Freedom To Travel – Page 57

Oct 21 2008

TSA Expands Electronic Boarding Pass Scanning Program

The Transportation Security Administration is expanding its electronic boarding pass pilot program. This system will make it easier for TSA to be able to gather and track individual travel data. The program began in Houston in December 2007 and added more airports in April. Here’s how the program works, according to TSA:

The electronic boarding pass contains a two-dimensional (2-D) barcode encrypted with specific passenger information, such as the traveler’s name and flight information.

At the checkpoint, passengers present their cell phones or PDA to a TSA travel document checking officer. The officer will scan the encrypted barcode using a handheld device to verify its authenticity. Passengers will still be required to show photo identification so officers can validate that the name on the boarding pass matches the name on the ID.

In fact, why doesn’t TSA take this to the next step? If the agency already knows who has a boarding pass from data sent by the airlines (to verify the pass’s authenticity), then why doesn’t TSA just tell travelers to use our ID cards as our boarding passes? “Save a tree — show your ID.”

TSA is already planning on using the boarding pass scanners nationwide to collect data. “Once the hand-held scanners are deployed nationwide, TSA will also use this technology to track wait times using standardized automated data collected at checkpoints. This development is expected to happen within about a year,” says TSA. Read More →

Oct 09 2008

Transportation Security Administration Likely to Relax Restrictions on Liquids Next Year

The head of the Transportation Security Administration, Kip Hawley, says that the agency will likely relax its restrictions on liquids on commercial flights next year, the Wall Street Journal reports. The rules were put in place after an alleged plot to bring “a liquid bomb” onto planes heading to the US from the UK.

In a post on TSA’s blog, Hawley said that TSA believes, “widespread deployment of new multi-view x-ray systems with an enhanced algorithm that detects specific liquids remains about a year away. But the multi-view x-ray itself is a significant improvement over the standard x-ray that’s been at the checkpoint since its inception in the 1970s.” Once the technology is ready, Hawley says that the agency will be more flexible toward liquids brought on by air travelers.

Security expert Bruce Schneier, among others, has questioned the efficacy of these restrictions on liquid and TSA security procedures generally. In a recent column, Schneier explained the security holes in TSA’s restrictions. Read More →

Sep 23 2008

How to Circumvent the Watch Lists: Change Your Name

The CBC has an interesting story that exemplifies a significant problem with the watch lists: It is very easy to get around the lists.

Mario Labbé, an executive with a Montreal-based record company, says his Canadian passport triggers a red alert on the computers of U.S. customs agents every time he tries to board a flight to the U.S. —
which is about once a month for the past seven years. […]

Although Labbé wrote letters to the U.S. department, his efforts were in vain, prompting him to legally change his name.

“So now, my official name is François Mario Labbé,” he said.

“Then you have to change everything: driver’s license, social insurance, medicare, credit card — everything.”

Although it’s not a big change from Mario Labbé, he said it’s been enough to foil the U.S. customs computers.

In the US, there have been other examples of innocent people trying to work around the terrorist watch lists. For example, eight-year-old James Robinson has had numerous problems because he is continuing mismatch to the watch lists. His family has had to make changes in order to get eight-year-old James on to flights.

According to CNN, “Denise Robinson says she tells the skycaps her son is on the list, tips heavily and is given boarding passes. And booking her son as “J. Pierce Robinson” also has let the family bypass the watch list hassle.

The ease with which someone can circumvent the watch lists illustrates the utter futility of identity-based security programs as a whole. Rather than waste time and money, and needlessly sacrifice liberty in the process of conducting this security theater, TSA should concentrate more on its job of preventing weapons and explosives from getting on planes.

Sep 15 2008

Government Claims Secure Flight Will Save Us From Watchlist Horrors

Once launched, passenger prescreening program Secure Flight will solve the problems of mismatching innocent individuals to the terrorist watchlists, according to government witnesses at a hearing of the House Homeland Security Committee’s Subcommittee on Transportation Security and Infrastructure Protection.

Officials from the Department of Homeland Security said that Secretary Chertoff has approved Secure Flight. DHS is awaiting approval from the Government Accountability Office before it can implement the passenger prescreening program. The GAO’s review will not be completed until December 10, according to the GAO’s Cathleen Berrick. Currently, the GAO is awaiting DHS estimates for costs and timelines of implementation.

