Papers, Please!

The Identity Project

Category Archives: Papers, Please

Mar 17 2010

Long reach of “Secure Flight” angers Canadians

On September 11, 2001, Canada followed the US in closing its airspace and grounding all aircraft, stranding tens of thousands of passengers on flights to and from the US (mostly on inbound flights from Europe and Asia) at airports like Gander and St. John’s, Newfoundland.  The Canadian welcome and hospitality for these travelers became the stuff of legend.  But ever since, Canada has struggled to retain sovereignty over its airspace in the face of US “security” demands.

Canadian privacy law was amended, under US pressure, to allow “sharing” with the US government of information contained in reservations for flights between Canada and the US.  But most Canadians assumed that the role of the US in determining who is permitted to fly is limited to flights to and from the US.

This month a four-part series by Kevin Dougherty in the Montreal Gazette, syndicated across Canada in the Canwest newspaper chain, has broken open that Canadian complacency about the long reach of US claims to passenger information and “fly/no-fly” decision-making authority:

The series raises serious questions as to the legal basis for denying boarding to passengers on Canadian-flag aircraft not landing in the US on the basis of secret blacklists or decisions by the black-box Secure Flight system in the US.

Since publication of the Canwest series about “Secure Flight”, letters to the editor, op-ed colums, and editorials across Canada have denounced the application of the Secure Flight scheme to Canadian airlines and travelers.  Many have pointed out the hypocrisy: As was made evident when all those flights were grounded on September 11th, almost all trans-Atlantic and many trans-Pacific flights to and from the US pass over Canada, but Canada demands no information about who is on those planes and asserts no authority to control who is allowed to be.

On top of all this, there’s another shoe still to fall:  Canadians remain unaware that the vast majority of travel agencies, and tour operators in Canada subscribe to computerized reservation systems (CRSs) based in the US.  That means all their passenger name records (PNRs) and customer profiles are stored in the USA, even for flight that go nowhere near the US.  These travel agencies, tour operators, and other travel companies don’t tell their customers that they have outsourced their travel records to the USA, where the government could get them secretly from the CRS with a “National Security Letter”.

That’s a flagrant violation of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). Canadians should complain to their Privacy Commissioner and demand that she take action against companies — of which travel agencies are leading examples — that outsource their customer data to the US without their customers’ knowledge or consent, and without any way to know what’s done with that data once it is in the hands of CRSs in the US.

Mar 12 2010

Airlines, travel agencies, Congress join public outcry against passport fees

We don’t think it’s fair or legal for the government to charge you a fee to exercise your rights under the First Amendment and international human rights treaties to enter or leave the USA.  Those rights are all but absolute, and rules that restrict or burden them, such as by imposing fees, are subject to strict scrutiny.

Judging from the response to the government’s latest proposal to increase passport fees (in order to cover the increased costs of including a uniquely-numbered remotely-readable RFID chip in each passport), we aren’t alone in our views.

More than a thousand people filed comments with the Department of State by yesterday’s deadline to oppose the proposed passport fee increases.  In addition to the comments filed by individual citizens and travelers and by the Identity Project, Consumer Travel Alliance, and Center for Financial Privacy and Human Rights, comments objecting to the proposed fee increases were filed by United Airlines, the American Society of Travel Agents, and the Interactive Travel Services Association.  United Airlines told the State Department, as we did, that the proposed rules would violate the Administrative Procedure Act, and demanded that the Department reveal the cost analysis that they claim supports the fee increases and extend the comment period for responses to it before finalizing any fee increase. ASTA (which represents brick-and-mortar travel agencies) and ITSA (which represents online travel agencies), have generally been at each other’s throats; we’re not sure we’ve ever seen them file joint comments in a Federal rulemaking.  The overall picture painted by the industry comments is of the extent to which the proposed fee increases would, in fact, impose a meaningful burden on international travel.

Members of Congress, particularly from border districts, have also objected, with Rep. Chris Lee of New York writing to Secretary of State Clinton that the fee increase would “further burden American travelers,” and fellow Rep. Brian Higgins, also from upstate New York (along the busiest sector of the Canadian border), issuing a statement that, “Creating financial barriers to the international traffic flow will cost our national economy and this community greatly in the long run.”

