Freedom To Travel – Page 47

Sep 05 2010

Former DHS policy director describes “calling the EU bluff”on PNR

We’ve been reading with great interest Skating on Stilts, the political memoir of former DHS Assistant Secretary for Policy and current lobbyist and influence-peddler for the homeland security industrial complex Stewart Baker.

Despite our disgust at Baker’s continued insistence on distorting both facts and law, we recommend it highly to those interested in understanding (from the perspective of a self-serving spin-doctor and self-professed bureaucratic in-fighter) some of the mentality behind DHS policy-making. Substantial portions of the book are available online for free.

Most notable, of course, is the complete absence of any consideration for human rights. It’s impossible to tell whether the idea that freedom of movement is a right, much less one guaranteed by international treaty, is literally incomprehensible to someone like Baker, or whether he regards it as so obviously impropoer as not to need any rebuttal. Whatever the reason, and despite considerable introspection about the implications of the policies he advocates, Baker never even considers the idea of “rights”, preferring to cast a more nebulous concept of “privacy” as his bogeyman.

The central story of the book is Baker’s negotiation for DHS of a (non-treaty, and therefore non-binding) “agreement” with the European Union to give a fig-leaf of legality to DHS access to airline reservation (PNR) data collected in the EU. And the climactic event in this episode comes at the end of September 2006, when a decision of the European Court of Justice invalidating the first DHS-EU agreeement of PNR data transfers took effect.

Baker describes, with great pride, the brinkmanship with which — with the support of his boss Michael Chertoff and his deputy Paul Rosenzweig — he maneuvered to get the US to allow the ECJ decision to take effect without any successor agreement in place. It was, indeed, a dramatic moment for those following the issue: Would airlines chose to comply with EU data protection and international human rights law, or with extra-judicial DHS data demands? And if airlines went along with DHS demands for continued root access to their reservation systems, would the EU and its members actually enforce their laws against those airlines?

Baker claims to have believed that any risk of EU enforcement action againt airlines was hollow because, even without any specific agreement on PNR data transfers, airlines were required by the Chicago Convention on civil aviation to demand from passengers and pass on to the DHS complete identifying, itinerary, and other PNR data. And it was Baker, presumably, who was behind Secretary Chertoff’s making that same false claim before the European Parliament a few months later. But both Baker and Chertoff are far too skillful lawyers to have possibly believed that claim if they had actually read the Chicago Convention, as Baker at least almost certainly had.

There is, however, an important truth to Baker’s portrayal of himself as having called the EU bluff on PNR:

Despite talk of an “interim” PNR agreement, there really is no such entity in place with any binding validity under EU law. From 1 October 2006 to today, DHS has been accessing EU PNR data in violation of EU law, and it has been the duty of EU data protection authorities to enforce their laws against airlines that take part in this illegal data transfer.

But to date, so far as I can tell, neither any EU national data protection authority (exercising jurisdiction over airlines and other travel companies, of whatever nationality or place of incorporation, that do business or collect data in the EU), nor the European Commission (exercising its authority to enforce the EU Code of Conduct for Computerised Reservation Systems), has taken any enforcement action or imposed any sanctions on any travel company for illegally transferring travel records to both the US government and unregulated commercial entities in the USA.

It seems that Baker was, unfortunately, correct in the assessment, described in detail in his book, that airlines and the US government could get away with ignoring EU law by passing travel data to the US, and that EU authorities would not actually enforce their laws against them.

As time has passed, it has become clear that EU authorities will take no enforcement action on their own initiative. The only way to get the law enforced will be for EU citizens to request their records from both the DHS and travel companies, and to complain to their data protection authorities if they don’t receive full responses from both that demonstrate compliance with both the DHS undertakings to the EU and the laws of the EU and its members.

Sep 03 2010

From our mailbag

Thank You, and good luck!

I have come across information on your suit against the US Gov’t and DHS, and the fantastic summary you did. I just felt I should thank You for your effort and bravery.

