May 20 2022

New reports on DHS surveillance and profiling

Two new reports from university think-tanks call attention to surveillance and profiling — including surveillance of, and action against, domestic and international travelers — by the Department of Homeland Security and its components.

A Course Correction for Homeland Security, a report by the Brennan Center for Justice at New York University, cites to some of our work and some examples of cases we have been involved with in its analysis of DHS data collection (surveillance), and “risk assessments” (algorithmic profiling and control), especially as they relate to travelers.

American Dragnet: Data-Driven Deportation in the 21st Century, a report by the Center on Privacy and Technology at Georgetown University Law School, focuses on DHS’s Immigration and Customs Enforcement (ICE) division, especially ICE access to facial images and other information obtained from drivers licenses and commercial data brokers.

A common theme of both reports is that DHS surveillance is more pervasive, more intrusive, and less visible than is generally recognized.

Airline reservations and demands for ID from travelers are used not merely to check for currently blacklisted would-be travelers, but are retained and used to build travel histories and social networks maps that are then used by suspicion-generating guilt-by-association algorithms to expand the web of surveillance, profiling, and extrajudicial blacklisting.

ICE represents itself as an agency with jurisdiction only over non-US citizens, but in fact runs photos and drivers license and location data about a large fraction of the entire population of US citizens through its profiling and enforcement algorithms. DHS lurks (usually invisibly) in the background, “ingesting” or obtaining access to personal information, when individuals pose for drivers license photos, make airline reservations, or interact with businesses that “share” data directly or indirectly with DHS.

What is to be done about this sorry state of affairs?

Both of these reports suggest that some reforms could be made by policy, at the direction of the President, the Secretary of Homeland Security, or the heads of DHS components.

However, given the thoroughly bipartisan continuity of support by both Democratic and Republican administrations for the continual expansion of DHS surveillance, especially of travelers and foreigners and most especially of border crossers, since its creation 20 years ago, we have little hope for reform from within DHS or at the behest of the White House.

Exposure of abuses is good, but more is needed than a change of administration policy.

While we welcome any additional attention paid to the problems with the DHS, we think they call for court action to uphold the Constitutional and treaty rights of travelers and other individuals, and Congressional action to effectuate those rights and to facilitate judicial review and redress for government actions that violate those rights.

The DHS, as these reports reveal, is an ever-growing dragnet surveillance agency, operating outside the rule of law. What are we going to do to alter or to abolish it?

Mar 17 2022

Alaska may end its compliance with the REAL-ID Act

A bill introduced in the current session of the Alaska state legislature, HB 389, would end the issuance by the state of Alaska of driver’s licenses that comply with the Federal REAL-ID Act of 2005.

In addition, HB 389 would give Alaska residents “the option of having the applicant’s driver’s license photograph captured with a camera that produces a photograph in a format or with a resolution that renders the image quality insufficient for facial recognition.” The bill would require that the state Department of Administration and its Division of Motor Vehicles “shall destroy or render unusable for facial recognition purposes any photograph captured as a result of an application for a driver’s license ,” and prohibit “bulk sharing of facial images captured a result of an application for a driver’s license.”

HB 389 was introduced by Rep. David Eastman (R-Mat-Su) and is co-sponsored by Rep. Ronald Gilham (R-Kenai/Soldotna). We look forward to its consideration in the state legislature in Juneau, and to the opportunity to testify on this issue, as we did when the Alaska Legislature first debated whether to comply with the REAL-ID Act in 2006, 2007, and 2008, and again in 2017 when it reconsidered its initial choice not to comply.

HB 389 reflects longstanding sentiment in Alaska against compliance with Federal mandates  for ID credentials and sharing of personal information with “outside” entities.

Even the highest official of the Transportation Security Administration in Alaska, the Federal Security Director for the state, has pointed out to his superiors in Washington that many Alaskans live off the road system and don’t need or have drivers licenses. They may be more likely to fly, and to need to fly, than to need to drive. They don’t want to have to show government-issued papers, which they might not have, in order to do so.

In 2008, Alaska enacted a law that prohibited spending any state funds on implementation of the REAL-ID Act.

