Mar 08 2024

US passports and freedom of international travel

As we mark twenty years since the creation of this website for the Identity Project, perhaps it’s time to assess the state of freedom of movement in the USA and for US citizens.

We’ve been reporting, in more detail than anyone else, on changes in policies and practices that affect our right to travel freely. But sometimes the big picture can get lost in the details. Incremental changes can be more significant, in the long term and in the aggregate, than might be apparent  if we focus on any single step along the way.

Travel is restricted by (1) requirements to have, carry, and show ID to cross international borders or travel by common carrier; (2) restrictions on issuance of passports, driver’s, licenses, and state IDs used or needed for travel; and (3) ID-linked blacklists and controls that allow travel only by government permission and restrict who is given permission to travel.

These mechanisms for control of movement operate differently for international travel than they do for movement within the USA.

Let’s look first at U.S. passports and international travel. (We’ll look at domestic travel within the U.S without ID, or without Federally-approved ID, in later articles.)

Can a US citizen travel internationally without a passport? Do they have a right to a passport — and if not, which US citizens can and can’t get a US passport? What is the legal basis for these restrictions, or what would be the legal basis for challenging them?

Read More

Jan 23 2024

IDs and mug shots now required from all corporate principals

This month the Financial Crimes Enforcement Network (FINCEN) division of the Department of the Treasury began collecting copies of passports, drivers licenses, and other ID documents submitted by officers and owners of all sorts of companies.

In  other words, you now have to have a government-issued ID and provide an image of it, probably including your photo, to the Federal government in order to establish, serve as an executive of, or hold a major interest in almost any type of corporation, LLC, partnership, trust, etc. (with some odd and irrational exceptions).

Read More

Nov 13 2023

Advance Travel Authorization (ATA) and the “CBP One” app

 

As we’ve discussed before in this blog, and as other human rights advocates have noted, asylum requires traveling to a border. Since you can only apply for asylum after you arrive in a country of refuge, freedom to travel from a place where you are subject to persecution to a country of refuge is a prerequisite for asylum.

But as we have also noted, including in comments earlier this year to the U.N. Office of the High Commissioner for Human Rights concerning the rights of migrants, governments including the US government have steadily increased their efforts to undermine the right to asylum by preventing  asylum seekers from traveling to their borders.

The latest step in this direction is the Advance Travel Authorization (ATA) system operated by U.S. Customs and Border Protection (CBP). Under this program, asylum seekers can request permission through the CBP One mobile app to travel to the US. CBP is already operating this system under a temporary “emergency” authorization from the Office of Management and Budget (OMB), but is seeking OMB approval to make it permanent.

As we explain in comments we submitted today to CBP:

Because the US has no jurisdiction and CBP has no statutory authority over travel by non-US citizens within or between other countries or their departure from other countries, and because whether or not a non-US citizen has requested or been granted “permission” from CBP has no bearing on their right to leave any other country or to travel within or between other countries by common carrier or otherwise, this collection of information is of no practical utility for any lawful activity of CBP or any US agency.

Do asylum seekers need permission from the US government to leave other countries where they are being persecuted, or to travel to the US?

No, they do not, as we explain in our comments to CBP: Read More

Oct 16 2023

The TSA wants to put a government tracking app on your smartphone

Today the Identity Project submitted our comments to the Transportation Security Administration (TSA) on the TSA’s proposed rules for “mobile driver’s licenses”.

The term “mobile driver’s license” is highly misleading. The model Electronic Credential Act drafted by the American Association of Motor Vehicle Administrators (AAMVA) to authorize the issuance of these digital credentials and installation (“provisioning”) of government-provided identification and tracking apps on individual’s smartphones provides that, “The Electronic Credential Holder shall be required to have their Physical Credential on their person while operating a motor vehicle.”

So the purpose of “mobile driver’s licenses” isn’t actually licensing of motor vehicle operators, as one might naively assume from the name. Rather, the purpose of the “mobile drivers license” scheme is to create a national digital ID, according to standards controlled by the TSA, AAMVA, and other private parties, to be issued by state motor vehicle agencies but intended for use as an all-purpose government identifier linked to a smartphone and used for purposes unrelated to motor vehicles.