I just wanted to let You know there are people and organisations all over the world (Poland here, by the way) that see the diffusion of privacy and personal rights and freedoms in America as a very dangerous precedent that might “inspire” other countries (and indeed, often it already does) to follow suit (pun not intended).

I come from a nation that had to fight for independence and freedom many times throughout its history. For 21 years we are finally Free – after almost 200 years of enslavement. I have the distinct privilege to not remember the Polish People’s Republic and the times long gone by (I’m 25), but we all here either remember, or simply know (from history lessons, from relatives, from literature) what Orwellian surveillance was like. We all remember or know about the atmosphere, the Kafka-esque processes of law, the fright… And we remember or know what sacrifices had to be made to be finally Free.

Maybe that’s why ideas like secret lists, internet filtering and similar ideas meet with a decisive public resistance. For now. But if the USA, the country people 15-20 years older than me saw as a symbol of freedom and one of the only allies we had against the USSR, slides down this slippery slope any more, resistance can only become harder.

The more can we admire what You are doing.

Hence, for Your sake, and for the sake of all the people that watch and see what’s going on, I wish you strength and good luck in your fight. In times like these there’s always the need for a single fighter to fight for the principles.

It was like that in the fifties in USA with the McCarthy-ism at its height, when Ed Murrow took a stand.

It was like this in the Big Tobacco suits in early nineties when Brown & Williamson almost destroyed Jeff Wigand’s life when he took a stand.

I’ll be watching, and with me two Polish NGOs.I’ll be watching, and with me two Polish NGOs.

Best regards,

Michal “rysiek” Wozniak

Aug 25 2010

Lawsuit filed against DHS travel surveillance

In the first lawsuit to challenge one of the U.S. government’s largest post-9/11 dragnet surveillance programs, the First Amendment Project (FAP) filed suit today under the Privacy Act and the Freedom of Information Act (FOIA) against U.S. Customs and Border Protection, the DHS division that operates the illegal “Automated Targeting System” of lifetime travel histories and travel surveillance dossiers including complete airline reservations (Passenger Name Records or PNRs). The Identity Project is part of FAP, and the lawsuit was filed on behalf of Identity Project consultant and travel expert Edward Hasbrouck.

The complaint filed today in Hasbrouck v. CBP asks the court to declare that CBP violated the Privacy Act and FOIA, and order CBP to turn over the travel records about himself that Hasbrouck has requested, as well as an accounting of who else CBP has disclosed these records to, what happened to Hasbrouck’s previous unanswered Privacy Act and FOIA requests and appeals (some of which have been pending and ignored by CBP for almost three years, and may have been among those recently revealed to have been improperly held up for “political review” by higher-ups in DHS and/or the White House), and how these records in the CBP “Automated Targeting System” are indexed, searched, and retrieved.

The case is important in part because it shows that, despite DHS claims that everyone who has asked for their travel records has received them, and that no one has complained about DHS misuse of PNR data, DHS has entirely ignored many such requests and complaints, even when they have come from U.S. citizens like Mr. Hasbrouck.

There’s more about the case and its significance in our FAQ: Edward Hasbrouck v. U.S. Customs and Border Protection.

Aug 10 2010

DHS designates point of contact for human rights complaints

Apparently in response to repeated inquiries from the Identity Project about what has happened to our most recent complaint to the DHS and TSA that their procedures violate the right to freedom of movement guaranteed by Article 12 of the International Covenant on Civil and Political Rights (ICCPR), the TSA has officially informed us that “the Department has designated the Officer for Civil Rights and Civil Liberties as the point of contact for Executive Order 13107” on implementation of human rights treaties.

Executive Order 13107 requires that, “The head of each agency shall designate a single contact officer who will be responsible for overall coordination of the implementation of this order” including “responding to … complaints about violations of human rights obligations that fall within its areas of responsibility or, if the matter does not fall within its areas of responsibility, referring it to the appropriate agency for response.”