According to its filing, “Given its questions, and the importance of access to fairly priced travel documents to support international travel, United has sought a copy of or further details on the CoSS [Cost of Service Study] on March 9, 2010. United was advised that the CoSS is not a study or a report, but rather a model which the Department plans to demonstrate during a public meeting sometime in April or May of 2010.”

We’ll keep you posted of any announcement we hear of an extension of the comment period or a public hearing on the proposal to raise passport fees to pay for RFID chips in passports.

Mar 08 2010

Military spymaster to be nominated for head of the TSA

Testing the waters yesterday, White House sources leaked to Reuters and the Associated Press that President Obama plans to nominate retired Army Major General Robert A. Harding to be the Administrator of the TSA.

Harding’s 30-year career as an army officer was spent moving up through the military “intelligence” ranks, culminating as “DoD’s senior HUMINT [human intelligence] officer.”  In other words, he was the U.S. military’s most senior spymaster. Following his retirement out the military-industrial revolving door (through which he would return if confirmed to head the TSA), he double-dipped by founding a military consulting and contracting company which he sold last year to private equity investors. “Harding Security Associates provides identity intelligence and other security services to the federal government, including doing work for the Department of Defense’s biometric-identification analysis and forensics.”

Many of the TSA’s practical problems and abuses of civil liberties have involved schemes like CAPPS-II (later Secure Flight) that were dreamed up by the NSA and other military intelligence agencies and “experts” unaccustomed to operating within the civilian, domestic U.S. legal regime and ignorant of transportation industry technical infrastructure and business practices. Harding’s autobiography gives no indication that he has any experience whatsoever with civilian or domestic civil liberties, with legal constraints on “intelligence gathering” (spying and surveillance) on civilians or U.S. persons or within the U.S., or with the transportation industry.

If Harding is nominated to head the TSA, his military background and lack of any track record on civilian civil liberties makes it especially critical for Senators to question him closely (we have some suggestions to start that questioning) about his views on the fundamental civil liberties and human rights issues facing the TSA, before any confirmation vote, and to resist any calls for an abbreviated or rushed review of his suitability for the position.

Feb 27 2010

U.S. raising fees for travel credentials and permissions

Under a series of new laws and regulatory proposals, almost everyone traveling internationally to or from the USA — US passport holders, visa-free foreign visitors, and foreigners with visas — would have to pay more in government fees for the required credentials and/or permissions.

This week the U.S. Senate passed the “Travel Promotion Act”, a bill designed to encourage foreigners to visit the USA … by making it more expensive for them to do so.

The money would go for advertising, presumably to try to persuade foreigners that the USA is worth the price and the hassle. This ignores the fact that people around the world already want to visit the USA, and don’t need to be told that. What’s standing in the way of more foreigners spending their money in the USA are the xenophobic rules and procedures that make it so difficult and expensive to get permission to travel to the USA — not lack of desire to take the family on a vacation to Disney World or Las Vegas, or a shopping junket to New York or Miami.

The Travel Promotion Act, previously passed by the House and thus now headed to the White House to be signed into law, will add a US$10 fee (good for an unlimited number of visits in a 2-year period from the date it is paid) to the price of obtaining “pre-approval” to travel to the USA through the “Electronic System for Travel Authorization” (ESTA) .

ESTA pre-approval doesn’t guarantee that you will be admitted to the USA, but is required as a de facto exit visa before the USA considers you authorized to depart from your home country for the USA. No, the USA has no authority to impose an exit permit requirement on departure from other countries, as the Identity Project argued in comments to the DHS when the scheme was proposed, but the legality of the ESTA was never brought up in Congressional debate on the Travel Promotion Act.

ESTA pre-approval is required for all those “intending” to enter the USA without a visa under the “Visa Waiver Program” (VWP). Outside of the VWP, which is limited to a short list of mostly-wealthy most-favored nations, most of them populated mostly by white-skinned people, everyone else except US and Canadian citizens and US permanent residents (green-card holders) needs a visa even to change planes in the USA, which costs a minimum of about US$200 depending on the type of visa.

