U.S. Citizenship and Immigration Services (USCIS), a Federal agency whose mandate is to administer naturalization and derivative citizenship for those not born as U.S. citizens, has been trying — without the public notice required by law for such a database — to construct a national ID registry of all U.S. citizens including natural-born U.S. citizens.

This process began in April and May of 2025 with a ten-fold expansion of the USCIS “Systematic Alien Verification for Entitlements Program” (SAVE) database to add records about hundreds of millions of native-born U.S. citizens to those already in the system about tens of millions of naturalized citizens and immigrants.

Information about a new category of individuals (native-born U.S. citizens) was added to SAVE from new sources including Social Security and state drivers’ license records.

The Privacy Act requires prior notice in the Federal Register of the categories of individuals, information, and sources of personal data in Federal databases. To deter Federal officials or employees form keeping secret databases about the citizenry, the Privacy Act makes the maintenance of such a database of personal information without proper notice a crime on the part of the responsible Federal officials and employees.

USCIS converted the SAVE database about immigration and naturalization into a comprehensive  database about all U.S. citizens without the required notice.

Six months later, in response to a lawsuit led by the League of Women Voters, USCIS published a notice of the changes to the SAVE system, with the notice to take effect today unless the changes are rescinded in response to public comments. But USCIS has kept the the revised SAVE system in operation, illegally, during the comment period.

In our comments submitted today to USCIS, the Identity Project points out that the ongoing maintenance of the revised SAVE system without proper notice has been a crime on the part of the responsible Federal officials and employees.

We also argue that “the revisions to the SAVE system of records exceed the statutory authority of USCIS and violate multiple provisions of the Privacy Act.”

According to our comments:

The statutory mandate of USCIS is to carry out various functions with respect to naturalization and derivative citizenship. No statute requires USCIS to carry out any function whatsoever with respect to natural-born U.S. citizens, or to collect information about them. Nor does any statute require any agency to maintain a national registry of U.S. citizens.

Even if Congress were to authorize  a national ID registry, “records of Social Security numbers and account information and state drivers’ license records would not be ‘relevant or necessary’ to accomplish that purpose”:

Pursuant to the U.S. Constitution, an individual born in the U.S. acquires U.S. citizenship by birth. In the absence of a valid renunciation of citizenship — which would be executed and recorded by the Department of State, not by USCIS, the Social Security Administration (SSA), or state drivers’ license agencies — the sole fact that is relevant or necessary to ascertain their U.S. citizenship is the fact of their birth in the U.S., not whether they have a Social Security number or drivers’ license, much less any other information in SSA or drivers’ license records.

What is the relevance of whether someone has a Social Security number to whether they are a U.S. citizen? Non-U.S. citizens can and routinely do (and in many cases must) have Social Security numbers and accounts. What is the “relevance” of whether an individual has a driver’s license to whether they are a U.S. citizen? Many states can and do issue driving permits to non-U.S. citizens, on the basis of their demonstrated competence to operate motor vehicles safely rather than on the basis of citizenship. Neither the Social Security Administration nor state driver licensing agencies are authoritative adjudicators of U.S. citizenship, and neither of them has any need, for any of their official purposes, to ensure that whatever information about U.S. citizenship they may incidentally collect and maintain is either accurate or up to date.

Will anyone who doesn’t have a drivers’ license be presumed not to be a U.S. citizen?

A “citizenship” registry constructed in garbage-in, garbage-out fashion by aggregating state drivers’ license records that have nothing to do with citizenship will inevitably be incomplete, inaccurate, and unfit for the purpose of judging citizenship, eligibility to vote, or eligibility for other Federal programs.

Finally, we call out USCIS for violating the provision of the Privacy Act that requires information that is to be used to determine eligibility for Federal programs (the stated purpose of the SAVE citizenship database) to be collected directly from the individuals to whom it pertains:

The Privacy Act at 5 U.S.C. § 552a(e)(2) also requires that, “Each agency that maintains a system of records shall… (2) collect information to the greatest extent practicable directly from the subject individual when the information may result in adverse determinations about an individual’s rights, benefits, and privileges under Federal programs.”