We’ve seen the ways that government-mandated tracking apps on citizens’ smartphones are used by the government of China, and that’s not an example we want the US to follow.

AAMVA’s website is more honest about the purpose and planned scope of the scheme: “The mobile driver’s license (mDL) is the future of licensing and proof of identity.”

As we note in our comments:

The fact that the TSA seeks to require the installation of a government app on a mobile device of a certain type suggests that the government has other purposes than mere “identification”, such as the ability to track devices as well as people. But we don’t know, because we haven’t been able to inspect the source code for any of these apps.

Most of the details of the TSA proposal remain secret, despite our efforts to learn them. So our comments focus on the unanswered questions about the proposal, the deficiencies in the TSA’s “notice”, and the TSA’s failure to comply with the procedural requirements for consideration of proposed regulations and for approval of collections of information from members of the public — which the TSA is already carrying out illegally, without notice or approval, with digital ID apps that state agencies are already installing on smartphones:

By this Notice of Proposed Rulemaking (NPRM), the Transportation Security Administration (TSA) proposes to establish “standards” (which are not included in the NPRM and not available to the public) for a national digital ID to be used by Federal agencies in an unknown range of circumstances for unknown purposes (also not specified in the NPRM, and for which the notices and approvals required by law have not been provided or obtained).

The NPRM, which includes a proposal to incorporate by reference numerous documents which are not included in the NPRM and have not been made available to would-be commenters who have requested them, fails to provide adequate notice of the proposed rule or opportunity to comment on the undisclosed documents proposed to be incorporated by reference. It violates the regulatory requirements for incorporation by reference of unpublished material….

The proposed rule would also implicitly incorporate the Master Specification for State Pointer Exchange Services (SPEXS) published by the American Association of Motor Vehicle Administrators (AAMVA), which is not included or mentioned in the NPRM or publicly available and which AAMVA has actively attempted to remove from public availability….

The NPRM purports to include an analysis, pursuant to the Paperwork Reduction Act (PRA), of “the information collection burdens imposed on the public,” and claims to have requested approval for these information collection from the the Office of Management and Budget (OMB). But both the NPRM and the request for OMB approval omit any mention of the collection of information from individuals that occurs each time a “mobile ID” is “presented” and an app on a mobile device interacts with TSA or other Federal agency devices or servers….

What data fields will be collected when a TSA or other Federal agency device interacts with a mobile ID app on an individual’s device? We don’t know. What code will an individual be required to allow to run on their device, and with what privileges? We don’t know, although this could be critical to the risks and potential costs to individuals if, for example, they are required to allow closed-source code to run on their devices with root privileges.

From which people, how many of them, in what circumstances, and for what purposes, will this information be collected? We don’t know, although all of this is required to be included in an application for OMB approval of a collection of information….

What will individuals be told about whether these collections of information are required? We don’t know this either, although this is a required element of each PRA notice, because the TSA provides no PRA notices to any of those individuals from whom it collects information at its checkpoints, including information collected from mobile IDs.

As the TSA itself has argued in litigation, no Federal statute or regulation requires airline passengers to show ID. And hundreds of people pass through TSA checkpoints and board flights without showing ID every day. An accurate submission to OMB, and an accurate PRA notice (if approved by OMB), would inform all individuals passing through TSA checkpoints that ID is not required for passage. But instead of providing OMB-approved PRA notices at its checkpoints in airports, the TSA has posted or caused to be posted knowingly false signage claiming that all airline passengers are “required” to show government-issued ID credentials. Individuals incur substantial costs as a result of these false notices, particularly when individuals without ID forego valuable travel in reliance on deliberately misleading signs that ID is required.

Read More

Oct 09 2023

The difference between stating your name and showing ID

The 11th Circuit Court of appeals has ruled that it is clearly established law that even in a state with a “stop-and-identify” law, and even if police reasonably suspect you of a crime, police may not require you to show ID or arrest you if you refuse to do so.

