Papers, Please – Page 30 – Papers, Please!

May 20 2010

Is “SPOT” a reasonable basis for suspicion or surveillance?

Today the Government Accountability Office released a detailed report on the TSA’s “Screening Passengers by Observation Techniques” (SPOT) program, providing considerably more detail than the TSA itself has ever provided, confirming the lack of any evidence that the program has spotted any terrorists, and suggesting implicitly that the DHS has been keeping yet another set of illegal records about innocent travelers.

We’ve followed the SPOT program since its existence was first revealed in 2004, and we’ve been detained, interrogated, and subjected to more intrusive search ourselves after being picked out by SPOT “Behavior Detection Officers”. (Fancy language for, “They didn’t like our looks, so they harassed us and gave us a thorough shakedown.”)

The SPOT program is the TSA’s attempt to adopt Israeli-style passenger profiling based on appearance and behavior (isn’t that supposed to be un-American, or at least illegal?), and now has a budget of more than $200 million a year. As shown in the diagram above from the GAO report, more than 150,000 people have been subjected to more intrusive search or interrogation as a result of being fingered by BDOs as “suspicious” or allegedly fitting the (secret, of course, this being the TSA) SPOT appearance and behavior profile. In 14,000 cases, police were called and passengers detained for “investigation”, typically including a police demand for, and logging of, their ID.

The GAO report serves mainly to confirm the obvious: There is no scientific evidence that the SPOT program has identified any actual would-be terrorists, or provides any legitimate basis for suspicion of those it singles out: Read More →

May 20 2010

Statistics on UK travel surveillance and control

It’s tempting to think that ID and PNR-based travel control systems don’t “work” as anti-terrorist measures (they obviously work as surveillance measures and as general law enforcement dragnets, as do house-to-house searches) solely because of the incompetence of the TSA and DHS. Could they be more effective elsewhere, if better implemented? That seems to be the view of some sectors of center-right opinion in Europe, where the EU continues to consider a mandate for members states to set up their own “Passenger Analysis Units” to decide who to allow to fly, even while the the European Parliament has defined strict standards that they would have to meet.

Newly-reported data from the UK, however, suggests the UK PNR scheme — the most developed and extensive in the EU to date — has all the same problems as the US one. This suggests that the defcst are in the concept, not the details of its execution, and calls in question whether any PNR scheme is likely to likely to be able to meet the Europarl’s criteria for acceptability.

Three Strikes?

Having been passed over for appointment to head the Drug Enforcement Administration, Deputy FBI Director John S. Pistole today got the booby prize as President Obama’s third-choice nominee to head the Transportation Security Administration.

For those who haven’t been keeping score, retired spymaster and Army General Robert A. Harding withdrew his name from nomination in response to questions about overbilling and cronyism in contracts between his security consulting firm and his former military comrades. Obama’s first choice, former Las Angeles airport cop Erroll Southers, withdrew earlier after apparently lying to Congress about his having used his police connections improperly to get derogatory information from supposedly restricted police files about his estranged wife’s lover.

We have the same questions for Mr. Pistole as we’ve had for the previous nominees for TSA administrator.

As of now, the TSA is still being run on auto-pilot by caretakers from the previous administration. Unfortunately, we don’t see anything in Mr. Pistole’s official biography as a career cop, or the President’s statement about his nomination (which mentions only a desire to “stengthen” screening at airports, and says nothing about strengthening civil liberties or human rights) to suggest any likelihood of improvement in TSA policies.

May 17 2010

What happens when you “show” ID?

It’s tempting to think that when you show a business or government agency your identity credentials, all that happens is an ID “check”. They verify that your ID is genuine, and that it shows that you are in a category of people who are authorized to cross a border, buy alcohol, operate a motor vehicle, or whatever. And then you’re on your way.

What’s wrong with this? Demands for ID are wrong, but what’s also wrong with this picture is that, increasingly often, this isn’t all that’s happening.

A new product announcement shows how much more than “verification” is sometimes going on behind the scenes. A press release from Uveritech announces their new North American franchise to distribute a document authenticator made by L-1 Identity Solutions, the prime contractor for producing US drivers licenses as well as many countries’ passports.

L-1’s website describes the desktop device as, “A combined hardware and software product that automatically authenticates a wide range of documents, including passports, visas, immigration cards, driver’s licenses and military ID cards.” But the product description shows that it performs much more than mere “authentication”, including scanning, optical character recognition (conversion of the image of the document to text), and reading of RFID chips in passports, enhanced drivers’ licenses, and other documents, as well as:

“Automatically Cross Reference Smartchip data in the MRZ [Machine Readable Zone].
“Collect and organize data and images from document transactions through the configurable options in the embedded relational database….
“Print and/or send … executable files with the images….
“Seamlessly integrate with any existing government or commercial network infrastructure, (i.e. Australian Customs, ABN AMRO, Brazilian Border Police.)”

So what’s being advertised under the rubric of “authentication” is actually automated capture of information about you (not just the visible data but also the machine-readable data in the magnetic stripe, lines of OCR type, and/or RFID chip, using L-1’s expertise in document and data formats derived from its role as government contractor ), conversion of this information about you to standardized digital format, loading of this data into an embedded relational databases, and “seamless[] integrat[ion]” of that database “with any existing government or commercial network infrastructure”.

Still feeling sanguine that it’s “just a quick check” of your ID, after which you can be on your way without further concern for future repercussions as long as you’ve been allowed to pass?

Canadian privacy office questions US surveillance of Canadian travelers

In testimony before a Canadian parliamentary hearing last week by Assistant Commissioner Chantal Bernier, the office of the Privacy Commissioner of Canada raised questions (previously asked in the Canadian press) about the implications for Canadian travelers of the US Secure Flight program — questions that travelers in the US and other countries should share.

Asst. Privacy Commissioner Bernier noted that despite Canadian objections, the US continues to insist on applying the Secure Flight requirements (transmission of passenger data to the DHS, and receipt by the airline of affirmative DHS permission before each prospective passenger is allowed to board a flight) to flights that pass through US airspace to and from Canada, even if they never land in the USA. This includes most flights between Canada and Central America, South America, and the Caribbean. As Bernier pointed out to Members of Parliament, “This means that DHS will collect personal information of Canadian travelers. This is not without risk.”

It’s worth noting, although it wasn’t reported to have been mentioned at the hearing, that Canada imposes no comparable requirement for the vastly larger number of flights to and form the USA that pass through Canadian airspace. These include virtually all transatlantic flights to and from the USA, and transpacific flights to and from all points in the USA east of the West Coast. Nor does any other country through which flights routinely pass en route to and from the USA. Most flights between Miami and Latin America, for example, pass over Cuba. But American Airlines is required neither to provide the Cuban government with detailed information about each passenger on those flights, nor to obtain Cuban government permission before allowing them to board.

Important as they are, however, the concerns raised in last week’s testimony suggest that even the Office of the Privacy Commissioner of Canada still doesn’t fully appreciate the scope of the problem or of the violations of Canadian law.

Asst. Comm. Bernier’s statement was limited to flights to, from, or overflying the USA. We suspect that her office is unaware that the DHS already has ways to get access — without the knowledge or consent of anyone in Canada, including airlines and travel agencies — to information about passengers and reservations for flights within Canada and between Canada and other countries, regardless of whether they pass though US airspace.

Arizona radio call-in discussion on S.B. 1070

We’ll be on the Jay Lawrence Show on KTAR (92.3 FM) in Phoenix this Sunday, May 2nd, from 7-8 p.m. Arizona time (7-8 p.m. PDT, 10-11 p.m. EDT) to discuss and take calls on the new Arizona “immigration enforcement” law, S.B. 1070, its implications for ID demands, and the amendments to the new law already being proposed in Arizona H.B. 2162.

KTAR-FM (live audio stream) has the largest listenership of any talk-radio station in the state. Last week in this same time slot they interviewed the sponsor of S.B. 1070, and we’re happy to have a chance to represent the other side of the debate.

[Update: Our appearance on KTAR has been preempted by an interview with a Congressional candidate. “This issue isn’t going to go away,” though, says Jay Lawrence, and we are working to reschedule.]

Apr 30 2010

Universal fingerprinting and national ID card to be included in “immigration reform” bill

As we reported last month, members of Congress are moving ahead with an increasingly detailed road map for a bipartisan “immigration bill” that would include mandatory universal fingerprinting and a mandatory national ID card in the guise of a “biometric Social Security card”.

The Identity Project was one of the signers of a joint public letter of opposition to the national ID card component of the proposal issued earlier this month, we were one of the signatories and we share the objections to the latest draft of the bill voiced yesterday by other civil liberties organizations. In the joint letter, we and numerous allies said that:

We write today to express our opposition to a proposal by Senators Charles Schumer (D – NY) and Lindsey Graham (R – SC) to create a biometric Social Security card – one that relies on personal characteristics like fingerprints to identify individuals….