Those fees for US visas would increase substantially under a pending regulatory proposal from the State Department, which would also increase the fees for issuance or renewal of US passports.

The proposed rule published in the Federal Register earlier this month would increase the total price of a new or renewal US passport from US$100 to US$135. Part of that is an increase in the “Security Surcharge” for each passport to US$40, which presumably reflects the additional cost of including a remotely-readable uniquely-numbered RFID chip in each passport.

The State Department is accepting public comments through 10 March 2010 through the Regulations.gov Web site or by e-mail to fees@state.gov. (You must include the docket number, “RIN 1400-AC58” in the subject line of your e-mail message.) This would be a good chance to tell the Obama Administration that they wouldn’t need the proposed passport fee increase if they reconsidered and rescinded the requirement for RFID chips in passports.

Frequent international travelers with US passports will also get socked. Adding pages to a passport that has filled up with visa and entry and exit stamps, previously free, will now cost US$82. Ouch! That’s particularly unfair to those who requested a passport with extra pages, but didn’t get one, since the passport application form still doesn’t include any place to indicate that you want a thicker passport book (48 or 96 pages instead of the standard 24). If you are submitting comments to the State Department, please include a request that they put check-boxes on the application form to indicate a request for a 48 or 96-page passport.

Interestingly, despite the other ostensibly cost-based fee increases the State Department admits that they are deliberately keeping the cost of a passport card, which has a much longer-range RFID chip than a standard passport book, dramatically below cost, in effect giving travelers a large financial incentive to carry a credential with a longer-range tracking beacon.

And lest Canadians feel left out (they are essentially the only nationality that doesn’t need either a US passport, a US visa, or ESTA pre-approval to travel to the USA, and thus escapes these US fee increases), this week Canada’s Transport Minister announced increases in security fees that will be added to all air tickets for departures from Canadian airports, both domestic and international. Why the higher fees? To pay for more virtual strip-search machines (“body scanners”).

Enjoy your trip, and come back and visit us again soon!

[Comments filed by the Identity Project, Consumer Travel Alliance, Center for Financial Privacy and Human Rights, and John Gilmore, which you can use as a template for your own comments; also available in Open Office .odt and MS-Office .doc formats.]

Feb 25 2010

DHS accomplices face legal liability

The most recently filed lawsuit to result from detention of a would-be traveler at a TSA checkpoint highlights an interesting pattern:

While Federal departments themselves, and their agents in their official capacities, have thus far largely escaped legal liability for interference with travelers’ rights, multiple lawsuits against individuals who have enforced secret DHS directives — including DHS officers in their individual capacities as well as city, state, and tribal police acting as their accomplices and/or at their behest — are moving forward.  Yet at the same time, the DHS continues to use local law enforcement officers to carry out its secret orders, and has in some cases revealed policies directing DHS agents to take a literal “hands-off” attitude themselves, even while calling in local police to enforce what are at root (illegal) Federal orders.

Here’s a round-up of some pending cases across the country, leading up to the latest, with apologies for the sometimes tortured procedural histories which tend to characterize such cases and obscure the real issues: Read More

Feb 23 2010

DHS using ICAO again for policy laundering

News reports about recent diplomatic initiatives by the US Department of Homeland Security suggest that the DHS may once again be using the International Civil Aviation Organization (ICAO) as a vehicle for policy laundering.

In the past, ICAO has been the focus of attention for its role in the imposition of RFID passports and the associated systems of automated monitoring and control of international travel.

Now, the DHS appears to be trying to use ICAO as the vehicle through which to impose its ideas of passenger searching (virtual strip-search machines) and passenger surveillance (pre-flight government access to PNR data and its use in conjunction with identity-linked travel histories and personal profiles for control of who is allowed to fly)  as global norms.