We don’t think people should be required to identify themselves. Self-identification can amount to self-incrimination, and compelling individuals to answer any question from police or other government agents would violate the Constitutional right not to be compelled to give evidence against oneself. You have the same right to remain silent if police ask, “What is your name?” as you have if you are asked any other question.

Despite this bedrock principle, some states have passed “stop and identify” laws of dubious Constitutionality that purport to require people to identify themselves on demand to any law enforcement officer who reasonably suspects them of a crime.

Even in those states, however, there’s a fundamental difference between being required to state your name verbally and being required to have, to carry, or to show ID credentials.

That distinction was central to the decision of the US Supreme Court in Hiibel v. Nevada, in which the court didn’t reach the question of whether a law requiring suspects to “show” ID would be Constitutional because it found that Mr. Hiibel could have satisfied the Nevada “stop and identify” law by verbally stating, “My name is Dudley Hiibel.”

Other cases in the lower courts since Hiibel have touched on this issue, but until now, none that we are aware of has depended squarely on this distinction between stating your name and showing ID.

The clarity and significance of the 11th Circuit panel’s opinion in Edger v. McCabe makes it worth quoting at length:

The facts of this case are not in dispute, as the entirety of the encounter between Mr. Edger and the police was captured on the police officers’ body-worn and dash cameras….

Mr. Edger is a mechanic in Huntsville, Alabama….. One of Mr. Edger’s longtime clients is Kajal Ghosh, who owns a red Toyota Camry. The Camry is primarily driven by Mr. Ghosh’s wife, who works as a teacher at Progressive Union Missionary Baptist Church. One or
two days before June 10, 2019, Mr. Ghosh called Mr. Edger and reported that the Camry had broken down while his wife was working at the Church. He asked Mr. Edger to fix the car and told him the keys would be waiting for him at the Church’s front office.

On June 10, around 2 p.m., Mr. Edger went to the Church to pick up the keys and to inspect the Camry. He determined something was wrong with either the car’s steering or its tires, and he concluded he would need to come back later with tools to fix the car. That evening, he returned to the Church with his stepson, Justin Nuby, in tow, intending to either fix the Camry on-site or to take it back to the shop for further repairs. Mr. Edger and Mr. Nuby drove a black hatchback to the Church.

After Mr. Edger and his stepson entered the Church’s lot, the Church’s security guard observed them and grew concerned…. At about 8:05 p.m., the security guard called 911 and told dispatch: “I have two Hispanic males, messing with an employee’s car that was left on the lot.”

Police arrived, and the court describes what the video evidence showed as follows:

Mr. Edger continued to work, and the following conversation began:

Officer McCabe: What are y’all doing?

Mr. Edger: Getting the car fixed.

Officer McCabe: Is this your car?

Mr. Edger: Yeah, well, it is one of my customer’s.

Officer McCabe: One of your customer’s?

Mr. Edger: Ghosh Patel, yep. I was over here earlier….

From here, the interaction rapidly escalated:

Officer McCabe:  Alright. Take a break for me real fast and do y’all have driver’s license or IDs on you?

Mr. Edger: I ain’t going to submit to no ID. Listen, you call the lady right now. Listen I don’t have time for this. I don’t mean to be rude, or ugly, but …

Officer McCabe: Okay. No, you need to—

Mr. Edger: I don’t mean to be—

Officer McCabe: —give me your ID or driver’s license.

Mr. Edger: No. I don’t. Listen, I don’t want you to run me in for nothing.

Officer McCabe: Are you refusing me—are you refusing to give me your ID or driver’s license?

Mr. Edger: I’m telling you that if you will call this lady that owns this car—

In the middle of Mr. Edger’s sentence, as he was attempting to explain the situation to Officer McCabe, Officer Perillat seized Mr. Edger from behind. He led Mr. Edger to the side of the Camry and started handcuffing him. As Mr. Edger protested, Officer Perillat told Mr. Edger: “We don’t have time for this,” and, “You don’t understand the law.” During this time, the video shows that Mr. Edger offered his driver’s license at least three times before the officers could finish handcuffing him. Eventually, the officers managed to handcuff and search Mr. Edger, and then detain him in a squad car. Throughout this process, the officers never asked Mr. Edger or his stepson for their names or addresses….

