in the scenario we have here, where TSA and [airport] police act in close concert”) and the 3rd Circuit (“[I]t seems just as likely that police officers who are summoned by TSA Officials would use their own independent discretion to determine whether there are sufficient grounds to take someone into custody”).
The defendants all had “qualified immunity” from liability because the First Amendment right to film and record the actions of the TSA and police at a checkpoint for passengers passing through a publicly-owned and operated airport en route to flights operated by Federally-licensed interstate common carriers was either nonexistent or not “clearly established”. This makes a mockery, of course, not just of the First Amendment itself but of the entire body of “Freedom Rider” case law concerning the First Amendment rights of interstate common-carrier (bus) passengers passing thrrough publicly and even at privately-owned and operated terminal and transit facilities.
The arrest of Mr. Mocek was permissible because the police “had reasonable suspicion to demand that Mocek produce identifying documents, and, upon his failure to comply, probable cause for his arrest.” This claim fundamentally misconstrues both New Mexico law on ID and key aspects of the Supreme Court’s decision in Hiibel v. 6th Judicial District Court.

Mr. Mocek then appealed to the U.S. Court of Appeals for the 10th Circuit. Written briefs were filed by Mr. Mocek (Appellent/Petitioner) and the original defendants (Appellees/Respondents):

Oral argument before a three-judge panel of the 10th Circuit Court of Appeals is scheduled for Tuesday, March 17, 2015, beginning at 9 a.m., in Courtroom 2 of the Byron White U.S. Courthouse, 1823 Stout St., Denver, CO. Oral argument will probably last no more than an hour, but there are five cases on the same 9 a.m. argument calendar, so people planning to attend should probably allow the whole morning.

“Identification” is required to enter the courthouse, but there don’t appear to be any published rules as to what constitutes sufficient ID. According to Local Rule 57.4 (”Security”):

On request of a United States marshal, court security officer, federal protective service officer, or court official, anyone within or seeking entry to any court building shall produce identification and state the nature of his or her business. Failure to provide identification or information shall be grounds for removal or exclusion from the building.

Photography, audio or video recording, or broadcasting are prohibited anywhere inside the courthouse (not just in courtrooms). Cameras and recording or broadcasting devices that lack any other functions are barred form the courthouse. Cell phone, laptops, and other electronic devices are allowed in the courthouse, and may be used (silently and without photography or audio or video recording or broadcasting) in the courtroom, subject to these rules of the 10th Circuit Court of Appeals and of the U.S. District Court for the District of Colorado, which manages the building in which both courts are located.

There’s more information in our FAQ’s about the original events and Mr. Mocek’s false arrest and eventual acquittal on criminal charges and about Mr. Mocek’s ongoing Federal civil rights lawsuit which is the subject of this appellate hearing.

We’ll be in Denver on March 17th to observe and report on this hearing and to show our continued support for Mr. Mocek. We invite you to join us inside and/or outside the courthouse, and/or to help pay off Mr. Mocek’s debts for the costs of defending himself against the original false criminal charges.

Feb 02 2015

You can’t fly because… we don’t like your brother?

The US government’s use of smear tactics to evade judicial review of its secret, standardless administrative”no-fly” orders has reached a new low with the latest developments in the case of Gulet Mohamed.

Mr. Mohamed’s saga began when his name was added to the US no-fly list in 2010, while the then-teenaged US citizen was visiting relatives abroad. Unable to return home to his family in the suburbs of Washington, he was eventually locked up incommunicado in Kuwait for overstaying his visa. Between sessions of torture by his Kuwaiti captors, he was interrogated by FBI agents who told him the only way out of his predicament would be to become an FBI informant.

Eventually Mr. Mohamed was able to contact family members, including his older brother Liban Mohamed. His family got a lawyer to file suit on his behalf in Federal court in Virginia, and contacted journalists including Glenn Greenwald and the New York Times.

Ever since then, Mr. Mohamed and his lawyers have been struggling for his day in court, before a judge and/or a jury, to decide whether he was rightfully deprived of his rights to travel by licensed common carrier, to return to the country of his citizenship (the USA), to travel freely within the US, and to leave the country again if he should so choose.

