Jul 08 2025

The dangers of identity databases

After a white-supremacist hacker got access to digital records of old applications for admission to Columbia College and passed them on to the New York Times, the Times reported that in 2009 Zohran Mamdani checked boxes identifying his national origin and ancestry as African-American (he is a US citizen — an American — and was born in Uganda — the country in Africa where his paternal ancestors had lived for generations) and Asian (his mother was born in India, where her ancestors had lived for generations).

Questions have since been raised by Liam Scott in the Columbia Journalism Review and others as to the use in a news story of data obtained illegally by an unnamed third party with an unmentioned political bias, and by Dan Froomkin at Presswatchers.org and others as to whether these truthful factual 2009 statements by Mr. Mamdani are newsworthy. The Times has responded to some of these questions in a follow-up article.

But we have other questions that we haven’t seen asked elsewhere. These are questions not for Mr. Mamdani or the Times but for Columbia University:

  1. Why does Columbia still have this information about an unsucessful 2009 applicant for admission in its records?
  2. Even if there was some reason to retain these records, why were they accessible online, with or without whatever passwords or access restrictions were circumvented by a hacker to obtain them?
  3. Now that this incident has made the potential for misuse of records like this apparent, what are Columbia and other institutions and entities with similarly dangerous data doing to expunge it?

At a time when naturalized US citizens, including but not limited to Mr. Mamdani, are being threatened with denaturalization followed by detention and/or expulsion to overseas death camps,  and when pogroms are being carried out by masked armed gangs snatching people off the streets on the basis of perceptions of national origin, these are questions for anyone in charge of a database with a field for citizenship, race, or national origin.

Mr. Mamdani had good reason to apply to Columbia, even if his application may have been a long shot, since as the child of a tenured Columbia professor he would have been entitled to free tuition if admitted. But whatever purpose Columbia may have had in 2009 for asking applicants for admission to its colleges to cateogrize their national origin by continent, that purpose was completed when Mr. Mandani’s application was rejected.

The lesson of this teachable moment is that personally identified information, even information about attributes and activities that were lawful at the time and that were collected for innocent purposes, has the inherent potential for weaponization against innocent individuals — sometimes by unforseen actors in unforseen ways — as long as it is retained. It’s happened before in the US, as when census data on national origin was used to round up Japanese-Americans and send them to concentration camps, and could happen again as long as data like this is collected and retained.

Columbia may claim that it retained this data in case it might have needed it to defend agaisnt potential litigation by unsuccessful applicants. But the statute of limitations for any such litigation related to 2009 admission decisions would have passed years ago.

Columbia may claim that, having collected this data, it retained it for research purposes. But there’s been no indication that it made any attempt to even semi-anonymize this data. And would possible future research use justify retention of information that could endanger past applicants for admission?

Under Canadian or European data privacy law, retaining this data when it was no longer needed for the purposes for which it was collected would be illegal.

This data was collected for the purpose of making admissions decisions in 2009. If there was some adequate justification for retaining this data for possible future use when it was unquestionably no longer useful for that original purpose — which we doubt there was — it could have  been stored on an air-gapped device or media, such as a backup tape or disk locked in an archival vault.

But even that would pose the danger of government-compelled disclosure.

Imagine that you were the director of a business or institution in Germany in 1933. Imgaine that — at a time when it when German Jews still had all the rights of German citizens — you had compiled information about your employees’, students’, customers’, or suppliers’ “nationality” or “race” as indicated on their ID cards, including which Germans were identified as Jewish.

When the government began to redefine German Jews as not German citizens, deny them rights, and exclude them from more and more categories of employment, wouldn’t it have been your moral duty to expunge those records identifying Jews? Then you could truthfully say, if the government demanded to know which of your employees were (under Nazi laws) illegally employed non-citizens, that you had no records of who was a Jew.

The best way to avoid misuse of personal data is not to collect it. If it has been collected, and especially if it is no longer needed for the purpose for which it was collected, the best way to mitigate the risk to the individuals to whom it pertains is to expunge it.

Columbia has no excuse. Nor do other institutions in the same position. No law required Columbia to collect this information about Mr. Mamdani and an untold number of others. No law requires Columbia to retain it. Now Columbia knows, as it should have known all along, how this information can be weaponized.

Columbia and its peers in both the public and private sector should expunge these records — now, before even more damage is done to Mr. Mamdanai and millions of other naturalized US citizens and other immigrants.

Jun 27 2025

Supreme Court upholds Texas demand for ID for Web browsing

In its worst decision ever on demands for ID, the Supreme Court today upheld a Texas law that requires all visitors to some websites to provide the site operator with evidence of their identity and age.

In an opinion by Justice Thomas, six Justices found that requiring ID for age verification as a condition of viewing certain websites only “incidentally” burdens the rights of adults.

The majority reasons backward from the presumed legitimacy of ID requirements in other contexts, such as buying tobacco, that (A) weren’t at issue in this case, and (B) more importantly, don’t involve the exercise of First Amendment or any other rights:

Requiring proof of age is an ordinary and appropriate means of enforcing an age-based limit on obscenity to minors. Age verification is common when laws draw age-based lines, e.g., obtaining alcohol, a firearm, or a driver’s license…. Applying the more demanding standard of strict scrutiny would call into question all age-verification requirements, even longstanding in-person requirements.

As the dissent by Justice Kagan (on behalf of herself and Justices Sotomayor and Jackson) points out, this amounts to deciding on the desired outcome, and then adapting the criteria (in this case, the level of scrutiny applied to the law) to produce that result.

In rebuttal to the dissent on this point, the majority opinion wrongly claims that in-person demands for ID are “uncontroversial” and have never been challenged in court:

Finally, the dissent claims that we engage in “backwards,” results-oriented reasoning because we are unwilling to adopt a position that would call into question the constitutionality of longstanding in-person age-verification requirements. Not so. We appeal to these requirements because they embody a constitutional judgment—made by generations of legislators and by the American people as a whole—that commands our respect. A decision “contrary to long and unchallenged practice… should be approached with great caution,” “no less than an explicit overruling” of a precedent. Payne v. Tennessee, 501 U. S. 808, 835 (1991) (Scalia, J., concurring). It would be perverse if we showed less regard for in-person age-verification requirements simply because their legitimacy is so uncontroversial that the need for a judicial decision upholding them has never arisen.

But that’s not all that’s wrong with this law and this decision upholding it.

The decision and the dissent concern themselves primarily with what level of scrutiny should apply to age-verification laws. They don’t mention the distinction between “age” and “identity”, or the impact of the law on people who don’t have ID — a crucial issue raised in a friend-of-the-court brief by the Electronic Frontier Foundation and others.

For those without government-issued ID or a sufficiently detailed profile with a commercial data broker, “age-verification” amounts to a categorical bar to access to certain Web content.

As we’ve noted previously, “Regardless of whether it would be possible to set up a system by which individuals could provide evidence of age without individually identifying themselves, that’s not how any of the schemes currently being legislated or implemented will work in practice. In order to verify their age, each Internet user will be required to provide a unique digital personal identifier…. Age verification for adult content is a stalking horse for comprehensive content-based and personalized government control of Internet access.”

The Texas law applies to any “commercial entity that knowingly and intentionally publishes or distributes material on an Internet website”, which appears to include both the publisher and the hosting provider.

There’s no way for the publisher or provider of hosting services for a website to know which visitors to the site are located in Texas. To satisfy the Texas law, web publishers and hosting providers worldwide will either have to require ID from all visitors regardless of their location, or try to identify which visitors to the site are located in Texas, and block them or selectively require them to provide ID.

Because the law applies to both publishers and “distributors” (web hosting providers), hosting providers will be not only allowed but required to pass on identifying and location-tracking information about all visitors to site publishers, with no restrictions on how publishers or hosting providers can use, disclose, or or sell this data. The law could, but doesn’t, restrict use of this data to age verification, or restrict its disclosure or sale. Nor does the law restrict the ability of these companies to share this data with governments or to keep secret from individuals how or with whom data about them has been shared.

Some companies will welcome this as a pretext for commercial surveillance they already carry out and would love an excuse to universalize. If anyone objects to publishers’ or hosting providers’ commercial exploitation of visitor identity and location information, they now have the perfect excuses: “Everybody does it” and “The government made us do it.”