Mr. Edger was charged with obstructing governmental operations in violation of Alabama Code § 13A-10-2(a)(1). The City of Huntsville dropped all charges relating to this incident. After the dismissal of the charges, Mr. Edger filed a § 1983 civil rights lawsuit, alleging a false arrest in violation of his Fourth Amendment rights against unlawful searches and seizures, as well as a state law false arrest claim….

Turning now to the defendant’s theory that probable cause existed to support Mr. Edger’s arrest because he violated Alabama’s Stop-and-Identify statute, Alabama Code § 15-5-30. The Stop-and-Identify statute allows an Alabama police officer who “reasonably suspects” a crime is being, has been, or is about to be committed to stop a person in public and “demand of him his name, address and an explanation of his actions.” Id.

Mr. Edger argues that he cannot possibly have violated § 15-5-30, because it clearly delineates three things the police may ask him for: his name, his address, and an explanation of his actions. He argues nothing in the statute requires him to produce physical identification, and that Officer McCabe’s question, “Do y’all have driver’s license or IDs on you?” and repeated references to “IDs” were clearly demands for him to produce physical identification of some kind. He notes that physical identification is not one of the three enumerated things that the police may ask for under Alabama law, and that he was never asked for his name or address.

We agree with the district court’s assessment that Mr. Edger did not actually violate § 15-5-30… Section 15-5-30 does not require anyone to produce an “ID” or “driver’s license” as Officer McCabe demanded. Indeed, it does not require anyone to produce anything. Instead, it grants Alabama police the authority to request three specific pieces of information. Here, the video evidence is clear that neither Officer McCabe nor Officer Perillat asked for Mr. Edger’s name or address. Additionally, Mr. Edger’s objection was clearly related to the unlawful demand that he produce physical identification…. Because the Alabama statute, by its plain text, does not permit the police to demand physical identification, the officers lacked probable cause and thus violated Mr. Edger’s Fourth Amendment rights by arresting him….

We hold that the plain text of the Alabama statute is so clear that no reasonable officer could have believed they could arrest Mr. Edger for failing to produce his “ID” or “driver’s license” under § 15-5-30….

[T]he broad background rule is that the police may ask members of the public questions and make consensual requests of them, Florida v. Bostick, 501 U.S. 429, 434–35 (1991) (collecting cases and examples), “as long as the police do not convey a message that compliance . . . is required.” Id. at 435. But the person “need not answer any question put to him; indeed, he may decline to listen to questions at all and may go on his way.” Florida v. Royer, 460 U.S. 491, 497–98 (1983)….

[T]he Alabama statute is clear. It lists only three things that the police may ask about. This is not an issue of “magic words” that must be uttered. There is a difference between asking for specific information: “What is your name? Where do you live?” and demanding a physical license or ID. The information contained in a driver’s license goes beyond the information required to be revealed under § 15-5-30. Compare Ala. Code § 32-6-6 (“Each driver license . . . shall contain a distinguishing number assigned to the licensee and a color photograph of the licensee, the name, birthdate, address, and a description of the licensee . . . .”), and Ala. Code § 22-19-72 (requiring that there be “a space on each driver’s license . . . to indicate in appropriate language that the [licensee] desires to be an organ donor”), with Ala. Code § 15-5-30 (“A [police officer] may stop any person abroad in a public place whom he reasonably suspects is committing . . . a [crime] and may demand of him his name, address and an explanation of his actions.”).