None of the additional information in the revised SAVE system would be collected directly from the subject individuals, as required by this provision, although all of it could be.

If USCIS wants to create a registry of all U.S. citizens (and if a valid law has authorized it to do so, which it has not), USCIS must “to the greatest extent practicable” sign individuals up directly for that registry, first providing them with the notices required by the Privacy Act.

You can submit your own comments here through midnight EST tonight, December 1, 2025.

Given that the criminals at USCIS responsible for maintaining the SAVE system ignored the law when they expanded it into a  national ID registry, kept it in operation for six months before publishing a proper notice of what they were already doing, and have kept it in operation in its illegally revised and expanded form during the comment period, we have little hope that they will now come to their senses and rescind the changes, much less that they will be prosecuted for their criminal violations of the Privacy Act.

We wish all success to the League of Women Voters and their partners in their ongoing litigation against the unlawful transformation of this immigration and naturalization system into a national database of aggregated (mis)information about all U.S. citizens.

Earlier this month, as part of a lengthy and complex bill to reauthorize the US State Department,  the Chair of the House Foreign Affairs Committee, Rep. Brian Mast (R-FL) revived a proposal that had been rejected but came close to passage in 2017 to authorize the Secretary of State to summarily deny or revoke the passport of any US citizen on the basis of an extrajudicial determination by the Secretary that a US citizen has “knowingly aided, assisted, abetted, or otherwise provided material support to an organization the Secretary has designated as a foreign terrorist organization”.

The proposal drew immediate condemnation on both due process and First Amendment grounds. “Provide material support” has been interpreted to include making or amplifying statements supporting the political goals of a banned organization — i.e., free speech.

Last week, during markup of the State Department reauthorization bill, the Committee on Foreign Affairs approved an amendment sponsored by Rep. Mast to remove the passport denial and revocation provisions he himself had introduced a week earlier.

We’re pleased that this trial balloon went down in flames so quickly. But we’re disturbed that it was even introduced.

If there’s any silver lining in this episode, it’s that it’s proved a teachable moment to articulate the relationship between passports, travel, and the First Amendment.

We’re especially pleased by the comment of Rep. Joaquin Castro (D-TX):

Travel abroad is a form of expression and association.

In saying this, Rep. Castro recognized that, as we’ve always argued, to travel is “to assemble”, and to do so is an act directly protected by the First Amendment guarantee of “the right of the people… to assemble”.

Read More →

The US  Department of Homeland Security (DHS) is threatening to step up enforcement of Federal laws that require each foreign citizen present in the US for more than 30 days — even as a tourist or other visa-free visitor — to register with the  US government and “at all times carry with him and have in his personal possession” the registration certificate issued by the US government.

These laws are not new, but they have rarely been enforced. Until the creation by the DHS in March 2025 of a new registration procedure, there was no practical way for many foreigners to comply. This was especially true for Canadian citizens who can stay in the US for six months at a time without a visa and without being registered by US authorities at land border crossings.

These laws and others like them that place foreigners under special suspicion and surveillance should be repealed, not revived. They are a threat to the freedom of foreigners in the US and, to the extent that other countries reciprocate, a threat to the freedom of US citizens traveling abroad. We shouldn’t always have to carry government-issued papers to prove who we are, whether we are in the country of our citizenship or any other. Human rights, including rights to freedom of movement, should not depend on citizenship.

The Alien Registration Act (currently codified at (8 USC §1301-1306) was enacted in 1940 as part of a bill more often referred to as the Smith Act. The bundling together of restrictions on dissident speech and association with requirements for registration and tracking of all foreigners  reflects the xenophobic assumption that foreign ideas, associations, and individuals are presumptively suspicious and potentially subversive.

Similarly xenophobic assumptions underlie the Foreign Agents Registration  Act (FARA), which requires almost impossibly burdensome registration, reporting, and labeling of informational materials produced or funded by foreigners.

