Papers, Please!

The Identity Project

Category Archives: Freedom To Travel

Aug 27 2019

Guilt by social media and cellphone association

Ismail B. Ajjawi, a Palestinian freshman admitted to Harvard College, arrived at Logan Airport in Boston last Friday, Lebanese passport and US student visa in hand.

But after Mr. Ajjawai complied with demands by US customs and immigration officers at the airport to unlock his cellphone and laptop, the officers read what his “friends” had posted on social media. Five hours later, after questioning Mr. Ajjawai about his religious beliefs and his friends’ political statements, the officers revoked Mr. Ajjawi’s visa on the spot, denied him entry to the US, and deported him back to Lebanon — at his own expense, of course, using the return ticket he was required to have before being allowed to board a flight to the US.

According to a report in the Harvard Crimson, which broke the story today:

“After the 5 hours ended, she called me into a room , and she started screaming at me. She said that she found people posting political points of view that oppose the US on my friend[s] list.” Ajjawi wrote that he told the officer he had not made any political posts and that he should not be held responsible for others’ posts. “I responded that I have no business with such posts and that I didn’t like, [s]hare or comment on them and told her that I shouldn’t be held responsible for what others post,” he wrote. “I have no single post on my timeline discussing politics.”

Harvard’s lawyers are working to get Mr. Ajjawi’s visa reinstated and get him admitted to the US. Most people turned away at US borders don’t have Harvard at their back, and are unlikely ever to be admitted to the US once they are branded as undesirable.

In a 2017 notice of intent to expand DHS surveillance of immigrants’ and visitors’ expressive activities on social media, the DHS claimed that “consular officers are directed not to request user passwords [and] not to violate or attempt to violate individual privacy settings or controls.” But that’s belied by what Mr. Ajjawi says happened to him at Logan Airport, according to the Crimson: “The … officer then asked him to unlock his phone and laptop, and left to search them for roughly five hours, Ajjawi alleges.”

It’s hard to imagine anyone from a place as politicized as Palestine (or Kashmir, or many other places) who doesn’t have any social-media “friends” who mention political opinions. The answer to social-media surveillance shouldn’t be that immigrants or visitors have to  try to isolate themselves from politics or ostracize their political associates.

Rather, the lessons reinforced by this incident are that:

  1. Nothing good can come of consenting to any search by law enforcement officers, including searches of your digital devices. Border guards and customs and immigration officers are police, not your friends. Their job is to find reasons to suspect you or bar your entry. No matter how “innocent” you think you are, anything you or your “friends” say, or have ever said, can and will be used against you.
  2. If government officials have access to social-media networks of “friends”, associations, and messages, they will use this information invidiously. The way to prevent misuse of information about how travelers exercise their First Amendment rights of expression and association is not to allow police access to this information in the first place. Just say no to requests for your passwords or data.
Aug 08 2019

CBP lies about US citizen with ID detained at non-border checkpoint, held for 26 days

Francisco Erwin Galicia, an 18-year-old Dallas-born U.S. citizen, was detained by US Customs and Border protection officers at a checkpoint in Falfurrias, Texas, on June 27th, while on his way to a youth soccer event with a group of relatives and friends, and held until July 23rd. He was held incommunicado for the first several weeks, and was kept in  CBP custody even after he was able to contact his family and a lawyer. He was released less than 24 hours after his detention was reported by the Dallas News.

As what happened to Mr. Galicia has been more widely reported,  he’s become a poster child for everything that’s wrong with the CBP and it’s checkpoints. That’s appropriate, but it’s also worth noting that:

  1. This isn’t the worst mistreatment that’s been imposed on US citizens by CBP. Mr. Galicia was held in the US rather than being deported (because, despite threats and intimidation, he refused to consent to “voluntary” deportation), held for less than a month, and released without gross physical injuries (although presumably with psychological trauma) Other US citizens, including those cases have been tracked and documented by Prof. Jacqueline Stevens and her students at the Deportation Research Clinic at Northwestern University, whose  have been deported from the US, spend years or in some cases decades abroad before being able to return, or suffered permanent physical injuries from maltreatment, neglect, or violence in custody or in countries to which they were wrongfully deported.
  2. This isn’t about border security, immigration, or US borders. Mr. Galicia wasn’t detained at the US border, while trying to cross the border, or on the basis of any particularized suspicion that he had done so or tried to do so. He was detained at a suspicionless checkpoint operated for general law enforcement purposes (mainly to find small amounts of marijuana and sometimes other drugs) 60 miles from the border. This is about controls on internal movement within the US.
  3. This isn’t about not having, not carrying, or not showing ID. The permanent checkpoint in Falfurrias has been in continuous operation for years, and Mr. Galicia knew that — whether it was legal or not — he’d have to be interrogated by CBP officers, and quite likely have to show his papers, to get to the next town. Mr. Galica was carrying, and showed the CBP officers at the checkpoint, his birth certificate, state ID card, and Social Security card. Ironically, this is exactly the combination of documents that would be required to obtain a “REAL-ID Act compliant” ID: three separate documents providing evidence of citizenship (birth certificate showing birth in the US), state residence (Texas state ID), and Social security number.
  4. It wouldn’t matter if Mr. Galicia were a dual citizen. CBP later claimed to have been confused by other documents carried by Mr. Galicia that they though suggested he might have been a Mexican citizen. But it’s not a violation of US law or a bar to US citizenship to hold by birthright, or to acquire, citizenship of Mexico or of any other country or countries. Millions of US citizens are legal dual citizen or multiple citizens, with the largest numbers of US dual and multiple citizens holding citizenship in Mexico, Canada, Ireland, the UK, and/or Israel in addition to US citizenship. Evidence of Mexican or any other citizenship is not evidence of lack of US citizenship.
  5. CBP officials lied about what happened to try to justify their actions, with one CBP official perjuring himself before Congress in testimony whose falsehood is proven by official CBP records served on Mr. Galicia and his lawyer.  Brian S. Hastings, Chief of Law Enforcement Operations for the US Border Patrol division of CBP, told the House Judiciary Committee in response to questions at an oversight hearing on July 25th that throughout his time in custody Mr. Galicia had never told the CBP officers who arrested or detained him that he was a US citizen. (The question from Rep. Ted Lieu and Rep. Eric Swalwell and the perjured answer by Chief Hastings begin at 4:45:00 of this video of the hearing.) But the Notice to Appear served on Mr. Galicia and signed by the acting Border Patrol agent in charge, alleges on behalf of CBP that Mr. Galicia was “found” at the CBP checkpoint in Falfurrias, “more than 25 miles from the United States border with Mexico”,  on June 27th, and “At that time, you… represented yourself to be a citizen of the United States,” as in fact Mr. Galicia was and is. Rep. Lieu and several other members of Congress have asked for better answers from CBP, but that’s not enough. By now, Mr. Hastings should have been charged with perjury. So far as we can tell, he remains at large, on the job and on the payroll of CBP.
Jul 25 2019

Can you “opt out” of TSA groping or virtual strip-searches?

Two recent decisions — one an administrative decision by the TSA,  and the other a judicial decision by the 11th Circuit Court of Appeals —  have dealt with, but failed to resolve, the question of whether, in the face of unpredictable demands for more intrusive searches, an airline passenger can “opt out” if they decide they would rather abandon their attempt to board a flight than submit to whatever search TSA or contractor checkpoint staff demand.

The TSA has withdrawn its proposed administrative fine against Jonathan Cobb, a passenger who, when selected for a pat-down (manual groping of his body, including his genitals, by which he had previously been traumatized), chose to abandon his attempt to fly and left the airport. That’s good, but sets no legally binding precedent.

Meanwhile, the 11th Circuit Court of Appeals has dismissed a petition filed by Jonathan Corbett seeking judicial review of the TSA’s policy of requiring selected passengers to submit to imaging of their bodies by virtual strip-search machines. That’s bad, but at least the decision was based solely on whether Mr. Corbett could expect to be selected for this sort of search, and left undecided whether these searches are Constitutional.

These decisions leave the law unclear in practice — even if the Constitution seems clear — as to whether or when an airline passenger can opt out of which sorts of searches.

How far can the TSA and its contractors legally go? How can tell if they are going too far? And when, if ever, can you “opt out” or say no to an escalated search?

Read More

Jul 12 2019

CBP settles lawsuit challenging demand for ID from arriving domestic airline passengers

The US Customs and Border Protection (CBP) division of DHS has agreed to a settlement with passengers who were ordered to show ID documents before they were allowed to leave a Delta Air Lines plane after it arrived in New York after a flight from San Francisco.