Despite that clear requirement, none of our previous complaints of violations of the ICCPR have been acknowledged or answered. So far as we can determine, the July 22, 2010 letter we received from the TSA is the first public indication by any Federal agency, ever, of the designation of the point of contact for human rights complaints required of each agency by Executive Order 13107.

Since the TSA has, at the same time, said that they will take no action to investigate complaints unless the complaint is received while the violation is ongoing — which in most cases is impossible — we have forwarded our latest complaint and our previous unanswered complaints of violations of the ICCPR by the DHS and DHS component agencies to the DHS Officer for Civil Rights and Civil Liberties for Departmental action. Our letter to the OCRCL: with attachments (2 MB), without attachments

[Immediate response the same day from Margo Schlanger, DHS Officer for Civil Rights and Civil Liberties: “I have received your email and, as requested, we will examine your complaints. ” But that was followed not by an acknowledgement letter but by a “request for clarification” from the OCRCL. We responded but only in February 2011 did we finally receive confirmation that our complaints had docketed. Further correspondence with the DHS Office for Civil Rights and Civil Liberties (CRCL): Letter from CRCL to IDP, Jan. 18, 2011; email from IDP to CRCL, Jan. 31, 2011; email from CRCL to IDP, Feb. 2, 2011; email from IDP to CRCL, Feb. 2, 2011; email from CRCL to IDP, April 1, 2011]

Aug 02 2010

TSA says all their Standard Operating Procedures are secret

The TSA is still stonewalling our FOIA requests for their Standard Operating Procedures (SOPs), which we presume are among those that have been (illegally) sidetracked and delayed for review by DHS and other administration political commissars.

But after the Associated Press pried loose internal DHS e-mail messages confirming the delays in processing “politically sensitive” FOIA requests and the DHS Inpector General started asking questions, the TSA has responded to a request from Phil Mocek (some months older than ours) for the TSA Screening Management SOP.

Not, of course, that the TSA has actually disclosed any more information about its standard operating procedures. The TSA’s response to Mr. Mocek’s request consists of a blanket claim that the entirety of the Screening Management SOP is exempt from disclosure because it would “benefit those attempting to violate the law” (by exercising their rights?) and “be detrimental to the security of transportation” if disclosed. Despite having released excerpts from an earlier version of the same document in response to one of our previous FOIA requests, and despite an unredacted copy of the entire document having been posted on a public Federal government website, the TSA now claims that no portion of the current version can be released.

Mr. Mocek’s request had been pending for more than a year before he received even this categorical denisal. In response to his periodic requests for information concerning the status of his request, he was told by the same TSA FOIA office staff who are handling our requests that “processing” of his request was completed in January 2010, but that the response (i.e. informing Mr. Mocek that his request had been denied in its entirety) was delayed until July for “management review”. According to one e-mail message from the TSA to Mr. Mocek in February, “Your FOIA has been processed and is currently being reviewed by TSA management before a response can be sent to you.” This seems to indicate that Mr. Moceks’s request — and, we presume, our still-pending request for the same document — was subjected to the process of political review and illegal delay described in the documents released to the AP.

[We eventually received a response identical to that sent to Mr. Mocek, denying our request in its entirety. We have appealed that denial. To confirm whether our requests were among those improperly delayed or subjected to political scrutiny, we’ve filed new FOIA requests for the documents released to the AP and for all records of the processing of our previous FOIA requests and appeals.]

Jul 30 2010

Washington Post: “Secure Flight may be making your privacy less secure”

We’re quoted today in the Washington Post in a story by Christopher Elliott about how airlines are able to use personal information — collected under government duress for the TSA’s Secure Flight passenger surveillance and control scheme — for the airlines’ own marketing and other purposes.

“Could it be that the information we give airlines doesn’t belong to anyone or, worse, isn’t regulated by anyone?” Elliott asks.