Nine years later, though, the Alaska DMV defied the law by uploading information about every Alaskan with a driver’s license or state ID to the SPEXS national ID database that was created as a way  for states to comply with the REAL-ID Act.

That action by the DMV to move Alaska toward REAL-ID compliance was taken “without permission from the legislature,” as Rep. Chris Tuck, Majority Leader in the Alaska House of Representatives, noted in an op-ed published in newspapers throughout the state after the batch upload of Alaskan driver’s license data to SPECS became public. The batch upload took place just as the legislature was scheduled to again consider REAL-ID compliance, and appears to have been an executive and administrative effort to preempt legislative debate.

Officials from the Alaska DMV and the U.S Department of Homeland Security claimed that REAL-ID “compliant” ID would soon be required in order to travel by air, but were unable to provide any basis for this false claim. At one of the legislative committee meeting in 2008, Rep. Tuck himself testified to his colleagues about how he had flown between Juneau and Anchorage with  no ID at all when he accidentally left his wallet in his office.

The Identity Project provided extensive testimony and FAQ’s fact-checking the claims being made by the DHS and the Alaska DMV in support of REAL-ID Act compliance.

A week after we provided Alaska legislators with written testimony about the right to fly without ID, Rep. Jonathan Kreiss-Tomkins, Chair of the State Affairs Committee, passed on a very similar set of questions to TSA officials in Alaska and in Washington, DC. More than a decade after the fact, when the TSA finally responded to one of our FOIA requests, we received copies of TSA internal e-mail messages discussing how to respond to Rep. Kreiss-Tomkins’ questions — but no indication of what, if any, answer was ever provided.

At the end of the 2017 legislative session, however, Alaska legislators reversed their 2008 decision, and authorized the DMV to begin issuing driver’s licenses and ID cards that “comply” with the REAL-ID Act.

From discussion at the public committee meetings we attended, it seemed clear that legislators didn’t like the REAL-ID Act or want Alaska to comply. They didn’t like it that the Alaska DMV had taken matters into its own hands by sending information about all Alaskan drivers and ID card-holders to a private database that’s stored outside Alaska and outside the jurisdiction of any government transparency or oversight laws. But legislators felt powerless to stand up to threats — even illegal threats — from Federal officials.

We welcome the opportunity provided by HB 389 for the Alaska legislature to reconsider its 2017 capitulation to Federal extortion, and reassert Alaskans’ freedom to travel without ID.

Mar 15 2022

How many people fly without REAL-ID?

[Slide from internal TSA presentation, Identity Verification Staffing Support Overview, March 2017, released in response to FOIA request by the Identity Project.]

As of 2016, almost 2,000 people a day were allowed through TSA checkpoints at US airports either without showing any ID at all, or with other forms of ID that the TSA or its contractors initially considered “unacceptable”. 

According to an internal TSA presentation, there were 149,068 calls (an average of 407 per day) for “ID Verification” to the TSA’s ID Verification Call Center (IVCC) in 2016.

The previous year, 2015, there were 112,016 such calls (an average of 306 per day).

Each of these calls presumably corresponds to a person seeking to fly without ID, or with ID that was initially deemed unacceptable by checkpoint staff.

These are just the people who were required to go through the TSA’s “ID verification” questioning for people with no ID. The TSA estimates — based on a smaller sample of incident reports for a 13-day period in February 2016 — that  an additional 1575 people per day are allowed to fly with “other forms of” ID that are initially deemed unacceptable, for a total of just under 2,000 people per day who fly with no ID or unacceptable ID.

These numbers are from records recently released by the Transportation Security Administration in response to one of our Freedom Of Information Act requests.

This is a substantial increase from the most recent figures previously released by the TSA.

Read More

Sep 22 2021

A vaccine mandate hides an ID mandate

As we have long feared, and as has already happened in other countries, COVID-19 vaccination requirements are being used to impose unrelated ID requirements.

There’s a difference between “unvaccinated” and “undocumented” — a difference that’s  gotten lost in some recent regulations and orders imposing “vaccination mandates”.