“According to TSA officials, the “initial cutover” or assumption of the watch-list matching function from one or more air carriers for domestic flights is scheduled to begin in January 2009. However, as of July 2008, TSA had not developed detailed plans or time frames for assuming watch-list matching from all air carriers for domestic flights,” Berrick said (pdf).

TSA’s Kip Hawley said Secure Flight will cost the government about $1 billion to implement over 10 years, but he did not have an estimate for how much it will cost the airline industry. However, Berrick said that these numbers were not applicable for the latest iteration of Secure Flight.

In a statement (pdf) submitted for the hearing record, The Identity Project urged the Committee “to scrutinize closely the watchlists, their uses, and the processes of and reasons for the addition of names.” The Identity Project detailed the many problems associated with the watchlists. For example, “a nun, Senator Ted Kennedy, and former presidential candidate John Anderson have all been wrongly deemed suspects. Several innocent individuals have filed lawsuits in order try to stop the harassment they received when they attempt to fly commercially, including a licensed commercial pilot.” Read More →

Aug 25 2008

DHS plays a “shell game” with border crossing records

Today we filed comments with the Department of Homeland Security objecting to a newly-defined DHS “system of records” containing logs of everyone who crosses U.S. borders, including those who cross by car or on foot. “Border Crossing Information” (BCI) about innocent U.S. citizens not suspected of any crime would be kept for 15 years, while records on foreign vistors would be kept for 75 years.

DHS has, apparently, told the press that they didn’t start keeping records of land border crossings by innocent U.S. citizens until 2008. According to a story last week in the Washington Post,

Customs and Border Protection agents only this year began to log the arrivals of all U.S. citizens across land borders.

But we know that’s not true, because we’ve seen copies — provided by CBP itself in response to individual requests for records from its Automated Targeting System (ATS) — of records of routine land border crossings by innocent U.S. citizens at least as far back as 2006.

The DHS previously considered the logs now being labeled “BCI” to be part of the ATS system of records. We’ve objected to ATS as illegal, and demanded that these dossiers be destroyed. According to our comments on BCI:

The data now being relabeled as BCI is part of the same data that was previously labeled as ATS. The collection and retention of this data was and is illegal…. Changes to the name of the system of records containing this data neither make it legal nor address our prior comments regarding its illegality. As when such data was considered a part of ATS, collection and retention of travel history data in BCI is prohibited by 5 U.S.C. 552a(e)(7). This section of the Privacy Act restricts the collection or retention of records of the exercise of rights protected by the First Amendment…. Rather than trying again, as they did with the ATS SORN, to provide retroactive notice and yet more new excuses for this illegal travel surveillance dragnet and system of “historical” travel records about the activities of innocent Americans, DHS should entirely expunge these illegal records of lawful activities protected by the First Amendment and international human rights treaties.

Why has the DHS created this new BCI label for portions of its files of travel histories? The DHS claims they are “providing additional transparency”. But as we point out in our comments, it’s really a “shell game” that willl do more to hide these records than to faciliate transparency:

Under the Privacy Act, “transparency” is provided by the right to obtain records about oneself. This SORN will make it more difficult to exercise that right, since to obtain the records of their travels held by DHS an individual will now need to request records from even more systems of records: at a minimum, TECS, ATS, APIS, and now also BCI. Given the absence of a clear separation or well-defined distinctions between these “systems” within DHS – as is made clear by the succession of redefined SORNs which DHS claims cover the “same” records — greater transparency would be provided by recognizing that these are all parts of a single system of “Travel Records”, and allowing individuals to obtain all such records held by all DHS components with a single request.

We’ll be revising our templates for requests for travel records, and posting new versions you can use to request your records from as many DHS “systems of records” about travelers as we know about (ATS, APIS, BCI, and TECS).

We’ll keep trying — through helping individuals request their records — to find out exactly what information ATS and these other systems of travel records contain. The only way anyone can really know what’s in the government’s files about them is to exercise their right to review those files. But as we say in our comments on BCI:

That right, and the transparency it should provide, are meaningless unless DHS actually responds to requests for access. Rather than issuing new SORNs that complicate the task of obtaining DHS records, the DHS Privacy Office should concentrate on processing the backlog of requests that has accumulated since the public learned of the existence of these travel records through news reports about ATS. The Identity Project has received numerous reports from individuals who have been waiting months without any response to their Privacy Act requests and appeals for ATS records (portions of which would, under this SORN, be recategorized as BCI records). One of our own appeals of the failure to provide requested ATS records has gone almost a year without any acknowledgment, assignment of a docket number, or reply.

