Papers, Please – Papers, Please!

Apr 15 2025

Withdrawal from REAL-ID gets a hearing in Maine

A bipartisan proposal to withdraw the state of Maine from compliance with the Federal REAL-ID Act of 2005 had its first hearing today (archived video) before the Joint Standing Committee on Transportation of the Maine State Legislature.

The REAL-ID withdrawal bill, LD 160, was presented to the Transportation Committee by state Rep. Laurel Libby (R-Auburn) and state Sen. Nicole Grohowski (D-Ellsworth), two of the six co-sponsors.

Public testimony in support of LD 160 was given by:

There was no public testimony against LD 160. The only opposition to the bill was voiced by Maine’s Secretary of State, Shenna Bellows.

Secretary of State Bellows struggled to explain her current support for REAL-ID compliance, in light of her history of opposition to the REAL-ID Act and Maine state compliance in her former positions as Executive Director of the ACLU of Maine and Maine State Senator.

Today, Secretary of State Bellows claimed, falsely — even after Mr. Kebede of the ACLU quoted the provisions of the REAL-ID Act requiring sharing with all other states of the contents of the state’s driver’s license database — that all of this information remains in the state of Maine. Secretary of State Bellows also claimed, also falsely, that the Federal government could not access the national REAL-ID database, SPEXS.

In fact, the SPEXS database is held by AAMVA, not by any Federal or state government agency. The Federal government could obtain access to SPEXS with a search warrant, subpoena, or national security letter directed to AAMVA, the same way it could obtain similar records from any private custodian. That order to AAMVA could include a “gag order” prohibiting AAMVA from disclosing the existence of the order or the release of SPEXS records to Maine, other states, or affected individuals. For all we, Secretary of State Bellows, or anyone in Maine knows, this may already have happened.

Members of the Transportation Committee seemed surprised — understandably — to learn from our testimony and that of other sponsors and supporters of LD 160 that the Maine Bureau of Motor Vehicles already uploaded personally identifying information extracted from all Maine driver’s license records to the SPEXS national ID database in December 2024.

Later in the same hearing, the Transportation Committee heard testimony from some of the same witnesses with respect to LD 1360, a well-meaning but inevitably flawed alternate legislative proposal to require the BMV to maintain the option of a “noncompliant” driver’s license or state ID. The problem with this is that those who get a noncompliant license or ID will think they have opted out of the national ID system, but their information will end up in the same SPEXS national ID database.

Secretary of State Bellows first tried to say that there was no such database, then that it only contained information concerning REAL-ID compliant licenses and IDs, but finally conceded that Maine actually has only one driver’s license and ID database that includes both compliant and noncompliant credentials. Pointers extracted from all records in this state database, including both compliant and noncompliant licenses and IDs, have been and are continuing to be uploaded to SPEXS. And those pointer records, as we pointed out, contain sensitive personal information vulnerable to abuse.

Here’s our 3-minute statement in support of LD 160 (full written submission):

Apr 11 2025

DOGE, DHS, and data matching

“Data matching” may seem abstract, but its consequences can be life-changing: visa revocation, deportation, sudden cessation of Social Security payments, all without warning or opportunity to present argument or evidence to a human fact-finder.

One of the hallmarks of the new U.S. Department Of Government Efficiency (DOGE) is large-scale algorithmic analysis and comparison of existing databases of personally-identified information. In many cases, algorithms, AI, and data matching are being substituted for human judgement as the basis for decisions about individuals. Similar projects are being carried out by the Department of Homeland Security (DHS).

These activities appear likely to violate the Privacy Act (including its rarely-enforced criminal provisions) and/or the Computer Matching and Privacy Protection Act.

DOGE’s programmers are working to aggregate and correlate databases that have been compiled by different agencies or commercial third parties such as social media platforms, identified in different ways, and ingested in different formats.

