Papers, Please!

The Identity Project

Category Archives: Freedom To Travel

May 16 2009

Air France passenger data and “no-fly” orders

Follow-up reports have provided more details but also raised more questions about the incident last month in which the US government refused to allow an Air France flight en route from Paris to Mexico City to follow its normal route through US airspace, because the passengers included a journalist on the US “no-fly” list.  The orders from the US authorities, coming while the plane was already in flight, resulted in a lengthy detour to avoid overflying US territory, and an unscheduled refueling stop in Martinique.  (Air France’s Paris-Mexico flights used to stop in Houston, but these days they are scheduled to operate nonstop, in significant part to spare through passengers the need for US transit visas and US-VISIT processing including fingerprinting and photgraphing, now required even for foreign passengers merely transiting a US airport.)

As with previous incidents of blacklisted passengers and delayed, diverted, or canceled flights, this episode should be a reminder that the problems with the “no-fly” list are not limited to mistaken for other people on the watchlist.  The problem, in this case, is that one of the passengers actually was on the list of people administratively banned from the US, without any way of knowing why, confronting his accusers or the evidence (if any) against him,  or obtaining judicial review of their decision to deny him the right of passage by common carrier through US airspace (a right guaranteed by international treaties to which the US is a party).

Also at issue has been how, when, and through what intermediaries or data pathways US authorities learned who was on the plane, espcially since it wasn’t scheduled to touch US soil. Read More

May 14 2009

California DMV plans crackdown on “look-alikes”

Has anyone ever looked at your face and mistaken you for someone else?

If so, and if you live in California, you could be a victim of a proposal by the California Department of Motor Vehicles which is now under consideration in the state legislature.

At a hearing yesterday (May 13, 2009) before the Assembly Budget Subcommittee No. 5 on Information Technology/Transportation, the Director and Chief Information Officer of the DMV pleaded for more money (in spite of the desperate state budget crisis) to hire a contractor to digitize and store the photographs taken for every California drivers license or state ID, and then use “biometric” facial recognition and matching software to compare each new photo of an applicant for a license or ID with every photo in the database. (The DMV proposal next goes before the Senate Budget Subcommittee No. 2 on Resources, Environmental Protection, Energy and Transportation on Wednesday, March 20th.)

If the computer thinks your picture looks like any other picture in the database, both you and the other person whose photo the robot thinks looks like yours would be placed under suspicion of fraud, identity theft, or worse. Read More

May 14 2009

“Warden’s skills a plus for TSA chief”

Has it ever seemed like the TSA treats passengers the way prison guards treat convicts?  Here’s what the TSA thinks it takes to run their operations at the world’s busiest airport:

Warden’s skills a plus for TSA chief

Newly appointed Byrd has a background in corrections.

By Kelly Yamanouchi, The Atlanta Journal-Constitution (Thursday, May 14, 2009)

Mary Leftridge Byrd sees some similarities between her career in corrections and her new job as head of the Transportation Security Administration at the Atlanta airport….

Byrd, 60, joined the TSA last month from a position as assistant and deputy secretary at the Washington State Department of Corrections, and she is a former prison warden and superintendent in Pennsylvania and Maryland.

… The TSA has about 900 security officers in Atlanta.

May 03 2009

EU Council renews push for government access to PNR data

The Council of the European Union has put forward its new version of the “Proposal for a Council Framework Decision on the use of Passenger Name Record (PNR) for law enforcement purposes” originally made by the European Commission. (More background on the proposal is available from Statewatch.)

The latest Council version of the proposal is essentially the same as the original Commision proposal, with only trivial changes in repsonse to input from Council members.  Like the original version introduced by the European Commission, the new Council version of the PNR proposal would require each member state to establish a new surveillance agency (a government “Passenger Information Unit” or PIU), and would require each airline operating flights to, from, or within the EU to make PNR data available to the PIU of each origin or destination state.

The Council appears to have entirely ignored the criticisms raised by the European Parliament in its consideration of the PNR proposal, as detailed in its most recent November 2008 resolution withholding Europarl approval. As the Europarl rapporteur said in the plenary session preceeding the vote:

I think the European Parliament is a serious partner, fully available to give input in this process. However, we will only issue a formal position once there are full, satisfactory and detailed answers to all the concerns and objections that were raised on several occasions by the European Parliament, the European Data Protection Supervisor, the national data protection authorities, the fundamental rights agencies and the airlines, because I think they are entitled to a real answer.