After four years of unsuccessful efforts by the US government to get the case thrown out of court without a trial, Mr. Mohamed was on the verge of the first-ever review by a judge of the “derogatory information” purportedly justifying an administrative no-fly order. After the rejection of motions to dismiss the case as moot (after Mr. Mohamed was given a “one-time waiver” to return to the US) and then on the grounds that the entire question of whether he was on the no-fly list was a state secret (despite being a painfully obvious fact), the government defendants tried to buy time or avert a trial with motions to reconsider, motions for “clarification“, and a “response” to the judge’s latest and final order to show him the alleged “secrets” that amounted to a renewed request for reconsideration.

A hearing on whether the case should be dismissed or should proceed to trial was scheduled for last Friday, January 30th.

On Thursday, the day before the hearing in Gulet Mohamed’s case, the FBI — the principal defendant as the agency nominally in charge of the inter-departmental “Terrorist Screening Center” that supposedly has the final say on whether to accept “nominations” to the no-fly list — made a surprise announcement: Gulet Mohamed’s older brother Liban Mohamed has been accused of “providing material support and resources to a designated terrorist organization” and placed on the FBI’s “Most Wanted” list. The FBI also unsealed an arrest warrant for Liban Mohamed issued almost a year ago.

(There’s more about Liban Mohamed from Glenn Greenwald — who had interviewed him several times over the years in conjunction with his brother’s lawsuit and his own later discovery that he too had been placed on the no-fly list — and from Gulet Mohamed’s lawyer Gadeir Abbas, via the AP. It appears that, if the accusations against Liban are true, they mostly reflect the government’s success in alienating its own citizens and creating enemies through its crudely Islamophobic tactics of political repression.)

What are we to make of these developments? We can’t be certain, but we have a theory that fits the facts. And it doesn’t reflect well on the US government.

Throughout more than a decade of no-fly litigation, the government has treated judicial review as a greater threat than air terrorism. People on the no-fly list, including Gulet Mohamed, have been allowed to fly (at the “discretion” of the people giving the secret orders, and possibly with “air marshals” sitting next to them). But nobody has yet been allowed to have a judge or jury review whether there is a lawful basis for depriving them of their right to travel by common carrier.

Attorney General Eric Holder personally swore to the court under penalty of perjury that it would gravely damage national security to disclose whether, or if so why, Dr. Rahinah Ibrahim was placed on the no-fly list. But when it became clear that Dr. Ibrahim’s challenge to her placement on the no-fly list would go to trial, the government admitted that she was placed on the no-fly list because an FBI agent checked the wrong box on the “nomination” form.

That may seem like a damaging admission, and it was. But it also allowed the government to argue that, because the government had now admitted that Dr. Ibrahim didn’t “belong” on the no-fly list, it was no longer necessary for the judge to decide what would constitute sufficient grounds for a no-fly order, review any evidence that might have supported a no-fly order, to determine whether any such evidence should be disclosed to Dr. Ibrahim and/or her lawyers, or to determine whether it was a “state secret”.

Dr. Ibrahim has never been a US citizen, so the US government was able to effectively prevent her from ever flying to the US again, even while taking her off the no-fly list, by revoking her US visa. And under US law, a foreign citizen is not entitled to judicial review of a visa denial. Mission (of secrecy) accomplished.

Because Gulet Mohamed is a US citizen, the government couldn’t moot his legal case as easily.

We suspect that the government’s goal in making public its accusations against Gulet’s brother Liban is to provide a purported basis for placing Gulet on the no-fly list — his brother is a “most wanted” person accused of terrorism — that is now public and doesn’t depend on any alleged “state secrets”. So the government can now argue that Judge Trenga doesn’t need to inquire further into the purported “state secrets”, whether there is any further evidence against Gulet, or whether any such evidence is sufficient to justify the no-fly order approved by the FBI and secretly given to airlines by the DHS.

Three things are profoundly wrong with this picture, of course:

First, there’s no need to put Liban Mohamed on the no-fly list if there’s already a warrant out for his arrest.

Second, what happened to the presumption of innocence?

Liban Mohamed has been accused “by complaint” — that is, by a prosecutor’s accusation that hasn’t even been put before a grand jury, much less a judge.

Travel restrictions are a common condition of release pending trial, but as such they can be imposed only by a court order, on the basis of a showing that they are necessary to assure attendance at trial — not on a prosecutor’s say-so before the accused has even been brought before a judge or had a chance to contest whether there is sufficient basis for the accusations against him to justify bringing him to trial.

Third, isn’t this the crudest and most illegitimate sort of guilt by association?

What would we think, in any other situation, of a government claim that your rights can be restricted or denied because of something one of your siblings has done, even if they were proven to have done it, without the need to show that you had any involvement or culpability for their illegal actions? Should we, and can we legally, be held liable for every act of any of our siblings (even if they have been convicted, which Liban Mohamed has not)? And if our sibling has merely been accused but not convicted, should we and all his other siblings be subject to government constraints on our movements while he awaits trial?

This sort of familial taint comes frighteningly close to the “corruption of the blood” expressly forbidden by the Constitution even in cases of treason (a crime of which neither Mohamed brother has been accused).

Whatever the truth or falsehood or evidentiary basis, if any, for the FBI’s accusations against Liban Mohamed, they provide no excuse whatsoever for what has been done, and continues to be done, to his brother. Gulet Mohamed remains entitled to confront his accusers, to see the evidence (if any) against him, and to have the basis for the no-fly order against him reviewed by a judge and/or a jury.

Jan 30 2015

You shouldn’t be arrested just because the TSA calls the cops on you

In the final episode of a legal saga we’ve been following for the last five years, Philadelphia police have agreed to pay $25,000 to a college student who was arrested after TSA checkpoint staff at the airport called in the police because he was carrying a a set of Arabic-English flash cards and a book critical of US foreign policy, “entitled, “Rogue Nation: American Unilateralism and the Failure of Good Intentions.”

In addition, as part of the settlement agreement with Nick George and the police (who had made a counter-claim the TSA for telling them to arrest Mr. George), the TSA has issued a fascinating official declaration that it has no authority to order anyone arrested and that police are not required to take any action on TSA “referrals”.

The TSA can (and sometimes does, as in the ongoing case of “Naked American Hero” John Brennan) initiate its own administrative procedures to fine you for whatever it defines as “interfering” with “screening”. But the latest TSA declaration confirms that TSA staff (much less TSA contractors at airports such as SFO) are not law enforcement officers, have no power to arrest anyone (except at their own risk, as a citizen’s arrest), and cannot legally order anyone arrested. As we have been saying for years, all they can do is call the local police. Once the police arrive, they can only detain or arrest you if they — the police, not the TSA — have a lawful basis for doing so. “The TSA asked us to hold you or take you away” is not sufficient.

A federal District Court judge initially rejected the TSA’s claim of “qualified immunity”, but that decision was reversed in late 2013, as we reported at the time, by the Court of Appeals for the 3rd Circuit, against both common sense and an earlier ruling by the 4th Circuit.

In another case of retaliation for the exercise of 1st Amendment rights as a TSA checkpoint, the 4th Circuit had found that, “[i]t is an undoubtedly natural consequence of reporting a person to the police that the person will be arrested.” But the 3rd Circuit begged to differ, finding that, “it seems just as likely that police officers who are summoned by TSA Officials would use their own independent discretion to determine whether there are sufficient grounds to take someone into custody.”

(This isn’t the first time DHS personnel have drawn improper adverse content-based inferences from travelers’ reading habits. John Gilmore was detained and subjected to “secondary screening” and notes made in his permanent DHS file (see slide 32) in 2007 because he was carrying a book entitled, “Drugs and Your Rights.”)

The decision by the 3rd Circuit left alive Mr. George’s claims against the police, and the police counter-claim against the TSA. The settlement dismisses those remaining claims in exchange for a $25,000 payment by the police to Mr. George, an agreement to re-educate the Philadelphia airport police about their duty not to delegate their authority to decide who to detain or arrest to the TSA, and the release of the TSA declaration.

We’re disappointed that the settlement leaves the ACLU unreimbursed for its costs of defending Mr. George’s rights, and that the TSA personnel got off scot free. But if there’s a silver lining in the settlement, it’s the TSA declaration, which may make it harder for local police to claim ignorance of the law or immunity from liability when they arrest people on the say-so of the TSA or on the basis of a TSA “referral”.

If you think there’s a chance that the TSA might call the cops on you — and as Mr. George’s experience shows, the TSA could call the cops on anyone, for any reason or no reason — you might want to consider carrying a copy of this declaration to show the police when they show up at checkpoint. And remember that you have the same rights in this setting as in any other encounter with police, including the right to remain silent.

Jan 13 2015

Is the attack on Charlie Hebdo a reason for air travel surveillance?

In a speech today in Strasbourg opening the current session of the European Parliament, the President of the European Council (the executive branch of the European Union, comprised of national governments) invoked the attack on the satirical cartoonists of Charlie Hebdo as a reason for popularly-elected EU legislators to put aside their previous objections and enact a comprehensive EU-wide mandate for surveillance and profiling of airline passengers on the basis of Passenger Name Record (PNR) data from airline reservations.

Today’s speech by Council President Donald Tusk of Poland echoed similar statements by “security” (policing and surveillance) officials of other EU governments in conjunction with a summit meeting of EU ministers. The summit is also being attended by senior US officials from the DHS and other agencies that have been lobbying the EU for years to set up a PNR-based surveillance and profiling scheme modeled on the one used by the US.

Tusk and other EU officials have made PNR-based profiling of air travelers a priority as a “response” to the Charlie Hebdo attack in Paris, claiming that it “can help in detecting the travel of dangerous people.”

Is this true? And does the attack on Charlie Hebdo provide any reason for Members of the European Parliament, or the European Court of Justice, to change their opinion that mandatory root access by governments to airline reservation databases is unjustified and violates fundamental rights?

No, and no.

The attack on Charlie Hebdo was an act of domestic terrorism carried out within France by French citizens. They didn’t travel by air or cross international borders. Their means of transportation to and from the scene of the crime in Paris was a car stolen elsewhere in the Paris metropolitan area. Airline reservations or border controls would have given no indication of the impending attack, and could not have been used to prevent it.

After the fact, police pursuing the perpetrators could have obtained search warrants, including warrants for PNR data or other airline records if there was a likelihood that they would be relevant, through normal judicial procedures.

(And as Wikileaks recently revealed, European governments are already obtaining PNR data “informally” from airlines, and using it to profile travelers, without legal authority.)

Nothing about the attack on Charlie Hebdo provides any reason to give governments more power to engage in warrantless surveillance or profiling of travelers who aren’t suspected of any crime.

Comprehensive PNR surveillance is like the NSA’s dragnet interception and mining of Internet and telephone records — except that metadata about the movements of our physical bodies (PNR data) can be far more intimate that metadata about the movement of our messages. Which is more intrusive: For the NSA to know that you talked on the telephone or exchanged email messages or were in the same mobile phone “cell” with someone, or for the DHS or a European “Passenger Analysis Unit” to know from a hotel reservation passed on to the government as part of your PNR data that you slept in the same bed with that person?

The purpose of PNR-based surveillance is neither to investigate past crimes nor to track people who are already suspected of crimes. Those activities require neither new procedures nor new police powers. The only reason for governments to obtain the entire rich and intimately revealing PNR dataset for all air travelers is to identify new potential suspects, based on profiles and associations. Profiling and suspicion-by-association are the central purposes of a PNR system, not side effects or aberrations.

We’ll be in Brussels next week to discuss these issues with our European colleagues at a Privacy Camp on “Big Data & Ever Increasing State Surveillance“, and at the Computers, Privacy & Data Protection (CPDP) conference.

Jan 12 2015

Wikileaks publishes CIA reports on travel ID checks

Wikileaks has published two internal briefing documents produced for the use of CIA undercover agents, describing the methods used by airlines and governments to identify international travelers.

Both of these reports were produced as part of the CIA’S previously-unknown CHECKPOINT program of travel ID-related activities:

This product has been prepared by CIA’s CHECKPOINT Identity and Travel Intelligence Program. Located in the Identity Intelligence Center (i2c) within the Directorate of Science and Technology, CHECKPOINT serves the Intelligence Community by providing tailored identity and travel intelligence products. CHECKPOINT collects, analyzes, and disseminates information to help US intelligence personnel protect their identities and operational activities while abroad.

One of the reports, “Surviving Secondary“, describes ID-related “secondary screening” procedures at international airports, with examples from the US, EU, and other countries around the world. The other report is an overview of, “The European Union’s Schengen biometric-based border-management systems.”

Most of the airline and government profiling and “screening” activities described in the reports, are already well-known. These include many of the ways that governments obtain and use Passenger Name Record (PNR) and Advance Passenger Information (API or APIS) data derived form airline reservations.