Case in point: the San Francisco Department of Public Health.

An order from the SFDPH  purports to require people entering indoor businesses or other indoor venues including anywhere food or beverages are served, gyms, and other “large indoor events”  to show “proof” of having been fully vaccinated against COVID-19.

But proof of vaccination is not what the order actually mandates. Its only real mandate is a an ID mandate, and in practice its effects would be felt primarily by undocumented people (including vaccinated but undocumented people) who don’t have or don’t choose to show ID, not by unvaccinated people.

Regardless of whether you’ve been vaccinated or whether you think other people should be vaccinated, the ID mandate hidden in this order, like similar ID mandates lurking in other “vaccination” regulations and directives, is a step backward for civil liberties. It is vulnerable to, and deserving of, Constitutional challenge.

Here’s what the SFDPH order would actually require:

Read More

Jul 23 2021

The right to international travel and the right to a U.S. passport

In late 2015, as we noted at the time, Congress voted — as part of an unrelated surface transportation bill — to authorize the Department of State to revoke and/or refuse to issue a U.S. passport to anyone against whom the IRS has assessed an administrative lien or levy (even in the absence of any judicial action) for $50,000 or more in tax debt.

This week, the first appellate court to review this law upheld it as Constitutional, although on limited grounds. In its “per curiam” opinion in Maehr v. Department of State, the 10th Circuit Court of Appeals upheld a decision by a U.S. District Court judge in Colorado dismissing a lawsuit by Jeffrey T. Maehr, one of almost half a million people who have been deemed subject to revocation or non-issuance of U.S. passports, and thus prohibited from legally leaving (or returning to) the U.S.,  for alleged tax debts.

Two judges wrote opinions in support of the “per curiam” decision, each joined in different parts by the third member of the three-judge panel.

All three judges found (wrongly, we think) that, although there is some sort of “right” to international travel by U.S. citizens, it is not such a “fundamental” right as to make restrictions on the exercise of the right to travel be subject to to what courts call “strict scrutiny”.

Read More

May 17 2021

ACLU: “Digital IDs Could Be a Nightmare”

As the U.S. Department of Homeland Security is soliciting proposals from vendors for how to put digital versions of drivers licenses and other ID credentials on smartphones, the ACLU has released a timely and insightful white paper, Identity Crisis: What Digital Driver’s Licenses Could Mean for Privacy, Equity, and Freedom, by Jay Stanley of the ACLU Speech, Privacy, and Technology Project, along with an executive summary in the form of a blog post, Digital IDs Might Sound Like a Good Idea, But They Could Be a Privacy Nightmare.

The ACLU white paper links to some of our research and reporting and highlights many of our concerns with compelled identification, the REAL-ID Act, invisible virtual checkpoints, ID-based blacklists and controls on what we are and aren’t allowed to do, and the role of AAMVA and other “private” entities as outsourced, opaque, unaccountable, creators of ID “standards” that function as de facto laws and regulations that govern our movements and activities, but that are adopted in secret, exempt from the Freedom Of Information Act or other transparency laws, and lack basic privacy protections. or respect for rights recognized by the U.S. Constitution and international human rights treaties.

We encourage readers interested in these issues to read the ACLU white paper in full. But here’s an excerpt form the introduction to the white paper, framing the issue:

Read More

Apr 08 2021

TSA posts video showing how you can fly without ID

For years Transportation Security Administration (TSA) and Department of Homeland Security (DHS) officials and their state government collaborators have been repeating the big lie that all airline passengers must have government-issued ID credentials. That lie has been included in TSA and DHS press releases, airport signage, and Tweets from the official DHS and TSA accounts.

This public relations lie has been disclaimed, over and over, in TSA and DHS court filings and sworn testimony. But now it has been contradicted on the TSA’s official Twitter feed.

Tonight the TSA Tweeted a video showing some of the ways you can fly without “acceptable” ID or without any ID at all.

If the TSA deems your ID “unacceptable”, you can still fly if you can show two or more pieces of suitable (according to the TSA’s secret non-rules) although “unacceptable” ID.