Further, neither the parties nor our own research can identify any Alabama law that generally requires the public to carry physical identification—much less an Alabama law requiring them to produce it upon demand of a police officer. There simply is no state
law foundation for Officer McCabe’s demand that Mr. Edger produce physical identification

So to summarize, it has been clearly established for decades prior to Mr. Edger’s arrest that the police are free to ask questions, and the public is free to ignore them. It has been clearly established prior to Mr. Edger’s arrest that any legal obligation to speak to the
police and answer their questions arises as a matter of state law. And the state statute itself in this case is clear and requires no additional construction: police are empowered to demand from an individual three things: “name, address and an explanation of his actions.” Ala. Code § 15-5-30. It was thus clearly established at the time of Mr. Edger’s arrest that she could not demand he produce physical identification. And because Officer McCabe’s demands for an “ID” or a “driver’s license” went beyond what the statute and state law required of Mr. Edger, she violated clearly established law. Under this set of facts and these precedents, no reasonable officer could have believed there was probable cause to arrest Mr. Edger for obstructing governmental operations by violating § 15-5-30. And this theory cannot support the grant of qualified immunity to the officers.

We welcome this decision and commend it to the attention of other courts and other cops.

Sep 04 2023

Transit payment systems and traveler tracking

Last week 404 Media published a report by Joseph Cox on how the New York Metropolitan Transit Agency’s website can be used as a remote stalking tool: anyone who knows a credit card number that was used to purchase or add value to an OMNY transit farecard could view a historical log of the last seven days of trips taken using the card, including the dates, times, and locations where the card was read at subway entrances or boarding buses.

Less than 24 hours after this report was published, this “feature” was removed from the MTA website.

But that doesn’t solve the problem.

The main problem with the MTA payment system — and similar systems in other cities — isn’t that anyone could access your trip history by typing in your credit card number (which every waiter you ever bought a meal from with that credit card has access to,  and every domestic violence abuser in your household also knows).

The real problem is that the MTA transit system is building a permanent database of all your trips, period. The MTA is still logging transit passengers’ movements, and those logs are still available to the MTA itself, police, anyone the MTA chooses to share them with, or anyone who hacks into the TSA’s records.

If the MTA didn’t collect this data in the first place, there would be no way for anyone to abuse it.

Read More

Jun 12 2023

TSA misstates the case law on ID to fly

During an online panel last week hosted by the Cato Institute, TSA Privacy Officer Peter Pietra made some bold but false claims (starting at 18:05) about the case law on ID to fly:

Patrick Eddington, Cato Institute: I’m trying to understand if there is in fact a statutory basis for TSA to essentially say, “If you don’t show us an ID, you’re not getting on that airplane.”

Peter Pietra, TSA Privacy Officer: … I know that there was a case… where John Gilmore — Gilmore vs. Gonzales, I think was the case — did challenge ID requirements, and the 9th Circuit upheld them…. The one … case that I’m aware of being brought resulted  in upholding TSA’s ability to require ID.

But as Mr. Pietra and the TSA should know, that’s not what was decided in Gilmore v. Gonzales.

Based on pleadings submitted to the court ex parte and under seal by the TSA, the 9th Circuit found that the TSA’s “identification policy” did not require passengers to show ID credentials in order to fly, but provided an alternative of a more intrusive search:

The identification policy requires airline passengers to present identification to airline personnel before boarding or be subjected to a search that is more exacting than the routine search that passengers who present identification encounter….

Gilmore had a meaningful choice. He could have presented identification, submitted to a search, or left the airport. That he chose the latter does not detract from the fact that he could have boarded the airplane had he chosen one of the other two options.

Neither Mr. Gilmore nor his lawyers saw or had any chance to rebut the claims made to the 9th Circuit judges by the TSA in its secret submissions. But the court’s description of the TSA’s identification policy as not requiring passengers to show ID, but allowing a more intrusive search as an alternative, was based entirely on the TSA’s own claims.

Having gotten the court to uphold its policy by representing that policy to the court as not requiring passengers to show ID, the TSA can’t now claim that the court’s decision “upheld” a policy requiring passengers to show ID — a policy the TSA specifically disclaimed in that litigation. The TSA told the 9th Circuit in its sealed, ex parte filings that pursuant to its policy Mr. Gilmore could have flown without ID if he had submitted to a more intrusive search, and the 9th Circuit decided the case on that basis.