But these newly-released reports also confirm that the CIA (and the other agencies with which the reports have been shared within the US government) are aware of some airline and government activities and some vulnerabilities for travelers which we and others have complained about, but which the US government has not previously acknowledged.

One problem confirmed by the CIA report on secondary screening is that government agencies can, and routinely do, obtain and use PNR, API, and other airline data, without legal authority or due process:

Security services lacking APIS or PNR information may have other arrangements to receive passenger manifests ahead of time. For example, the Airport Police Intelligence Brigade (BIPA) of the Chilean Investigative Police does not routinely obtain advance passenger manifests but can request the information from airlines on an ad hoc basis to search for targets of interest. Strict privacy laws covering Danish citizens extend to all passengers traveling through Copenhagen airport such that the Danish Police Intelligence Service (PET) cannot legally obtain routine access to flight manifests. However, if one of PET’s four cooperative airline contacts is on duty, the service can unofficially request a search on a specific name, according to August 2007 liaison reporting.

Airline data obtained by government agencies through these extrajudicial channels is used for profiling and targeting of searches, questioning, and other adverse actions against travelers.

This practice is illegal in many of the countries where it is routine, but typically occurs without leaving a trace. Many airline staff are willing to betray their customers’ privacy to government agencies. And because no records are kept of who accesses PNR data, both government agents and their airline collaborators know that they are unlikely to be held accountable unless they confess or are caught in the act.

The persistence of routine “informal”, often illegal, and almost always unrecorded government access to airline data about travelers highlights a crucial issue we’ve been talking about for years: the complete absence of access logging in the architecture of the computerized reservation systems (CRSs) which host airlines’ PNR databases. CRSs have PNR change logs, but no PNR access logs.

Governments and travelers must demand that CRSs add comprehensive access logging to their core functionality for PNR hosting. That won’t stop the problem. Airline staff will still be able to show government agents printouts or let them look at displays, with only the airline personnel’s access being logged. But access logs will help, and are an essential first step toward control of PNR data “leakage”.

The CIA report on secondary screening also confirmed that the CIA is aware of the sensitivity and use by European governments (and presumably other governments) of associational information contained in fare basis codes, ticket designators, and travel agency IDs:

April 2007 reporting resulting from a liaison exchange with the Hungarian Special Service for National Security (SSNS) provides insights into factors considered by officers at Ferihegy airport in Budapest, Hungary when examining tickets. Officers check … whether the ticket fare code represents a government or military discount, or whether a government travel agency booked the ticket. Hotel and car reservations are similarly examined for unusual discounts or government affiliation.

Of course, the same PNR data elements and pricing and ticket designators can reveal other, non-governmental, affiliations between travelers and with other individuals and groups. If an airline gives a discount to members of a political organization, trade union, or other group attending a convention or meeting, for example, each PNR and ticket for a member who receives the discount typically includes some unique code.

Despite complaints, including ours, both US and European officials have denied that ticket designators and similar codes in PNRs can reveal sensitive associational data. Now we know that this information is already being used by European governments, and that the CIA is aware of these uses. There’s no more excuse for pretending that these data elements are innocuous or that they can be “shared” without risk to travelers.

Jan 09 2015

“CAPPS IV”: TSA expands profiling of domestic US airline passengers

Under color of a vestigial provision of Federal law related to an airline passenger profiling program that was discontinued more than four years ago, and applying the name of that program (and attempting to apply the same legal mandate) to an entirely new scheme, the TSA is adding a new, additional layer of passenger profiling to its pre-crime system for domestic airline flights within the United States.

The existence and TSA-mandated implementation of the new so-called “Computer-Assisted Passenger Prescreening System (CAPPS)” was first disclosed publicly in an obscure posting this Monday on the DHS website and an equally obscure notice published the same day in the Federal Register. According to both documents, the new CAPPS scheme has been under development since at least 2013, in secret collaboration between the TSA, the inter-departmental National Counterterrorism Center (NCTC), airlines, and private contractors.

What was the old CAPPS? What is the new CAPPS? And what does this mean for the rights of travelers?

Answering these simple-seeming questions requires understanding the history of government-mandated airline passenger profiling in the US and the shell game of labels that the government has applied to profiling schemes, as well as careful parsing of this week’s abstruse and uninformative (to the uninitiated) official notices.

Papers, Please!

The Identity Project