Papers, Please!

The Identity Project

Category Archives: Freedom To Travel

Dec 24 2008

DHS admits problems in disclosing travel surveillance records

On Friday, December 19th, the Privacy Office of the U.S. Department of Homeland Security released A Report Concerning Passenger Name Record Information Derived From Flights Between The U.S. and the European Union.

This is a very important report for both US and European travelers, but not for the reasons the DHS claims:

The authors of the report conclude that DHS handling of Passenger Name Record (PNR) data is in compliance with both US law (particularly the Privacy Act) and the DHS-EU agreement on USA access to, and use of, PNR data related to flights between the EU and the USA.

In fact, the report contains multiple admissions that support exactly the opposite conclusion: The DHS has complied with neither the agreement with the EU, nor US law (especially, but not only, the Privacy Act), in its use of PNR data concerning US citizens as well as Europeans and other foreigners.

The DHS has legal obligations to US citizens and residents under the Privacy Act, and commitments to travelers from the EU under the PNR agreeement, to allow individuals timely access to PNR data about them held by the DHS. According to the report:

DHS policy allows persons (including foreign nationals) to access and seek redress under the Privacy Act to raw PNR data maintained in ATS-P.

Despite this, the DHS Privacy Office has now reported that:

  1. Requests for PNR data have typically taken more than a year to answer — many times longer than the legal time limits in the Privacy Act and Freedom of Information Act: “The requests for PNR took more than one year to process.”
  2. When individuals have requested “all data” about them held by the DHS, often they have not been given any of their PNR data: “If an individual requests ‘all information held by CBP’ the FOIA specialist generally does not search ATS because PNR was not specifically requested.”
  3. Because of this, the vast majority of requesters who should have received PNR data did not: “The PNR specific requests are a small percentage of the total requests based on the statistics provided to the Privacy Office, but if ATS-P were searched in all cases in which an individual asks for ‘all information held by CBP,’ the percentage would increase more than seven [sic]”
  4. PNR data has been inconsistently censored before it was released: “The requests for PNR … were inconsistent in what information was redacted.”
  5. A large backlog from the initial requests for PNR data remains unanswered, more than a year later: “Management noted that they have been understaffed and are bringing on new staff to reduce the backlog and period of time it takes to respond to requests. Additionally, management stated that part of the delayed response was due to the large number of requests initially submitted for PNR.”

To understand the full meaning and significance of the report, let’s quickly review the history of US government use of PNR data:

Read More

Dec 18 2008

Maryland Seeks to Change License Policy on Immigration In Order to Implement REAL ID System

Maryland’s governor and transportation secretary have announced that they will seek legislation to change the state’s long-standing policy on driver’s license registration and require proof of legal residence before issuing the cards to state residents. Maryland is hoping to make this change as it begins implementing the federal REAL ID national identification system. The governor had rejected a previous proposal for a two-tier system that would have allowed the issuance of a lower-tier license to individuals unwilling to show such proof.

According to the Maryland Motor Vehicle Association’s site, REAL ID implementation means that. “Effective January 1, 2010, individuals applying for a new license will be required to show documentation to prove that they are in the United States legally.” Driver’s license applicants will have to show “Documents such as Social Security Card, U.S. Birth Certificate, U.S. Naturalization of Citizenship, Valid U.S. Passport, Valid Foreign Passport with Visa, U.S. Permanent Residency Card” or other documents to prove their legal presence in the United States.

We have previously detailed the many privacy and security problems that arise from requiring such documentation for a state driver’s license, but let’s focus on the immigration issue that Maryland is attempting to address. Read More

Dec 18 2008

DHS extends travel permission requirements for international visitors and general aviation

Continuing its “lame-duck” promulgation of rulings that will tie the hands of the new Presidential administration — or at least delay any efforts to reform DHS rules by requiring a new rulemaking process, or legislation, before they can be withdrawn — the DHS has published two new rules that will extend requirements for individualized pre-departure DHS permisison to international visitors seeking to enter the USA under the Visa Waiver Program (VWP) and to passengers and crew on international general aviation, private, non-scheduled, and non-airline flights to and from the USA:

Read More

Dec 18 2008

US-EU agreement to disagree

Over the weekend Stewart Baker of the DHS posted an entry in the DHS “Leadership Journal” blog entitled U.S. and EU Agree on Data Protection Principles.  Readers unfamiliar with the “back story” might conclude from this — as Baker and the DHS no doubt hope they will — that some sort of formal negotiations have been concluded, and that the USA and the European Union have actually worked out their differences on privacy and data protection.

Not so at all.  Many details remain unclear, as has been typical of DHS international diplomacy. All the meetings of the previous so-called “EU US High Level Contact Group on information sharing and privacy and personal data protection” occurred in secret.  But the joint statement by a new group of selected officials from US and EU executive agencies, released as an attachment to Baker’s blog post, indicates essentially the same impasse remains as existed when the “High Level Contact Group” made its final report in May 2008:

Read More

Nov 26 2008

Border Agents Begin Using “Long-Range” RFID Scanners on ID Cards

USA Today has a story on the new long-range RFID scanners reading ID cards as individuals drive toward the border.

“By the time a car stops at the Customs booth, the agent will have the photos and information of everyone in the car. If a name is on a watch list or database, the person will be taken in for questioning. The system will be “more efficient,” says Thomas Winkowski of Customs and Border Protection.”

DHS claims that the unsecured wireless transmissions will make border crossing more efficient, but why is Homeland Security choosing speed over security.

As we’ve explained before, there are numerous privacy and civil liberty problems connected with using RFID tags in identification documents. Off-the-shelf readers can easily skim the data.