Neither the 9th Circuit panel in Gilmore v. Gonzales, nor any other court, has reached the question of whether a requirement for airline passengers to show ID to fly has any statutory basis or would be Constitutional, much less upheld such a requirement

Mr. Pietra went on to suggest that, if the Constitutionality or statutory basis for requiring airline passengers to show ID were in question, the issue would have been litigated. But that ignores the fact that, when Mr. Gilmore tried to litigate exactly this issue, the TSA evaded the issue by denying to the court that it had a policy requiring ID to fly.

We continue to believe that both the TSA’s de facto efforts to require ID to fly, and any TSA policy to require ID to fly, lack a statutory basis and are unconstitutional. We hope that passage of the Freedom To Travel Act will clarify this issue and make it possible for those who are prevented from flying without ID to obtain redress through the courts.

Apr 03 2023

CBP wants more information to surveil and control air travelers

Today the Identity Project and allied civil liberties and human rights organizations submitted comments objecting to a proposal by US Customs and Border Protection (CBP) to require all travelers on international flights to or from the US to provide an address in the US, two phone numbers, and an email address, and prohibit or recommend that airlines not permit anyone who is unable or unwilling to provide this information to board any flight to or from the US. (See our report when this proposal was announced.)

In return for collecting this information and passing it on to CBP, airlines would be allowed to retain and use it for their own purposes, without permission from travelers. Airlines would also be allowed (and in some cases required) to pass it on to foreign governments.

The proposed CBP rule would apply to all travelers, including US citizens (regardless of whether they reside in the US), visitors, and asylum seekers.

The proposed rule is far more significant and far worse than it appears at first glance.

Although the proposal is represented by CBP as a minor change to an existing program that would cost airlines nothing and impose no costs on travelers, it would cost the airline industry hundreds of millions of dollars and impose costs on would-be travelers, especially asylum seekers, that would be measured not only in dollars but  also in lives. The proposed rule would also violate multiple provisions of the Privacy Act, including in ways that would force travelers to make personal information available to hostile foreign governments.

Below are excerpts from our objections to the CBP proposal. You can read the complete comments of the Identity Project and our allies here. You can submit your own comments until midnight EDT tonight, Monday, April 3, 2023, by filling out this form.

The undersigned civil liberties and human rights organizations – the Identity Project (IDP), Government Information Watch, Restore The Fourth (RT4), Privacy Times, and the Electronic Privacy Information Center (EPIC) – submit these comments in response to the Notice of Proposed Rulemaking, “Advance Passenger Information System: Electronic Validation of Travel Documents”, Docket Number USCBP-2023-0002, FR Doc. 2023–02139, RIN 1651-AB43, 88 Federal Register 7016-7033 (February 2, 2023).

By this Notice of Proposed Rulemaking (NPRM), U.S. Customs and Border Protection (CBP) proposes to (1) expand the fields of information that all international travelers flying to or from the U.S. by common carrier are required to provide to airlines and that airlines are required to pass on to CBP (while being free to retain copies for their own profitable use); and (2) prohibit airlines from allowing certain individuals including those who don’t have, or are unable or unwilling to provide, two phone numbers, an email address, and an address in the U.S. (even if they are U.S. citizens who reside abroad), to board flights, or recommend that airlines not board them (in violation of airlines’ duties as common carriers to transport all passengers paying the fares in their tariffs, and in violation of travelers’ rights under Federal statutes, the Bill of Rights, Executive Orders, and international human rights treaties to which the U.S. is a party).

The proposed rule is purportedly intended to “enable CBP to determine whether each passenger is traveling with valid authentic travel documents prior to the passenger boarding the aircraft.” Aside from the fact that CBP has no jurisdiction over foreign citizens boarding foreign-flagged aircraft at foreign airports, the proposed rule would have little or no effect on CBP’s ability to detect travelers using documents issued to other people. The proposed rule would not serve its stated purpose, but would only serve to expand CBP’s systematic warrantless, suspicionless, surveillance of air travelers and CBP’s attempt to control airline travel.

