This week Travelport — the holding company that owns two of the big four Computerized Reservation Systems (CRSs) or Global Distribution Systems (GDSs) — announced that it has “certified” that it complies with “Safe Harbor” privacy and data protection principles for companies that want to be eligible to receive transfers to the US of personal data collected in the EU or Switzerland.
As travel industry technology news site Tnooz reports, quoting Identity Project consultant Edward Hasbrouck:
Travelport’s headline on its press release about the issue, “Travelport is First GDS Provider to be Safe Harbor Certified,’ may be true, but can easily be misconstrued because Safe Harbor is a self-certification process.
Privacy expert Edward Hasbrouck, who has written extensively about the issue, notes that what Travelport’s Safe Harbor designation “means is that Travelport has made a formal claim … that Travelport complies with certain Safe Harbor principles. That claim has not been vetted, audited or verified by anyone.”…
After two months, we’ve gotten an initial round of non-responses from the DHS and TSA to our complaint that their procedures for subjecting holders of certain passports to more intrusive search and/or interrogation as a condition of domestic common-carrier air travel violate published TSA civil rights policies, Federal laws, Constitutional rights, and rights guaranteed by international human rights treaties.
The Director of the TSA’s Office of Civil Rights and Liberties refers vaguely and inaccurately to “our letter expressing concerns about recent press reports” (in fact, our letter said nothing about any press reports), but makes no mention of our complaint that specific TSA practices and procedures are illegal, or what if anything any TSA or DHS compliance, oversight, or enforcement office intends to do about it.
The closest they come to engaging with the basis of our complaint is a sentence only a lawyer could love: “Please note that a passport-issuing country is not coextensive with a person’s national origin.” It remains to be seen what they think is better evidence of national origin than a passport. Will they issue yet another new travel credential by which someone with a Pakistani passport can establish, for example, that their nation of “origin” is India, and thus that they are not “from” a “country of interest”? Or vice versa? What are they thinking?
They also completely ignore our mention of international treaties, which are likely to become a growing issue not just for the DHS and TSA but for their counterparts imposing similar restrictions on freedom of movement in other countries, such as mandatory submission to virtual strip searches.
We’ve sent the TSA and DHS a follow-up letter reminding them that we still expect, and are entitled to, a response.
Meanwhile, the DHS has announced similar procedures for more intrusive search and perhaps interrogation of travelers “coming from” a larger list of “countries of interest”. It’s unclear — since of course the procedures aren’t enforceable rules and are being kept secret, whether “coming from” means having flown directly from, having visited earlier on the same trip, having visited within a specified time period (the life of the current passport?), having ever in one’s life visited, or carrying a passport issued by any of these countries. These new procedures have prompted a more recent joint complaint similar to ours from a broad coalition of civil rights organizations, as well as separate complaints from some of these groups.
It’s an extremely valuable work of research and reporting, worth reading on its own right and for the comparisons with border controls and infringements to travelers’ rights in the USA.
One thing that stands out clearly in the report is the extent to which these infringements of Canadian travelers’ rights — even those traveling entirely within Canada, or between Canada and countries other than the USA — result from cross-border pressure by the US government, the enforcement by Canadian authorities and airlines of directives from the USA, and the adoption by the Canadian government and travel companies of systems modeled on those of the USA.
There’s an important lesson in the cases studies in the report and on the project website for Canadians and citizens of other countries: This is where your civil liberties end up when you allow the dicta of “homeland security” for the USA to override your own national principles and international commitments to human rights.
Let us all learn from this example not to make the new travel surveillance and control norms of the USA the new norms of the world.
Today the European Parliament voted 378 to 196 to reject an “agreement” negotiated between the Council of the European Union and the US Department of Homeland Security which would have created a new extrajudicial basis for the DHS to obtain records of bank transfers and payments made via the Society for Worldwide Interbank Financial Telecommunication (SWIFT).
Understanding today’s EP vote and its significance requires first an explanation of the EU decision-making process for US readers, and then an explanation of some of the parallels between SWIFT and US-based Computerized Reservation Systems (CRSs):
With some British airports introducing “No scan, No fly” policies, we’ve been seeing renewed questions about what you can do if a government agency or agent, airline, or private third party won’t let you into or through an airport or onto a flight on a common carrier.
A would-be traveler holding a valid ticket and complying with the conditions of the airline’s published tariff, but denied passage by the airline, could bring a civil lawsuit for breach of contract, and possibly seek enforcement action against the airline for failing to comply with its obligation (under the terms of its tariff, operating license, applicable national laws, and the treaties pursuant to which it is authorized to operate international flights) to operate as a “common carrier” and transport all would-be passengers complying with its tariff.
Government action to deny passage to such a person for refusal to “consent’ to a virtual strip-search would violate Article 12 of the International Covenant on Civil and Political Rights, which as interpreted (pursuant to the treaty itself) by the U.N. Human Rights Committee, allows only such administrative rules that burden free movement as can be shown to be “necessary” for national security (i.e. actually effective, and more effective than any less restrictive alternative). The fact that a rule is intended to protect national security is, quite properly and explicitly, not sufficient, since most such rules restrictive of human rights (old South African passbook laws, etc.) have been justified on grounds of national security and counter-terrorism.