Currently, the RFID-enabled ID cards only transmit a unique number to allow border agents to pull up an individual’s file. However, the Department of Homeland Security could easily add more data to the ID card, especially if the agency can convince people to use the RFID-enabled card as an “all-in-one” identification document – where you could use it when you go to the bank, grocery store, gym, school, and more. Read More

Nov 10 2008

The Obama Administration and the Right to Travel

The Obama Administration promises change, and invites suggestions for their agenda.

Since they’ve asked, here are the first things we think the new administration should do to restore our right to travel, and to address the issues of ID requirements and identity-based government surveillance and control of travel and movement.

Some of these can be accomplished with the stroke of a pen on Inauguration Day in January, through Presidential proclamations and directives to Executive staff and agencies.  Others can be ordered by the President, but will require a slightly longer process to comply with administrative notice and comment requirements for changes to (and, in many cases, withdrawal of) Federal regulations.  Others will require legislation, which we urge the Presidential transition team and members of Congress to begin drafting so they can take action early in the new Congressional session. If asked, we would be available to advise and participate in this process. Finally, Senators should question nominees for Executive appointments —especially those nominated to be the new Secretary of Homeland Security and the Administrator of the TSA – about how they will address specific, important issues from the day they take office. These questions are detailed below (and also available here in PDF format).

Executive Orders:

  1. Reaffirm Executive Order 13107 on Implementation of Human Rights Treaties, and instruct heads of agencies to ensure that it is carried out.  As part of his agenda, President-Elect Obama has promised to “strengthen civil rights enforcement,” and this should include enforcement of rights guaranteed by international human rights treaties to which the U.S. is a party.  In particular, President-Elect Obama should extend Executive Order 13107 to explicitly mandate consideration of international human rights treaties in Federal agency rulemakings that could implicate rights protected under those treaties — such as the freedom of movement guaranteed by Article 12 of the International Covenant on Civil and Political Rights (ICCPR). Read More
Oct 27 2008

Where is “Secure Flight” headed next?

Now that the TSA has released their final rule for the Secure Flight program, which would extend DHS control and surveillance of airline passengers to domestic flights, what happens next (after the final rule is published in the Federal Register, which normally happens within a week or so)?

Under the laws appropriating the funds for TSA and DHS operations, the next step should be review by the Government Accountability Office (GAO).  Section 522 of the Homeland Security Appropriations Act 2005 provides:

None of the funds provided by this or previous appropriations Acts may be obligated for deployment or implementation, on other than a test basis, of the Computer Assisted Passenger Prescreening System (CAPPS II) or Secure Flight or other follow on/successor programs, that the Transportation Security Administration (TSA), or any other Department of Homeland Security component, plans to utilize to screen aviation passengers, until the Government Accountability Office has reported to the Committees on Appropriations of the Senate and the House of Representatives that: [10 specified criteria have been met]. Read More

Oct 23 2008

Radio hour today on “Secure Flight”

Edward Hasbrouck of the Identity Project will be on the Katherine Albrecht Show today from 5-6 p.m. Eastern Time (2-3 p.m. Pacific time), talking about Secure Flight. The Katherine Albrecht Show is syndicated nationally on the Genesis Communications Network. You can also listen to the show live online, and we’ll be taking listener questions on the air. If you missed the live broadcast, the archive of this hour of the show is available here as a downloadable mp3 podcast.

Oct 22 2008

Large Aircraft Security Program and “Watch-List Service Providers”

Even before the Secure Flight proposal goes into effect (and before there is any experience of whether it can be implemented or how it will work), the TSA is proposing to extend its air travel control and surveillance principles from passenger airlines to general aviation and all-cargo flights.

On October 9, 2008, the TSA issued a press release and a Notice of Proposed Rulemaking (NPRM) for a so-called “Large Aircraft Security Program” (LASP) for unscheduled and noncommerical flights.  LASP is explicitly modeled on Secure Flight, but with an additional twist: Instead of being required to submit personal information about each passenger to, and receive permisison from, the TSA, operators of “large” general aviation and cargo aircraft will be required to submit this data to, and get permisison from, a new class of private commercial data aggregation companies: “Watch-List Service Providers”.

Read More

Oct 22 2008

TSA won’t give up on “Secure Flight” travel permission and surveillance scheme

The DHS and TSA announced their final rule for the Secure Flight program for the control and surveillance of airline passengers during a photo op today at Reagan National Airport.

We aren’t among the journalists to whom the TSA’s anonymous spin doctors chose to leak their plans.  We’ll have more comments after we have reviewed the complete 195-page regulatory notice in more detail.

But our first reading of the “final rule” released today, as well as recent TSA and DHS comments about Secure Flight, including their press release today and testimony at a Congressional hearing we attended last month, suggest that their plans remain essentially unchanged from the Secure Flight proposal announced last year, and which we urged the TSA to withdraw as illegal in our testimony at the TSA’s public hearing and our more detailed written comments.

The DHS’s current spin on why we should love Big Brother and welcome Secure Flight is that it would reduce the number of people who are improperly prevented from flying or improperly subjected to more intrusive “secondary” search and/or interrogation, by “transferring watchlist matching from the airlines to the government”.

But the solution to the problems with “watchlists” is not to tighten their enforcement, but to replace secret administrative “no-fly” and “selectee” determinations with judicial determinations of dangerousness, made by judges in response to government motions for injunctions or restraining orders, and presentation of evidence sufficient to show that they pose a danger to aviation so great as to warrant restriction of their Constitutional and human rights to freedom of travel, assembly, and movement.  We don’t need to establish a new system of (secret) administrative pseudo-justice.  That’s what the courts are for, and they already have an established system of due process and review, including procedures for dealing safely with classified evidence related to national security. Read More