Dec 02 2011

DHS “Automated Targeting System” records

The “Automated Targeting System” (ATS) has been a topic of discussion this week at the Securing Our Rights in the Information-Sharing Era conference on national security, surveillance, and immigration enforcement.

ATS is operated by the Customs and Border Protection (CBP) component of DHS, although ATS apparently contains links to records held by other agencies and other commercial databases. ATS records include passenger name records (travel reservations), border crossing logs, secondary inspection notes, “risk assessments” of all travelers (even if you aren’t on any watch list), risk assessment algorithms, and pointers to other databases.

Public notice of the existence of ATS was first provided in 2006, but ATS records provided in response to individual requests show that it had already been in operation, illegally, for years before that. If you’ve been on an international airline flight to or from the U.S. in the last ten years, or crossed the U.S. land border in the last few years, CBP has an ATS file of information about you and your travels. There might be ATS records of earlier trips, although older ATS records are spottier. Some ATS files include border crossings and international flights from as far back as the early 1990s.

We’ve posted forms you can use to request your own ATS file from CBP, as well as examples of some of the types of data included in responses to requests for ATS records. (There’s more about what we’ve found in ATS records in this front-page story from 2007 in the Washington Post.) Contact us if you want help with requests or administrative appeals, or in interpreting responses.

If you think there’s any chance you might be on a watch list, you should also send a separate request to the DHS Chief Privacy and FOIA Officer for records from the DHS /ALL-030 Use of the Terrorist Screening Database (TSDB)  System of Records.  Be sure to state that your request is made under both the Privacy Act and FOIA, and include a request for an accounting of all disclosures of records about you.

The first panelist at the conference was Julia Shearson, a native-born U.S. citizen who was arrested when she tried to drive back into the U.S. after an innocent weekend trip to Canada, on the basis of an entry in ATS falsely flagging her as an “armed and dangerous terrorist”. She’s suing DHS under the Privacy Act to find out why they labeled her a terrorist. Her lawsuit is still pending on remand after a favorable Circuit Court ruling reinstating her complaint. We last reported on her case here; there’s more about her story in this video which was shown yesterday at the conference, and this article from the Cleveland Plain Dealer. Whether the Privacy act provides for recovery of emotional damages was the subject of oral argument before the Supreme Court earlier this week in FAA v. Cooper.

Also still pending is our Privacy Act and FOIA lawsuit against CBP on behalf of Identity Project consultant Edward Hasbrouck, who is seeking ATS records about himself (including his “risk assessments” and the rules used for determining those risk assessments), an accounting of disclosures of those records to other agencies or third parties, information about how ATS records are indexed and retrieved, and records of the processing of his initial requests for ATS records. (He received only incomplete and redacted responses, and not until three years after his initial request and three weeks after he filed suit against CBP for its failure to respond or provide the requested records). A hearing on motions for summary judgment was held in September, and a decision is pending.

Other previous lawsuits related to ATS are discussed here. We’ve also filed comments on CBP rulemakings, objecting to ATS as in violation of the Privacy Act and international human rights treaties.

[On a separate note, the ongoing prosecution of Dr. Ghulam Nabi Fai under the Foreign Agents Registration Act, which was also mentioned at the conference, is discussed here.]

Oct 12 2011

Events in Europe on US travel surveillance and control

We’ll be participating in a series of public events and private meetings next week with European activists and with European Union and European national officials on PNR data (airline reservations), privacy, data protection, and human rights. Our presentations at all of these events will be in English, although much of the publicity is (naturally, given the venues) in German. see the links below for slides, handouts, video, and news reports on our presentations:

Read More

Oct 05 2011

DHS pitches PNR-based travel surveillance and control at House hearing

A troika of officials from the DHS appeared today before the Subcommittee on  Counterterrorism and Intelligence of the House Committee on Homeland security to make a joint sales pitch for the proposed agreement between the US and the European Union on DHS access to PNR data (airline reservations).

Today’s hearing appears to have been staged purely as a propaganda exercise intended to mislead European Union officials and citizens about the PNR agreement and DHS use of PNR data. The proposed “agreement” would not be a treaty (and thus would be unenforcible in U.S. courts). Even if it were reformulated as a treaty — as the European Parliament has demanded as a condition for its ratification of the agreement — it would only require ratification by the U.S. Senate, not the House of Representatives.

The House subcommittee hearing certainly looked as though it was held to create a stage for the DHS.  The three DHS officials were the only witnesses. They  included Chief “Privacy” Officer Mary Ellen Callahan, who Edward Hasbrouck of the Identity Project debated in June at CFP,  and David Heyman (successor to Stewart Baker, who wrote the original US-EU PNR agreement as DHS Asst. Secretary for Policy), who had been scheduled to participate in the CFP panel but canceled at the last minute.

In the absence of any independent or non-governmental witnesses who might have raised questions or presented alternative views, the DHS witnesses at today’s hearing presented a “united front” including an unusual joint written statement.

