Papers, Please!

The Identity Project

Category Archives: Freedom To Travel

May 17 2010

Canadian privacy office questions US surveillance of Canadian travelers

In testimony before a Canadian parliamentary hearing last week by Assistant Commissioner Chantal Bernier, the office of the Privacy Commissioner of Canada raised questions (previously asked in the Canadian press) about the implications for Canadian travelers of the US Secure Flight program — questions that travelers in the US and other countries should share.

Asst. Privacy Commissioner Bernier noted that despite Canadian objections, the US continues to insist on applying the Secure Flight requirements (transmission of passenger data to the DHS, and receipt by the airline of affirmative DHS permission before each prospective passenger is allowed to board a flight) to flights that pass through US airspace to and from Canada, even if they never land in the USA. This includes most flights between Canada and Central America, South America, and the Caribbean.  As Bernier pointed out to Members of Parliament, “This means that DHS will collect personal information of Canadian travelers. This is not without risk.”

It’s worth noting, although it wasn’t reported to have been mentioned at the hearing, that Canada imposes no comparable requirement for the vastly larger number of flights to and form the USA that pass through Canadian airspace.  These include virtually all transatlantic flights to and from the USA, and transpacific flights to and from all points in the USA east of the West Coast. Nor does any other country through which flights routinely pass en route to and from the USA.  Most flights between Miami and Latin America, for example, pass over Cuba.  But American Airlines is required neither to provide the Cuban government with detailed information about each passenger on those flights, nor to obtain Cuban government permission before allowing them to board.

Important as they are, however, the concerns raised in last week’s testimony suggest that even the Office of the Privacy Commissioner of Canada still doesn’t fully appreciate the scope of the problem or of the violations of Canadian law.

Asst. Comm. Bernier’s statement was limited to flights to, from, or overflying the USA.  We suspect that her office is unaware that the DHS already has ways to get access — without the knowledge or consent of anyone in Canada, including airlines and travel agencies — to information about passengers and reservations for flights within Canada and between Canada and other countries, regardless of whether they pass though US airspace.

Read More

May 06 2010

Two-faced Biden speech on “privacy” and surveillance

US Vice President Joe Biden gave a remarkable speech today at the European Parliament, devoting substantial time to professions of personal and institutional US commitment to “privacy” while focusing his policy agenda on lobbying the EP to approve warrantless, suspicious US government access to European financial (SWIFT/TFTP) and travel (PNR) data. If you don’t have time to watch it all, the discussion of privacy and surveillance starts at around 21:15.

Swedish libertarian blogger Hendrik Alexandersson’s comments about Biden’s tightrope act are, perhaps, indicative of the lack of persuasive power of such obviously hypocritical arguments for those genuinely committed to civil liberties.

Biden’s speech was a day late, following Europarl votes yesterday not to approve proposed SWIFT and PNR agreements with the DHS, but instead to set strict new condiitions any such agreements will have to meet.

Biden’s focus on “privacy” also indicates a lack of appreciation for what the EP resolution on PNR data actually says.  It’s not limited to privacy or data protection, but makes explicit that the fundamental rights at stake include the right to travel, as guaranteed by Article 12 of the International Covenant on Civil and Political Rights. The new terms of reference for any PNR agreement that will be acceptable to the EP are the criteria established by the U.N. Human Rights Committee for evaluating whether measures that implicate freedom of movement are consistent with that treaty.  That right to freedom of movement, and those standards for it — entirely ignored by V.P. Biden and, to date, by the DHS, which has entirely ignored our formal complaint that their use of PNR data violates the ICCPR as well as the Privacy Act  — are what both US and EU negotiators should be studying closely as the starting point for new negotiations on PNR data.

May 05 2010

European Parliament hands DHS a setback on access to PNR data

Today the Department of Homeland Security received its most significant rebuff from any democratically elected body since the DHS was created after September 11, 2001.