As discussed below, the proposed rule exceeds CBP’s authority and jurisdiction and is contrary to law. It is also bad policy. It amounts to an attempt to impose a travel document requirement in the guise of document “validation”, to outsource to airlines surveillance and control of travelers that CBP would have no authority to conduct itself, and to frustrate the human right to asylum by preventing asylum-seekers from reaching the U.S.

Read More

Feb 06 2023

CBP proposes to require even more information from international air travelers

US Customs and Border and Border Protection (CBP) has proposed new rules to expand its Advance Passenger Information System (APIS) to require all international airlines serving the US to provide additional information about all passengers, prior to flight departures.

CBP’s Notice of Proposed Rulemaking (NPRM), published last Thursday in the Federal Register, falsely claims that the proposed rules would not affect individuals, only airlines. But the mandate for airlines to provide additional information about each would-be passenger makes it a de facto requirement, as a condition of air travel, for travelers to provide this information to airlines and the government.

This would constitute a significant expansion of an ongoing unconstitutional surveillance and profiling program in which all international air travelers are required to respond to suspicionless, warrantless, interrogatories administered through airlines as intermediaries and outsourced government surveillance agents and interrogators.

APIS is not a passive surveillance scheme, however. It is part of a real-time system of  granular, per-passenger, per-flight government control of air travel:

After performing the security vetting, the CBP system transmits to the carrier an electronic message. This message is generally referred to as CBP’s response message. If the carrier is using an interactive transmission system, the response message provides certain instructions to the carrier. Specifically, it states whether each passenger is authorized to board, requires additional security screening, or is prohibited by TSA from boarding… Depending on the instructions received in the response message, the carrier may be required to take additional steps, including coordinating secondary security screening with TSA, before loading the baggage of or boarding the passenger at issue.

The Identity Project has objected to every step in the expansion of APIS since 2006, and we will be filing comments objecting to the latest NPRM. If you’d like to file your own objections, the deadline is April 3, 2023. We’ll post ours for others to use as a model.

Current mandatory APIS data fields include name, date of birth, gender, nationality, passport or travel document number, and flight details (airline, flight number, and departure and arrival airports, dates, and times). In addition to the information that CBP has been requiring since 2006, the new NPRM proposes that airlines operating flights to or from the US be required to collect and transmit to CBP additional information including:

  • Street address in the US (currently required of aliens but not of US citizens)
  • Telephone number and “alternate” telephone number (presumably the second phone number is required in order to help the government build social network maps and  guilt-by-association links of First Amendment protected associations between individuals)
  • Email address

What if a US citizen has no fixed address, or no address in the US — or doesn’t want to tell the US government? What if they don’t yet know at which hotel or with which friend or relative  they will be staying — or don’t want their host permanently linked with them in the government’s surveillance and suspicion-generating files?

Are two telephone numbers and an email address required as a condition of air travel?

The proposed rules are silent, but they imply that any airline that transports such a passenger would be subject to sanctions:

CBP cannot require that a passenger be denied boarding. However, if an air carrier boards a passenger who is then denied entry to the United States, the air carrier may have to pay a penalty and bear the costs of transporting that passenger out of the United States.

On arrival in the US, the US government has the duty to allow a US citizen to enter the country unless there is genuine doubt as to their US citizenship. They are not required to provide any information not related to, and needed to determine, their US citizenship.

If a CBP inspector at a border crossing or airport asks a US citizen their address in the US, phone number(s), or email address, they have the right to stand mute or to refuse to answer. CBP can search them, but cannot make them answer questions or deny them entry for standing mute.

If CBP would have no Constitutional authority to require a traveler to answer these questions after they arrive in the US, on what possible grounds would it claim authority to require answers to those same questions before a traveler even boards a flight to the US?

The NPRM does not mention the Bill of Rights or any limits on the authority of the government or a common carrier to demand personal information or answers to interrogatories as a condition of carriage.  We believe that there is no such authority. The proposed rules would violate the First, Fourth, and Fifth Amendments, the Privacy Act, and US obligations as a party to the International Covenant on Civil and Political Rights.