Jun 26 2025

Asymmetric demands for ID

Recent events have focused attention on the asymmetry of police demands for ID:

Government agents demand that ordinary citizens provide evidence of our identity, even when we are exercising rights — such as traveling by common carrier — that don’t depend on our identity. But those same government agents typically refuse to provide the same sort of evidence of their identity, even when they are asserting claims to authority that depend on their identity and status as law enforcement officers.

Masked, armed gangs dressed in the mismatched assortment of military-surplus clothing that characterizes “militias” in failed states are snatching people off the streets of US cities and towns and taking them away in unmarked vehicles, some with no license plates.

Meanwhile, elected politicians and their family members were recently assassinated in their homes by a masked individual in a police-like costume who arrived in a police-like vehicle with flashing blue lights.

The law doesn’t require us to obey the orders, or refrain from defending ourselves or others against, anyone who claims to be an officer of the law. But as the law stands, whether we submit or resist, we do so at our own peril.

Any kidnapper or home invader could, and some do, stencil “POLICE” on their body armor and  shout “Police!” before breaking down doors or dragging people away. Rent-a-cops often dress and carry gear designed to make them appear as much like police as possible. Convincing movie-prop badges are available online or in costume and fetish shops.

In these circumstances, verifying the identity and claim to authority of people who might or might not be police can be a matter of life or death. If they aren’t police, and we go along, we could lose our chance at self-defense or escape. But if they are police, they might shoot us if we try to resist, escape, or help others to do so. If we survive the initial encounter, we might be charged with assaulting an officer — a charge that often leads to beatings or worse by police and jailers, even before a defendant makes it to trial.

18 US Code § 111 makes it a Federal felony to “forcibly assault, resist, oppose, impede, intimidate, or interfere with” any Federal law enforcement officer. But what if you can’t tell if an apparent kidnapper or home invader is a Federal law enforcement officer? And what evidence of their identity and status is sufficient to establish their authority and your duty not to resist or impede them?

Read More

May 05 2025

What can you do if you aren’t allowed to fly without REAL-ID?

On Wednesday, May 7, 2025, the Transportation Security Administration (TSA) plans to start treating driver’s licenses and state IDs that don’t comply with the REAL-ID Act as “unacceptable” ID at TSA checkpoints. That doesn’t mean that travelers without REAL-ID won’t be allowed to fly. What the TSA has said is that it will subject travelers without REAL-ID on or after May 7th to its current procedures for airline passengers with no ID or unacceptable ID.

In a sample of incident logs and reports released in response to one of our Freedom Of Information Act requests, 98% of the airline passengers who showed up at TSA checkpoints with no ID or unacceptable ID were allowed to fly after additional “security theater”.

But given the numbers of people without REAL-ID, even 2% of those who try to fly without REAL-ID could be a significant number. And if you’re the one being told, “You can’t fly today”, any number of unlawful and denials of your right to travel is significant.

Some people without REAL-ID will be turned away illegally at TSA checkpoints. Others will be delayed for so long that they miss their flights. Of that latter group, some will be denied refunds by airlines, or told they have to pay change fees to fly on later flights.

What are your rights at the airport? What can you do if you are turned away by the TSA because you don’t have REAL-ID, delayed and miss your flight, or denied a refund or charged a fee to change a flight you missed because of TSA delays and ID checks?

This isn’t advice from lawyers, but it’s practical advice about what to do to protect your rights and maximize your chances if you later take the TSA or an airline to court.

Read More

Apr 30 2025

Oklahoma resolution would reaffirm right to opt out of REAL-ID

SR 18, introduced yesterday in the Oklahoma Legislature by state Sen. Kendal Sacchieri (R-Blanchard) would re-affirm the right of Oklahoma residents to choose to have driver’s licenses and state IDs that don’t comply with the Federal REAL-ID Act — and not to have data about those noncompliant licenses shared with Federal agencies without a warrant.