Portions of the Smith Act were eventually found unconstitutional, but have largely been left on the Federal statute books along with the alien registration requirement. There have been fewer challenges to the Constitutionality of FARA, but it too remains on the books.

Violations of the the registration and other provisions of the Smith Act or FARA carry potentially substantial criminal penalties for those singled out for prosecution.

Laws like this that are widely and often unknowingly violated and rarely but selectively enforced are inherently vulnerable to weaponization against the demons du jour.

How many foreign tourists on Waikiki or Miami Beach are carrying their alien registration certificates in waterproof pouches over their bikinis or board shorts, or  know that failure to do so is a crime? How many US citizens would want to be subject to reciprocal requirements when they travel outside the US?

Standard advice to tourists and other travelers anywhere is to carry only copies of your passport and any separate entry card or visa, not the hard-to-replace and valuable-to-thieves original documents. Leave the originals in a secure place in your hotel or lodging whenever possible.

Typical of this advice is the State Department wallet card of Smart Travel Tips send out with every new US passport:

[“Safeguard your passport. While overseas, carry *copies* of your passport ID page and foreign visa with you at all times.”]

The Alien Registration Act has quirks that cast doubt on its purpose or fitness for purpose. The law requires all foreigners to carry evidence of registration on their person at all times, but doesn’t require them to show these papers to police. Police or immigration enforcement officers need some independent basis to search a suspected foreigner for their immigration papers. There’s no statutory requirement for foreigners to have, carry, or  show passports, only registration papers. Foreigners, especially asylum seekers including those who are stateless, can lawfully be admitted to the US without passports.

Thousands of comments were submitted to the DHS in response to the new alien registration regulations promulgated this year. Almost all of the commenters objected to the registration requirement, not just the new registration procedures.

The revival of the  Alien Registration Act as a tool for tracking, intimidation, silencing, expulsion, or imprisonment of disfavored foreigners should be a sign that it’s time to repeal this law and all of the vestiges of the Smith Act as well as FARA.

After a white-supremacist hacker got access to digital records of old applications for admission to Columbia College and passed them on to the New York Times, the Times reported that in 2009 Zohran Mamdani checked boxes identifying his national origin and ancestry as African-American (he is a US citizen — an American — and was born in Uganda — the country in Africa where his paternal ancestors had lived for generations) and Asian (his mother was born in India, where her ancestors had lived for generations).

Questions have since been raised by Liam Scott in the Columbia Journalism Review and others as to the use in a news story of data obtained illegally by an unnamed third party with an unmentioned political bias, and by Dan Froomkin at Presswatchers.org and others as to whether these truthful factual 2009 statements by Mr. Mamdani are newsworthy. The Times has responded to some of these questions in a follow-up article.

But we have other questions that we haven’t seen asked elsewhere. These are questions not for Mr. Mamdani or the Times but for Columbia University:

1. Why does Columbia still have this information about an unsucessful 2009 applicant for admission in its records?
2. Even if there was some reason to retain these records, why were they accessible online, with or without whatever passwords or access restrictions were circumvented by a hacker to obtain them?
3. Now that this incident has made the potential for misuse of records like this apparent, what are Columbia and other institutions and entities with similarly dangerous data doing to expunge it?

At a time when naturalized US citizens, including but not limited to Mr. Mamdani, are being threatened with denaturalization followed by detention and/or expulsion to overseas death camps,  and when pogroms are being carried out by masked armed gangs snatching people off the streets on the basis of perceptions of national origin, these are questions for anyone in charge of a database with a field for citizenship, race, or national origin.

Mr. Mamdani had good reason to apply to Columbia, even if his application may have been a long shot, since as the child of a tenured Columbia professor he would have been entitled to free tuition if admitted. But whatever purpose Columbia may have had in 2009 for asking applicants for admission to its colleges to categorize their national origin by continent, that purpose was completed when Mr. Mandani’s application was rejected.