Secretary of Homeland Security Napolitano, accompanied by Asst. Secretary for Policy David Heyman (successor to former NSA and DHS attorney Stewart Baker), has been barnstorming the globe in pursuit of this agenda over the last month.  She met with ICAO officials and their airline industry partners at IATA in Geneva, attended a regional European ministerial meeting on aviation security in Spain which issued a joint statement agreeing to “Promote international co-ordination … through ICAO”, followed by a regional ICAO meeting in Mexico for the Americas and the Caribbean (attended by ICAO’s Secretary General) which declared participating goverments’ commitment to “systematically collaborate within ICAO… with a view to convene both international expert and intergovernmental meetings to agree upon actions in the following fields:”

  • Broaden existing cooperation mechanisms among our countries and with other parties to the Chicago Convention, and the civil aviation industry, for information exchange …
  • Share best practices in a range of areas related to civil aviation, such as … screening and inspection techniques, airport security, behavioral detection, passenger targeting analysis…
  • Utilize modern technologies to detect prohibited materials and to prevent the carriage of such materials on board aircraft.
  • Transmit in a timely manner passengers’ information prior to takeoff to effectively support screening … as well as develop and improve compatible systems for the collection and use of advance passenger information (API) and passenger name record (PNR) information.

In a detailed video news release, Napolitano herself described this as “an unprecedented international initiative” centered on “a series of regional meetings around the globe facilitated by ICAO”:

There were four broad areas for discussion: Information sharing, passenger vetting, technology, and international standards…. Look for announcement in each of these four areas in the weeks ahead.

The agenda and the forum could not be more clear: Unless defenders of civil liberties and human rights mobilize effective opposition, the goal of the US and the DHS is for ICAO to put forward “international standards”, effectuated by national laws on “compliance with standards”, which will mandate virtual strip-search machines (“modern technology”), worldwide government access to PNR data, and government “vetting” (identity-based and permission-based control) of international air travelers.  That is perfectly in line with the 10-year plan of ICAO’s working group on Machine-Readable Travel Documents (MRTD), “MRTD Vision 2020,” as laid out in the latest ICAO MRTD Report.

ICAO is a UN-affiliated intergovernmental organizing most of whose decisions are made in invitation-only working groups. The interests of citizens are supposed to be represented in ICAO decision-making by their national governments, but national delegations to ICAO are invariably drawn from security, surveillance, law enforcement, and aviation regulatory agencies, and have never included representatives of data protection, civil liberties, or human rights authorities.

In effect, ICAO’s decisions reflect the desires of the world’s police.  By enacting national laws requiring “compliance” with ICAO “standards”, national governments can effectively outsource national law-making to those police, while justifying repressive measures (which their own representatives have proposed and championed at ICAO) as being the reult of an extenral, international mandate for which they aren’t responsible. Policy laundering.

ICAO’s importance to the DHS (and its counterparts in Europe and elsewhere) is heightened by the likelihood that, in the wake of the precedent set by its rejection of the SWIFT agreement on financial transaction data sharing with the US government, the European Parliament will reject the similar PNR agreement for travel transaction data sharing with the US government. The DHS had been pressuring the Europarl to fast-track approval of the PNR agreement. With the writing on the wall that the PNR agreement is headed for defeat in the Europarl, the DHS is already making it clear that ICAO standards are their back-door “Plan B” for how to impose a global PNR and identity-based travel sureveillance and control regime.  They are losing in Brussels, so they are trying to shift to more “Big Brother friendly” ICAO forums in Geneva and Montreal.

ICAO draws on invited technical experts from the aviation industry, but unfortunately their interests in surveillance for commercial purposes coincide with those of the police in the same surveillance for political purposes. Airlines and other travel companies are happy to help governments monitor travelers, as long as they get get paid for collecting the data and are allowed to use it themselves too. We’ve heard them tell ICAO so in so many words.

ICAO’s dual secretariats in Montreal and Geneva, and its process in which most decisions have effectively been made before they are presented to rubber-stamp plenaries, makes effective civil society participation difficult without long-term commitment and international cooperation.  A useful model is provided by environmental activists, who have formed a single-issue international NGO coalition for the sole purpose of obtaining accreditation and observer status with ICAO. Despite previous joint appeals to ICAO by an ad hoc international civil liberties coalition, human rights groups haven’t yet formalized their coalition or sought observer status with ICAO, and have had no presence at ICAO meetings or working groups.

