Papers, Please!

The Identity Project

Category Archives: Freedom To Travel

Oct 27 2008

Where is “Secure Flight” headed next?

Now that the TSA has released their final rule for the Secure Flight program, which would extend DHS control and surveillance of airline passengers to domestic flights, what happens next (after the final rule is published in the Federal Register, which normally happens within a week or so)?

Under the laws appropriating the funds for TSA and DHS operations, the next step should be review by the Government Accountability Office (GAO).  Section 522 of the Homeland Security Appropriations Act 2005 provides:

None of the funds provided by this or previous appropriations Acts may be obligated for deployment or implementation, on other than a test basis, of the Computer Assisted Passenger Prescreening System (CAPPS II) or Secure Flight or other follow on/successor programs, that the Transportation Security Administration (TSA), or any other Department of Homeland Security component, plans to utilize to screen aviation passengers, until the Government Accountability Office has reported to the Committees on Appropriations of the Senate and the House of Representatives that: [10 specified criteria have been met]. Read More

Oct 23 2008

Radio hour today on “Secure Flight”

Edward Hasbrouck of the Identity Project will be on the Katherine Albrecht Show today from 5-6 p.m. Eastern Time (2-3 p.m. Pacific time), talking about Secure Flight. The Katherine Albrecht Show is syndicated nationally on the Genesis Communications Network. You can also listen to the show live online, and we’ll be taking listener questions on the air. If you missed the live broadcast, the archive of this hour of the show is available here as a downloadable mp3 podcast.

Oct 22 2008

Large Aircraft Security Program and “Watch-List Service Providers”

Even before the Secure Flight proposal goes into effect (and before there is any experience of whether it can be implemented or how it will work), the TSA is proposing to extend its air travel control and surveillance principles from passenger airlines to general aviation and all-cargo flights.

On October 9, 2008, the TSA issued a press release and a Notice of Proposed Rulemaking (NPRM) for a so-called “Large Aircraft Security Program” (LASP) for unscheduled and noncommerical flights.  LASP is explicitly modeled on Secure Flight, but with an additional twist: Instead of being required to submit personal information about each passenger to, and receive permisison from, the TSA, operators of “large” general aviation and cargo aircraft will be required to submit this data to, and get permisison from, a new class of private commercial data aggregation companies: “Watch-List Service Providers”.

Read More

Oct 22 2008

TSA won’t give up on “Secure Flight” travel permission and surveillance scheme

The DHS and TSA announced their final rule for the Secure Flight program for the control and surveillance of airline passengers during a photo op today at Reagan National Airport.

We aren’t among the journalists to whom the TSA’s anonymous spin doctors chose to leak their plans.  We’ll have more comments after we have reviewed the complete 195-page regulatory notice in more detail.

But our first reading of the “final rule” released today, as well as recent TSA and DHS comments about Secure Flight, including their press release today and testimony at a Congressional hearing we attended last month, suggest that their plans remain essentially unchanged from the Secure Flight proposal announced last year, and which we urged the TSA to withdraw as illegal in our testimony at the TSA’s public hearing and our more detailed written comments.

The DHS’s current spin on why we should love Big Brother and welcome Secure Flight is that it would reduce the number of people who are improperly prevented from flying or improperly subjected to more intrusive “secondary” search and/or interrogation, by “transferring watchlist matching from the airlines to the government”.

But the solution to the problems with “watchlists” is not to tighten their enforcement, but to replace secret administrative “no-fly” and “selectee” determinations with judicial determinations of dangerousness, made by judges in response to government motions for injunctions or restraining orders, and presentation of evidence sufficient to show that they pose a danger to aviation so great as to warrant restriction of their Constitutional and human rights to freedom of travel, assembly, and movement.  We don’t need to establish a new system of (secret) administrative pseudo-justice.  That’s what the courts are for, and they already have an established system of due process and review, including procedures for dealing safely with classified evidence related to national security. Read More

Oct 21 2008

TSA Expands Electronic Boarding Pass Scanning Program

The Transportation Security Administration is expanding its electronic boarding pass pilot program. This system will make it easier for TSA to be able to gather and track individual travel data. The program began in Houston in December 2007 and added more airports in April. Here’s how the program works, according to TSA:

The electronic boarding pass contains a two-dimensional (2-D) barcode encrypted with specific passenger information, such as the traveler’s name and flight information.

At the checkpoint, passengers present their cell phones or PDA to a TSA travel document checking officer. The officer will scan the encrypted barcode using a handheld device to verify its authenticity. Passengers will still be required to show photo identification so officers can validate that the name on the boarding pass matches the name on the ID.

In fact, why doesn’t TSA take this to the next step? If the agency already knows who has a boarding pass from data sent by the airlines (to verify the pass’s authenticity), then why doesn’t TSA just tell travelers to use our ID cards as our boarding passes? “Save a tree — show your ID.”