The names of the systems of records have changed, but the crimes of the DHS in maintaining these travel histories remain the same. We haven’t given up on our requests, and we’ll keep you posted on what we find out.

Aug 20 2008

Person on No-Fly List to have her case heard by a District Court

The 9th Circuit ruled yesterday that individuals who finds themselves on a government no-fly or watch list can have their case against the Terrorist Screening Center (TSC), the governmental agency responsible for putting them on the list, heard by a federal District Court. While the Transportation Security Agency (TSA) compels airlines to match their flight manifests against the list in their search for “bad people,” it is the TSC (a joint venture among the FBI, CIA, and departments of State and Homeland Security) that actually compiles the lists. This is the first time any court will hear such a case.

Monday’s ruling involves Rahinah Ibrahim, a Stanford doctoral student in architecture who was stopped at a United Airlines counter in San Francisco in January 2005 when an employee spotted her name on the no-fly list. A phone call was fielded by a private contractor who instructed that she be arrested. She was handcuffed in front of her 14-year-old daughter, held in custody for two hours and then released by orders of the FBI.

Ibrahim’s lawsuit against the TSA, claiming violations of her constitutional rights, is in the D.C. Circuit Court of Appeals due to jurisdictional and venue rules applicable for challenges to TSA orders. Her lawsuit against the TSC for putting her on the list, the government contractor for ordering her arrest, and the SFPD for arresting her, now can go forward in the District Court in San Francisco.

Click here for more information on earlier proceedings in the Ibrahim case.

Aug 14 2008

TSA threatens airlines who tell people they’re on watchlists

Let’s see. You’re hassled mercilessly by airline employees, who won’t let you check luggage, won’t let you print a boarding pass, won’t let you check in, and bring cops and airport security people to confront you when you appear to resolve the situation. But under a new plan by TSA, the airline risks a $25,000 fine if they tell you WHY they are hassling you.

USA Today reports that TSA’s upset when airlines explain the hassle by telling people they’re on a TSA watch list. TSA will not tell people when they are on such a list. TSA won’t tell people when they ARE NOT on such a list. They want the airlines to do the same — keep mum, but keep harassing the public.

TSA and the DoJ counterterrorism center twice barred a Malaysian woman from flying, ordered her arrested, kept her in custody for hours, and eventually allowed her to fly out of the US only long enough for them to permanently cancel her US visa without notice, so she could not return to Stanford to finish her PhD. The victim, Rahinah Ibrahim, sued them. Even in court, TSA refuses to confirm or deny whether she was on the watch list. Idiots!

TSA’s lists are secret, just as in all good government institutions. TSA’s regulations are secret, just as in all good government institutions. Let’s hope TSA doesn’t propose new regulations next month with $25,000 fines against web sites or the press if they tell people that secret watch lists exist and that you’re being hassled at the airport because TSA suspects you of being a terrorist without a shred of evidence.

(Of course, airlines have been known to screw up, and they love to blame government regulations when it’s their own damn fault. But despite the airlines’ eagerness to check IDs so that their customers can’t resell unused tickets, it was the government that imposed the current system of harassment, and put 400,000 to 1,000,000 alleged communists — oops, wrong bogeyman, it’s not the 50’s any more — I meant “terrorists” — on these secret blacklists.)

Aug 14 2008

TSA stops building database of ID-less travelers

USA Today reports that Lack of ID put fliers on TSA list. 16,500 people were in this database since TSA changed the secret rules for travelers in June. After being called by USA Today to comment for the story, TSA head Kip Hawley changed the rule “effective today” and pledged to remove the 16,500 names from its database of “suspicious people”.

We applaud Mr. Hawley for ceasing to keep permanent records on the id-less 1% of the population. It remains for him to stop trying to bar citizens from domestic travel based on blacklists, and to stop demanding that people submit to illegitimate government demands to “identify themselves” before moving from place to place in their own country.