A good question — and “privacy” may be the least of the problems with Secure Flight, as discussed in our testimony (quoted from, in part, in the Post story) at the TSA’s only public hearing on Secure Flight, our more detailed written comments submitted to the TSA, and our FAQ about Secure Flight.

Jul 27 2010

US but not UK gives travel “permission” for Iroquois lacrosse team

The good news: In one of the first tests of US rules purporting to forbid US citizens from crossing US borders without first obtaining US passports (issued at the government’s apparently standardless discretion), the US Department of State issued “one-time waivers” authorizing the “Iroquois Nationals” lacrosse team to leave the US (and presumably to return, although that’s not entirely clear from news reports) without carrying US passports.

The dispute arose because some Iroquois, like other Native Americans, have for many years used passports issued by their own tribes or nations. Whether those passports were “passports” within the meaning of US law was largely irrelevant as long as passports were merely a convenience, not a requirement, for international travel. Lacrosse was an Iroquois invention (for an introduction to the sport, see John McPhee’s essay last year in the New Yorker, “Spin Right and Shoot Left”, included in his latest anthology, “Silk Parachute”), and travel on Iroquois passports was and is especially significant for the Iroquois Nationals team, who compete on behalf of their own nation in international lacrosse tournaments.

While it was framed as a dispute over the sovereignty of the iroquois Confederations and/or the validity of Iroquois-issued passports, the US appears to have seen it purely as a question of whether native Americans who are also US citizens may leave or return to the US without US passports.

At first, the US had threatened to prevent the team from boarding flights to the UK for the international lacrosse championships. But without admitting either the “validity” of Iroquois passports (i.e. not whether they are genuine but whether they satisfy US requirement for exit or entry permits), or the invalidity of the passport requirements for US citizens, the US effectively backed down by granting the team “waivers” and, more importantly, saying that they would not interfere with their departure from the US.

This continues the pattern we have sen to date: We have yet to hear of a case in which the US government has actually prevented a US citizen from leaving or returning to the country on the basis of their not having, or declining to carry or display, a US passport. In every incident that has been brought to our attention, the US government has eventually indicated its willingness to stand aside from interference with departure from or return to the country without passports — although travel has sometimes been frustrated in other ways, such as refusal to give airlines permission to transport them. Presumably, the US government realizes that preventing its own citizens form leaving or returning to the country would be such a flagrant violation of international human rights law as to lead to diplomatic complications, even if it would be difficult to challenge on those grounds in US courts.

The bad news: After finally obtaining “permission” to leave the US without US passports, the Iroquois Nationals lacrosse team was denied visas by the UK — not on the grounds that their passports were invalid, or weren’t issued by a sovereign entity, but on the grounds that their passports don’t contain ICAO-standard “security” features required by the UK for visitors from the US. It is, again, unclear from news reports what absent “features” were at issue, but they might have included machine-readability (OCR or RFID) or other aspects of formatting or data content.

Jul 23 2010

“The government shouldn’t decide who can fly”

In one of the first statements in the mainstream media to (a) recognize that the essential feature of the TSA’s Secure Flight program is the requirement for domestic US air travelers to receive government permisison to fly and (b) oppose that requirement, The Chicago Tribune has published an op-ed column by Steve Chapman (also appearing in Reason) arguing that, “The government shouldn’t decide who can fly”:

Get rid of the no-fly list entirely. For that matter, get rid of the requirement that passengers provide government-approved identification just to go from one place to another.

Americans have a constitutionally protected right, recognized by the U.S. Supreme Court, to travel freely. They also have the right not to be subject to unreasonable searches and other government intrusions. But in the blind pursuit of safety, we have swallowed restrictions on travel and infringements on privacy we would never tolerate elsewhere….

If the federal government began requiring every citizen to provide identification for each trip in a car or ride on a bus, there would be a mass uprising. Somehow, though, Americans have come to see commercial air travel as a privilege to be dispensed by the government.