TSA is already planning on using the boarding pass scanners nationwide to collect data. “Once the hand-held scanners are deployed nationwide, TSA will also use this technology to track wait times using standardized automated data collected at checkpoints. This development is expected to happen within about a year,” says TSA. Read More

Oct 09 2008

Transportation Security Administration Likely to Relax Restrictions on Liquids Next Year

The head of the Transportation Security Administration, Kip Hawley, says that the agency will likely relax its restrictions on liquids on commercial flights next year, the Wall Street Journal reports. The rules were put in place after an alleged plot to bring “a liquid bomb” onto planes heading to the US from the UK.

In a post on TSA’s blog, Hawley said that TSA believes, “widespread deployment of new multi-view x-ray systems with an enhanced algorithm that detects specific liquids remains about a year away. But the multi-view x-ray itself is a significant improvement over the standard x-ray that’s been at the checkpoint since its inception in the 1970s.” Once the technology is ready, Hawley says that the agency will be more flexible toward liquids brought on by air travelers.

Security expert Bruce Schneier, among others, has questioned the efficacy of these restrictions on liquid and TSA security procedures generally. In a recent column, Schneier explained the security holes in TSA’s restrictions. Read More

Sep 23 2008

How to Circumvent the Watch Lists: Change Your Name

The CBC has an interesting story that exemplifies a significant problem with the watch lists: It is very easy to get around the lists.

Mario Labbé, an executive with a Montreal-based record company, says his Canadian passport triggers a red alert on the computers of U.S. customs agents every time he tries to board a flight to the U.S. —
which is about once a month for the past seven years. […]

Although Labbé wrote letters to the U.S. department, his efforts were in vain, prompting him to legally change his name.

“So now, my official name is François Mario Labbé,” he said.

“Then you have to change everything: driver’s license, social insurance, medicare, credit card — everything.”

Although it’s not a big change from Mario Labbé, he said it’s been enough to foil the U.S. customs computers.

In the US, there have been other examples of innocent people trying to work around the terrorist watch lists. For example, eight-year-old James Robinson has had numerous problems because he is continuing mismatch to the watch lists. His family has had to make changes in order to get eight-year-old James on to flights.

According to CNN, “Denise Robinson says she tells the skycaps her son is on the list, tips heavily and is given boarding passes. And booking her son as “J. Pierce Robinson” also has let the family bypass the watch list hassle.

The ease with which someone can circumvent the watch lists illustrates the utter futility of identity-based security programs as a whole. Rather than waste time and money, and needlessly sacrifice liberty in the process of conducting this security theater, TSA should concentrate more on its job of preventing weapons and explosives from getting on planes.

Sep 15 2008

Government Claims Secure Flight Will Save Us From Watchlist Horrors

Once launched, passenger prescreening program Secure Flight will solve the problems of mismatching innocent individuals to the terrorist watchlists, according to government witnesses at a hearing of the House Homeland Security Committee’s Subcommittee on Transportation Security and Infrastructure Protection.

Officials from the Department of Homeland Security said that Secretary Chertoff has approved Secure Flight. DHS is awaiting approval from the Government Accountability Office before it can implement the passenger prescreening program. The GAO’s review will not be completed until December 10, according to the GAO’s Cathleen Berrick. Currently, the GAO is awaiting DHS estimates for costs and timelines of implementation.

“According to TSA officials, the “initial cutover” or assumption of the watch-list matching function from one or more air carriers for domestic flights is scheduled to begin in January 2009. However, as of July 2008, TSA had not developed detailed plans or time frames for assuming watch-list matching from all air carriers for domestic flights,” Berrick said (pdf).

TSA’s Kip Hawley said Secure Flight will cost the government about $1 billion to implement over 10 years, but he did not have an estimate for how much it will cost the airline industry. However, Berrick said that these numbers were not applicable for the latest iteration of Secure Flight.

In a statement (pdf) submitted for the hearing record, The Identity Project urged the Committee “to scrutinize closely the watchlists, their uses, and the processes of and reasons for the addition of names.” The Identity Project detailed the many problems associated with the watchlists. For example, “a nun, Senator Ted Kennedy, and former presidential candidate John Anderson have all been wrongly deemed suspects. Several innocent individuals have filed lawsuits in order try to stop the harassment they received when they attempt to fly commercially, including a licensed commercial pilot.” Read More

Aug 25 2008

DHS plays a “shell game” with border crossing records

Today we filed comments with the Department of Homeland Security objecting to a newly-defined DHS “system of records” containing logs of everyone who crosses U.S. borders, including those who cross by car or on foot.  “Border Crossing Information” (BCI) about innocent U.S. citizens not suspected of any crime would be kept for 15 years, while records on foreign vistors would be kept for 75 years.