The lesson of this teachable moment is that personally identified information, even information about attributes and activities that were lawful at the time and that were collected for innocent purposes, has the inherent potential for weaponization against innocent individuals — sometimes by unforseen actors in unforseen ways — as long as it is retained. It’s happened before in the US, as when census data on national origin was used to round up Japanese-Americans and send them to concentration camps, and could happen again as long as data like this is collected and retained.

Columbia may claim that it retained this data in case it might have needed it to defend agaisnt potential litigation by unsuccessful applicants. But the statute of limitations for any such litigation related to 2009 admission decisions would have passed years ago.

Columbia may claim that, having collected this data, it retained it for research purposes. But there’s been no indication that it made any attempt to even semi-anonymize this data. And would possible future research use justify retention of information that could endanger past applicants for admission?

Under Canadian or European data privacy law, retaining this data when it was no longer needed for the purposes for which it was collected would be illegal.

This data was collected for the purpose of making admissions decisions in 2009. If there was some adequate justification for retaining this data for possible future use when it was unquestionably no longer useful for that original purpose — which we doubt there was — it could have  been stored on an air-gapped device or media, such as a backup tape or disk locked in an archival vault.

But even that would pose the danger of government-compelled disclosure.

Imagine that you were the director of a business or institution in Germany in 1933. Imgaine that — at a time when it when German Jews still had all the rights of German citizens — you had compiled information about your employees’, students’, customers’, or suppliers’ “nationality” or “race” as indicated on their ID cards, including which Germans were identified as Jewish.

When the government began to redefine German Jews as not German citizens, deny them rights, and exclude them from more and more categories of employment, wouldn’t it have been your moral duty to expunge those records identifying Jews? Then you could truthfully say, if the government demanded to know which of your employees were (under Nazi laws) illegally employed non-citizens, that you had no records of who was a Jew.

The best way to avoid misuse of personal data is not to collect it. If it has been collected, and especially if it is no longer needed for the purpose for which it was collected, the best way to mitigate the risk to the individuals to whom it pertains is to expunge it.

Columbia has no excuse. Nor do other institutions in the same position. No law required Columbia to collect this information about Mr. Mamdani and an untold number of others. No law requires Columbia to retain it. Now Columbia knows, as it should have known all along, how this information can be weaponized.

Columbia and its peers in both the public and private sector should expunge these records — now, before even more damage is done to Mr. Mamdanai and millions of other naturalized US citizens and other immigrants.

In its worst decision ever on demands for ID, the Supreme Court today upheld a Texas law that requires all visitors to some websites to provide the site operator with evidence of their identity and age.

In an opinion by Justice Thomas, six Justices found that requiring ID for age verification as a condition of viewing certain websites only “incidentally” burdens the rights of adults.

The majority reasons backward from the presumed legitimacy of ID requirements in other contexts, such as buying tobacco, that (A) weren’t at issue in this case, and (B) more importantly, don’t involve the exercise of First Amendment or any other rights:

Requiring proof of age is an ordinary and appropriate means of enforcing an age-based limit on obscenity to minors. Age verification is common when laws draw age-based lines, e.g., obtaining alcohol, a firearm, or a driver’s license…. Applying the more demanding standard of strict scrutiny would call into question all age-verification requirements, even longstanding in-person requirements.

As the dissent by Justice Kagan (on behalf of herself and Justices Sotomayor and Jackson) points out, this amounts to deciding on the desired outcome, and then adapting the criteria (in this case, the level of scrutiny applied to the law) to produce that result.

In rebuttal to the dissent on this point, the majority opinion wrongly claims that in-person demands for ID are “uncontroversial” and have never been challenged in court:

Finally, the dissent claims that we engage in “backwards,” results-oriented reasoning because we are unwilling to adopt a position that would call into question the constitutionality of longstanding in-person age-verification requirements. Not so. We appeal to these requirements because they embody a constitutional judgment—made by generations of legislators and by the American people as a whole—that commands our respect. A decision “contrary to long and unchallenged practice… should be approached with great caution,” “no less than an explicit overruling” of a precedent. Payne v. Tennessee, 501 U. S. 808, 835 (1991) (Scalia, J., concurring). It would be perverse if we showed less regard for in-person age-verification requirements simply because their legitimacy is so uncontroversial that the need for a judicial decision upholding them has never arisen.