Aug 08 2008

New U.S. “exit permit” scheme for visitors goes into effect

The Identity Project filed comments today with the DHS Bureau of Customs and Border Protection CBP) in opposition to the new Electronic System for Travel Authorization (ESTA) which went into effect this week. According to our comments:

The essence of the ESTA rule is to require certain foreign citizens to obtain an exit permit from the United States government before they may leave their own country, or leave other countries.

In this rulemaking, the Bureau of Customs and Border Protection (CBP) of the Department of Homeland Security (DHS) is promulgating an interim final rule imposing a new requirement that “each nonimmigrant alien intending to travel by air or sea to the United States under the Visa Waiver Program (VWP) must … prior to embarking on a carrier for travel to the United States”, (a) provide specified data elements, in specified form and manner, to the CBP, and (b) “receive a travel authorization, which is a positive determination of eligibility to travel to the United States under the VWP, via the Electronic System for Travel Authorization (ESTA), from CBP.”

Under the interim final rule, “[a]n authorization under ESTA is not a determination that the alien is admissible to the United States” and is “not a determination of visa eligibility.” It would be granted, or not granted, by the CBP, in its sole, standardless, secret, and non-reviewable “discretion.” It would be required as a pre-condition for foreign citizens to “embark” from foreign countries if the CBP believes that they intend to apply (at some later time ) for admission to the U.S. under the VWP.

The Identity Project submits these comments because this CBP regulatory requirement that foreign citizens obtain permission from the U.S. in order to leave their own country, or a third country, (1) exceeds the statutory authority of the CBP; (2) exceeds the jurisdiction of the CBP; (3) is contrary to the obligations of the U.S. under the International Covenant on Civil and Political Rights and other international human rights, maritime, and aviation treaties; (4) has been promulgated without complying with the procedural requirements of Executive Order 13107 regarding Implementation of Human Rights Treaties, the Airline Deregulation Act, the Regulatory Flexibility Act, and the Administrative Procedure Act; (5) fails to consider or grossly underestimates many of the major costs of the rule, including its impact on small entities, business travelers, and other travelers; (6) is impermissibly vague, and (7) would be so impractical and unenforceable as to deprive it of any of the benefits claimed by the CBP.

The Identity Project urges the CBP to withdraw the interim final rule, in its entirety. If it does not withdraw the ESTA rule entirely, the CBP must complete the actions directed by Executive Order 13107, prepare the statutorily required analyses, publish them in a full Notice of Proposed Rulemaking (NPRM) , and provide a new opportunity for public comment, before finalizing any ESTA rule.

In their comments, airlines and travel agencies have objected that the CBP is “wrong” to implement the ESTA on an emergency basis, without the public notice and opportunity for public comment normally required for new Federal regulations. But the CBP began accepting “voluntary” applications for travel authorizations, through a (still buggy) Web interface. The CBP says they plan to issue an order later this year to make the ESTA system mandatory starting sometime in January 2009.

Countries that participate in the VWP, mainly in Western Europe, are still considering whether it amounts to a de facto visa requirement for their citixzens to visit the U.S. This could prompt them to reciprocate by ending visa-free entry to their countries for U.S. visitors, and requiring U.S. visitors to apply for permission before embarking for Europe.

Aug 05 2008

“Trusted Traveler” Identification Program Loses Unencrypted Laptop and TSA’s Trust

A provider of the Transportation Security Administration’s Registered Traveler (RT) program has been suspended from enrolling new applicants after TSA learned “an unencrypted [Verified Identity Pass] laptop computer was discovered to be missing from San Francisco International Airport (SFO) on July 26. The computer contained pre-enrollment records of approximately 33,000 customers.”

Verified Identity Pass operated Registered Traveler under the name “Clear.” The program is supposed to improve air travel security by creating “trusted” individuals who could go through security more quickly because their identities would have been confirmed as “clean” through the program. However, experts have explained that this just creates incentive for criminals to figure out a way to get into the “trusted” group – whether by creating fake identities that can withstand the program’s check or by using individuals who have no previously found connection to terrorists or other criminals.

According to a Washington Post report, “The laptop had the names, addresses and driver’s license or passport numbers of mostly online applicants to the Registered Travel program.” However, Clear records can contain more than that, such as: credit card data, biometric data (fingerprints and iris scans), and previous home addresses for the past five years. Read More →

Papers, Please!

The Identity Project