DHS has, apparently, told the press that they didn’t start keeping records of land border crossings by innocent U.S. citizens until 2008.  According to a story last week in the Washington Post,

Customs and Border Protection agents only this year began to log the arrivals of all U.S. citizens across land borders.

But we know that’s not true, because we’ve seen copies — provided by CBP itself in response to individual requests for records from its Automated Targeting System (ATS) — of records of routine land border crossings by innocent U.S. citizens at least as far back as 2006.

The DHS previously considered the logs now being labeled “BCI” to be part of the ATS system of records. We’ve objected to ATS as illegal, and demanded that these dossiers be destroyed. According to our comments on BCI:

The data now being relabeled as BCI is part of the same data that was previously labeled as ATS. The collection and retention of this data was and is illegal….  Changes to the name of the system of records containing this data neither make it legal nor address our prior comments regarding its illegality. As when such data was considered a part of ATS, collection and retention of travel history data in BCI is prohibited by 5 U.S.C. 552a(e)(7). This section of the Privacy Act restricts the collection or retention of records of the exercise of rights protected by the First Amendment….  Rather than trying again, as they did with the ATS SORN, to provide retroactive notice and yet more new excuses for this illegal travel surveillance dragnet and system of “historical” travel records about the activities of innocent Americans, DHS should entirely expunge these illegal records of lawful activities protected by the First Amendment and international human rights treaties.

Why has the DHS created this new BCI label for portions of its files of travel histories?  The DHS claims they are “providing additional transparency”.  But as we point out in our comments, it’s really a “shell game” that willl do more to hide these records than to faciliate transparency:

Under the Privacy Act, “transparency” is provided by the right to obtain records about oneself. This SORN will make it more difficult to exercise that right, since to obtain the records of their travels held by DHS an individual will now need to request records from even more systems of records: at a minimum, TECS, ATS, APIS, and now also BCI. Given the absence of a clear separation or well-defined distinctions between these “systems” within DHS – as is made clear by the succession of redefined SORNs which DHS claims cover the “same” records — greater transparency would be provided by recognizing that these are all parts of a single system of “Travel Records”, and allowing individuals to obtain all such records held by all DHS components with a single request.

We’ll be revising our templates for requests for travel records, and posting new versions you can use to request your records from as many DHS “systems of records” about travelers as we know about (ATS, APIS, BCI, and TECS).

We’ll keep trying — through helping individuals request their records — to find out exactly what information ATS and these other systems of travel records contain.  The only way anyone can really know what’s in the government’s files about them is to exercise their right to review those files.  But as we say in our comments on BCI:

That right, and the transparency it should provide, are meaningless unless DHS actually responds to requests for access. Rather than issuing new SORNs that complicate the task of obtaining DHS records, the DHS Privacy Office should concentrate on processing the backlog of requests that has accumulated since the public learned of the existence of these travel records through news reports about ATS. The Identity Project has received numerous reports from individuals who have been waiting months without any response to their Privacy Act requests and appeals for ATS records (portions of which would, under this SORN, be recategorized as BCI records). One of our own appeals of the failure to provide requested ATS records has gone almost a year without any acknowledgment, assignment of a docket number, or reply.

The names of the systems of records have changed, but the crimes of the DHS in maintaining these travel histories remain the same.  We haven’t given up on our requests, and we’ll keep you posted on what we find out.

Aug 20 2008

Person on No-Fly List to have her case heard by a District Court

The 9th Circuit ruled yesterday that individuals who finds themselves on a government no-fly or watch list can have their case against the Terrorist Screening Center (TSC), the governmental agency responsible for putting them on the list, heard by a federal District Court. While the Transportation Security Agency (TSA) compels airlines to match their flight manifests against the list in their search for “bad people,” it is the TSC (a joint venture among the FBI, CIA, and departments of State and Homeland Security) that actually compiles the lists. This is the first time any court will hear such a case.

Monday’s ruling involves Rahinah Ibrahim, a Stanford doctoral student in architecture who was stopped at a United Airlines counter in San Francisco in January 2005 when an employee spotted her name on the no-fly list. A phone call was fielded by a private contractor who instructed that she be arrested. She was handcuffed in front of her 14-year-old daughter, held in custody for two hours and then released by orders of the FBI.

Ibrahim’s lawsuit against the TSA, claiming violations of her constitutional rights, is in the D.C. Circuit Court of Appeals due to jurisdictional and venue rules applicable for challenges to TSA orders. Her lawsuit against the TSC for putting her on the list, the government contractor for ordering her arrest, and the SFPD for arresting her, now can go forward in the District Court in San Francisco.

Click here for more information on earlier proceedings in the Ibrahim case.