Nine of the passengers on the February 2017 flight , represented by the ACLU and cooperating lawyers from Covington & Burling, sued the CBP and CBP and Immigration and Customs Enforcement (ICE) officials. They complained that the warrantless, suspicionless dragnet search of the ID documents of everyone on the plane violated the 4th Amendment, and that the CBP policy for such searches was invalid.

In their answer to the court complaint, the defendants admitted “that the officers did not have a search warrant or probable cause to arrest Plaintiffs, the officers did not arrest Plaintiffs, and the officers did not have reasonable suspicion to conduct a Terry stop, nor did they conduct a Terry stop of the Plaintiffs.” But they claimed that this was an isolated incident, not a matter of CBP policy or practice. The CBP port director for JFK airport, who had told reporters that ID checks on arriving passengers were “routine” and happen “every day”, changed his story in court and submitted a declaration that had never heard of another such incident.

Noting the factual issue raised by the contradictions between the statements made by the same CBP officials to the press and to the court, the court denied the defendants’ motion to dismiss the complaint, and ordered the defendants to disclose their policies for “training of …  CBP officers as regards compliance with the Fourth Amendment to the U.S. Constitution in locations within the United States other than within a Customs security area.”

As the deadline for that discovery order was expiring, the defendants agreed to a settlement. The settlement requires CBP to pay the plaintiffs’ legal fees and train all CBP officers (a) that “CBP Office of Field Operations does not have a policy or routine practice of compelling or requesting that passengers deplaning domestic flights submit to suspicionless document checks”, and (b) that “to the extent feasible”, when CBP conducts “consensual encounters” (search and interrogation) of domestic airline passengers, they should inform those passengers that cooperation is voluntary and that “passengers who decline to cooperate will not suffer any enforcement consequence as a result”.

The settlement is a (small)step in the right direction. But it leaves unresolved several of the key legal issues raised by demands by law enforcement officers for airline passengers to show evidence of identity in order to be allowed to deplane:

  1. Does CBP (or any other law enforcement agency) have the legal authority to demand that airline passengers identify themselves? The settlement says that CBP doesn’t have a  “policy or routine practice ” of doing so, but is silent on whether it claims, or has, the legal authority to do so or to adopt such a policy or practice in the future.
  2. What about ID demands of arriving passengers that aren’t carried out pursuant to a “policy” or as part of a “routine practice”?  Are they reasonable or consistent with the Fourth Amendment? The ACLU continues to argue, and we agree, that, “If officers want to check [domestic] passengers’ identification documents, they can only do so with the passengers’ consent. And if a passenger does not consent, the officers cannot detain that person, even for a brief period, without reasonable suspicion of a violation of the law.” But the settlement is silent on the Constitutionality of such seizures or demands for ID, even if they affect every passenger on a particular flight.

Despite this settlement, it remains for a future case for the courts to squarely address and rule on the Constitutionality of demands for airline passengers to show ID.

 

Jul 01 2019

PCLOB to review use of PNR (airline reservation) data

Following its most recent meeting on May 31, 2019, the Privacy and Civil Liberties Oversight Board (PCLOB) announced last week that “The Board has voted to conduct an oversight project related to the use of airline Passenger Name Records.”

We welcome this announcement by the PCLOB, and look forward to whatever opportunities may be presented to assist the PCLOB and its staff in this project.

Mass surveillance and permission-based predictive control of movement and travel, which in practice has relied on compelled identification of travelers and government access to PNR data (commercial airline reservations), was one of three issues we recommended as priorities for investigation by the PCLOB once enough members were appointed and confirmed for the Board to again have a quorum able to make decisions after a hiatus of several years.

PNR data is used to target searches and seizures and to make predictive decisions about who is, and who is not, “allowed” to exercise their right to travel by common carrier.

Government access to and use of PNR data needs to be recognized, and denounced, both as suspicionless, warrantless, and unconstitutional mass surveillance (through dragnet collection of personally identified travel metadata about the exercise of rights of freedom of movement and travel by common carrier) and as the most pervasive current program of unconstitutional predictive “pre-crime” control of the exercise of rights protected by the First Amendment (“the right of the people… peaceably to assemble”) and international human rights treaties.