For the most part, the DHS repeated the same lies today as have appeared in previous DHS reports and lobbying to the EU. For example, they described PNR data incorrectly as “the data an airline receives from a traveler,” ignoring the data entered in PNRs (unbeknownst to travelers) by travel companies and other third parties. They said that “Of the literally billions of passengers traveling to and from the United States during the past 10 years, there has not been a single … use of PNR in violation of established privacy protections,” despite the DHS track record of using PNR data as the basis for denying innocent people — including both US and EU citizens — their right to travel.

In their most egregious lie, perjuring themselves before Congress, the DHS witnesses claimed again (falsely) today, as they have claimed (falsely) before, that:

DHS applies fair information practice principles to its collection and use of PNR, including … auditing and accountability, individual access, and redress. Moreover, the Department is firmly committed to transparency when it comes to informing our partners and the public about its mission, including how we use … identifiable information such as PNR data.

This statement is false. The DHS witnesses who made this statement knew it was false. And they made it for the sole purpose of misleading Europeans about the facts.

Read More

Oct 01 2011

A real story about REAL-ID

From the Identity Project mailbag:

My life has been basically destroyed because I don’t have a valid state-issued photo ID.

Thanks to terrorists, it is illegal for any employer in my state to hire me.

I am a natural-born citizen of the United States, born and raised in the State of New Jersey. I have lived here most of my life. I have never been convicted of a felony nor even a misdemeanor. I have never been arrested, nor even ever received so much as a parking ticket. I do not receive any funds from Welfare, Social Security, or any other government program. I am not a terrorist.

Yet, in the State of New Jersey, it is illegal for any employer to hire me, and has been for about the last 6 years.

Read More

Sep 30 2011

How would REAL-ID affect the right to travel?

In the latest step in the implementation of the REAL-ID Act and the establishment of a de facto national ID card and database, the Department of Homeland Security has requested OMB approval for the collection of additional information from states and individuals.

The public response to the DHS request, particularly these comments submitted by the Electronic Privacy Information Center (EPIC), highlight the important unanswered questions about how REAL-ID Act implementation will affect the right to travel:

EPIC’s comments focus on the widely-publicized recent case of  Lewis Brown, a former high school and college basketball star who died on a street in Southern California homeless, earlier this month:

EPIC writes today to draw the agency’s attention to the death of Lewis Brown, a former college basketball prodigy, who died on the streets of Los Angeles because he could not scrape together the money to obtain a state-issued identity document…. According to the New York Times, Brown, a basketball legend at the University of Nevada at Las Vegas, planned to fly to visit his family in New York and could not. Homeless and destitute, living on the sidewalks of Hollywood, Brown had developed cancer and planned to go to the hospital. Brown’s mother learned about his condition and stated that she wanted to see him “before he died.” Brown’s sister, Anita, told him to visit New York. Brown told confidants that he lacked funds to qualify for a California identification card, and was taking donations and borrowing money.

Read More

Sep 25 2011

What do we want? “Abolish the TSA!”

The first time the White House conducted a public online poll allowing We, the People to petition the President for redress for our grievances, the petition that got the most signatures called on the Obama Administration to lergalize and regulate marijuana in a manner similar to alcohol. After an elaborate built-up to the petition poll, President Obama dismissed the result as a joke.

Now the White House is at it again, and the leading grievance of the people against the government is even more overwhelmingly clear. Let’s see if the President once again laughs off our petition.

Here’s the most popular petition to the President, with more than 20,000 signatures in the first 3 days since it was posted:

We petition the Obama administration to:

Abolish the TSA, and use its monstrous budget to fund more sophisticated, less intrusive counter-terrorism intelligence.

The Transportation Security Administration has been one of the largest, most expensive and most visible blunders of the post-9-11 homeland security reformation. It has violated countless constitutional rights of average Americans, caused miserable and expensive delays in an already-overburdened air travel system, and allowed multiple known instances of harassment, theft, extortion and sexual abuse by its employees. It has failed approximately 70% of undercover efficacy tests, and for all its excesses, has been unable to catch even a single terrorist since its creation. In our current economic situation, we can no longer afford to continue wasting taxpayer dollars on this kafkaesque embarrassment. Let us instead invest in saner, more effective solutions.

You can add your signature through October 11, 2011.

Sep 12 2011

Illegal Israeli-style traveler interrogations come to Boston

If you’re going to be flying through Logan Airport in Boston, you might want to have a copy of the Paperwork Reduction Act handy when you go through the TSA checkpoint.

The TSA has celebrated the 10th anniversary of the September 11, 2001, hijackings — two of them of flights that originated at Logan — by rolling out a new program of Israeli-style interrogations of air travelers passing through TSA checkpoints at Logan.

Rafi Ron, a former director of security at Ben-Gurion Airport in Tel Aviv, relocated to the U.S. and hung out his shingle (“New Age Security Systems”) as an airport security consultant just before September 11, 2001. His first post-9/11 U.S. client was MASSPORT, which operates Logan. Ever since, as Ron’s client list has expanded to the Massachusetts State Police (the notorious racists who patrol Logan) and then the TSA, Logan has remained the cutting edge of U.S. testbed for Ron’s Israeli-style gospel of  human profiling, from the TSA’s SPOT “behavior detection” program to the new TSA “chat-downs“.

We’re pleased that Rep. Bennie Thompson (D-MS), the ranking minority member of the House Committee on Homeland Security, has publicly questioned the TSA about the Logan pilot program.

But whether or not it’s a good idea (it’s not), the immediate problem for the TSA is that it’s illegal.

Previous case law on airport checkpoints has authorized administrative searches, but never compelled responses to administrative interrogations.  Responses to police questioning in such circumstances have been presumed by courts to be voluntary.

If the TSA’s Constitutional case for such interrogation is untested, their lack of statutory authority is clear. The Paperwork Reduction Act, — a Reagan-era Republican anti-bureaucracy law — requires that any Federal “information collection” be justified in advance to, and approved in advance by, the Office of Management and Budget. An “information collection” is defined as any solicitation — even verbally — of answers to identical questions from ten or more people by a Federal agency, which clearly covers what the TSA “Assessors” (interrogators) are doing in Boston.

OMB approval is evidence by an OMB control number provided on the form or to those being questioned. in the absence of an OMB control number, (a) the collection of information is illegal, (b)  nobody can be required to answer the questions or provide the requested information, and (c) no sanctions can be imposed for failure to respond or provide information.

The TSA has never gone through the process of seeking OMB approval, or obtained an OMB control number, for its ID verification form or any of its other information collections from travelers.

So if the TSA’s goons at logan (or anywhere else) ask you, “Who are you?”, “Where are you going?”, “What’s the purpose of your trip?”, or any of their other standard questions, ask them what the OMB control number is for their collection of that information.

If they can’t or won’t provide you with a valid OMB control number (you can look up and verify any valid OMB control number here), politely but firmly decline to answer. If necessary, remind them — it might help to show them a copy of the law — of the provisions of  44 U.S.C. § 3512:

§ 3512. Public protection

(a) Notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information that is subject to this subchapter if–

(1) the collection of information does not display a valid control number assigned by the Director in accordance with this subchapter; or

(2) the agency fails to inform the person who is to respond to the collection of information that such person is not required to respond to the collection of information unless it displays a valid control number.

(b) The protection provided by this section may be raised in the form of a complete defense, bar, or otherwise at any time during the agency administrative process or judicial action applicable thereto.

Document what happens, so that you can, if necessary, prove that any sanctions such as a more intrusive search, denial of passage through the checkpoint, or denial of access to common-carrier transportation were based on your refusal to provide illegally-request information without having been provided with a valid OMB control number and notice that without it you don’t have to answer.

Sep 07 2011

“Why should I care about PNR?”

Our guest post for European travelers at NoPNR.org:

Why should I care about PNR?

More for our European readers about PNR data and how it is used by governments:

What can Europeans do?

Jul 15 2011

Appeals Court rules TSA rules require prior notice and public comment

Today a three-judge panel of the U.S. Court of Appeals for the D.C. Circuit unanimously ruled that the TSA deployment of virtual strip-search machines is subject to the requirements of the Administrative Procedure Act for formal notice and an opportunity for public comment before it is put into effect.

[T]he TSA has advanced no justification for having failed to conduct a notice-and-comment rulemaking. We therefore remand this matter to the agency for further proceedings. Because vacating the present rule would severely disrupt an essential security operation, however, … we shall not vacate the rule, but we do nonetheless expect the agency to act promptly on remand to cure the defect in its promulgation.

The ruling came in a lawsuit by EPIC based on a petition for rulemaking in which the Identity Project had joined.

The logic of the decision would appear to apply equally to other requirements imposed on travelers at TSA checkpoints, including any mandate for travelers to identify themselves:

Read More

Jun 30 2011

TSA calls for more “ID-based screening” — but won’t say if ID will be required

At a panel at the 2011 Computers, Freedom, and Privacy conference earlier this month, TSA Special Counselor and FOIA Appeals Officer Kimberly Walton (the same person who has been stonewalling our pending FOIA appeals), made explicit that the TSA plans more “identity-based screening” (i.e. profiling).

But any “screening” based on identity requires, of course, that travelers be identified. And the TSA — knowing it has no legal authority to compel travelers to identify themselves, produce evidence of their identity, or answer questions —  has consistently claimed in court cases such as Gilmore v. Gonzales and New Mexico v. Mocek that travelers are not required to produce any evidence of their identity.

So is the TSA planning to seek new statutory authority (or start claiming it already has it) to require travelers to identify themselves, or to deny passage to those who decline to do so?

We asked Walton directly, starting at 5:45 of the video here.  Walton said she “wasn’t the person to answer that”, but didn’t say who (if anyone) was.

If the TSA is reading this (and we know they are), we’d welcome an answer. We won’t hold our breath, though.

Once again, the TSA is launching a major expansion of its claimed authority over the traveling public, seemingly without either knowing or carrying whether it has any legal basis for the power it seeks to exercise over us.

The video of the panel on the TSA (most of which focused on groping and virtual strip-searches at TSA checkpoints) starts here; complete CFP 2011 video coverage is here.