Jul 09 2010

Australian government expanding air travel surveillance

Closely following the bad example (controversial both in the US and Australia) of the USA, the government of Australia is moving toward increasing detailed and integrated ID-based surveillance and control of air travelers.

As of the first of this month, under the so-called Enhanced Passenger Assessment and Clearance (EPAC) systems, Australian authorities have real-time access to all passenger name record (PNR) data for all passengers on all international flights to Australia. And an additional A$24.9 million is being spent by the government over the next two years, in addition to uncounted amounts that airlines and other travel companies will have to spend, to expand the amounts of data collected by airlines and passed on to government agencies as well as the automated profiling (“risk assessment”) conducted on the basis of this data.

The changes and the heightened surveillance and control of travelers to Australia come at the same time that the European Union is simultaneously renegotiating agreements with Australia and the USA for government access to PNR data related to flights to and from the EU.

The Sydney Morning Herald quotes the president of the Australian Council for Civil Liberties, Terry O’Gorman, as saying that the scheme “increases the risk of a person wrongly being put on a no-fly list.”

Jul 06 2010

Lawsuit seeks suspension of TSA virtual strip-searches

Last year the Identity Project was one of more than 30 organizations that filed a joint petition with the DHS requesting a formal rulemaking on use of virtual strip-search machines or “body scanners”, then being referred to by DHS and TSA as “whole body imaging” machines and since re-euphemized as “advanced imaging technology”, as though the name itself could make them inherently more “advanced”.

In May of this year, after the DHS ignored our petition and moved forward with deployment of virtual strip-search machines without a formal rulemaking, we joined most of the same groups in filing a renewed petition for a formal rulemaking (including an opportunity for public comment) and for rescinsion of the rules requring submission to a virtual strip-search as a condition of passage through TSA checkpoints and travel by air common carrier. We also filed a series of FOIA requests and appeals, which the TSA has to date ignored, for the TSA Standard Operating Procedures, screening-related directives to airlines, and other documents embodying the secret rules that include the virtual strip-search requirements. We’ve also speculated about what legal recourse travelers denied passage on the basis of refusal to submit to a virtual strip-search might have, particularly in jurisdictions abroad where it would be easier than it is in the USA to raise issues of international human rights law.

This past Friday, July 2nd, the Electronic Privacy Information Center (EPIC) filed a federal lawsuit seeking to have the Court of Appeals for the District of Columbia review the TSA and DHS failure to conduct a formal rulemaking before deploying virtual strip-search machines and issue an emergency stay of the TSA/DHS decision to deploy and require them as a condition of passage through checkpoints and air travel.

The Identity Project was a party to the original petitions for rulemaking, and while we aren’t a party to the EPIC lawsuit, we fully support it.

As EPIC notes in its latest filings, even after September 11th Federal courts have upheld “administrative (warrantless, suspicionless) searches in airports only to the extent that they are limited to what is “necessary” — meaning that they are actually effective and are the least restrictive available means — to detect weapons and explosives. Even beyond the specific issue of virtual strip-searches, this lawsuit is likely to be significant in helping define the bounds of TSA authority to conduct ever more intrusive searches as a condition of common-carrier travel.

The petition filed in May by EPIC, the Identity project, and others stated that, “The undersigned file this petition pursuant to 5 U.S.C. § 553(e), which requires that ‘[e]ach agency shall give an interested person the right to petition for the issuance, amendment, or repeal of a rule.'” Notwithstanding this explicit statement, the DHS and TSA responded with the bizarre claim that, for unspecified reasons, it did not constitute such a petition. Unfortunately, that’s characteristic of the behavior of the DHS and TSA, which have repeatedly refused to acknowledge or docket our formal complaints and then falsely claimed, including to the US public and to foreign governments that they have received no such complaints.

Papers, Please!

The Identity Project