In response to a recommendation from the Council of the European Union (the EU member national governments) for approval of the “interim” agreement under which the DHS obtains all airline reservations (PNRs) for flights between the USA and the EU, the European Parliament instead voted to send the European Commission back to the negotiating table, and set strict conditions (which the DHS will likely be in part unable and in part unwilling to meet) that must be satisfied before Parliament will approve any such agreement in the future.

The motion for a resolution was jointly sponsored by representatives of all seven political groups in the Parliament. The votes by show of hands — including votes in favor of several amendment to strengthen the resolution — were overwhelming, with insufficient opposition to necessitate recorded votes.  And that was in spite of what our sources in the Parliament tell us was an unprecedented and heavy-handed US government lobbying campaign.

The vote today in Brussels follows a Parliamentary hearing (at which we testified) and a debate last month in Strasbourg on travel surveillance and control, the likes of either of which the US Congress has yet to hold — despite the leading role of the US since September 11, 2001 (and even before then) in implementing a system of mandatory retention of travel data, using it as the basis for a permission-based travel control regime, and attempting to get these schemes adopted as global norms.

The ability of the Parliament to dictate conditions for negotiations to be conducted by the European Commission, with the implicit threat to veto any agreement that fails to meet those conditions, is one of the first expressions (the first was Europarl rejection of DHS access to European inter-bank wire transfer data) of the new veto power that the Parliament acquired in December 2009 when the Lisbon Treaty came into effect.

What has the European Parliament done? What happens next? And what else remains to be done, outside the negotiating room? Read More

Apr 30 2010

Arizona radio call-in discussion on S.B. 1070

We’ll be on the Jay Lawrence Show on KTAR (92.3 FM) in Phoenix this Sunday, May 2nd, from 7-8 p.m. Arizona time (7-8 p.m. PDT, 10-11 p.m. EDT) to discuss and take calls on the new Arizona “immigration enforcement” law, S.B. 1070, its implications for ID demands, and the amendments to the new law already being proposed in Arizona H.B. 2162.

KTAR-FM (live audio stream) has the largest listenership of any talk-radio station in the state.  Last week in this same time slot they interviewed the sponsor of S.B. 1070, and we’re happy to have a chance to represent the other side of the debate.

[Update: Our appearance on KTAR has been preempted by an interview with a Congressional candidate. “This issue isn’t going to go away,” though, says Jay Lawrence, and we are working to reschedule.]

Apr 30 2010

Universal fingerprinting and national ID card to be included in “immigration reform” bill

As we reported last month, members of Congress are moving ahead with an increasingly detailed road map for a bipartisan “immigration bill” that would include mandatory universal fingerprinting and a mandatory national ID card in the guise of a “biometric Social Security card”.

The Identity Project was one of the signers of a joint public letter of opposition to the national ID card component of the proposal issued earlier this month, we were one of the signatories and we share the objections to the latest draft of the bill voiced yesterday by other civil liberties organizations.  In the joint letter, we and numerous allies said that:

We write today to express our opposition to a proposal by Senators Charles Schumer (D – NY) and Lindsey Graham (R – SC) to create a biometric Social Security card – one that relies on personal characteristics like fingerprints to identify individuals….

A national ID system is not the solution. Both Republicans and Democrats have opposed a National ID system. President Reagan likened a 1981 proposal to the biblical “mark of the beast,” and President Clinton dismissed a similar plan because it smacked of Big Brother. A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals, it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work. As happened with Social Security cards decades ago, use of such ID cards would quickly spread and be used for other purposes – from travel to voting to gun ownership….

A biometric ID system would be controversial and unpopular with constituencies across the ideological spectrum. It would require the fingerprinting of every American worker – not just immigrants. It would also require the creation of a bureaucracy that combines the worst elements of the Transportation Security Administration and state Motor Vehicle Departments.

All this, should of course, go without saying.  What we find most disturbing is that, even as people across the country are speaking out against the badly-drafted attempt by the state of Arizona to impose an ID requirement in the guise of “immigration enforcement”, members of Congress from both parties think they can get away with this same Trojan Horse to push through a national ID scheme at the Federal level.