The UK and the USA have both signed and ratified the ICCPR, the US with explicit reservations that it is not “self effectuating”. That make it difficult to raise in a US court unless and until Congress passes a law creating a Federal civil cause of action, with a right of private action, against violators of the ICCPR. (This should be high on the agenda of any US administration desirous of showing that the US holds itself accountable to international human rights law). We don’t know whether there is any history of cases brought under the ICCPR in UK courts. If any is familiar with UK case law or precedent for invocation of the ICCPR, please tell us about it in a comment.
In addition, Optional Protocol #1 to the ICCPR creates a private right for any individual to bring a complaint to the U.N. Human Rights Committee against any state that is a party to the Optional Protocol.
Unfortunately, neither the USA nor the UK are among those that has ratified Optional Protocol #1 to the ICCPR. Thirty-five nations have ratified that protocol, however, and anyone denied passage by agencies or agents or state action of any of those governments (including inter alia Mexico, Australia, New Zealand, and most European Union members other than the UK) could bring such a complaint to the U.N. That remedy would seem to be available for denial of passage on the basis of any rule that doesn’t meet the test of necessity, including not just mandatory submission to body scanners but also extra-judicial no-fly orders or inability to present government-issued credentials.
[Update: the U.K. Department of Transport Interim Code of Practice for the Acceptable Use of Advanced Imaging Technology (Body Scanners) in an Aviation Security Environment contains an explicit, “No Scan, No Fly” provision: “All passengers selected for screening by a body scanner must be scanned. If a passenger declines to be scanned that passenger must be refused access to the Restricted Zone, with the result that the passenger will not be able to fly. Information should be adequate, clear and provided ideally before ticket purchase.” Since some people have already purchased tickets for travel as much as a year in the future, that would require at least a year’s delay, after notice begins to be provided by every one of the hundreds of thousands of travel agencies around the world. More importantly, the new “Code of Practice for Body Scanners” appears to violate U.K. obligations under the ICCPR as well as potentially those respecting “common carriers” under international aviation treaties.]
The Obama Administration announced their fiscal year 2010 budget proposal today. Under the administration’s proposal for DHS appropriations, the TSA’s annual budget would increase by more than a billion dollars from 2009 to 2011, with most of that going toward the purchase of “up to 1,000” new virtual strip-search (“Whole Body Imaging” or, in the latest euphemistic language of the budget, “Advanced Imaging Technology”) machines.
Up to a point, it was possible to argue that the TSA was still being operated on auto-pilot by holdovers from the previous administration — as indeed it still is. But the President has had plenty of time in the year since his inauguration to clean house, to put someone new in charge, or simply to give the legacy administrators new marching orders (for which we gave his transition team an explicit itemized blueprint to bring the TSA within the rule of law).
The President’s budget makes clear his deliberate choice to identify his Administration with, and to perpetuate and expand, the TSA’s culture of disregard for civil liberties, human rights, or judicial accountability. It also makes clear the need for Americans who oppose that march toward the abyss to let their members of Congress and the Senate know how they feel about being inspected by virtual voyeurs who themselves are protected from public view in a private back room, and then being groped, if they are wearing a sanitary napkin or a padded bra or anything else underneath their clothes, every time they want to exercise their right to move about the country.
The trial originally scheduled for this Friday of Phil Mocek, who was arrested by local police at a TSA checkpoint in the Albuquerque airport in November, has been postponed at least until early May. But that only happened after he retained retained private defense counsel, at considerable personal expense. You can help out by making a donation to his defense fund.
Mocek has made no comment, on the advice of his attorney. But from news reports, it appears that he was arrested in retaliation for trying to exercise his right to travel without showing tangible evidence of his identity, and or for recording and/or photographing the TSA’s response to his assertion of his rights. Since everything he did was entirely within his rights, and the TSA agents have no authority to make arrests, they followed their de facto standard operating procedures by calling in the local police and getting them to trump up an array of false and/or unconstitutional charges under local and state law: criminal trespass (Albuquerque Code of Ordinances§ 12-2-3), resisting, obstructing or refusing to obey a lawful order of an officer (§ 12-2-19), concealing identity with intent to obstruct, intimidate, hinder or interrupt (§ 12-2-16), and disorderly conduct (NMSA § 30-2-1). [Note: It appears that direct links to sections of the Albuquerque Code of Ordinances will work only after you click on the Albuquerque Code of Ordinances link and then on either “frames” or “no frames”, to set the required cookies in your Web browser.] The “trespass” charge seems particularly problematic in light of the fact that the airport is publicly owned and that Mocek was attempting to exercise his right to travel by common carrier, a right not only guaranteed by Federal law but protected by explicit Federal statutory preemption against any local or state interference.