The PCLOB is one of the most important advisory bodies within the Federal government. Although it lacks any enforcement power, the PCLOB has more autonomy and more ability to investigate and publicly criticize the practices of Federal agencies than agency “Privacy Officers” who serve at the pleasure of, take orders from, and whose public statements are subject to control by the heads of Federal agencies and by the President.

Members of the PCLOB are appointed by the President and confirmed by the Senate. Unlike most Federal advisory bodies, the PCLOB can set its own agenda and choose which issues to investigate. The PCLOB is considered an independent Federal agency. The PCLOB has the authority to review records of all Federal agencies, and to request that the Attorney General subpoena records held by third parties. But despite its name, the PCLOB has no “oversight” authority  other than the authority to issue reports that the President, Congress, Federal prosecutors, and Federal agencies are free to ignore.

May 07 2019

Air travelers question use of facial recognition

A Tweet that went viral from an airline passenger questioning JetBlue Airlines about its use of automated facial recognition at departure gates has called new attention to the growing use of automated facial recognition to identify and track travelers.

Our friends at the Electronic Frontier Foundation have an excellent analysis in their Deeplinks blog of some of the unanswered questions raised by this practice. We’ve talked about these before, in our blog and in meetings with DHS officials:

  • What is the relationship between the government and its airline and airport “partners” for the use of mug shots of travelers and related identifying information?
  • Can travelers really opt out of airport mug shots, and if so how, especially if — as with ceiling-mounted cameras or other new airport designs for “touchless” passenger processing — facial images are automatically captured before travelers reach the point where they could ask to opt out
  • What, if any, restrictions apply to use or “sharing” of the images and tracking data by airlines, airport operators (which are often local government agencies or other parastatal entities), or DHS components or other government agencies?

We agree completely with EFF that travelers should “Skip the surveillance by opting out of face recognition at airports” and that both members of the public and members of Congress should question what is happening , why, and whether it is legally justified.

But we also want to call attention to two additional aspects of this problem that have been overlooked or misinterpreted in much of the recent discussion: retention of facial images and accuracy of automated facial recognition.

Read More

Apr 04 2019

TSA plans to put new lying signs in airports

[This sign is a lie.]

According to a press release  issued today by the Transportation Security Administration, the TSA plans to start posting signs as shown above in airports throughout the USA, claiming that “ID Requirements Are Changing” and that  “Beginning Beginning October 1, 2020, you will need a REAL ID compliant license or another acceptable form of ID, such as a valid passport or U.S. military ID, to fly within the U.S.”

According to today’s TSA press release:

REAL ID-compliant licenses or other acceptable forms of ID, such as a valid passport, federal government PIV card or U.S. military ID, will be mandatory for air travel beginning on October 1, 2020. Critically important, on October 1, 2020, individuals who are unable to verify their identity will not be permitted to enter the TSA checkpoint and will not be allowed to fly.

These signs and this and similar press releases are lies.

This isn’t the first time, and probably won’t be the last, that the TSA and/or DHS have made lying statements, issued lying press releases, or posted lying signs about the REAL-ID Act and ID to fly.

Is ID required to fly? No.

One would expect “requirements” announced by a Federal agency to be contained in laws or regulations. But the TSA’s own lawyers, officials, and witnesses testifying under oath have told judges in every lawsuit in which the issue has arisen that no law or regulation required domestic air travelers to have, carry, or show any ID cards or credentials.

The TSA’s responses to our Freedom Of Information Act (FOIA) requests for its records of people who show up at TSA and TSA-contractor checkpoints at airports without ID show that more than 98% of them — hundreds a day, and tens of thousands every year — are allowed to continue to board their flights without carrying or showing ID.

Is this scheduled to change? No.

Changes to Federal laws require action by Congress. No bill has been introduced in the current Congress (or ever, so far as we can tell) that would impose any ID requirement for air travel.

Changes to Federal regulations require a process governed by the Administrative Procedure Act that starts with a “Notice of Proposed Rulemaking” (NPRM) published in the Federal Register.  No notice of any proposed rules related to ID to fly has been published.

In 2016, the TSA published a notice that it planned to seek approval from the Office of Management and Budget (OMB) — but had not yet sought that approval — for a new version of a form some air travelers without ID have been asked to fill out. (Because the form has never been submitted to, or approved by, OMB, its use is illegal and no penalty can lawfully be imposed for declining to respond to the questions on the form.)

We pointed out to the TSA and OMB that it was improper to ask OMB to approve this form without first enacting a law or promulgating regulations providing a legal basis for the form. Other organizations and individuals also objected to the proposed form. The TSA has neither responded to any of the objections nor submitted the form for OMB approval.

Will the REAL-ID Act of 2005 change this? No.

The REAL-ID Act and implementing regulations are concerned only with which ID cards are considered “acceptable”, in circumstances in which some (other) valid Federal law regulations requires ID for some Federal purpose. The REAL-ID Act itself did not purport to impose any new ID requirements, either when it was enacted, in 2010, or ever.

Will I still be allowed to fly without ID in the future? Maybe, maybe not. That’s up to the TSA.  But if the TSA or its contractors prevent you from traveling, without a lawful basis, they will be violating your rights and breaking the law.

Since the TSA is wielding power by secret internal orders and security directives to staff, contractors, and airlines, announced (if at all) through press releases rather than through proper formal notices in the Federal Register, it’s impossible to say with certainty what it will try to do. What it will do is likely to depend, in significant part, on its assessment of how widely and strongly particular assertions of illegitimate authority will be resisted.

The TSA has been making threats to start harassing residents of states and territories that it hasn’t chosen — in what it has claimed is its standardless discretion — to certify as being sufficiently “compliant” with the REAL-ID Act, or to give extensions of time to comply. These certifications and extensions of time have had little apparent relationship with actual compliance, so they too are impossible to predict.

The next of these threats is an extension of time to California to comply with the REAL-ID Act which is scheduled to expire at the end of the day on April 10, 2019.

We suspect, especially after today’s press release — which focuses on an arbitrary date of October 1, 2020, rather than any of the “extension” expiration dates — that the DHS will either certify California and all of the other states and territories as “compliant” (even if they aren’t) or extend their time to comply until October 1, 2020.

Apr 03 2019

Search, interrogation, and threats at SFO

Dr. Andreas Gal is the former CTO of the Mozilla Foundation, and the founder of a software company that was acquired by Apple Computer last year. He’s a naturalized US citizen and a frequent international business traveler.

Here’s part of Dr. Gal’s account  (in another part of which he links to some of our previous reporting on related issues) of what happened when he arrived at San Francisco International Airport after a trip to Europe last November:

I quickly found myself surrounded by three armed agents wearing bullet proof vests. They started to question me aggressively regarding my trip, my current employment, and my past work for Mozilla, a non-profit organization dedicated to open technology and online privacy.

The agents proceeded to search my belongings and demanded that I unlock my smartphone and laptop. This was rather concerning for me. My phone and laptop are property of my employer and contain unreleased software and proprietary information. I’ve signed a non-disclosure agreement promising not to give anyone access.

Because I was uncertain about my legal responsibilities to my employer, I asked the agents if I could speak to my employer or an attorney before unlocking my devices. This request seemed to aggravate the customs officers. They informed me that I had no right to speak to an attorney at the border despite being a U.S. citizen, and threatened me that failure to immediately comply with their demand is a violation of federal criminal code 18 USC 111.

I declined to answer any further questions, and continued to ask to speak to an attorney instead. The interrogation and threats continued for some time, which I endured silently. Despite initial threats that they would keep my devices if I didn’t unlock them, I was eventually permitted to leave the customs area with my devices.

The ACLU of Northern California has complained to the Department of Homeland Security and its Customs and Border Protection component about the detention, search, and interrogation of Dr. Gal and the baseless threats of criminal prosecution made by CBP.

We share the concerns raised by the ACLU in their complaint on behalf of Dr. Gal.