A national ID system is not the solution. Both Republicans and Democrats have opposed a National ID system. President Reagan likened a 1981 proposal to the biblical “mark of the beast,” and President Clinton dismissed a similar plan because it smacked of Big Brother. A National ID would not only violate privacy by helping to consolidate data and facilitate tracking of individuals, it would bring government into the very center of our lives by serving as a government permission slip needed by everyone in order to work. As happened with Social Security cards decades ago, use of such ID cards would quickly spread and be used for other purposes – from travel to voting to gun ownership….

A biometric ID system would be controversial and unpopular with constituencies across the ideological spectrum. It would require the fingerprinting of every American worker – not just immigrants. It would also require the creation of a bureaucracy that combines the worst elements of the Transportation Security Administration and state Motor Vehicle Departments.

All this, should of course, go without saying. What we find most disturbing is that, even as people across the country are speaking out against the badly-drafted attempt by the state of Arizona to impose an ID requirement in the guise of “immigration enforcement”, members of Congress from both parties think they can get away with this same Trojan Horse to push through a national ID scheme at the Federal level.

Clearly what’s called for is for opponents of the new Arizona law to recognize the new Federal proposal as a larger instance of the same Big Brother mentality, and redirect some of their outrage and activism from Arizona legislators to the House and Senate. If you don’t want the whole country to go the way of Arizona on this question, let your representatives know that any national ID is unacceptable, no matter what its excuse or what it is called.

Apr 28 2010

New Arizona immigration law and ID demands

We’ve been getting a lot of questions about the new Arizona “immigration” law, S.B. 1070, which we mentioned earlier in this blog.

As we read the text (PDF) of the law it imposes no new requirement to show ID credentials or other evidence of identity. On the contrary, it gives people even more reasons to invoke their right to remain silent, never voluntarily to provide any evidence (including ID credentials or other evidence of identity) that might be used against them, and never to consent to any search (including searches for ID credentials or other evidence of identity).

The portion of the new law relevant to requests or demands for ID is as follows: Read More →

Apr 18 2010

DHS “update” still misstates compliance with EU agreement on PNR data

At the meeting of the LIBE (civil liberties) committee of the European Parliament on the 7th of April, a representative of the European Commission announced that the EC will shortly be releasing a report on the second closed-door EC-DHS joint review of DHS compliance with the current “agreement” on DHS access to and use of PNR data related to flights between the EU and USA.

We haven’t yet seen this report of the second joint review, although drafts of an EU report on the joint review and the DHS response to the EU draft have been posted by Statewatch. But since the first joint review in 2005, the DHS has published two reports — one in December 2008 and an update in February 2010 — on its own self-assessment and claims of compliance with the agreement, and we have studied them carefully..

These 2008 and 2010 DHS reports are seriously misleading and contain significant legal and factual misstatements. Their inaccuracy makes clear that DHS claims cannot be relied on without independent verification. The willingness of the DHS to publish such false claims calls into question the good faith of DHS participation in the joint review, and reinforces the need for a truly independent review including an audit of DHS actions by technical experts with access to legal process to compel full access to DHS records.

It’s not for us, as Americans, to tell European politicians what policies they should adopt. Nonetheless, as Americans who have systematically tested what happens when travellers attempt to access PNR data about themselves held by the DHS, and what happens when they attempt to complain about misuse of PNR data by the DHS, we think it is important for Europeans not to be misled about the status of DHS compliance or noncompliance with the current DHS-EU “agreement” on PNR data.

Here’s what we can say about the current situation, and about the claims in the 2008 and 2010 DHS reports regarding compliance with the agreement. Read More →

Apr 07 2010

Testimony to the European Parliament on PNR data

Identity Project consultant and technical expert Edward Hasbrouck is testifying Thursday in Brussels on the proposed agreement between the European Union and the U.S. Department of Homeland Security on transfers of Passenger Name Records (PNR’s) from the European Union to the DHS, at a public hearing on “Protection of Personal Data in Transatlantic Security Cooperation: SWIFT, PNR & Co. – which way forward?”, hosted by Jan Philipp Albrecht, Member of the European Parliament. 14:00-17:00 (8-11 a.m. Eastern time, 5-8 a.m. Pacific time), European Parliament, Brussels, room ASP 1G-3 (open to the public, but prior arrangement required for access to the building).

Handout (slides with annotations)
Video (live stream and archive; Identity Project testimony begins at the start of Part 2)
Agenda and witness list
2010 Identity Project update on DHS non-compliance with the PNR agreement
2008 Identity Project analysis of DHS non-compliance with the current PNR agreement
2007 Identity Project analysis of the first DHS responses to requests for PNR data
Background: What’s in a PNR?
Additional information about the hearing and our testimony
Other events in Europe on PNR data and the work of the Identity Project
Other Identity Project policy analysis and research