The TSA video also shows that even if you have no ID at all, you can fly if your answers to questions relayed by phone by the TSA’s ID Verification Call Center match the information in the (secret) file of information that has been linked to you by the commercial data aggregator Accurint (originally part of the discredited “Total Information Awareness” program but now a division of Lexis-Nexis).

No ID at all, much less “acceptable” ID,  is actually required to fly. So changes in REAL-ID Act regulations or TSA/DHS orders to airlines as to what ID is “acceptable” are irrelevant to whether you have right to fly without ID. Nothing in the REAL-ID Act negates this right.

In the screengrab above (one minute in), the video shows a traveler filling out a copy of TSA Form 415, “Certification of Identity”. The TSA has been using versions of this form illegally since at least 2008, without ever having obtained the approval from the Office of Management and Budget (OMB) required before any collection of information such as this by a Federal agency. The TSA has twice said it intends to seek approval from OMB for Form 415. But in the face of our objections, the TSA has yet to request, much less obtain, that approval. It’s unclear whether when the TSA will actually do so.

To avoid having to give public notice of its planned information collection or respond to our objections, the TSA tried to get Congress to enact a special airport exception from  the Paperwork Reduction Act (PRA). But Congress declined to do so.  It’s unclear whether and if so when the TSA will actually apply to OMB for the required approval, or what additional illegal actions it may try to take in the meantime.

All use of both Form 415 and the associated questioning of travelers continues to be in violation of the PRA. As we noted in 2008 when the TSA first started asking travelers to fill out the form later labeled Form 415, the PRA provides an absolute defense against any sanctions the TSA might try to impose for refusing to fill out this unapproved form or cooperate with the TSA’s “20 questions” game of ID verification security theater.

Travelers can and should say no. Fly without ID, and exercise your right to remain silent.

Feb 10 2021

ID demand was unconstitutional, but sheriffs get “qualified immunity”

[Dashcam video of George Wingate being wrongfully arrested by Stafford County, VA Deputy Sheriffs, April 2017]

In its 2004 decision in Hiibel v. Nevada, 2004, the U.S. Supreme Court upheld a demand for a pedestrian to identify himself to police only on the basis that (1) there was already a reasonable articulable basis for suspicion that he had committed some crime before the police demanded that he identify himself, and (2) the state law at issue, as interpreted by the Supreme Court,  required only verbal self-identification (“My name is John Smith”) and not the production of ID credentials or other evidence of his identity.

You might think that a precedent established by the Supreme Court would be “clearly established”. But that would often be wrong, at least in the topsy-turvy world “qualified immunity“.

Some Federal Court of Appeals have held that police who unconstitutionally demand ID can be held liable for violating the civil rights of their victims — as, of course, they should be.

In other cases, however, such as that of Philip Mocek, Courts of Appeal have let ID-demanding police off the hook. The judges theory in these cases has been that, although the police demands for ID were unconstitutional, that illegality wasn’t yet “clearly established. The police might, judges speculated, have had a good-faith, although mistaken, belief that they had a right to demand ID in the particular circumstances at issue.

The latest example of this strained excuse for police impunity comes from the Fourth Circuit Court of Appeals in its recent decision in Wingate v. Fulford.

George Wingate was accosted by Stafford County, VA, Deputy Sheriffs while standing by his car, which he had pulled off the road to try to diagnose the cause of an engine warning light. Nothing about the circumstances gave the sheriffs reason to suspect Mr. Wingate of any crime, the court found. But the sheriffs nonetheless wanted to know who he was.

As captured on this dashcam video, Mr. Wingate knew and properly asserted his rights. The conversation between Mr. Wingate and Deputy Sheriff Scott Fulford went like this:

Fulford: Well, in Stafford County —
Wingate: Have I committed a crime?
Fulford: — it’s required.
Wingate: Have I committed a crime?
Fulford: No. I didn’t say you did.
Wingate: All right then.
Fulford: You’re still required to —
Wingate: Am I free to go?
Fulford: — identify yourself.
Wingate: Am I free to go?
Fulford: Not right now, no.
Wingate: Am I being detained?
Fulford: You’re not detained.
Wingate: Am I free to go?
Fulford: No.
Wingate: Am I being detained? If I’m not being detained, then I’m free to go.
Fulford: You’re not free to go until you identify yourself to me.