But there are some additional aspects of this case worth noting:

  1. The CBP agents were lying and making threats which they did not follow through on. When Dr. Gal persisted in not merely asserting but exercising his rights, the CBP agents allowed him to leave without being charged with any crime.  The takeaway is that law enforcement officers can and will  lie, that their goal is always to get you to “consent” to whatever they want to do or want you to do, and that you will never find out the actual limits of their legal authority unless you say no to any requests for consent.  In this case, Dr. Gal was allowed to leave with his electronic devices. His devices might have been kept longer by CBP, but if they had been, Dr. Dal would only have been able to contest their continued detention or any demand for him to unlock them or provide the passwords if he withheld his consent. If police ask you, “May I…?”, that means they know they need your permission. Just say, “No”.
  2. There’s an additional law which Dr. Gal could have invoked, but of which he was probably unaware: the Privacy Protection Act,  Title 42 US Code, Section 2000aa. As a blogger and Twitterer, Dr. Gal is almost certainly protected by the Privacy Protection Act — as is anyone who posts publicly to social media. The Privacy Protection Act provides an important potential means of redress for searches and seizures of documents or electronic data at airports — but only if you know your rights and assert them when government agents threaten to violate them.
  3. Dr. Gal’s account of what happened to him at SFO and the ACLU complaint letter address the likely basis for his detention and interrogation (as inferred from the questions he was asked about activities protected by the First Amendment). But they don’t address either the means by which he was targeted, or who was responsible. Given that Dr. Gal was surrounded by a special squad of armed goons before anyone had asked him any questions, he could only been targeted based on the data about him held by CBP, including records of his past and most recent travels (including mirror copies of airline reservations) and any TECS alerts set by law enforcement agencies. Records released by CBP in response to Privacy Act and FOIA requests by other travelers have shown how TECS alerts are used to target journalists and activists and trigger messages (based on ingestion of airline reservations) so that a “welcoming party” such as Dr. Gal can be waiting for them to search and question them and, in some cases, seize and image their electronic devices. We’ve assisted other travelers who have been able to use Privacy Act and FOIA requests for records of their travel to identify or get clues about when a TECS alert was set for them as a “person of interest”, by whom or by what agency, why, and with what handling instructions. Much information is always withheld, but clues sometimes get through.
Apr 01 2019

DHS continues to extort participation in REAL-ID database

If there is one truth hiding in the forest of DHS lies about the REAL-ID Act of 2005, it’s that the DHS doesn’t want to cause riots at airports by subjecting residents of disfavored states to  more intrusive searches and “ID verificationinterrogation when they travel by air.

The goal of the REAL-ID Act is to intimidate states into adding their residents drivers’ license and state ID data to the SPEXS national ID database, through threats to harass residents of states and territories that aren’t sufficiently compliant.

Like any extortionist, the DHS wants its victims to submit, and doesn’t really want (and may not even be prepared) to carry out its threats.

But what will the DHS do when its bluff is called by states or territories that are either unwilling or unable to comply?

Today, April Fools Day, we’re seeing the latest test of the answer to this question, with the US Virgin Islands as the target of DHS threats.

Read More

Mar 13 2019

US government blacklisting system is unconstitutional, victims say

The Terrorist Screening Database (TSDB) “fails to provide constitutionally sufficient procedural due process,” according to a motion for summary judgment filed this week in a lawsuit brought by people who have been placed on the TSDB blacklist.

We’ve been following this case, Elhady v. Kable, since it was filed in 2016. Discovery and depositions taken in the case, as well as leaks by whistleblowers while the case has been pending, have revealed an unprecedented level of detail about the operation of the blacklisting system, the inter-agency “Watchlisting Advisory Council” which overseas the blacklist, and the dissemination of blacklist information.

The TSDB is described euphemistically by the US government as a “watchlist”, but in reality it’s a blacklist. Individuals — including infants and children as well as adults, and US citizens and residents as well as non-residents — are subjected to adverse government and private action by having the government place them on the TSDB blacklist and disseminate this stigmatizing designation — with the intent that the designation will be used against listed individuals — to Federal, state, and local government agencies and  private entities.

The government has refused to disclose the criteria for TSDB listings, but has conceded that being listed does not require suspicion of having committed or intending to commit any crime. Listings are determined through a secret, extrajudicial administrative process, without those being blacklisted being notified or having any opportunity, before or after the fact, to know whether or why they are being blacklisted, what the basis  is for their blacklisting, or what the evidence against them is.

The case has survived multiple attempts by the government to have it dismissed on jurisdictional and procedural grounds and to avoid discovery and depositions.  Now the plaintiffs’ motion for summary judgment that the TSDB is unconstitutional is scheduled for oral argument on April 4, 2019, before US District Court Judge Anthony Trenga in Alexandria, VA.