Clearly what’s called for is for opponents of the new Arizona law to recognize the new Federal proposal as a larger instance of the same Big Brother mentality, and redirect some of their outrage and activism from Arizona legislators to the House and Senate.  If you don’t want the whole country to go the way of Arizona on this question, let your representatives know that any national ID is unacceptable, no matter what its excuse or what it is called.

Apr 29 2010

European Parliament debate on DHS access to EU airline reservations

Last week the European Parliament, following a hearing earlier in the month in Brussels at which we testified, held a three-hour plenary debate in Strasbourg on proposals to approve access by the US Department of Homeland Security to European interbank transfer (SWIFT) and airline reservation (Passenger Name Record, PNR) data.

The current “provisional” agreement to authorize blanket access by the DHS to PNRs for trans-Atlantic flights was executed by the Council of the EU over the objections of Parliament, but the changes in the structure of the EU brought about by the Lisbon Treaty, which entered into force in December 2009, now give the EP veto power over its continuation in force, or over any new agreement.

The transcript of the plenary session is posted only in the language in which speeches were delivered. But if the Europarl website recognizes your browser and media player, you can click the link under the thumbnail portrait of each speaker for an archived video clip with the the full choice of 23 languages — the most elaborate simultaneous translation operation in any chamber in the world — that were provided to those in attendance in the Hémicyle during the session.

The precautionary closure of most European airspace in response to the volcanic ash cloud kept some MEPs from reaching Strasbourg. As a result, voting on this and all other issues was postponed until next week, May 5-6, in Brussels.

But despite the deferral of voting, the debate was an important manifestation of the climate of opinion among the 736 directly-elected representatives of more than 500 million European citizens.

Several things were noteworthy in the plenary discussion: Read More

Apr 28 2010

New Arizona immigration law and ID demands

We’ve been getting a lot of questions about the new Arizona “immigration” law, S.B. 1070, which we mentioned earlier in this blog.

As we read the text (PDF) of the law it imposes no new requirement to show ID credentials or other evidence of identity.  On the contrary, it gives people even more reasons to invoke their right to remain silent, never voluntarily to provide any evidence (including ID credentials or other evidence of identity) that might be used against them, and never to consent to any search (including searches for ID credentials or other evidence of identity).

The portion of the new law relevant to requests or demands for ID is as follows: Read More

Apr 18 2010

DHS “update” still misstates compliance with EU agreement on PNR data

At the meeting of the LIBE (civil liberties) committee of the European Parliament on the 7th of April, a representative of the European Commission announced that the EC will shortly be releasing a report on the second closed-door EC-DHS joint review of DHS compliance with the current “agreement” on DHS access to and use of PNR data related to flights between the EU and USA.

We haven’t yet seen this report of the second joint review, although drafts of an EU report on the joint review and the DHS response to the EU draft have been posted by Statewatch. But since the first joint review in 2005, the DHS has published two reports — one in December 2008 and an update in February 2010 — on its own self-assessment and claims of compliance with the agreement, and we have studied  them carefully..

These 2008 and 2010 DHS reports are seriously misleading and contain significant legal and factual misstatements.  Their inaccuracy makes clear that DHS claims cannot be relied on without independent verification. The willingness of the DHS to publish such false claims calls into question the good faith of DHS participation in the joint review, and reinforces the need for a truly independent review including an audit of DHS actions by technical experts with access to legal process to compel full access to DHS records.

It’s not for us, as Americans, to tell European politicians what policies they should adopt. Nonetheless, as Americans who have systematically tested what happens when travellers attempt to access PNR data about themselves held by the DHS, and what happens when they attempt to complain about misuse of PNR data by the DHS, we think it is important for Europeans not to be misled about the status of DHS compliance or noncompliance with the current DHS-EU “agreement” on PNR data.