Since the creation  of the Department of Homeland Security (DHS) after September 11, 2001, the DHS has imposed more than a billion dollars in unfunded mandates to the airline industry  to collect additional information about all airline passengers, transmit that information to DHS components (CBP for international flights and the TSA for domestic flights), and receive and process instructions from the DHS before issuing any boarding pass.

The proposed new rules would send the airline IT industry back to the drawing board to modify all of its software, user interfaces, APIs, and business-process layers to collect and transmit additional data fields  about each passenger to CBP prior to departure of each international flight to or from the US.

CBP says that some airlines are already “voluntarily” providing personal information about passengers to CBP beyond what has been required by the current APIS regulations.

Why would airlines be willing to collaborate with the DHS in these schemes?

The proposed rules would leave airlines free to retain, use, share, sell, or otherwise monetize the additional personal information which travelers would be required to provide. This would amount to a huge informational windfall for airlines, and this is the quid pro quo to airlines for collecting this additional data for the government. To put it another way, the proposed rules would constitute a government-compelled taking and transfer to airlines of the value of travelers’ personal information.

Airlines don’t collect this data systemically now, and have not yet developed any standards for normalizing, storing, or exchanging it. This would be a massive unfunded mandate for modifications to airline industry IT systems, at every level from interline messaging protocols to user interfaces, and in training staff. But most of these costs would be one-time costs, and in the long term would be offset by the informational windfall to airlines.

Airlines are already experts in monetizing passenger data, making billions of dollars a year by selling advertising targeted to members of their frequent flyer programs. Compelled provision of additional contact information would enable airlines to expand these customer data monetization and ad targeting programs to all air travelers, including infrequent flyers who aren’t members of these programs.

Many foreign airlines are parastatal entities, so this rule would effectively require many asylum seekers to divulge info to the foreign governments from which they are trying to flee, prior to departure from those countries, placing themselves and their associates (linked to them by e.g. shared contact info)  at even greater peril.

Travelers and airlines should just say no. Travelers should decline to answer questions unrelated to their admissibility to the US, and airlines should transport them anyway and challenge any attempt to impose sanctions on them for refusing to spy on their passengers by interrogating them and collecting surveillance data for the government.

Nov 23 2022

The airport of the future is the airport of today — and that’s not good.

(video; slides)

[Facial recognition at each step in airline passenger processing. Slide from presentation by Heathrow Airport Holdings Ltd. to the International Civil Aviation Organization (ICAO) Traveler Identitification Program symposium, October 2018]

Today, the day before Thanksgiving, will probably be the busiest day for air travel in the USA since the outbreak of the COVID-19 pandemic in early 2020.

If you are flying this week for the first time in three years, what will you see that has changed?

Unfortunately, many of the most significant changes made during the pandemic are deliberately invisible — which is part of what makes them so evil.

During the pandemic, largely unnoticed, the dystopian surveillance-by design airport of the future that we’ve been worried and warning about for many years has become, in many places, the airport of today.

While travelers were sheltering in place during the COVID-19 pandemic, airports have taken advantage of the opportunity to move ahead with expansion and renovation projects. While passenger traffic was reduced, and terminals and other airport facilities were operating well below capacity, disruptions due to construction could be minimized.

A characteristic feature of almost all new or newly-renovated major airports in the U.S. and around the world is that they are designed and built on the assumption that all passengers’ movements within the airport will be tracked at all times, and that all phases of “passenger processing” will be carried out automatically using facial recognition, as shown in this video from a technology vendor, Airport of the Future:

[Stills from 2019 vendor video, Airport of the Future.]

In the airport of the future, or in a growing number of present-day airports, there’s no need for a government agency or airline that wants to use facial recognition to install cameras or data links for that purpose. As in the new International Arrivals Facility at Sea-Tac Airport, which opened this year, the cameras and connectivity are built into the facility as “common-use”  public-private infrastructure shared by airlines, government agencies, and the operator of the airport — whether that’s a public agency (as with almost all U.S. airports) or a private company (as with many foreign airports).

Read More