But that’s not all that’s wrong with this law and this decision upholding it.

The decision and the dissent concern themselves primarily with what level of scrutiny should apply to age-verification laws. They don’t mention the distinction between “age” and “identity”, or the impact of the law on people who don’t have ID — a crucial issue raised in a friend-of-the-court brief by the Electronic Frontier Foundation and others.

For those without government-issued ID or a sufficiently detailed profile with a commercial data broker, “age-verification” amounts to a categorical bar to access to certain Web content.

As we’ve noted previously, “Regardless of whether it would be possible to set up a system by which individuals could provide evidence of age without individually identifying themselves, that’s not how any of the schemes currently being legislated or implemented will work in practice. In order to verify their age, each Internet user will be required to provide a unique digital personal identifier…. Age verification for adult content is a stalking horse for comprehensive content-based and personalized government control of Internet access.”

The Texas law applies to any “commercial entity that knowingly and intentionally publishes or distributes material on an Internet website”, which appears to include both the publisher and the hosting provider.

There’s no way for the publisher or provider of hosting services for a website to know which visitors to the site are located in Texas. To satisfy the Texas law, web publishers and hosting providers worldwide will either have to require ID from all visitors regardless of their location, or try to identify which visitors to the site are located in Texas, and block them or selectively require them to provide ID.

Because the law applies to both publishers and “distributors” (web hosting providers), hosting providers will be not only allowed but required to pass on identifying and location-tracking information about all visitors to site publishers, with no restrictions on how publishers or hosting providers can use, disclose, or or sell this data. The law could, but doesn’t, restrict use of this data to age verification, or restrict its disclosure or sale. Nor does the law restrict the ability of these companies to share this data with governments or to keep secret from individuals how or with whom data about them has been shared.

Some companies will welcome this as a pretext for commercial surveillance they already carry out and would love an excuse to universalize. If anyone objects to publishers’ or hosting providers’ commercial exploitation of visitor identity and location information, they now have the perfect excuses: “Everybody does it” and “The government made us do it.”

Recent events have focused attention on the asymmetry of police demands for ID:

Government agents demand that ordinary citizens provide evidence of our identity, even when we are exercising rights — such as traveling by common carrier — that don’t depend on our identity. But those same government agents typically refuse to provide the same sort of evidence of their identity, even when they are asserting claims to authority that depend on their identity and status as law enforcement officers.

Masked, armed gangs dressed in the mismatched assortment of military-surplus clothing that characterizes “militias” in failed states are snatching people off the streets of US cities and towns and taking them away in unmarked vehicles, some with no license plates.

Meanwhile, elected politicians and their family members were recently assassinated in their homes by a masked individual in a police-like costume who arrived in a police-like vehicle with flashing blue lights.

The law doesn’t require us to obey the orders, or refrain from defending ourselves or others against, anyone who claims to be an officer of the law. But as the law stands, whether we submit or resist, we do so at our own peril.

Any kidnapper or home invader could, and some do, stencil “POLICE” on their body armor and  shout “Police!” before breaking down doors or dragging people away. Rent-a-cops often dress and carry gear designed to make them appear as much like police as possible. Convincing movie-prop badges are available online or in costume and fetish shops.

In these circumstances, verifying the identity and claim to authority of people who might or might not be police can be a matter of life or death. If they aren’t police, and we go along, we could lose our chance at self-defense or escape. But if they are police, they might shoot us if we try to resist, escape, or help others to do so. If we survive the initial encounter, we might be charged with assaulting an officer — a charge that often leads to beatings or worse by police and jailers, even before a defendant makes it to trial.

18 US Code § 111 makes it a Federal felony to “forcibly assault, resist, oppose, impede, intimidate, or interfere with” any Federal law enforcement officer. But what if you can’t tell if an apparent kidnapper or home invader is a Federal law enforcement officer? And what evidence of their identity and status is sufficient to establish their authority and your duty not to resist or impede them?

Read More →