Here’s what we can say about the current situation, and about the claims in the 2008 and 2010 DHS reports regarding compliance with the agreement. Read More

Apr 07 2010

Testimony to the European Parliament on PNR data

Identity Project consultant and technical expert Edward Hasbrouck is testifying Thursday in Brussels on the proposed agreement between the European Union and the U.S. Department of Homeland Security on transfers of Passenger Name Records (PNR’s) from the European Union to the DHS, at a public hearing on “Protection of Personal Data in Transatlantic Security Cooperation: SWIFT, PNR & Co. – which way forward?”, hosted by Jan Philipp Albrecht, Member of the European Parliament. 14:00-17:00 (8-11 a.m. Eastern time, 5-8 a.m. Pacific time), European Parliament, Brussels, room ASP 1G-3 (open to the public, but prior arrangement required for access to the building).

Apr 02 2010

DHS shifting from national origin to ID-based passenger profiling

Today the DHS announced that it is partially replacing its practice of illegally profiling air travelers seeking to board flights destined to the US by national origin — the subject of our still-unanswered formal complaint — with a new scheme to illegally profile passengers individually, bsed on based on mining of commercial data in passenger name records (PNRs) obtained from airlines and other travel companies and on secret DHS dossiers about would-be passengers including their lifetime travel histories maintained in the illegal Automated Targeting System and other databases.

The consequences if you fit the secret profile would continue to include, as before, being subjected to “secondary screening” (more intrusive search and/or interrogation, with no publicly-disclosed rules governing which questions you are required to answer) or having the airline not be given “clearance” under the APIS permission system to allow you to board the flight.  (Under the APIS system already on the books, the default is “No fly” unless the airline receives an affirmative, individualized, per-passenger, per-flight “clearance to board” message from the DHS.)

The new profiles reportedly could include both individual identities and vaguer patterns of suspicion such as countries previously visited (a clear case of targeting based on activities protected by the First Amendment), association (a matching phone number in a PNR, such as from having reconfirmed flights form the name hotel as thousands of other travelers), or appearance (leaving room for continued racial and/or ethnic profiling).

The profiling and selection algorithm, the identity of the decision-makers, and the data on which they will base their determinations remain secret.  No mechanism for judicial review of these decisions, or of actions taken on the basis of them, was mentioned in the DHS press release or FAQ.

The new practice greatly increases the significance of the DHS’s decision in February of this year to exempt much of the information in PNRs, including derogatory personal information submitted by travel companies without travelers’ knowledge, from release to data subjects in response to requests under the Privacy Act. It also highlights the significance of the DHS’s routinely late, incomplete, and improper responses to requests for travel records, when they respond at all.

Some of our Privacy Act requests to the DHS for travel records are 6 months old with no response at all (a year is not unusual), while one of our appeals of an obviously incomplete and improper response has been pending for more 2 1/2 years without a decision.  Of the responses we have seen to requests for PNRs and ATS travel history records, all are obviously incomplete, and invoke inapplicable exemptions (such as invoking the broader exemptions applicable to third-part requests under FOIA in response to first-party requests under the Privacy Act, to which FOIA exemptions don’t apply).  None actually appear to have been processed under the Privacy Act, only under the more limited FOIA rules, even when the requests were explicitly made under the Privacy Act.

So far as we know, nobody has actually received the “accounting of disclosures” (access log) that the DHS is required to provide on request.  And none of the major computerized reservation systems (CRSs) to which airlines outsource hosting of their PNR databases maintains logs of access to PNRs, which would be necessary for CRSs or their airline and travel company subscribers to comply with “Safe Harbor”, European Union data protection law, and other international privacy norms.  Since CRSs keep no records, nobody knows who actually accesses PNRs.

There are also still unanswered questions as to the extraterritorial US claim of jurisdiction over actions related to boarding of foreign-flag aircraft at foreign airports, especially where international aviation treaties between the US and those countries require airlines to operate as “common carriers” and transport all passengers willing to pay the fare and comply with the rules in the published tariff.

Both Americans and foreigners — including members of the European Parliament who are currently debating whether to approve continued DHS access to European PNR data — should be outraged that the DHS is simultaneously increasing the weight given to commercial and other information in secret DHS dossiers about us, while hiding even more of that information from us, even if we specifically ask to see it.  We’ll be bringing this to their attention in meetings and testimony in Brussels and Strasbourg, and talks with European activists, over the next few weeks.