Data matching is central to the methods of DOGE and the Trump 2.0 Administration. One of President Trump’s Executive Orders to heads of all Federal agencies directs that:

Agency Heads shall take all necessary steps, to the maximum extent consistent with law, to ensure Federal officials designated by the President… have full and prompt access to all unclassified agency records, data, software systems, and information technology systems… This includes authorizing and facilitating both the intra- and inter-agency sharing and consolidation of unclassified agency records.

How is this working out, and what does this say about ID-linked records?

Mar 17 2025

FinCen demands reporting of cash transactions over $200

The Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury has ordered all money transfer agencies and currency exchanges in seven counties in California and Texas along the US-Mexico border to file reports with FinCEN including the identities of the customers engaging in all cash transactions over $200.

Implicit in this order is that would-be customers who are unable or unwilling to provide sufficient evidence of their identity (and to allow that information and the details of their transaction to be passed on to FinCEN) will be denied these financial services.

The Geographic Targeting Order published by FinCEN in the Federal Register last Friday is effective for transactions with financial services businesses in those counties from April 14, 2025, through September 9, 2025. The Bank Secrecy Act, which authorizes such orders, limits them to 180 days but allows them to be renewed an unlimited number of times.

The misleadingly-named Bank Secrecy Act is already subject to abuse as an enabler and pretext for financial surveillance, and already requires reporting of cash transactions of $10,000 or more. But so far as we’ve been able to determine, this order lowering the reporting threshhold to $200 is, even for a geographically limited area, unprecedented.

Other Geographic Targeting Orders have been issued, but typically with much higher threshholds — real estate transactions over $50,000 in Baltimore, for example. Why Baltimore, with a lower threshhold than anywhere else in the US? FinCEN didn’t say.

The new order goes against growing bipartisan calls in Congress to repeal the Bank Secrecy Act or at least raise the threshhold amounts for for customer identification and transaction reporting.

Nothing in the order gives any real justification for its geographic boundaries. More than a million people live in the area covered by the order, but it will actually affect a much larger number of people. Many travellers stop at “Casas de Cambio” on their way to and from border crossings in these counties to exchange cash dollars for pesos and pesos for dollars.

It’s unclear whether the goal of the order is primarily harassment or surveillance. The costs of completing the extra paperwork will undoubtedly drive up currency exchange and remittance fees and waste time for financial service businesses and their customers.

Mar 12 2025

State Department puts “X” passport applicants in limbo

The US State Department is withholding passports from some US citizens, effectively denying them the ability to leave or return to the US, without any basis in law or regulations.

Multiple news outlets have reported that the State Department has ordered its staff in the US and abroad to “suspend” processing of all pending applications for new or renewal US passports or passport cards with an “X” gender marker.

A new page of the State Department’s website suggests that each of these passport applicants will (eventually) be notified that their application has been “suspended” and will remain “suspended” (i.e. that they won’t be issued a passport) unless and until they provide “certain documents and records to help us establish your biological sex”.

Mar 03 2025

Treasury Department says it won’t enforce ID requirement for corporate principals

The US Department of the Treasury has announced that it plans not to enforce the provisions of the Corporate Transparency Act (CTA) that were to go into effect next month requiring owners and principals of all corporations to file copies of government-issued ID credentials, including photos, with the Financial Crimes Enforcement Network (FinCEN).

The Treasury Department also says it plans to propose revisions to the CTA regulations that would limit the ID-filing requirement to principals of “foreign reporting companies”, a term that doesn’t appear in the statute and isn’t defined in the announcement.

We don’t want the government to try to enforce the CTA reporting requirement. But if the law isn’t going to be enforced, it should be repealed, not left on the books as a Sword of Damocles available to prosecutors to threaten or persecute disfavored businesspeople. And the proposed regulations, redefining which entities must file CTA reports, would appear to be contrary to the explicit language of the CTA statute as to who must file.

Press releases like this one form the Treasury Department aren’t binding on Federal prosecutors, even now, much less in the future. Regardless of this announcement, nobody subject to the CTA is safe from prosecution if they don’t file the reports required by the law.

There are few legal constraints on prosecutorial discretion. Many laws — including those that impose reporting and filing requirements — are routinely ignored and unenforced. Police and prosecutors, especially those with malign intentions, love to have laws like this on the books that everybody violates. That allows anyone to be prosecuted at any time, with the government claiming truthfully that it is merely “enforcing the law”. Only in rare cases is the government required to explain the real reasons why some people are prosecuted while others who are known to have violated the same laws are not.

To word it a little differently, the combination of unlimited prosecutorial discretion and universally violated laws is central to the phenomena of pretextual police action and pretextual prosecution. An essential part of the solution is the repeal of unenforced laws.

We welcome, in the short term, the nonenforcement of CTA reporting rules. And we urge Congress to address the problem, promptly, by repealing the CTA in its entirety.

Feb 25 2025

“TSA must go away”

Thanks to a mutual fan, we were invited to speak about the work of the Identity Project with Alex Newman on the latest edition of The Liberty Report on Patriot.tv and Rumble.

We talked about current and long-term concerns including digital ID, the REAL-ID Act, how demands for ID enable surveillance and control and are being increasingly integrated into a global system of surveillance and control of our movements, and the importance of anonymous cash payment for protection against financial surveillance.

What can be done? We talked about the need for popular vigilance and popular resistance, but also about what the government could do:

If the Department Of Government Efficiency (DOGE) is really concerned about identifying unnecessary and ineffective government programs to cut, they could start with the TSA.

Members of Congress could do their part by reintroducing the Freedom To Travel Act and working to abolish the TSA.

Most importantly, though, we the people can continue to resist these attacks on our freedom.

Thnaks to Alex Newman and his crew for giving us a chance to bring these issues to his listeners and viewers.

Feb 24 2025

Supreme Court reinstates new requirement for IDs and mug shots of corporate principals

The US Supreme Court has stayed the nationwide injunction against enforcement of a Federal law requiring owners or principals of all corporations to submit copies of ID documents, including photos, to the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury.

The Supreme Court’s ruling leaves business owners and officers, and FinCEN, scrambling to figure out what to do — at a moment when how the Federal government might use personal information in ways that weren’t anticipated when it was collected is a hot topic.

The original deadline for filing of Beneficial Owner InformatIon (BOI) with FINCEN was to be January 1, 2025. But by then, multiple lawsuits against the Corporate Transparency Act had been filed, and the judge in one of those caseS had issued a nationwide injunction against enforcement of the law while the lawsuits were pending.

The Supreme Court’s decision to overturn that injunction allows the lawsuits and appeals to continue, but in the meantime allows the government to enforce the filing requirement.

Following the stay of the District Court injunction pursuant to the Supreme Court’s decision, FinCEN announced a new deadline of March 21, 2025, for filing of BOI (including copies of IDs) for most companies. Another injunction from a different judge in a different Federal court district remains in effect, but it applies only to the plaIntiffs in that case.

FinCen estimates that collecting and submitting the required information will require, on average, 90 to 650 minutes per company. That’s a far from trvial burden for, for example, a sole proprietor with a personal LLC. The cost could be much higher for even a small business thta has to hire a lawyer to figure out who is considered a “beneficial owner” or officer subject ton the reporting requirement.

Those who search for information on the Web about BOI filing requirments are likely to be led to the flood of scam sites set up to rip off would-be BOI filers with excessive facilitation fees as intermediaries, while harvesting personal information for identity theft. What does it say about the purposrted justification for this rule that the requirements of the “Financial Crimes Enforcement Network” are providing a windfall for financial fraudsters?

The purported limitations and controls on access to and use of BOI filings ring hollow in light of the access to and use of personal information from Federal databases in unanticipated ways and by entities and by newly-created entities with ambiguous authority, such as the White House Department Of Government Efficiency (DOGE).

With concern growing about how this informaiton might be misused, legislation is pending in Congress to repeal the Corporate Transparency Act or postpone its effective date.

On February 10th, the House of Representatives approved H.R. 736, a bill to extend the BOI filing deadline until January 1, 2026, by a unanimous vote of 408 to 0. The same or a similar bill is likely to be introduced in the Senate. Postponement might give time for the pending appeals in the lawsuits challenging the law to play out, or for Congress to repeal the law.

A bill to repeal the Corporate Transparency Act and the BOI reporting requirement has been introduced in the House as H.R. 425 and in the Senate as S. 100, “Repealing Big Brother Overreach Act”. No action has yet been taken on this bill in either chamber.

Jan 14 2025

TSA issues new non-rules for REAL-ID

Today the Transportation Security Administration (TSA) published new regulations for the REAL-ID Act in the Federal Register, finalizing a bizarre and clearly illegal proposal the agency made in September 2024.

The new TSA regulations leave it even more unclear than before who the TSA will allow to fly without ID, and who it will prevent from flying without ID, after May 7, 2025.

Rather than establishing standards applicable to demands for ID by all Federal agencies, the new TSA regulations purport to authorize the TSA itself as well as other Federal agencies to establish agency-specific plans for selective enforcement of REAL-ID Act requirements.

These “graduated enforcement plans” will be regulations in all but name, and the TSA seems to think that they will have the force of law. But these graduated enforcement plans won’t be standardized, and may vary from agency to agency, contrary to the plain mandate of the REAL-ID Act for the Department of Homeland Security to promulgate standards for ID applicable to all Federal agencies.

“Graduated enforcement plans” will be promulgated summarily, solely by posting on different Federal agency websites, without notice, opportunity for public comment, or publication in the Federal Register. In effect, the TSA is trying to opt itself and all other Federal agencies out of the most basic transparency, procedural, and due process requirements of the Administrative Procedure Act (APA).

In its analysis of the 11,000 comments submitted in response to its Notice of Proposed Rulemaking (NPRM), the TSA acknowledges our objection to its attempt to re-delegate rulemaking authority to other agencies and opt out of APA requirements. But the TSA claims that “graduated enforcement plans” posted on agency websites won’t be “regulations”, even if they are claimed to authorize decisions about who can and can’t exercise rights.

The TSA also brushes off a wide range of Constitutional and statutory objections to the proposed regulations as “outside the scope of this rulemaking”.

It remains to be seen whether the new REAL-ID regulations will be challenged on APA and/or other grounds.

In response to our objection to statements in (NPRM) implying that after the effective date of the new regulations ID would be required to fly, the TSA says as follows:

Upon full card-based enforcement, TSA may not accept noncompliant State-issued DL/IDs at security screening checkpoints for the purpose of boarding federally regulated commercial aircraft. This rule does not otherwise effect TSA’s policies related to acceptable forms of identification and identity verification.

If this is true, it means that the procedures for travel without ID (as distinct from any procedures for travel with noncompliant state-issued ID) won’t change. But we won’t know for sure until after May 7, 2025, how the TSA will deal with air travelers without any ID.

Dec 16 2024

Identification as the enabler of ID-based surveillance and control

Edward Hasbrouck of the Identity Project was a guest today with Prof. David Farber (Keio Univ. Cyber Civilization Research Center) and Prof. Dan Gillmor (Arizona State Univ.) for the CCRC / IP-ASIA weekly online gathering on current issues, discussing the expansion of demands for ID, identification as a service provided by the government to commercial entities, the evolution of ID-based surveillance and control, and the human rights work of the Identity Project:

How do demands for ID enable ID-based surveillance and ID-based control of offline and online activities, including predictive “pre-crime” controls?
When are we required to identify ourselves ourselves or submit to automated identification?
How is this changing?
What can we do about it?
Invitation and Zoom link
Slides

Dec 09 2024

Public/private partnerships for financial surveillance

[Email from the Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury to some of its banking industry partners forwarding list prepared by Mitsubishi United Financial Group (MUFG) of vendors at DMV (DC, Maryland, and Virginia) airports, train stations, and bus stops, to target reporting of purchases at these locations as “suspicious” .]

The House Committee on the Judiciary and its Select Subcommittee on the Weaponization of the Federal Government have released a ground-breaking report on their investigation of what they describe — accurately, we think — as “the coordination between Big Banks and Big Government” in financial surveillance.