If you are interested in working with the Identity Project to get our voices heard at ICAO, please get in touch — before its too late.

Feb 19 2010

TSA, DHS unresponsive to human rights complaints

After two months, we’ve gotten an initial round of non-responses from the DHS and TSA to our complaint that their procedures for subjecting holders of certain passports to more intrusive search and/or interrogation as a condition of domestic common-carrier air travel violate published TSA civil rights policies, Federal laws, Constitutional rights, and rights guaranteed by international human rights treaties.

The Director of the TSA’s Office of Civil Rights and Liberties refers vaguely and inaccurately to “our letter expressing concerns about recent press reports” (in fact, our letter said nothing about any press reports), but makes no mention of our complaint that specific TSA practices and procedures are illegal, or what if anything any TSA or DHS compliance, oversight, or enforcement office intends to do about it.

The closest they come to engaging with the basis of our complaint is a sentence only a lawyer could love: “Please note that a passport-issuing country is not coextensive with a person’s national origin.”  It remains to be seen what they think is better evidence of national origin than a passport.  Will they issue yet another new travel credential by which someone with a Pakistani passport can establish, for example, that their nation of “origin” is India, and thus that they are not “from” a “country of interest”?  Or vice versa? What are they thinking?

They also completely ignore our mention of international treaties, which are likely to become a growing issue not just for the DHS and TSA but for their counterparts imposing similar restrictions on freedom of movement in other countries, such as mandatory submission to virtual strip searches.

We’ve sent the TSA and DHS a follow-up letter reminding them that we still expect, and are entitled to, a response.

Meanwhile, the DHS has announced similar procedures for more intrusive search and perhaps interrogation of travelers “coming from” a larger list of “countries of interest”.    It’s unclear — since of course the procedures aren’t enforceable rules and are being kept secret, whether “coming from” means having flown directly from, having visited earlier on the same trip, having visited within a specified time period (the life of the current passport?), having ever in one’s life visited, or carrying a passport issued by any of these countries.  These new procedures have prompted a more recent joint complaint similar to ours from a broad coalition of civil rights organizations, as well as separate complaints from some of these groups.

Feb 08 2010

DHS exempts dossiers used for “targeting” from the Privacy Act

In a final rule published last week at 75 Federal Register 5487-5481, the Customs and Border Protection (CBP) division of the Department of Homeland Security has exempted most of the data used by the illegal “Automated Targeting System – Passenger” (ATS-P) from the various requirements of the Privacy Act that information used to make decisions about individuals must be accessible to them on request, accurate, relevant, collected directly from the data subjects whenever possible, and so forth.

The proposal to exempt ATS records from the Privacy Act has been pending for more than two years. In the final rule, the Obama administration adopts, with no changes whatsoever, all of the exemptions proposed by the DHS under the previous administration.  The analysis accompanying the final rule acknowledges, but dismisses more or less out of hand, our comments from two years ago objecting to the proposed exemptions as illegal.  (These followed two sets of comments we filed in 2006, when the ATS itself was first disclosed, objecting to the entire system as illegal.)

On the same day last week, the DHS published a separate final rule similarly exempting from the Privacy Act portions of the “Border Crossing Information” (BCI) system, a log of each person’s entries to and exits from the U.S. which was first disclosed as a part of ATS before being declared a separate system of records. The final BCI exemption rule similarly adopted all of the proposals the previous administration has proposed in 2008, and dismissed our objections to its illegality out of hand.

You can still request your own ATS and other travel records from the DHS.  Even if the newly-promulgated exemptions are upheld, they leave you entitled to substantial portions of your ATS dossier.  We are continuing to pursue our own pending Privacy Act requests and appeals, some of which are themselves more than two years old and all of which were made before the new exemptions were finalized and thus are not subject to the “exemptions”.

The Privacy Act gives agencies the authority to exempt certain types of information, by rulemaking, from certain of the requirements of the Privacy Act.  The rules published last week are, however, the first time that the DHS has attempted to  exercise this authority with request to ATS records.

In the meantime, the CBP has simply ignored the Privacy Act and its lack of exemptions entirely: Every response we have seen to a request pursuant to the Privacy Act for PNR or other ATS data has been processed by the CBP under the Freedom of Information Act (FOIA) instead of the Privacy Act.  Information exempt from disclosure under FOIA has been withheld or redacted, citing specific FOIA exemptions, even when that same information was required by the Privacy Act to be disclosed. This has been in flagrant violation of the Privacy Act, which has different disclosure requirements and exemptions which only partially overlap with those of FOIA. So far as we know, however, CBP and DHS have never responded to a Privacy Act appeal of these wihtholdings and redactions at all — some of our Privacy Act appeals are more than two years old — and while there have been several lawsuits under FOIA concerning ATS data, there have been none yet under the Privacy Act.

Our primary objection is to the very existence of a system under which the government requires common carriers to identify each would-be traveler and get the government’s permission (“clearance”) before they can travel.  Such a scheme is made far worse, however, when those “fly/no-fly” or “cleared/inhibited/not cleared” decisions are made not only in secret by unknown bureaucrats, not judges, and on the basis of secret files about each citizen.

The new exemptions, applicable to future requests for ATS records, are sweeping.  But we are particularly disturbed that the exemption rules purport to authorize the DHS to collect and use an entirely undefined and open-ended category of commercial data obtained from airlines as part of their Passenger Name Records (PNR), and withhold that commercial data, on grounds of “business confidentiality”, from the would-be travelers against whom it is used.

That exemption for commercial data in PNRs creates a limitless loophole through which the DHS could secretly make use, in passenger profiling and “targeting” decisions, of commercial data of any sort.  As long as it is channeled to the DHS through inclusion in PNRs (which as commercial records are themselves subject to no U.S. privacy or disclosure requirements at all), the DHS could base passenger “targeting” decisions on derogatory free-text remarks by customer service representatives, commercial blacklists, credit scores, or records or ratings by data aggregators.  But those are not legal grounds to prevent travel by common carrier.

Feb 01 2010

Albuquerque police still pressing charges against traveler who tried to exercise his rights

The trial originally scheduled for this Friday of Phil Mocek, who was arrested by local police at a TSA checkpoint in the Albuquerque airport in November, has been postponed at least until early May.  But that only happened after he retained retained private defense counsel, at considerable personal expense. You can help out by making a donation to his defense fund.

Mocek has made no comment, on the advice of his attorney.  But from news reports, it appears that he was arrested in retaliation for trying to exercise his right to travel without showing tangible evidence of his identity, and or for recording and/or photographing the TSA’s response to his assertion of his rights.  Since everything he did was entirely within his rights, and the TSA agents have no authority to make arrests, they followed their de facto standard operating procedures by calling in the local police and getting them to trump up an array of false and/or unconstitutional charges under local and state law: criminal trespass (Albuquerque Code of Ordinances § 12-2-3), resisting, obstructing or refusing to obey a lawful order of an officer (§ 12-2-19), concealing identity with intent to obstruct, intimidate, hinder or interrupt (§ 12-2-16), and disorderly conduct (NMSA § 30-2-1). [Note: It appears that direct links to sections of the Albuquerque Code of Ordinances will work only after you click on the Albuquerque Code of Ordinances link and then on either “frames” or “no frames”, to set the required cookies in your Web browser.] The “trespass” charge seems particularly problematic in light of the fact that the airport is publicly owned and that Mocek was attempting to exercise his right to travel by common carrier, a right not only guaranteed by Federal law but protected by explicit Federal statutory preemption against any local or state interference.

Nothing we’ve learned has suggested that any of these charges are supported by the facts, or are other than retaliation.  So we’re disturbed that the prosecutor hasn’t dropped the charges yet, even though a review of the evidence and the case should have made clear that these charges were unfounded.  We hope the district attorney will come to their senses and drop the charges.

[For the status of the case, go to the county court website, complete the “captcha”, and enter “2573709” in the “criminal case number” field.  Documents obtained by Mr. Mocek in response to his requests under New Mexico’s public records laws, including police reports and audio recordings, have been posted here.  For further updates, see the ongoing discussion in the travel “security” forum at Flyertalk.com.]