The latest Europarl vote in favor of this resolution (and against approval of the PNR proposal) was overwhelming: 512 to 5, with 19 abstentions.  Under the “codecision” procedure, Europarl approval is required in order for the PNR proposal to be adopted.  But neither the Commission nor the Council have responded in any meaningful way to their critics, or provided any evidence that any benefit of the PNR scheme would be proportionate to the grave damage it would do to funadamental freedoms.

Europeans should encourage their MEPs to continue to demand answers before they approve any scheme with such profound implications for justice and civil liberties, and not to allow the EU to repeat the mistakes made by the U.S. in establishing PNR-based systems of travel surveillance and control.

May 01 2009

“Secure Flight” data formats added to the AIRIMP

Amendments to the ATA/IATA Reservations Interline Message Procedures – Passenger (AIRIMP) take effect today, providing the first industry standard formats that airlines, travel agencies, and computerized reservation systems (CRSs) can use to transmit the additional information about travelers and prospective travelers newly required by the TSA for its Secure Flight airline passenger “screening” (surveillance and control) system.

What does this mean about the status of Secure Flight — especially in light of the TSA press release last month that claimed to “announce … the implementation of the Secure Flight program”?  Has Secure Flight been implemented?  And if it hasn’t been yet, when will it be? Read More

Apr 20 2009

TSA claims new powers of detention, search, and interrogation

Once again as before trying to legislate by press release and blog posting, the TSA has asserted that it has the general law-enforcement authority to detain would-be airline passengers, seize their possessions, and compel them to answer questions — for reasons entirely unrelated to aviation or security, and even when it cannot articulate any probable cause for a belief that any law has been violated.

These new assertions come in response to an incident in which a passenger attempted to bring a locked metal cash box as part of their carry-on baggage on a domestic flight.  Since the box was opaque to x-rays, the TSA staff at the checkpoint at Lambert Airport in St. Louis asked the traveler to open the box so that they could check whether it contained any prohibited or dangerous items, and took him into a private room to do so.

So far, OK. Commenters in the TSA blog, including jewel dealers, point out that many types of valuables must be carried on (because they are exempt from airline liability if placed in checked baggage) and that they don’t want them inspected in public, where other people might learn what they are carrying.

In the back room, the traveler unlocked the box, and the TSA agents verified that it contained only cash (approximately $4,700), checks, and other documents.  No weapons or explosives, and nothing even arguably prohibited, dangerous, contraband, or illegal.  That should have been the end of the screening. Instead of letting the traveler go on through the checkpoint, however, the TSA then called the local police. It’s unclear if the TSA actually detained the traveler or kept custody of his cash box and its contents while waiting for the police, or if he could have left the airport (with or without his money and checks) before the police arrived, but it’s clear that they wouldn’t have allowed him to continue past the checkpoint to his flight.

Once the police arrived, the police and the TSA together informed the traveler that he was under detention and not free to leave, and interrogated the traveler about his employment, the reasons for his trip to St. Louis, the ownership and source of the money and checks (which in fact were the proceeds from a political event, which thus contained information protected by the First Amendment about acts of assembly and association by the writers of the checks), and other issues unquestionably unrelated to weapons, explosives, or aviation security.

The traveler responded to each of these questions, calmly and politely, by asking, “Am I required by law to answer that question?”  None of the TSA staff or police would answer this question, nor have they subsequently done so.  Instead, they told him that possession of cash and failing to answer their questions was “suspicious”, and threatened to keep him under detention and “take him downtown” to be questioned further by the Drug Enforcement Administration (DEA).

After about 25 minutes, and after some conversation out of his hearing between the agents and an unidentified person in plain clothes, the traveler was told he was free to go.  He made his plane, with his cash box and its contents.

We know all this because the traveler, Steve Bierfeldt, covertly recorded all but the start of the incident on his iPhone. There’s more about the incident, including interviews with Mr. Bierfeldt, in these reports from Fox News and the Washington Times.  And in case you are wondering, the incident occurred in Missouri, where the law permits any party to a converstion to record it, even without the knowledge or consent of the other party or parties.

But the worst thing isn’t what the TSA did, but what it has subsequently claimed it has the right to do, and to compel would-be travelers to do.  According to the TSA blog: Read More

Apr 20 2009

Secret Secure Flight “vetting” algorithm now in use by 4 US airlines

A TSA press release announces the “implementation” of the Secure Flight system for pre-departure “vetting” of airline passengers (i.e. deciding, according to a secret algorithm, whether to allow them to fly):

To date TSA has assumed the watch list matching responsibility for passengers on domestic commercial flights with four volunteer aircraft operators and will add more carriers in the coming months.

As quoted above, the TSA describes the process for making permission-to-travel decisions and assigning risk scores (“cleared”, “inhibited”, or “not cleared”, corresponding to the scores of “green”, “yellow”, and “red” in the previous CAPPS-II version of the proposal which eventually morphed into Secure Flight) as “watch list matching”.  But the process diagram (included as slide 8 of this presentation to potential Secure Flight contractors) makes clear that the scheme is considerably more complex than simple list matching, with many more inputs and feedback loops.

Procedures and directives for implementation of Secure Flight are contained in secret “Security Directives” issued by the TSA to airlines, secret internal TSA documents including software code, and secret “Aircraft Operator Implementation Plans” submitted by airlines and approved by the TSA.  None of these have been made public.  As a result, it is impossible for travelers or the public to know what we are required to do, under what conditions the TSA will or will not give us permission to fly, and whether any claims about “requirements” made by airlines are true or false.

Read More

Mar 21 2009

DHS releases (censored) documents on Automated Targeting System

As part of its celebration of “Sunshine Week”, The Electronic Frontier Foundation has posted more than a thousand pages of documents about the Automated Targeting System (ATS) for archiving and data-mining airline reservations to asisgn risk scores to all international travelers, released by the Department of Homeland Security over the last two years in response to Freedom of Informaiton Act requests and a FOIA lawsuit by EFF’s FOIA Litigation for Accountable Government (FLAG) project.

DHS claims still to be searching for and “processing” yet more documents responsive to the original requests, the documents that have been released are heavily redacted, and the lawsuit is ongoing.  Recently, EFF has asked the Court hearing the case to stay further proceedings while DHS decisions under the Bush Administration to withhold and redact documents at issue in the case are reviewed in light of the Obama Administration’s new instructions to Federal agencies on transparecncy and the processing of FOIA requests.

We’re still making our way through the newly-published documents for the first time, but they include extensive internal DHS discussion on how to respond to our criticisms, when the DHS first published the official notice (we’re still not exactly sure how many years after the fact) that was supposed to precede the deployment of any such system of Federal records about individuals, that the ATS was being used for a purpose specifically forbidden by Congress.  The documents also seem to confirm, even through the redactions, the lack of understanding by DHS of what information is included in the Passenger Name Records (PNRs) being sucked into government databases by the ATS dragnet, or how to interpret it.  Briefing memos prepared by operational staff for senior policy officials and public relations spokespeople refer to what PNRs “seem” to contain, and appear to be based on guesses and reverse engineering rather than on any expertise in industry standards, messaging protocols (such as the AIRIMP), or business practices.

Mar 18 2009

Air France puts digital fingerprints in RFID boarding passes

Yesterday (just in time for tomorrow’s planned strike by French air traffic controllers, which is expected to force the cancellation of many of their flights), Air France began a public beta test of what they are calling a “smartboarding” card, as depicted in this video (and third-party videos in English and another in French) and photos and as described in this press release:

This new system is a world first. With a personal card which contains the latest biometric technology (encrypted fingerprints), RFID (radio frequency identification) and thermal printing (the back of the card can be reused up to 500 times), these passengers will be able to board through a dedicated portal whenever they choose.

Developed together with Citizengate, the smartboarding® service has 4 stages:

1. In a special office at the airport (Paris-Charles de Gaulle Terminal 2F), customers can obtain their personal smartboarding® card in just a few minutes which is immediately operational. During registration, all the customer’s identity information (surname, first name, Flying Blue membership number), as well as their encrypted fingerprints is transmitted to the smart card. This registration stage is only carried out once and no files are kept by Air France. Read More

Mar 11 2009

European court invalidates secret carry-on baggage blacklist

In a judgment announced yesterday, the European Court of Justice has ruled that a secret list promulgated by the European Commission, specifying items to be prohibited from airline carry-on baggage, cannot be enforced against individual airline passengers because it was not made public:

The annex to Commission Regulation (EC) No 622/2003 of 4 April 2003 laying down measures for the implementation of the common basic standards on aviation security, as amended by Commission Regulation (EC) No 68/2004 of 15 January 2004, which was not published in the Official Journal of the European Union, has no binding force in so far as it seeks to impose obligations on individuals.

The decison means that the original plaintiff, Gottfried Heinrich, who was ordered off a plane before it departed from Vienna Airport because he had carried on an item on the secret list (to wit, a tennis racket), is now free to sue the airline and/or the airport operator in an Austrian court for damages.

Read More