All this was, the Court of Appeals found, unconstitutional. And “You’re not being detained, but you’re not free to go” sound a lot more like a pretext for logging the identity and movements of a Black man than good faith. But the Court of Appeals let Fulford and his partner, Deputy Sheriff Dimas Pinzon, off scott-free on the basis of qualified immunity.

Congress needs to end this nonsense by repealing qualified immunity.

Dec 02 2020

Speaking Spanish is a not a lawful basis for being made to show ID

US Customs and Border Protection (CBP) has agreed to pay a “monetary sum” to two native-born US citizens and Montana residents  who were made to show ID and detained for about 40 minutes (including continuing detention even after they showed their Montana drivers licenses) solely because a CBP agent overhead them speaking Spanish to each other.

The amount of the settlement has not been made public.

The ACLU of Montana represented the two Latinx residents of Havre, MT, in their lawsuit, which initially sought a declaratory judgement “that race, accent, and language cannot create suspicion to justify seizure and/or detention” (which ought to go without saying) in addition to money damages.

The facts alleged in the complaint are supported by cellphone video of a CBP agent’s admission that the detention and ID demand were based solely on the language spoken by the agents’ Latinx victims. On discovery, CBP turned over additional self-incriminating video of statements made by CBP agents in interviews with internal CBP investigators, as well as grossly racist text messages exchanged by the CBP agents. Havre is a border town with two crossing points to Canada, where French is a national language, but the Havre-based CBP agents freely admitted that they wouldn’t treat speaking French as suspicious.

After the lawsuit got local and national publicity, the two plaintiffs and their families were harassed and driven out of town. “At his high school, a teacher asked Mimi’s son whether he had brought his ID to class,” one of the victims says. “Our clients bore the brunt of local backlash as a result of coming forward. They both ultimately left Havre for fear of their families’ safety,” according to the executive director of the ACLU of Montana.

Nov 25 2020

Airlines call for new app-based air travel controls

During  its online annual general meeting this week, the International Air Transport Association (IATA) rolled out a  new proposal for an app-based system of control over air travel that IATA is proposing for use by its member international airlines and by governments.

The scheme is being promoted as a response to the COVID-10 pandemic, but would institutionalize structures and practices with the potential for continuing and wider abuse.

IATA is calling its scheme the IATA Travel Pass. As described in these slides,  it would require would-be air travelers to enter both personally identifying information (most likely passport or other ID-card details) and records of tests and/or vaccinations into an IATA  smartphone app.  The data would  be processed by the algorithms of a “rules engine” to detemine whether to issue an “OK to travel” permission message. The output of this algorithmic decision would be available for use by both airlines and governments.

The intent of the IATA proposal is to create an infrastructure for sharing of data and travel permission decisions, at any point before or after the journey, with both airlines and governments, on the basis of an open-ended ruleset:

Of course IATA’s new proposal has all the defects of any smartphone-based travel surveillance or control regime that we discussed back in April when Hawaii tried out such a scheme. IATA is silent on what is to happen to  a traveler who doesn’t have a smartphone, charged-up and operable, with them when they try to travel.

And what about travelers without passport? No passport is currently required, even for international flights, within some free-movement zones such as within Mercosur, ECOWAS, or the European Union, or between the UK and Ireland.

But that’s not the worst aspect of the IATA proposal. Unlike Hawaii’s app-based location reporting system, the IATA app would go beyond surveillance to incorporate an algorithmic decision-making system for prior restraint of the right to travel.  Very disturbingly, there’s no mention in the IATA proposal of who would control the algorithmic ruleset, leaving it wide open to mission  creep and abuse by governments worldwide.  There’s no apparent way to restrict the nature of the rules or the purposes — blacklisting? discrimination? profiling? retaliation? — for which they could be used. Deployment of a general-purpose algorithmic travel control app for use worldwide would invite abuse.

Read More