“Sixty percent of Oklahomans have declined to participate in the federal REAL ID system,”  Sen. Sacchieri noted in introducing SR 18. “Senate Resolution 18 is about protecting Oklahomans’ privacy and preserving their freedom to choose. We affirm our citizens’ right to opt out of the federal REAL ID system, and we must also ensure their personal information remains secure. This resolution calls for a real, uncoerced choice — without unnecessary exposure of private data.”

Read More

Apr 22 2025

REAL-ID FAQ: What will happen at US airports on May 7, 2025?

[Summary of TSA procedures for airline passengers with no ID or unacceptable ID, from DHS Office of Inspector General report OIG-2024-65, September 2024]

The US Transportation Security Administration (TSA) has announced that it will begin “implementation of its REAL ID enforcement measures at TSA checkpoints nationwide” on May 7, 2025.

What does this mean if you want to fly but don’t have any of the types of ID that the TSA deems compliant with the REAL-ID Act (including a US or foreign passport, a US passport card, a Canadian provincial driver’s license, or a US driver’s license or state ID with a REAL-ID gold star in the upper right corner or that is marked as an “Enhanced Drivers License”)?

The key thing to know is that — unless the TSA makes undisclosed changes to its procedures — air travelers with “noncompliant” ID on or after May 7, 2025, should be treated, and should be allowed to fly, the same way people with no ID fly today.

We can’t predict with certainty what the TSA will do on May 7th, because:

  1. The TSA has been violating the law for years with its ID procedures at airports, including through illegal demands for ID, illegal demands for information, and illegal use of an unapproved ID verification form.
  2. No laws or regulations prescribe the TSA’s checkpoint procedures, including ID checks. The law says only that airline passengers must “submit” to “screening”, without defining either of those terms. Courts have defined “screening” as “search”, with no indication that this includes questioning about, or evidence of, identity.
  3. The TSA has claimed that its internal “Standard Operating Procedures” (SOPs) for ID checks, before or after May 7, 2025, aren’t binding on the TSA, create no legal rights for airline passengers, and can be secretly changed at any time.
  4. The SOPs purport to grant discretion to TSA staff at each airport to decide who to allow, and who not to allow, to exercise their right to airline travel by common carrier, for any or no reason, regardless of what if any ID travelers show.
  5. The TSA has purported to grant itself the authority to change even its published “rules” at any time, without notice, merely by posting new non-rules on its website. It hasn’t done so yet, nor has it published any of the other notices in the Federal Register that would be required by the Privacy Act and the Paperwork Reduction Act to establish a “graduated enforcement” scheme. The New York Times reported on April 9th that “a T.S.A. spokesperson said on Friday that the agency had decided that the phased approach was not necessary and that full enforcement would begin on May 7”, but that decision could be reversed at any time, before or after May 7th.
  6. The Trump 2.0 Administration in general and the Department of Homeland Security (DHS) in particular have been changing and sometimes reversing their directives in many other areas, without warning and with little or no basis in law or overall policy, and could do the same with directives to the TSA.

With these uncertainties in mind, what can we say about what will be required and will happen at airports on May 7th?

Does the law require you to have ID to fly?

No.

The TSA itself has stated repeatedly in court, under oath, in litigation in which The Identity Project and individuals we support have been involved, that no Federal law or regulation requires airline passengers to have, carry, or show any ID.

See e.g. State of New Mexico v. Phillip Mocek, in which a TSA witness testified that, “It [flying without ID] happens all the time. We have a procedure for that”, and Gilmore v. Gonzales, in which the 9th Circuit Court of Appeals found, based on the TSA’s own submissions to the court, that, “Gilmore had a meaningful choice. He could have presented identification, submitted to a search, or left the airport. That he chose the latter does not detract from the fact that he could have boarded the airplane had he chosen one of the other two options.”

People fly without ID every day, openly and legally.

Years-delayed responses by the TSA  to our Freedom Of Information Act (FOIA) requests show that, as of 2016, almost 2,000 people a day were allowed through TSA checkpoints at airports nationwide with no ID or with ID that was deemed “unacceptable”. TSA incident logs released in response to our FOIA requests show that 98% of travelers who showed up at airports with no ID or with “unacceptable” ID were allowed to fly after undergoing additional questioning and/or more intrusive searches and groping (“screening”).

Will the REAL-ID Act require you to have ID to fly on or after May 7, 2025?

No.

The REAL-ID Act governs which IDs can be accepted by Federal agencies such as the TSA in circumstances where ID is required. It doesn’t create any new requirements to have, carry, or show any ID in circumstances — such as airline travel — where ID is not required by some other law.

According to the latest TSA statement on April 11, 2025:

Passengers who present a state-issued identification that is not REAL ID compliant and who do not have another acceptable alternative (e.g., passport) can expect to face delays, additional screening and the possibility of not being permitted into the security checkpoint…. TSA … will continue with additional screening measures for those without a REAL ID until it is no longer considered a security vulnerability.

This doesn’t say that individuals without REAL-ID, or without any ID, will be prevented from flying. All it says is that these individuals will be subjected to “additional screening” (which of course may occasion delay) and the “possibility” of not being permitted into the checkpoint (i.e. if they don’t agree to submit to additional searches).

What will happen if you show up at the airport on or after May 7, 2025, with “noncompliant” state-issued ID?

So far as we can tell, airline passengers who show up at TSA checkpoints on or after May 7, 2025,  with noncompliant ID or no ID will be treated the same way  travelers with “unacceptable” ID (expired IDs, student IDs, IDs issued by private employers, etc.) or no ID at all (lost or stolen or forgotten or just don’t have ID) are treated now.

What is the TSA’s standard procedure for people with no ID or “unacceptable” ID?

We don’t have up-to-date, unredacted versions of the TSA’s instructions to checkpoint staff at airports. But based on previously-released versions of the TSA’s Standard Operating Procedures(SOPs)  for Travel Document and ID Checks and for the TSA’s ID Verification Call Center (IVCC), TSA testimony and pleading in court cases, TSA ID verification logs and incident reports released in response to our FOIA requests, reports we’ve received from travelers without ID, the most recent 2024 report from the DHS Office of Inspector General on procedures for airline passengers without ID or with unacceptable ID, TSA testimony to Congress in 2024, and our own experiences, here’s what happens when a ticketed airline passenger shows up at a TSA checkpoint with no ID or “unacceptable” ID:

Read More

Apr 15 2025

Withdrawal from REAL-ID gets a hearing in Maine

A bipartisan proposal to withdraw the state of Maine from compliance with the Federal REAL-ID Act of 2005 had its first hearing today (archived video) before the Joint Standing Committee on Transportation of the Maine State Legislature.

The REAL-ID withdrawal bill, LD 160, was presented to the Transportation Committee by state Rep. Laurel Libby (R-Auburn) and state Sen. Nicole Grohowski (D-Ellsworth), two of the six co-sponsors.

Public testimony in support of LD 160 was given by:

There was no public testimony against LD 160. The only opposition to the bill was voiced by Maine’s Secretary of State, Shenna Bellows.

Secretary of State Bellows struggled to explain her current support for REAL-ID compliance, in light of her history of opposition to the REAL-ID Act and Maine state compliance in her former positions as Executive Director of the ACLU of Maine and Maine State Senator.

Today, Secretary of State Bellows claimed, falsely — even after Mr. Kebede of the ACLU quoted the provisions of the REAL-ID Act requiring sharing with all other states of the contents of the state’s driver’s license database — that all of this information remains in the state of Maine. Secretary of State Bellows also claimed, also falsely, that the Federal government could not access the national REAL-ID database, SPEXS.

In fact, the SPEXS database is held by AAMVA, not by any Federal or state government agency. The Federal government could obtain access to SPEXS with a search warrant, subpoena, or national security letter directed to AAMVA, the same way it could obtain similar records from any private custodian. That order to AAMVA could include a “gag order” prohibiting AAMVA from disclosing the existence of the order or the release of SPEXS records to Maine, other states, or affected individuals. For all we, Secretary of State Bellows, or anyone in Maine knows, this may already have happened.

Members of the Transportation Committee seemed surprised — understandably — to learn from our testimony and that of other sponsors and supporters of LD 160 that the Maine Bureau of Motor Vehicles already uploaded personally identifying information extracted from all Maine driver’s license records to the SPEXS national ID database in December 2024.

Later in the same hearing, the Transportation Committee heard testimony from some of the same witnesses with respect to LD 1360, a well-meaning but inevitably flawed alternate legislative proposal to require the BMV to maintain the option of a “noncompliant” driver’s license or state ID. The  problem with this is that those who get a noncompliant license or ID will think they have opted out of the national ID system, but their information will end up in the same SPEXS national ID database.

Secretary of State Bellows first tried to say that there was no such database, then that it only contained information concerning REAL-ID compliant licenses and IDs, but finally conceded that Maine actually has only one driver’s license and ID database that includes both compliant and noncompliant credentials. Pointers extracted from all records in this state database, including both compliant and noncompliant licenses and IDs, have been and are continuing to be uploaded to SPEXS. And those pointer records, as we pointed out, contain sensitive personal information vulnerable to abuse.

Here’s our 3-minute statement in support of LD 160 (full written submission):

Read More

Apr 11 2025

DOGE, DHS, and data matching

“Data matching” may seem abstract, but its consequences can be life-changing: visa revocation, deportation, sudden cessation of Social Security payments, all without warning or opportunity to present argument or evidence to a human fact-finder.

One of the hallmarks of the new U.S. Department Of Government Efficiency (DOGE) is large-scale algorithmic analysis and comparison of existing databases of personally-identified information. In many cases, algorithms, AI, and data matching are being substituted for human judgement as the basis for decisions about individuals. Similar projects are being carried out by the Department of Homeland Security (DHS).

These activities appear likely to violate the Privacy Act (including its rarely-enforced criminal provisions) and/or the Computer Matching and Privacy Protection Act.

DOGE’s programmers are working to aggregate and correlate databases that have been compiled by different agencies or commercial third parties such as social media platforms, identified in different ways, and ingested in different formats.

Data matching  is central to the methods of DOGE and the Trump 2.0 Administration. One of  President Trump’s Executive Orders to heads of all Federal agencies directs that:

Agency Heads shall take all necessary steps, to the maximum extent consistent with law, to ensure Federal officials designated by the President… have full and prompt access to all unclassified agency records, data, software systems, and information technology systems… This includes authorizing and facilitating both the intra- and inter-agency sharing and consolidation of unclassified agency records.

How is this working out, and what does this say about ID-linked records?

Read More

Mar 17 2025

FinCen demands reporting of cash transactions over $200

The Financial Crimes Enforcement Network (FinCEN) of the US Department of the Treasury has ordered all money transfer agencies and currency exchanges in seven counties in California and Texas along the US-Mexico border to file reports with FinCEN including the identities of the customers engaging in all cash transactions over $200.

Implicit in this order is that would-be customers who are unable or unwilling to provide sufficient evidence of their identity (and to allow that information and the details of their transaction to be passed on to FinCEN) will be denied these financial services.

The Geographic Targeting Order published by FinCEN in the Federal Register last Friday is effective for transactions with financial services businesses in those counties from April 14, 2025, through September 9, 2025. The Bank Secrecy Act, which authorizes such orders, limits them to 180 days but allows them to be renewed an unlimited number of times.

The misleadingly-named Bank Secrecy Act is already subject to abuse as an enabler and pretext for financial surveillance, and already requires reporting of cash transactions of $10,000 or more. But so far as we’ve been able to determine, this order lowering the reporting threshhold to $200 is, even for a geographically limited area, unprecedented.

Other Geographic Targeting Orders have been issued, but typically with much higher threshholds — real estate transactions over $50,000 in Baltimore, for example. Why Baltimore, with a lower threshhold than anywhere else in the US? FinCEN didn’t say.

The new order goes against growing bipartisan calls in Congress to repeal the Bank Secrecy Act or at least raise the threshhold amounts for for customer identification and transaction reporting.

Nothing in the order gives any real justification for its geographic boundaries.  More than a million people live in the area covered by the order, but it will actually affect a much larger number of people. Many travellers stop at “Casas de Cambio” on their way to and from border crossings in these counties to exchange cash dollars for pesos and pesos for dollars.

It’s unclear whether the goal of the order is primarily harassment or surveillance. The costs of completing the extra paperwork will undoubtedly drive up currency exchange and remittance fees and waste time for financial service businesses and their customers.