The Judiciary Committee and Subcommittee’s latest report on financial surveillance as well as their earlier interim report on the same issue are part of their broader inquiry into the investigative tactics used in the aftermath of the storming of the US Capitol on January 6, 2021.

Partisan criticism of the Weaponization Subcommittee may lead to some skepticism or dismissal of its report and recommendations. But that would be a mistake, regardless of what anyone thinks about the Weaponization Subcommittee in general. The report is thoroughly researched and its sources are well documented. It’s based on interviews with witnesses from goverment agencies and the banking industry and tens of thousands of documents provided in response to Congressional subpoenas.

The report on financial surveillance uses the post-January 6th investigation only as a case study. The practices it reports on could have been, and still could be, used against any of us, regardless of party or affiliation (if any). They shouldn’t be used against anyone, even the most stigmatized individuals and groups. What we allow to be done to our enemies, or anyone’s enemies, could be done to any of us. The report deserves bipartisan public attention and calls for bipartisan action by Congress.

As we’ve noted in surveying what’s likely to lie ahead in demands for ID and ID-based surveillance and control of our real-world and virtual movements and activities, it’s all too easy and all too common for otherwise-principled civil libertarians to allow their distaste for particularly reviled individuals to blind them to the bad precedents being set by the investigative and prosecutorial tactics used against those stigmatized defendants.

We can’t afford to be sanguine about violations of anyone’s rights. The government’s response to the events of January 6, 2021, was a textbook example of the way that unsympathetic defendants are exploited to expand the norms of permissible and publicly-tolerated investigative and prosecutorial practices that can later used more widely.

After January 6th there were misguided calls to add everyone involved in the storming of the Capitol (and perhaps also anyone suspected of possibly having been involved) to the million-and-a-half names already on the US government’s no-fly list — by summary, secret, extrajudical administrative action. It’s unclear whether, or to what extent, that was done. That remains an open question, as does the larger question of how no-fly decisions are made. We hope that the Weaponization Subcommittee and the Subcommittee on the Administrative State will look into these questions during the next session of Congress.

Suspects were targeted for prosecution after January 6th based on what may have been the most extensive use to date in any single investigation of geofence warrants for cellphone location data. Those general warrants were used not to obtain evidence pertaining to individuals who there was already probable cause to suppect of crimes, but to trawl through records of hundreds of millions of innocent cellphone users to find individuals to place under suspicion based on where their cellphones were logged by Google as having been on that day. Challenges to the Constitutionality of these general warrants for dragnet searchess were all — so far as we can tell — dismissed by the judges hearing these cases.

But that’s not all. The latest Judiciary Committee report shows how logs of routine, entirely legal, financial transactions were subjected to warrantless scrutiny and data mining by banks and financial services providers collaborating with government investigators, and used as the basis for placing individuals under suspicion.

The FBI encouraged banking companies to “voluntarily” submit Suspicious Activity Reports (SARSs) to the Financial Crimes Enforcement Network (FinCEN), the police division of the Department of the Treasury. These SARs were used to finger to FinCEN as “suspicious” anyone who had engaged in such mundane activities as taking money out of an ATM, buying a meal at an airport, or paying for a hotel or AirBNB anywhere in the DMV (DC, Maryland, and Virginia) area on January 6th or the days before or after:

To be clear: these transactions were, in and of themselves, entirely legal, and weren’t in and of themselves in any way suspicious. They didn’t create probable cause to believe that each such individual was likely to have committed any crime, and they wouldn’t have provided sufficient basis for the issuance of a search warrant. These SARs were used not to investigate people who were already suspected of crimes, but to identify new individuals to be extrajudically placed under suspicion and investigated without probable cause.

Once submitted to FinCEN, these SARs are available for individual search and retrieval by tens of thousands of government agents, without the need to apply for a warrant. SAR data is also exported in bulk by FinCen for import into other agencies’ data mining systems.

Papers, Please!

The Identity Project