Nothing we’ve learned has suggested that any of these charges are supported by the facts, or are other than retaliation. So we’re disturbed that the prosecutor hasn’t dropped the charges yet, even though a review of the evidence and the case should have made clear that these charges were unfounded. We hope the district attorney will come to their senses and drop the charges.
[For the status of the case, go to the county court website, complete the “captcha”, and enter “2573709” in the “criminal case number” field. Documents obtained by Mr. Mocek in response to his requests under New Mexico’s public records laws, including police reports and audio recordings, have been posted here. For further updates, see the ongoing discussion in the travel “security” forum at Flyertalk.com.]
Already this week the TSA was caught in a lie about what it likes to call whole body imaging (virtual strip search) machines, when the Electronic Privacy Information Center (EPIC) obtained documents showing that, despite TSA claims that “this state-of-the-art technology cannot store, print, transmit or save the image,” the TSA actually requires all of these capabilities — image storage, printing, and transmission — as part of the contract specifications for the body scanners.
But the TSA can’t seem to keep their nose from growing: the post in their official propaganda blog responding to EPIC’s analysis of TSA documents contains even more lies about what they see when they look under your clothes with these machines.
According to the TSA blog, “Below, you will see accurate examples of what our officers see while using advanced imaging technology. Anything else you see is inaccurate.”
Above, we’ve linked directly to the images on the TSA website, exactly as sized and posted by them.
In fact, it’s the images posted by the TSA that are inaccurate and misleading. The actual images seen by the people in the back room (they watch you through your clothes, but you can’t watch them) are: (1) full-screen, not thumbnail-sized like those the TSA posted in their blog, (2) higher-resolution than those on the TSA blog, and (3) capable of being zoomed even larger, on the actual TSA displays, using the magnifying-glass tool in the lower right corner of the TSA-provided thumbnails.
Accurate images are visible in the video below (although even if you click through to the full-screen version the video doesn’t have as high resolution as the displays used by the TSA, especially when they zoom in on areas of the body that attract their interest):
Note also that the video clearly demonstrates that the TSA policy for pat-down searches to be performed by a person of the same gender won’t be applied to the virtual strip-searchers.
The TSA website says that, “Multiple signs informing passengers about the technology, including sample images, are displayed in plain sight at the security checkpoints, in front of the advanced imaging units.” When the signs are displayed, however, the “sample images” — like the ones above from the TSA website — are only a small fraction of the size and resolution of those the scanner operator sees.
EPIC has now filed another FOIA lawsuit against the TSA for failing to disclose what the images look like. Notably, the EPIC complaint filed in court today confirms that our experience with the ongoing TSA FOIA black hole wasn’t an isolated incident. EPIC’s request for expedited FOIA processing was made on July 2, 2009 — more than six months ago — and referred to the TSA by the DHS on July 16, 2009. On July 31, 2009, EPIC filed an administrative appeal of the constructive denial of its request. An expedited request should have been acted on within 10 days, and an appeal within twenty days. But to date, according to the complaint, the TSA has made no response whatsoever to either the request or the appeal. In our experience, this is typical of the TSA’S complete contempt for the FOIA law.
We aren’t reassured by the TSA’s further claim in the same blog post that, “These machines are not networked, so they cannot be hacked.” Apparently they’ve never heard of an inside job, or anyone hacking a computer from the keyboard. (Security hint to the TSA: The keyboard is the easy way, compared to having to carry out an attack over a network.) That just reconfirms that the TSA’s threat model is grossly deficient and that they aren’t really even trying to rein in the temptations (can you say, “naked celebrity pix”?) that the virtual strip-searchers inevitably will face.
Finally, the TSA is still saying that “Use of advanced imaging technology is optional to all passengers.” What they don’t say is that your other “option” will be to submit to a full manual pat-down, regardless of whether you would have set off the metal detector. So if the alternative to a virtual strip-search is a non-virtual strip search, can someone explain to us how that’s a “choice” that should make us more willing to submit to either option?
If we have to be exposed to the TSA, maybe we should just expose ourselves when we get to the airport.
P.S. We forgot to mention the TSA’s claim that no 8-year-old is on the no-fly list, debunked today in the New York Times. Maybe 8-year-old Mikey Hicks isn’t on a watch list, but his name is, and the effect is the same: He can’t fly without getting the 3rd degree. What did that entail? We can’t show you. The TSA demands the right to look (and feel) under your clothes, but they wouldn’t let Mikey’s mother take pictures of how he was frisked.
Don’t like being stripped naked by “whole body imaging” machines or “body scanners”, and then groped to determine whether what they see under your underwear is a padded bra, a mastectomy prosthesis, a menstrual pad, an adult diaper, … or plastic explosives? You could sign this petition … and/or you could organize your own “fleshmob” like this one (video) at Tegel Airport in Berlin. (More links including videos of similar fleshmobs at other airports here.)
We invite you to compare what’s exposed by the Pirate Party fleshmob video with what’s exposed to the TSA agents in the little room hidden behind the strip-search machines in the video below:
